last executing test programs:

1.159753655s ago: executing program 3 (id=3102):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x18)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000004c0)=[{&(0x7f0000000880)=""/4096, 0x1000}], 0x1}}], 0x48}, 0x0)

1.118913978s ago: executing program 3 (id=3103):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001900)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, &(0x7f00000002c0)="9e", 0x1a000, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

1.035119406s ago: executing program 0 (id=3106):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x526}, @TCA_SAMPLE_PARMS={0x18}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=@newtaction={0x48, 0x31, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x48}}, 0x0)

989.01624ms ago: executing program 3 (id=3107):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
unshare(0x22020600)
r1 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)

938.085235ms ago: executing program 0 (id=3109):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0)

744.963922ms ago: executing program 1 (id=3122):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="03000000000000002c0012800c0001006d6163766c616e001c000280080001000800000006000200010000001ffe02000000000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0xc010)

743.637762ms ago: executing program 0 (id=3112):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
gettid()

740.894683ms ago: executing program 3 (id=3115):
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

637.560972ms ago: executing program 0 (id=3116):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x6, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x14, 0x453, 0x200, 0x70bd26, 0x25dfdbfd, "01de"}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000080)

625.502713ms ago: executing program 0 (id=3117):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0)
perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0)
perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x2)

589.795817ms ago: executing program 0 (id=3118):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x400e, &(0x7f00000001c0)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@quota}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
open(&(0x7f00000005c0)='./bus\x00', 0x147842, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./bus\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r1, &(0x7f0000004200)="a6", 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)

527.289502ms ago: executing program 1 (id=3121):
r0 = socket$tipc(0x1e, 0x5, 0x0)
munmap(&(0x7f0000005000/0x1000)=nil, 0x1000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x101d0}], 0x1}, 0x0)

526.544403ms ago: executing program 3 (id=3123):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000003c0), 0x5, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x808003, &(0x7f0000000000), 0x3, 0x4ed, &(0x7f00000005c0)="$eJzs3d9rW28ZAPDnpM1st8526sUcuBVRtqFL2tVtxYttgujVQJ33XW3TUpo2pUm3tQzp8FoEERW90StvBP8AQfYniDDQ+yGiDNnmhRdq5CQnW79d0nYsafZtPx94+77nR87zvAk5yXvOaU4Ax9Z4RNyOiIGIuBwRo9n8XFZiu1nS9V6+eDSXliTq9bv/TCLJ5rW2lWT1qexhQxHxnW9GfC9JmjN2qG5uLc+Wy6X1bLpYW1krVje3riytzC6WFkurU1OT16dvTF+bnuhaX29+/W8//dFvvnHzD19+8GzmH5e+n+Y7ki3b2Y9uaj4n+cZz0TIYEeu9CNYHA1l/8gdZOel9PgAA7C39jv+piPh8RLz6Rb+zAQAAAHqhfmsk/pNE1AEAAIAjK9e4BjbJFbJrAUYilysUmtfwfiZuRblSrX1pobKxOt+8VnYs8rmFpXJpIrtWeCzySTo92Wi/mb66a3oqIs5ExE9GhxvThblKeb7fBz8AAADgmEjH+SO5Zjut/jXaHP8DAAAAR8xYvxMAAAAAes74HwAAAI6+t8f/480qGTz8ZAAAAIBu+9adO2mpt+5/PX9/c2O5cv/KfKm6XFjZmCvMVdbXCouVymLjN/tW9tteuVJZ+0qsbjws1krVWrG6uTWzUtlYrc007us9UzrQfaIBAACArjpz4clfkojY/upwo6ROZMuM1eFoy73b6kmv8gAO30C/EwD6xgW+cHwZ4wP7DeyHDikPAACgdy5+9vX5/+HYcf7/9DPHBuCoe8fz/8AR4vw/HF+7zv//ql95AIfPGB/Y7zhAx/P/f+x+LgAAQG+MNEqSK2RjgJHI5QqFiNON2wLkk4WlcmkiIj4ZEX8ezX8inZ7sd9IAAAAAAAAAAAAAAAAAAAAAAAAA8DFTrydRBwAAAI60iNzfk4hIYihi9Asju48PnEj+PdqoI+LBL+/+7OFsLSLupbNez6/9vDG/tn61DwcwAAAAgLe0xumN2o38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiyly8ezbXKYcZ9/rWIGGsXfzCGGvVQ5CPi5KskBnc8LomIgS7E334cEWfbxU/StGIsy2J3/FxEDPc5/qkuxIfj7Em6/7nd7v2Xi/FG3f79N5iV9/V8vNP+L/d6/zfQYf93ep9tn8jqc09/V+wY/3HEucH2+59W/OQ997/3vru11WlZ/dcRF9t+/iQfiVWsrawVq5tbV5ZWZhdLi6XVqanJ69M3pq9NTxQXlsql7G/bGD/+3O//t1f/T3aIP9ap/0kzp3q9/TYv7Jr+79OHLz7dbsUk4vkPs3ab1/9sp/jZc//F7HMgXX6x1d5utnc6/9s/nd+r//Md+r/f63+p00Z3ufztH/y12cof8BEAQC9VN7eWZ8vl0vpBG+mg98ArH2Ij7cwHkEYXG+MfRhoax7PR7z0TAADQbW++9Pc7EwAAAAAAAAAAAAAAAAAAADi+Wv//3/ot5178nNjOeEOtRpIcel8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPby/wAAAP//nXrOGw==")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

463.306598ms ago: executing program 2 (id=3124):
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x4000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0xfffffffffffffffc}, 0x100340, 0xc8, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0x8000000, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce8102033200fe08000e7f0061cd915a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef)

390.937915ms ago: executing program 2 (id=3125):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a000000030000000800000001"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)='%pS    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket(0x10, 0x803, 0x0)
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

390.455065ms ago: executing program 1 (id=3126):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0)

334.26342ms ago: executing program 4 (id=3128):
openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/locks\x00', 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0)
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x1}}, 0x10)
bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r1 = socket$tipc(0x1e, 0x4, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42}, 0x10)

306.731832ms ago: executing program 2 (id=3129):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000001c0)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast}, {@in=@multicast1, 0x0, 0x32}, @in6=@mcast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0)

210.004801ms ago: executing program 1 (id=3130):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000140))

190.588693ms ago: executing program 4 (id=3131):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000340)={@random="e90c630faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x18, 0x0, @opaque="cb0f6f1099d27b1f"}}}}}, 0x0)

144.523587ms ago: executing program 2 (id=3132):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_int(r0, 0x29, 0x38, &(0x7f0000001740)=0x6, 0x4)
recvmmsg(r0, &(0x7f0000007480)=[{{0x0, 0x0, 0x0}, 0xc}], 0x1, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

144.027757ms ago: executing program 4 (id=3133):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1)

117.69696ms ago: executing program 1 (id=3134):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

117.51347ms ago: executing program 3 (id=3135):
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x34, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, @perf_bp={0x0}, 0x14000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

103.263591ms ago: executing program 2 (id=3136):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x2, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
memfd_create(&(0x7f0000000300)=' \xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00r\xbb\xdd\xe8\x87\x05=\xfb\x8b}\xfc\x1d\x03\xe1\xfcm\x9b\xf7fo\"i\xa1hk\x1f\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94T\x81@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\x00\x00\x00\x00\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x9d\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8U\x1e\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xcf+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18l\xc1\x81\x8e8L\xcb*S_\xd0:\xa4V\xbd\xf1\xa4\x955\xa9\x9d\xe0\x9b\xd3\x95\xc88n:\x89>?2\xc8\xe7kovd\xa4\x1bl+\x14\x17\x14\x17C2! U\x04:\xd93F\xb9\xfc\x1b\xfd}\x05\xf9\x11\xf3)>q\x10\xd3\xf0\xaf>\xf8t(bX\xe3g\x05\xfe\b\xbcy\x95*\xca\a\xaf\xbb\xf9\xc3Y\xa2\x91\x90.\xc8\xbe\xb0\xa6\xbd\xbd\xfd\xfaf*\xb2&\x82\xa0\x17\xe7)\xf5\xa2\xccv\n\x1b\xd4\xf4\x11*\xc9\xc6*\xa4.\x94[$\xb8\xb3Q\xde\xd8A\xa4~c,`\x02\xb8\x01r\x89\x82\x13\xd0}C7\xfb\xf2\tM\x1e\xe9\xa5\v\xc5\xba(\x89\xb0l\x92H\x1cR\x1f>\xc4ie\xe0B\xf0[\xe2\xe1\x12\x1d\x8fR&\xd1\xa6#\xda.\x0f\xd7\xd7\xa4\x90\x14\x92I\xf82&\x16<\xf2RR\xc2\x02.Q\xef\x85\xef\xf9\xe5\x00\xe9\xca\xb1\x8c\x11\x11l\x9f\xc8\b\xf7A\xa6\x81\xad\xdc\x95\xc8\xef\x102\xa8\x87\x01\x00\\\xfee \n0F\xbc\x85\xc5C\xd0\x99\xe4\t\xab`\'t\xc2\xe9\x13\xcag\xea\xb3\xb5\x92\x00J\xc6y\x05\xcc\xde\xa0\xf6\xb9 \xe5\xdd\f\x18\xfc\xe0\xc3(\xd8\xeb\x1a6\xe6\xfa\x93\xc07R\x0f-\x9e\xf3\x87E\xa3\xd5o\x1bA\x88L/\xe7>45Q?\be\x7f\xa9\x9a\xcae\xd8Y\xdf]\x1bS\x825\xcb\x00\xa4}\x97\x84T\xad\x9b\x1e!\x8a\xbc\x02+#Q\xa9 \xe9\x05r\xe1\xec\x0f\xa7\xe6Of\x95\x02{', 0x4)

100.204161ms ago: executing program 4 (id=3137):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000080)='mm_page_alloc\x00', r1}, 0x10)
r2 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)

57.714025ms ago: executing program 2 (id=3138):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed7f0000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$int_in(r2, 0x5452, &(0x7f00000001c0)=0xb2)
dup2(r1, r2)

57.121645ms ago: executing program 4 (id=3139):
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'geneve0\x00', <r2=>0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote, r2}, 0x14)
close(r0)

42.011467ms ago: executing program 1 (id=3140):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0)

0s ago: executing program 4 (id=3141):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000005000000ff0f000004"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)='%-5lx  \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r1}, 0x10)
socketpair(0xa, 0x1, 0x0, &(0x7f0000000000))

kernel console output (not intermixed with test programs):

0054][ T1546] bridge_slave_1: left promiscuous mode
[  139.895839][ T1546] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.903940][ T1546] bridge_slave_0: left allmulticast mode
[  139.909696][ T1546] bridge_slave_0: left promiscuous mode
[  139.915445][ T1546] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.923742][ T2355] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 28
[  140.048586][ T1546] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  140.059812][ T1546] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  140.070329][ T1546] bond0 (unregistering): Released all slaves
[  140.084638][T10095] veth1_macvtap: entered allmulticast mode
[  140.128170][ T1546] hsr_slave_0: left promiscuous mode
[  140.134010][ T1546] hsr_slave_1: left promiscuous mode
[  140.140015][ T1546] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  140.147527][ T1546] batman_adv: batadv0: Removing interface: batadv_slave_0
[  140.155524][ T1546] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  140.162982][ T1546] batman_adv: batadv0: Removing interface: batadv_slave_1
[  140.172126][ T1546] veth1_macvtap: left promiscuous mode
[  140.177667][ T1546] veth0_macvtap: left promiscuous mode
[  140.183239][ T1546] veth1_vlan: left promiscuous mode
[  140.188649][ T1546] veth0_vlan: left promiscuous mode
[  140.228869][T10110] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  140.228869][T10110] The task syz.2.2250 (10110) triggered the difference, watch for misbehavior.
[  140.337140][T10054] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.344395][T10054] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.351679][T10054] bridge_slave_0: entered allmulticast mode
[  140.358228][T10054] bridge_slave_0: entered promiscuous mode
[  140.368018][T10054] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.375101][T10054] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.382373][T10054] bridge_slave_1: entered allmulticast mode
[  140.389338][T10054] bridge_slave_1: entered promiscuous mode
[  140.409917][T10054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  140.420725][T10054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  140.440365][T10054] team0: Port device team_slave_0 added
[  140.447914][T10054] team0: Port device team_slave_1 added
[  140.463522][T10054] batman_adv: batadv0: Adding interface: batadv_slave_0
[  140.470519][T10054] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.496528][T10054] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  140.507925][T10054] batman_adv: batadv0: Adding interface: batadv_slave_1
[  140.514898][T10054] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.540872][T10054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  140.567684][T10054] hsr_slave_0: entered promiscuous mode
[  140.573775][T10054] hsr_slave_1: entered promiscuous mode
[  140.579714][T10054] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  140.587382][T10054] Cannot create hsr debugfs directory
[  140.879452][T10054] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  140.888578][T10054] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  140.897488][T10054] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  140.906146][T10054] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  140.920830][T10054] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.927956][T10054] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.935316][T10054] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.939288][ T9410] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  140.942408][T10054] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.971074][ T1546] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.017510][ T1546] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.035164][T10054] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.047187][  T145] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.055594][  T145] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.070065][T10054] 8021q: adding VLAN 0 to HW filter on device team0
[  141.080910][ T1546] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.099727][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.106938][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.117823][ T5096] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.124957][ T5096] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.134499][ T1546] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.213404][ T1546] bridge_slave_1: left allmulticast mode
[  141.219161][ T1546] bridge_slave_1: left promiscuous mode
[  141.224875][ T1546] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.232495][ T1546] bridge_slave_0: left allmulticast mode
[  141.238407][ T1546] bridge_slave_0: left promiscuous mode
[  141.244055][ T1546] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.318879][ T1546] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  141.329731][ T1546] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  141.340025][ T1546] bond0 (unregistering): Released all slaves
[  141.353399][T10140] syz.0.2257[10140] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  141.353452][T10140] syz.0.2257[10140] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  141.367020][T10140] syz.0.2257[10140] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  141.388545][T10054] 8021q: adding VLAN 0 to HW filter on device batadv0
[  141.409976][T10125] chnl_net:caif_netlink_parms(): no params data found
[  141.420717][ T1546] hsr_slave_0: left promiscuous mode
[  141.426707][ T1546] hsr_slave_1: left promiscuous mode
[  141.432804][ T1546] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  141.440682][ T1546] batman_adv: batadv0: Removing interface: batadv_slave_0
[  141.450124][ T1546] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  141.457637][ T1546] batman_adv: batadv0: Removing interface: batadv_slave_1
[  141.467541][ T1546] veth1_macvtap: left promiscuous mode
[  141.473101][ T1546] veth0_macvtap: left promiscuous mode
[  141.479006][ T1546] veth1_vlan: left promiscuous mode
[  141.484437][ T1546] veth0_vlan: left promiscuous mode
[  141.573495][ T1546] team0 (unregistering): Port device team_slave_1 removed
[  141.584697][ T1546] team0 (unregistering): Port device team_slave_0 removed
[  141.666353][T10125] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.673487][T10125] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.681362][T10125] bridge_slave_0: entered allmulticast mode
[  141.694770][T10125] bridge_slave_0: entered promiscuous mode
[  141.702422][T10125] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.709705][T10125] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.717167][T10125] bridge_slave_1: entered allmulticast mode
[  141.723839][T10125] bridge_slave_1: entered promiscuous mode
[  141.766455][T10125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  141.778552][T10125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  141.787780][T10166] netlink: 'syz.0.2266': attribute type 1 has an invalid length.
[  141.795619][T10166] netlink: 'syz.0.2266': attribute type 4 has an invalid length.
[  141.803436][T10166] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.2266'.
[  141.838318][T10125] team0: Port device team_slave_0 added
[  141.851636][T10054] veth0_vlan: entered promiscuous mode
[  141.871717][T10125] team0: Port device team_slave_1 added
[  141.923050][T10125] batman_adv: batadv0: Adding interface: batadv_slave_0
[  141.930125][T10125] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  141.956170][T10125] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  141.968775][T10054] veth1_vlan: entered promiscuous mode
[  141.985975][T10125] batman_adv: batadv0: Adding interface: batadv_slave_1
[  141.992996][T10125] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.019037][T10125] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  142.035539][T10054] veth0_macvtap: entered promiscuous mode
[  142.043944][T10054] veth1_macvtap: entered promiscuous mode
[  142.057165][T10187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2272'.
[  142.111797][T10054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.122395][T10054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.132688][T10054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.143401][T10054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.153409][T10054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.163967][T10054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.173801][T10054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.184252][T10054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.194181][T10054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.204701][T10054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.215630][T10054] batman_adv: batadv0: Interface activated: batadv_slave_0
[  142.224305][T10198] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10198 comm=syz.0.2277
[  142.246343][ T1546] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.269026][T10125] hsr_slave_0: entered promiscuous mode
[  142.275313][T10125] hsr_slave_1: entered promiscuous mode
[  142.281930][T10125] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  142.289801][T10125] Cannot create hsr debugfs directory
[  142.306337][ T1546] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.317981][T10054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.328471][T10054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.338312][T10054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.348751][T10054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.358677][T10054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.369266][T10054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.379416][T10054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.389966][T10054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.400171][T10054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.410764][T10054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.423249][T10054] batman_adv: batadv0: Interface activated: batadv_slave_1
[  142.432111][T10054] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  142.438231][T10203] loop2: detected capacity change from 0 to 1024
[  142.441039][T10054] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  142.456138][T10054] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  142.464866][T10054] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  142.476429][T10203] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.492500][ T1546] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.517356][ T9891] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.566763][ T1546] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.616968][T10167] chnl_net:caif_netlink_parms(): no params data found
[  142.662364][T10167] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.669694][T10167] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.677264][T10167] bridge_slave_0: entered allmulticast mode
[  142.683816][T10167] bridge_slave_0: entered promiscuous mode
[  142.706154][ T1546] bridge_slave_1: left allmulticast mode
[  142.711942][ T1546] bridge_slave_1: left promiscuous mode
[  142.717805][ T1546] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.726444][ T1546] bridge_slave_0: left allmulticast mode
[  142.732137][ T1546] bridge_slave_0: left promiscuous mode
[  142.738229][ T1546] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.847919][ T1546] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  142.859272][ T1546] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  142.869771][ T1546] bond0 (unregistering): Released all slaves
[  142.878402][T10167] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.885798][T10167] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.893030][T10167] bridge_slave_1: entered allmulticast mode
[  142.899611][T10167] bridge_slave_1: entered promiscuous mode
[  142.913737][T10236] @: renamed from bond0 (while UP)
[  142.930783][ T1546] hsr_slave_0: left promiscuous mode
[  142.939043][ T1546] hsr_slave_1: left promiscuous mode
[  142.948185][ T1546] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  142.955765][ T1546] batman_adv: batadv0: Removing interface: batadv_slave_0
[  142.966290][ T1546] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  142.973737][ T1546] batman_adv: batadv0: Removing interface: batadv_slave_1
[  142.990475][ T1546] veth1_macvtap: left promiscuous mode
[  142.996079][ T1546] veth0_macvtap: left promiscuous mode
[  143.001650][ T1546] veth1_vlan: left promiscuous mode
[  143.007140][ T1546] veth0_vlan: left promiscuous mode
[  143.018504][T10244] syz.0.2292[10244] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  143.018656][T10244] syz.0.2292[10244] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  143.030970][T10244] syz.0.2292[10244] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  143.121626][ T1546] team0 (unregistering): Port device team_slave_1 removed
[  143.145484][ T1546] team0 (unregistering): Port device team_slave_0 removed
[  143.201858][T10167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  143.211472][T10247] loop1: detected capacity change from 0 to 128
[  143.224295][T10247] loop1: detected capacity change from 0 to 128
[  143.231044][T10247] vfat: Unknown parameter 'di��:#}RC�scard'
[  143.237056][T10167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  143.259341][T10249] loop2: detected capacity change from 0 to 1024
[  143.275402][T10167] team0: Port device team_slave_0 added
[  143.282590][T10249] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.294797][T10167] team0: Port device team_slave_1 added
[  143.323012][T10167] batman_adv: batadv0: Adding interface: batadv_slave_0
[  143.330113][T10167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  143.356177][T10167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  143.367949][T10167] batman_adv: batadv0: Adding interface: batadv_slave_1
[  143.375104][T10167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  143.382073][ T9891] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.401184][T10167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  143.408445][T10125] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  143.434640][T10125] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  143.444534][T10125] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  143.455044][T10125] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  143.493204][T10264] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2301'.
[  143.540667][T10167] hsr_slave_0: entered promiscuous mode
[  143.542069][T10268] hub 9-0:1.0: USB hub found
[  143.551911][T10167] hsr_slave_1: entered promiscuous mode
[  143.557832][T10268] hub 9-0:1.0: 8 ports detected
[  143.562930][T10167] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  143.571022][T10167] Cannot create hsr debugfs directory
[  143.587234][T10125] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.616492][T10125] 8021q: adding VLAN 0 to HW filter on device team0
[  143.646626][T10282] bond0: entered promiscuous mode
[  143.651802][T10282] bond0: entered allmulticast mode
[  143.657559][T10282] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.669055][T10282] bond0 (unregistering): Released all slaves
[  143.681287][T10284] netem: change failed
[  143.703231][T10288] bridge0: port 3(vlan2) entered blocking state
[  143.709622][T10288] bridge0: port 3(vlan2) entered disabled state
[  143.717560][T10288] vlan2: entered allmulticast mode
[  143.723429][T10288] vlan2: left allmulticast mode
[  143.732906][T10292] loop0: detected capacity change from 0 to 164
[  143.738789][ T5096] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.746398][ T5096] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.756309][T10292] Unable to read rock-ridge attributes
[  143.765883][T10292] Unable to read rock-ridge attributes
[  143.771703][   T29] kauditd_printk_skb: 13 callbacks suppressed
[  143.771796][   T29] audit: type=1400 audit(2000000064.700:2217): avc:  denied  { mounton } for  pid=10291 comm="syz.0.2311" path="/135/file0/file0" dev="loop0" ino=1862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=file permissive=1
[  143.804206][   T29] audit: type=1400 audit(2000000064.730:2218): avc:  denied  { unmount } for  pid=10293 comm="syz.2.2312" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  143.824884][ T1546] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.832038][ T1546] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.921445][T10307] loop2: detected capacity change from 0 to 512
[  143.931076][T10125] 8021q: adding VLAN 0 to HW filter on device batadv0
[  143.941687][T10307] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  143.964013][T10307] EXT4-fs (loop2): 1 truncate cleaned up
[  143.970930][T10307] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.971537][T10310] loop0: detected capacity change from 0 to 2048
[  144.005285][ T9891] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.022549][T10310] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.082196][T10167] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  144.104171][T10167] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  144.130158][T10167] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  144.148815][T10167] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  144.174308][T10125] veth0_vlan: entered promiscuous mode
[  144.195201][T10328] loop1: detected capacity change from 0 to 4096
[  144.214566][T10125] veth1_vlan: entered promiscuous mode
[  144.227402][T10328] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  144.266045][ T8961] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.282321][T10125] veth0_macvtap: entered promiscuous mode
[  144.290810][T10125] veth1_macvtap: entered promiscuous mode
[  144.335725][T10167] 8021q: adding VLAN 0 to HW filter on device bond0
[  144.354296][T10167] 8021q: adding VLAN 0 to HW filter on device team0
[  144.363144][T10054] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.375356][T10335] loop2: detected capacity change from 0 to 256
[  144.382880][ T1546] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.390007][ T1546] bridge0: port 1(bridge_slave_0) entered forwarding state
[  144.399275][ T1546] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.406388][ T1546] bridge0: port 2(bridge_slave_1) entered forwarding state
[  144.429808][T10125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  144.440360][T10125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.450254][T10125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  144.460834][T10125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.470861][T10125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  144.481380][T10125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.491316][T10125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  144.501961][T10125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.511806][T10125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  144.521849][T10335] FAT-fs (loop2): Directory bread(block 64) failed
[  144.522316][T10125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.539606][T10335] FAT-fs (loop2): Directory bread(block 65) failed
[  144.546869][T10335] FAT-fs (loop2): Directory bread(block 66) failed
[  144.553493][T10335] FAT-fs (loop2): Directory bread(block 67) failed
[  144.560309][T10335] FAT-fs (loop2): Directory bread(block 68) failed
[  144.567192][T10335] FAT-fs (loop2): Directory bread(block 69) failed
[  144.573753][T10335] FAT-fs (loop2): Directory bread(block 70) failed
[  144.580497][T10125] batman_adv: batadv0: Interface activated: batadv_slave_0
[  144.590136][T10125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.600608][T10125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.610518][T10125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.620998][T10125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.630872][T10125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.641361][T10125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.651216][T10125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.661766][T10125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.671793][T10125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  144.682272][T10125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  144.692286][T10335] FAT-fs (loop2): Directory bread(block 71) failed
[  144.699820][T10335] FAT-fs (loop2): Directory bread(block 72) failed
[  144.706584][T10335] FAT-fs (loop2): Directory bread(block 73) failed
[  144.714421][T10125] batman_adv: batadv0: Interface activated: batadv_slave_1
[  144.724268][T10167] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  144.749623][T10125] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  144.758604][T10125] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  144.767499][T10125] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  144.776278][T10125] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  144.844092][   T29] audit: type=1326 audit(2000000065.770:2219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10342 comm="syz.1.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  144.885734][   T29] audit: type=1326 audit(2000000065.810:2220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10342 comm="syz.1.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  144.919349][T10347] bridge0: port 3(vlan2) entered blocking state
[  144.925848][T10347] bridge0: port 3(vlan2) entered disabled state
[  144.934510][T10347] vlan2: entered allmulticast mode
[  144.936309][   T29] audit: type=1326 audit(2000000065.870:2221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10342 comm="syz.1.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  144.963448][   T29] audit: type=1326 audit(2000000065.870:2222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10342 comm="syz.1.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  144.996343][T10347] vlan2: left allmulticast mode
[  145.025333][   T29] audit: type=1400 audit(2000000065.950:2223): avc:  denied  { map } for  pid=10350 comm="syz.3.2255" path="socket:[35904]" dev="sockfs" ino=35904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  145.048686][   T29] audit: type=1400 audit(2000000065.950:2224): avc:  denied  { read } for  pid=10350 comm="syz.3.2255" path="socket:[35904]" dev="sockfs" ino=35904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  145.081843][T10167] 8021q: adding VLAN 0 to HW filter on device batadv0
[  145.111486][    C1] ------------[ cut here ]------------
[  145.117027][    C1] refcount_t: underflow; use-after-free.
[  145.122914][    C1] WARNING: CPU: 1 PID: 23 at lib/refcount.c:28 refcount_warn_saturate+0x1c6/0x230
[  145.132220][    C1] Modules linked in:
[  145.136175][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.12.0-rc1-syzkaller-00349-g8f602276d390 #0
[  145.146914][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  145.157037][    C1] RIP: 0010:refcount_warn_saturate+0x1c6/0x230
[  145.163231][    C1] Code: 72 ff ff ff e8 ab 89 71 ff 48 c7 c7 3e d7 b2 86 e8 5f 6f 8a ff c6 05 f6 33 f4 04 01 90 48 c7 c7 b5 a7 1b 86 e8 8b 50 53 ff 90 <0f> 0b 90 90 e9 43 ff ff ff e8 7c 89 71 ff 48 c7 c7 3b d7 b2 86 e8
[  145.182908][    C1] RSP: 0018:ffffc900000cf9f8 EFLAGS: 00010246
[  145.189032][    C1] RAX: a18faa2a8606bd00 RBX: ffff88810ca1e5e4 RCX: ffff888100f92100
[  145.197053][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  145.205059][    C1] RBP: 0000000000000003 R08: ffffffff8111f547 R09: 0000000000000000
[  145.213083][    C1] R10: 0001ffffffffffff R11: ffff888100f92100 R12: ffff888115657a68
[  145.221195][    C1] R13: ffff888115206000 R14: ffff88810ca1e5e4 R15: 0000000000000000
[  145.229242][    C1] FS:  0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[  145.238246][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  145.244884][    C1] CR2: 0000000020002700 CR3: 000000010c162000 CR4: 00000000003506f0
[  145.252912][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  145.254304][T10167] veth0_vlan: entered promiscuous mode
[  145.260916][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  145.260938][    C1] Call Trace:
[  145.260946][    C1]  <TASK>
[  145.272626][T10167] veth1_vlan: entered promiscuous mode
[  145.274455][    C1]  ? __warn+0x141/0x350
[  145.290434][    C1]  ? report_bug+0x315/0x420
[  145.293268][T10167] veth0_macvtap: entered promiscuous mode
[  145.294955][    C1]  ? refcount_warn_saturate+0x1c6/0x230
[  145.294986][    C1]  ? handle_bug+0x60/0x90
[  145.295006][    C1]  ? exc_invalid_op+0x1a/0x50
[  145.303766][T10167] veth1_macvtap: entered promiscuous mode
[  145.306295][    C1]  ? asm_exc_invalid_op+0x1a/0x20
[  145.317459][T10167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.321043][    C1]  ? __warn_printk+0x167/0x1b0
[  145.326120][T10167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.336483][    C1]  ? refcount_warn_saturate+0x1c6/0x230
[  145.336514][    C1]  ? refcount_warn_saturate+0x1c5/0x230
[  145.336534][    C1]  sk_skb_reason_drop+0xe9/0x290
[  145.336564][    C1]  j1939_session_put+0x157/0x2a0
[  145.341321][T10167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.351120][    C1]  j1939_xtp_rx_eoma+0x1f0/0x260
[  145.356679][T10167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.362209][    C1]  j1939_tp_recv+0x651/0xa80
[  145.367167][T10167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.372060][    C1]  j1939_can_recv+0x45f/0x550
[  145.382481][T10167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.387394][    C1]  ? __pfx_j1939_can_recv+0x10/0x10
[  145.397212][T10167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.401764][    C1]  can_rcv_filter+0x225/0x4c0
[  145.412187][T10167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.416840][    C1]  can_receive+0x182/0x1f0
[  145.426679][T10167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.431844][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  145.442253][T10167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.446924][    C1]  can_rcv+0xe7/0x180
[  145.456739][T10167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  145.461302][    C1]  ? __pfx_can_rcv+0x10/0x10
[  145.472056][T10167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.476550][    C1]  __netif_receive_skb+0x123/0x280
[  145.491120][T10167] batman_adv: batadv0: Interface activated: batadv_slave_0
[  145.500940][    C1]  process_backlog+0x22e/0x440
[  145.500971][    C1]  __napi_poll+0x63/0x3c0
[  145.514502][T10167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.515377][    C1]  ? net_rx_action+0x376/0x7f0
[  145.520547][T10167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.527758][    C1]  net_rx_action+0x3a1/0x7f0
[  145.527787][    C1]  handle_softirqs+0xbf/0x280
[  145.527811][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  145.527856][    C1]  run_ksoftirqd+0x1c/0x30
[  145.532720][T10167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.537030][    C1]  smpboot_thread_fn+0x31c/0x4c0
[  145.537062][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  145.547551][T10167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.552286][    C1]  kthread+0x1d1/0x210
[  145.562095][T10167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.566662][    C1]  ? __pfx_kthread+0x10/0x10
[  145.566710][    C1]  ret_from_fork+0x4b/0x60
[  145.566740][    C1]  ? __pfx_kthread+0x10/0x10
[  145.571412][T10167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.571428][T10167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.576618][    C1]  ret_from_fork_asm+0x1a/0x30
[  145.581029][T10167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.581046][T10167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.591445][    C1]  </TASK>
[  145.591456][    C1] ---[ end trace 0000000000000000 ]---
[  145.596399][T10167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.642213][  T145] bio_check_eod: 13 callbacks suppressed
[  145.642230][  T145] kworker/u8:5: attempt to access beyond end of device
[  145.642230][  T145] loop2: rw=1, sector=1224, nr_sectors = 608 limit=256
[  145.650370][T10167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  145.708719][  T145] kworker/u8:5: attempt to access beyond end of device
[  145.708719][  T145] loop2: rw=1, sector=1864, nr_sectors = 2048 limit=256
[  145.710230][T10167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  145.717898][T10167] batman_adv: batadv0: Interface activated: batadv_slave_1
[  145.771907][T10371] netlink: 140 bytes leftover after parsing attributes in process `syz.3.2332'.
[  145.782271][  T145] kworker/u8:5: attempt to access beyond end of device
[  145.782271][  T145] loop2: rw=1, sector=3912, nr_sectors = 2048 limit=256
[  145.782444][T10167] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  145.804967][T10167] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  145.814281][T10167] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  145.823282][T10167] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  145.831198][  T145] kworker/u8:5: attempt to access beyond end of device
[  145.831198][  T145] loop2: rw=1, sector=5960, nr_sectors = 2056 limit=256
[  145.874319][  T145] kworker/u8:5: attempt to access beyond end of device
[  145.874319][  T145] loop2: rw=1, sector=8016, nr_sectors = 4008 limit=256
[  145.899059][  T145] kworker/u8:5: attempt to access beyond end of device
[  145.899059][  T145] loop2: rw=1, sector=12024, nr_sectors = 7648 limit=256
[  145.950460][  T145] kworker/u8:5: attempt to access beyond end of device
[  145.950460][  T145] loop2: rw=1, sector=19672, nr_sectors = 14128 limit=256
[  145.973722][T10385] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10385 comm=syz.3.2338
[  145.993025][   T29] audit: type=1326 audit(2000000066.920:2225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10387 comm="syz.1.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  146.016703][   T29] audit: type=1326 audit(2000000066.920:2226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10387 comm="syz.1.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  146.079231][T10396] loop1: detected capacity change from 0 to 512
[  146.086258][T10396] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  146.115659][T10403] loop3: detected capacity change from 0 to 512
[  146.115836][T10396] EXT4-fs (loop1): 1 truncate cleaned up
[  146.132630][T10405] loop2: detected capacity change from 0 to 1024
[  146.139591][T10405] EXT4-fs: Ignoring removed orlov option
[  146.145491][T10405] EXT4-fs: Ignoring removed nomblk_io_submit option
[  146.152952][T10396] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.218132][T10405] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.219994][T10411] loop4: detected capacity change from 0 to 2048
[  146.239347][T10403] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  146.253136][T10403] ext4 filesystem being mounted at /6/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  146.265179][T10054] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.285201][T10411] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.332656][T10167] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.347285][ T9891] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.360733][T10422] EXT4-fs error (device loop3): ext4_do_update_inode:5121: inode #19: comm syz.3.2343: corrupted inode contents
[  146.377268][T10422] EXT4-fs error (device loop3): ext4_dirty_inode:5984: inode #19: comm syz.3.2343: mark_inode_dirty error
[  146.398495][T10422] EXT4-fs error (device loop3): ext4_do_update_inode:5121: inode #19: comm syz.3.2343: corrupted inode contents
[  146.412097][T10409] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  146.421254][T10409] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  146.430886][T10422] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3006: inode #19: comm syz.3.2343: mark_inode_dirty error
[  146.443683][T10422] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3009: inode #19: comm syz.3.2343: mark inode dirty (error -117)
[  146.458404][T10422] EXT4-fs warning (device loop3): ext4_evict_inode:276: xattr delete (err -117)
[  146.504620][T10125] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.519491][T10434] loop2: detected capacity change from 0 to 128
[  146.687312][T10452] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=10452 comm=syz.4.2361
[  146.768047][T10460] loop2: detected capacity change from 0 to 128
[  146.775260][T10460] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  146.809278][T10460] syz.2.2367: attempt to access beyond end of device
[  146.809278][T10460] loop2: rw=3, sector=6950, nr_sectors = 2 limit=128
[  146.825170][T10460] syz.2.2367: attempt to access beyond end of device
[  146.825170][T10460] loop2: rw=2051, sector=6952, nr_sectors = 942 limit=128
[  146.841696][T10462] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2368'.
[  146.892723][T10467] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2371'.
[  146.915124][T10467] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2371'.
[  146.965991][T10473] netem: incorrect ge model size
[  146.971012][T10473] netem: change failed
[  147.000728][T10481] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10481 comm=syz.4.2378
[  147.029755][T10481] netlink: 'syz.4.2378': attribute type 1 has an invalid length.
[  147.072736][T10491] atomic_op ffff888103395d28 conn xmit_atomic 0000000000000000
[  147.103179][T10493] loop3: detected capacity change from 0 to 1024
[  147.112863][T10493] EXT4-fs: Ignoring removed oldalloc option
[  147.129621][T10495] bond1: entered promiscuous mode
[  147.134766][T10495] bond1: entered allmulticast mode
[  147.150431][T10495] 8021q: adding VLAN 0 to HW filter on device bond1
[  147.172688][T10495] bond1 (unregistering): Released all slaves
[  147.182691][T10493] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  147.223854][T10125] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.314064][T10510] syz.4.2389[10510] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  147.314212][T10510] syz.4.2389[10510] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  147.335941][T10510] syz.4.2389[10510] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  147.470033][T10519] loop4: detected capacity change from 0 to 512
[  147.490287][T10519] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  147.511201][T10519] EXT4-fs (loop4): 1 truncate cleaned up
[  147.528378][T10519] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  147.592921][T10524] loop2: detected capacity change from 0 to 256
[  147.651239][T10167] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.667950][T10524] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[  147.676660][T10524] FAT-fs (loop2): Filesystem has been set read-only
[  147.730656][T10533] loop1: detected capacity change from 0 to 256
[  147.747859][T10533] msdos: Bad value for 'gid'
[  147.752516][T10533] msdos: Bad value for 'gid'
[  147.773958][T10533] loop1: detected capacity change from 0 to 512
[  147.810457][T10533] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.834767][T10533] ext4 filesystem being mounted at /31/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  147.878821][T10544] loop4: detected capacity change from 0 to 512
[  147.887660][T10533] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.944587][T10544] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.957309][T10544] ext4 filesystem being mounted at /14/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  147.999322][T10167] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.021523][T10558] loop4: detected capacity change from 0 to 512
[  148.043103][T10558] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.058162][T10558] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  148.068853][T10562] bond1: entered promiscuous mode
[  148.073930][T10562] bond1: entered allmulticast mode
[  148.081346][T10562] 8021q: adding VLAN 0 to HW filter on device bond1
[  148.093671][T10562] bond1 (unregistering): Released all slaves
[  148.132638][T10167] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.259060][T10579] loop3: detected capacity change from 0 to 512
[  148.267822][T10579] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm syz.3.2416: Failed to acquire dquot type 1
[  148.281205][T10579] EXT4-fs (loop3): 1 truncate cleaned up
[  148.287712][T10579] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.300815][T10579] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  148.304181][T10587] loop4: detected capacity change from 0 to 512
[  148.326464][T10125] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.327277][T10587] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.348165][T10587] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  148.390944][T10587] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #19: comm syz.4.2418: corrupted inode contents
[  148.403337][T10587] EXT4-fs error (device loop4): ext4_dirty_inode:5984: inode #19: comm syz.4.2418: mark_inode_dirty error
[  148.415010][T10587] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #19: comm syz.4.2418: corrupted inode contents
[  148.427247][T10587] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3006: inode #19: comm syz.4.2418: mark_inode_dirty error
[  148.439496][T10587] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3009: inode #19: comm syz.4.2418: mark inode dirty (error -117)
[  148.452552][T10587] EXT4-fs warning (device loop4): ext4_evict_inode:276: xattr delete (err -117)
[  148.478093][T10167] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.727657][T10605] serio: Serial port ptm1
[  148.935211][T10620] netlink: 1080 bytes leftover after parsing attributes in process `syz.2.2431'.
[  149.011848][   T29] kauditd_printk_skb: 52 callbacks suppressed
[  149.011866][   T29] audit: type=1400 audit(2000000069.940:2277): avc:  denied  { getopt } for  pid=10623 comm="syz.3.2434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  149.061931][T10640] loop4: detected capacity change from 0 to 512
[  149.069508][   T29] audit: type=1400 audit(2000000070.000:2278): avc:  denied  { ioctl } for  pid=10623 comm="syz.3.2434" path="socket:[37032]" dev="sockfs" ino=37032 ioctlcmd=0x941e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  149.099778][T10640] EXT4-fs (loop4): blocks per group (71) and clusters per group (32768) inconsistent
[  149.136797][   T29] audit: type=1326 audit(2000000070.060:2279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10647 comm="syz.1.2445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  149.142117][T10650] loop0: detected capacity change from 0 to 512
[  149.160410][   T29] audit: type=1326 audit(2000000070.060:2280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10647 comm="syz.1.2445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  149.190350][   T29] audit: type=1326 audit(2000000070.060:2281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10647 comm="syz.1.2445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  149.213904][   T29] audit: type=1326 audit(2000000070.060:2282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10647 comm="syz.1.2445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  149.237571][   T29] audit: type=1326 audit(2000000070.060:2283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10647 comm="syz.1.2445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  149.261317][   T29] audit: type=1326 audit(2000000070.060:2284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10647 comm="syz.1.2445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  149.284949][   T29] audit: type=1326 audit(2000000070.060:2285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10647 comm="syz.1.2445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  149.308593][   T29] audit: type=1326 audit(2000000070.060:2286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10647 comm="syz.1.2445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0936bdff9 code=0x7ffc0000
[  149.318995][T10656] sock: sock_set_timeout: `syz.2.2447' (pid 10656) tries to set negative timeout
[  149.346139][T10655] netlink: 1080 bytes leftover after parsing attributes in process `syz.4.2446'.
[  149.367578][T10650] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  149.388340][T10650] ext4 filesystem being mounted at /155/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  149.454195][ T8961] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.493581][T10670] loop2: detected capacity change from 0 to 1024
[  149.500765][T10670] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  149.514310][T10670] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  149.522624][T10670] EXT4-fs (loop2): orphan cleanup on readonly fs
[  149.530948][T10670] EXT4-fs error (device loop2): ext4_free_blocks:6589: comm syz.2.2454: Freeing blocks not in datazone - block = 0, count = 4096
[  149.537788][T10675] loop4: detected capacity change from 0 to 1024
[  149.544956][T10670] EXT4-fs (loop2): 1 orphan inode deleted
[  149.559686][T10670] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  149.578823][T10675] EXT4-fs: Ignoring removed oldalloc option
[  149.585179][T10670] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 16: comm syz.2.2454: path /71/file1: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  149.610246][T10670] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 17: comm syz.2.2454: path /71/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  149.633667][T10670] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 18: comm syz.2.2454: path /71/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  149.634496][T10675] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.682487][T10685] syz.3.2459[10685] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  149.682622][T10685] syz.3.2459[10685] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  149.687970][T10670] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 19: comm syz.2.2454: path /71/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  149.694199][T10685] syz.3.2459[10685] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  149.736613][T10687] loop1: detected capacity change from 0 to 2048
[  149.752677][T10670] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 20: comm syz.2.2454: path /71/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  149.776715][T10670] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 21: comm syz.2.2454: path /71/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  149.810498][T10687] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.821793][T10670] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 22: comm syz.2.2454: path /71/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  149.844427][T10670] EXT4-fs error (device loop2): ext4_readdir:261: inode #2: block 23: comm syz.2.2454: path /71/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  149.853647][T10167] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.895004][T10687] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  149.909966][T10687] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28
[  149.922426][T10687] EXT4-fs (loop1): This should not happen!! Data will be lost
[  149.922426][T10687] 
[  149.932186][T10687] EXT4-fs (loop1): Total free blocks count 0
[  149.938224][T10687] EXT4-fs (loop1): Free/Dirty block details
[  149.944162][T10687] EXT4-fs (loop1): free_blocks=2415919104
[  149.950104][T10687] EXT4-fs (loop1): dirty_blocks=32
[  149.955303][T10687] EXT4-fs (loop1): Block reservation details
[  149.961468][T10687] EXT4-fs (loop1): i_reserved_data_blocks=2
[  149.968587][T10687] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[  150.004147][T10700] loop0: detected capacity change from 0 to 1024
[  150.017102][T10702] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  150.075716][T10700] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  150.086795][T10700] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  150.108449][ T9891] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.136329][T10700] JBD2: no valid journal superblock found
[  150.142096][T10700] EXT4-fs (loop0): Could not load journal inode
[  150.150116][T10705] loop1: detected capacity change from 0 to 4096
[  150.165046][T10705] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.188492][T10714] loop2: detected capacity change from 0 to 164
[  150.217929][T10714] Unable to read rock-ridge attributes
[  150.227975][T10716] loop4: detected capacity change from 0 to 512
[  150.250202][T10714] Unable to read rock-ridge attributes
[  150.258148][T10714] iso9660: Corrupted directory entry in block 4 of inode 1792
[  150.262130][T10716] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  150.302687][T10716] EXT4-fs (loop4): 1 truncate cleaned up
[  150.325423][T10716] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  150.375877][T10054] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.396796][T10167] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.456118][T10732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  150.466312][T10737] loop4: detected capacity change from 0 to 256
[  150.474334][T10732] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  150.501660][T10737] FAT-fs (loop4): Directory bread(block 64) failed
[  150.508581][T10737] FAT-fs (loop4): Directory bread(block 65) failed
[  150.515156][T10737] FAT-fs (loop4): Directory bread(block 66) failed
[  150.521858][T10737] FAT-fs (loop4): Directory bread(block 67) failed
[  150.528953][T10737] FAT-fs (loop4): Directory bread(block 68) failed
[  150.535583][T10737] FAT-fs (loop4): Directory bread(block 69) failed
[  150.542193][T10737] FAT-fs (loop4): Directory bread(block 70) failed
[  150.548781][T10737] FAT-fs (loop4): Directory bread(block 71) failed
[  150.555501][T10737] FAT-fs (loop4): Directory bread(block 72) failed
[  150.562060][T10737] FAT-fs (loop4): Directory bread(block 73) failed
[  150.589799][T10746] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2485'.
[  150.616427][T10748] loop1: detected capacity change from 0 to 1024
[  150.623208][T10748] EXT4-fs: Ignoring removed oldalloc option
[  150.637227][T10748] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  150.672361][T10054] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.920785][T10770] loop2: detected capacity change from 0 to 512
[  150.937219][ T5096] kworker/u8:12: attempt to access beyond end of device
[  150.937219][ T5096] loop4: rw=1, sector=1224, nr_sectors = 608 limit=256
[  150.957382][T10770] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.960604][ T5096] kworker/u8:12: attempt to access beyond end of device
[  150.960604][ T5096] loop4: rw=1, sector=1864, nr_sectors = 6840 limit=256
[  150.971979][T10772] loop1: detected capacity change from 0 to 164
[  150.990332][ T5096] kworker/u8:12: attempt to access beyond end of device
[  150.990332][ T5096] loop4: rw=1, sector=8704, nr_sectors = 2048 limit=256
[  150.991878][T10770] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  151.011867][ T5096] kworker/u8:12: attempt to access beyond end of device
[  151.011867][ T5096] loop4: rw=1, sector=10752, nr_sectors = 5184 limit=256
[  151.036884][ T5096] kworker/u8:12: attempt to access beyond end of device
[  151.036884][ T5096] loop4: rw=1, sector=15936, nr_sectors = 2088 limit=256
[  151.054568][ T5096] kworker/u8:12: attempt to access beyond end of device
[  151.054568][ T5096] loop4: rw=1, sector=18024, nr_sectors = 2064 limit=256
[  151.073202][T10772] rock: corrupted directory entry. extent=41, offset=65536, size=8
[  151.074034][ T5096] kworker/u8:12: attempt to access beyond end of device
[  151.074034][ T5096] loop4: rw=1, sector=20088, nr_sectors = 2048 limit=256
[  151.099005][ T5096] kworker/u8:12: attempt to access beyond end of device
[  151.099005][ T5096] loop4: rw=1, sector=22136, nr_sectors = 2048 limit=256
[  151.104794][T10772] rock: corrupted directory entry. extent=41, offset=65536, size=8
[  151.116348][ T5096] kworker/u8:12: attempt to access beyond end of device
[  151.116348][ T5096] loop4: rw=1, sector=24184, nr_sectors = 2048 limit=256
[  151.138257][ T5096] kworker/u8:12: attempt to access beyond end of device
[  151.138257][ T5096] loop4: rw=1, sector=26232, nr_sectors = 2048 limit=256
[  151.163955][ T9891] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.290980][T10791] bond1: entered promiscuous mode
[  151.296172][T10791] bond1: entered allmulticast mode
[  151.301788][T10791] 8021q: adding VLAN 0 to HW filter on device bond1
[  151.301861][T10797] netlink: 66 bytes leftover after parsing attributes in process `syz.3.2506'.
[  151.323785][T10791] bond1 (unregistering): Released all slaves
[  151.364623][T10807] IPVS: Error joining to the multicast group
[  151.415889][T10813] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2511'.
[  151.601665][T10829] loop4: detected capacity change from 0 to 2048
[  151.622191][T10829] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  151.681448][T10846] loop3: detected capacity change from 0 to 512
[  151.688140][T10846] EXT4-fs: Ignoring removed i_version option
[  151.705310][T10846] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a016c018, mo2=0002]
[  151.714212][T10846] System zones: 1-12
[  151.720493][T10846] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2526: bg 0: block 131: padding at end of block bitmap is not set
[  151.737807][T10846] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  151.746830][T10846] EXT4-fs (loop3): 1 truncate cleaned up
[  151.752790][T10846] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  151.801375][T10125] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.841489][T10864] syz.1.2533[10864] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  151.841561][T10864] syz.1.2533[10864] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  151.853600][T10864] syz.1.2533[10864] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  151.985167][T10878] loop1: detected capacity change from 0 to 512
[  152.037913][T10878] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.052872][T10878] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  152.110378][T10054] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.122216][T10891] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2547'.
[  152.148517][T10895] loop3: detected capacity change from 0 to 128
[  152.379537][   T11] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  152.396052][   T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[  152.408346][   T11] EXT4-fs (loop4): This should not happen!! Data will be lost
[  152.408346][   T11] 
[  152.418083][   T11] EXT4-fs (loop4): Total free blocks count 0
[  152.424358][   T11] EXT4-fs (loop4): Free/Dirty block details
[  152.430344][   T11] EXT4-fs (loop4): free_blocks=2415919104
[  152.436121][   T11] EXT4-fs (loop4): dirty_blocks=16
[  152.441325][   T11] EXT4-fs (loop4): Block reservation details
[  152.447390][   T11] EXT4-fs (loop4): i_reserved_data_blocks=1
[  152.456749][T10167] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.494619][T10915] loop4: detected capacity change from 0 to 512
[  152.509756][T10915] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.522659][T10915] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  152.587456][T10923] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125
[  152.624968][T10926] loop2: detected capacity change from 0 to 512
[  152.634702][T10926] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  152.646858][T10926] EXT4-fs (loop2): 1 truncate cleaned up
[  152.723470][T10937] loop4: detected capacity change from 0 to 1024
[  152.731023][T10937] EXT4-fs (loop4): stripe (7) is not aligned with cluster size (4096), stripe is disabled
[  152.744322][T10937] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.2565: Invalid block bitmap block 0 in block_group 0
[  152.760258][T10937] EXT4-fs error (device loop4): ext4_acquire_dquot:6879: comm syz.4.2565: Failed to acquire dquot type 0
[  152.772034][T10937] EXT4-fs error (device loop4): ext4_free_blocks:6589: comm syz.4.2565: Freeing blocks not in datazone - block = 0, count = 4096
[  152.790232][T10937] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.2565: Invalid inode bitmap blk 0 in block_group 0
[  152.803153][ T5832] EXT4-fs error (device loop4): ext4_release_dquot:6902: comm kworker/u8:18: Failed to release dquot type 0
[  152.803236][T10937] EXT4-fs error (device loop4) in ext4_free_inode:360: Corrupt filesystem
[  152.823802][T10937] EXT4-fs (loop4): 1 orphan inode deleted
[  153.041621][T10952] bond1: entered promiscuous mode
[  153.046917][T10952] bond1: entered allmulticast mode
[  153.054579][T10952] 8021q: adding VLAN 0 to HW filter on device bond1
[  153.067086][T10952] bond1 (unregistering): Released all slaves
[  153.091027][T10963] loop4: detected capacity change from 0 to 128
[  153.153507][T10965] 9pnet: Could not find request transport: f
[  153.220003][T10979] loop2: detected capacity change from 0 to 512
[  153.240761][T10972] xt_CT: No such helper "snmp_trap"
[  153.273248][T10983] loop4: detected capacity change from 0 to 512
[  153.276265][T10987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2586'.
[  153.286046][T10983] EXT4-fs: Ignoring removed i_version option
[  153.313264][T10983] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a016c018, mo2=0002]
[  153.323644][T10983] System zones: 1-12
[  153.328721][T10979] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.338595][T10983] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2585: bg 0: block 131: padding at end of block bitmap is not set
[  153.358343][T10983] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  153.369749][T10979] Process accounting resumed
[  153.375418][T10983] EXT4-fs (loop4): 1 truncate cleaned up
[  153.392565][T10979] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  153.546201][T11027] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  153.596123][T11036] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  153.638121][T11046] netlink: 66 bytes leftover after parsing attributes in process `syz.2.2610'.
[  153.718363][T11057] loop2: detected capacity change from 0 to 1764
[  153.777490][T11060] bond1: entered promiscuous mode
[  153.782635][T11060] bond1: entered allmulticast mode
[  153.790055][T11060] 8021q: adding VLAN 0 to HW filter on device bond1
[  153.801546][T11060] bond1 (unregistering): Released all slaves
[  153.874002][T11069] loop3: detected capacity change from 0 to 512
[  153.880982][T11069] EXT4-fs: Ignoring removed oldalloc option
[  153.888880][T11069] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  153.908759][T11069] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.065652][T11081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.074873][T11081] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.316739][T11083] bridge_slave_1: left allmulticast mode
[  154.322518][T11083] bridge_slave_1: left promiscuous mode
[  154.328314][T11083] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.473548][T11095] loop4: detected capacity change from 0 to 1024
[  154.535886][T11095] loop4: detected capacity change from 1024 to 64
[  154.542876][   T29] kauditd_printk_skb: 158 callbacks suppressed
[  154.542930][   T29] audit: type=1400 audit(2000000075.470:2442): avc:  denied  { rmdir } for  pid=11094 comm="syz.4.2631" name="control" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  154.613149][T11101] netlink: 268 bytes leftover after parsing attributes in process `syz.3.2635'.
[  154.669325][T11107] tipc: Invalid UDP bearer configuration
[  154.669339][T11107] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  154.687109][T11109] loop2: detected capacity change from 0 to 512
[  154.717761][T11109] ext4 filesystem being mounted at /115/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.803343][T11126] loop2: detected capacity change from 0 to 128
[  154.811563][   T29] audit: type=1326 audit(2000000075.730:2443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb69bddff9 code=0x7ffc0000
[  154.835555][   T29] audit: type=1326 audit(2000000075.730:2444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb69bddff9 code=0x7ffc0000
[  154.859209][   T29] audit: type=1326 audit(2000000075.730:2445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb69bddff9 code=0x7ffc0000
[  154.883083][   T29] audit: type=1326 audit(2000000075.730:2446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb69bddff9 code=0x7ffc0000
[  154.906989][   T29] audit: type=1326 audit(2000000075.730:2447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb69bddff9 code=0x7ffc0000
[  154.930845][   T29] audit: type=1326 audit(2000000075.730:2448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb69bddff9 code=0x7ffc0000
[  154.954437][   T29] audit: type=1326 audit(2000000075.730:2449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb69bddff9 code=0x7ffc0000
[  154.978099][   T29] audit: type=1326 audit(2000000075.730:2450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb69bddff9 code=0x7ffc0000
[  155.001920][   T29] audit: type=1326 audit(2000000075.730:2451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb69bddff9 code=0x7ffc0000
[  155.027867][T11131] loop3: detected capacity change from 0 to 128
[  155.038786][ T5096] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.055707][T11131] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  155.089519][ T5096] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.140439][ T5096] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.176211][T11149] vhci_hcd: invalid port number 157
[  155.181457][T11149] vhci_hcd: default hub control req: c1ef v21ba i009d l29779
[  155.200538][ T5096] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.231864][T11158] loop2: detected capacity change from 0 to 4096
[  155.240415][T11161] loop1: detected capacity change from 0 to 512
[  155.257501][T11161] EXT4-fs: Ignoring removed orlov option
[  155.290315][T11133] chnl_net:caif_netlink_parms(): no params data found
[  155.299025][T11161] EXT4-fs: Invalid want_extra_isize 3
[  155.325314][T11161] loop1: detected capacity change from 0 to 512
[  155.357779][T11161] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  155.372557][ T5096] bridge_slave_0: left allmulticast mode
[  155.378295][ T5096] bridge_slave_0: left promiscuous mode
[  155.383984][ T5096] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.412059][T11161] EXT4-fs (loop1): 1 orphan inode deleted
[  155.417890][T11161] EXT4-fs (loop1): 1 truncate cleaned up
[  155.530165][T11172] loop1: detected capacity change from 0 to 2048
[  155.542443][T11172] EXT4-fs: Ignoring removed bh option
[  155.577862][ T5096] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  155.592182][ T5096] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  155.611309][T11176] loop2: detected capacity change from 0 to 2048
[  155.619111][ T5096] bond0 (unregistering): Released all slaves
[  155.667432][T11133] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.674551][T11133] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.694860][T11176] EXT4-fs (loop2): shut down requested (0)
[  155.701837][T11133] bridge_slave_0: entered allmulticast mode
[  155.708826][T11133] bridge_slave_0: entered promiscuous mode
[  155.715884][T11133] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.723138][T11133] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.730636][T11133] bridge_slave_1: entered allmulticast mode
[  155.737635][T11133] bridge_slave_1: entered promiscuous mode
[  155.757025][T11182] program syz.1.2660 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  155.774366][ T5096] hsr_slave_0: left promiscuous mode
[  155.805028][ T5096] hsr_slave_1: left promiscuous mode
[  155.817934][ T5096] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  155.825390][ T5096] batman_adv: batadv0: Removing interface: batadv_slave_0
[  155.848559][T11191] x_tables: duplicate underflow at hook 2
[  155.855175][ T5096] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  155.862915][ T5096] batman_adv: batadv0: Removing interface: batadv_slave_1
[  155.873737][T11194] sd 0:0:1:0: device reset
[  155.885508][ T5096] veth1_macvtap: left promiscuous mode
[  155.891051][ T5096] veth0_macvtap: left promiscuous mode
[  155.896666][ T5096] veth1_vlan: left promiscuous mode
[  155.902150][ T5096] veth0_vlan: left promiscuous mode
[  155.971828][T11207] loop1: detected capacity change from 0 to 512
[  155.978783][T11207] EXT4-fs: Ignoring removed i_version option
[  155.985244][T11207] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  156.003151][T11207] EXT4-fs (loop1): 1 truncate cleaned up
[  156.063979][ T5096] team0 (unregistering): Port device team_slave_1 removed
[  156.077485][ T5096] team0 (unregistering): Port device team_slave_0 removed
[  156.122849][T11133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.137274][T11203] ipvlan1: entered promiscuous mode
[  156.143420][T11203] ipvlan1: left promiscuous mode
[  156.153915][T11133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.188492][T11133] team0: Port device team_slave_0 added
[  156.201369][T11133] team0: Port device team_slave_1 added
[  156.210788][T11213] ipip0: entered promiscuous mode
[  156.232687][T11133] batman_adv: batadv0: Adding interface: batadv_slave_0
[  156.239722][T11133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.265661][T11133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  156.278112][T11133] batman_adv: batadv0: Adding interface: batadv_slave_1
[  156.285104][T11133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.311817][T11133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  156.419674][T11133] hsr_slave_0: entered promiscuous mode
[  156.425996][T11133] hsr_slave_1: entered promiscuous mode
[  156.432166][T11133] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  156.440318][T11133] Cannot create hsr debugfs directory
[  156.458478][T11226] loop3: detected capacity change from 0 to 512
[  156.474518][T11226] EXT4-fs error (device loop3): ext4_orphan_get:1388: inode #15: comm syz.3.2681: casefold flag without casefold feature
[  156.489427][T11226] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.2681: couldn't read orphan inode 15 (err -117)
[  156.575727][T11237] loop2: detected capacity change from 0 to 1024
[  156.587547][T11237] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  156.616670][T11237] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  156.625089][T11237] EXT4-fs (loop2): orphan cleanup on readonly fs
[  156.634176][T11237] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5780: Corrupt filesystem
[  156.644602][T11237] EXT4-fs error (device loop2): ext4_quota_write:7251: inode #3: comm syz.2.2683: mark_inode_dirty error
[  156.658551][T11237] EXT4-fs error (device loop2): ext4_acquire_dquot:6879: comm syz.2.2683: Failed to acquire dquot type 0
[  156.672687][T11237] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5780: Corrupt filesystem
[  156.682478][T11237] EXT4-fs error (device loop2): ext4_ext_truncate:4457: inode #15: comm syz.2.2683: mark_inode_dirty error
[  156.694453][T11237] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5780: Corrupt filesystem
[  156.704648][T11237] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[  156.715738][T11237] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5780: Corrupt filesystem
[  156.730332][T11244] loop3: detected capacity change from 0 to 1764
[  156.737120][T11237] EXT4-fs error (device loop2): ext4_truncate:4208: inode #15: comm syz.2.2683: mark_inode_dirty error
[  156.751158][T11237] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[  156.776464][T11237] EXT4-fs (loop2): 1 truncate cleaned up
[  156.863206][T11133] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  156.865929][T11254] loop1: detected capacity change from 0 to 128
[  156.881284][T11133] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  156.890326][T11133] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  156.896782][T11254] ext4 filesystem being mounted at /102/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  156.934832][T11133] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  156.952087][T11258] SELinux:  Context system_u:object_r:initctl_t:s0 is not valid (left unmapped).
[  156.975345][T11133] 8021q: adding VLAN 0 to HW filter on device bond0
[  156.987382][T11133] 8021q: adding VLAN 0 to HW filter on device team0
[  157.014007][T11254] loop1: detected capacity change from 128 to 11
[  157.028737][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.030333][T11262] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:148: Cannot read inode bitmap - block_group = 0, inode_bitmap = 19
[  157.035856][ T5832] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.060135][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.067382][ T5832] bridge0: port 2(bridge_slave_1) entered forwarding state
[  157.077642][T10054] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5780: Out of memory
[  157.088407][T10054] EXT4-fs error (device loop1): ext4_dirty_inode:5984: inode #2: comm syz-executor: mark_inode_dirty error
[  157.142480][T11133] 8021q: adding VLAN 0 to HW filter on device batadv0
[  157.175034][T11274] loop0: detected capacity change from 0 to 1764
[  157.308697][   T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.339784][T11133] veth0_vlan: entered promiscuous mode
[  157.351388][T11133] veth1_vlan: entered promiscuous mode
[  157.368734][T11133] veth0_macvtap: entered promiscuous mode
[  157.376649][T11133] veth1_macvtap: entered promiscuous mode
[  157.387552][T11133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.398206][T11133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.408148][T11133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.418633][T11133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.428484][T11133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.438969][T11133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.448870][T11133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.459408][T11133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.469306][T11133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.479754][T11133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.489617][T11133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.500052][T11133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.511013][T11133] batman_adv: batadv0: Interface activated: batadv_slave_0
[  157.521493][   T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.538385][T11133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  157.549062][T11133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.559035][T11133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  157.569506][T11133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.579345][T11133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  157.589823][T11133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.599739][T11133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  157.610195][T11133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.620141][T11133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  157.630728][T11133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.640579][T11133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  157.651147][T11133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.662739][T11133] batman_adv: batadv0: Interface activated: batadv_slave_1
[  157.672851][T11133] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  157.681675][T11133] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  157.690455][T11133] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  157.699422][T11133] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  157.716689][   T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.782128][   T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.826462][T11321] vhci_hcd: invalid port number 157
[  157.831830][T11321] vhci_hcd: default hub control req: c1ef v21ba i009d l29779
[  157.835249][T11302] chnl_net:caif_netlink_parms(): no params data found
[  157.890753][T11327] sch_fq: defrate 0 ignored.
[  157.915862][   T11] bridge_slave_1: left allmulticast mode
[  157.921548][   T11] bridge_slave_1: left promiscuous mode
[  157.927355][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.939294][   T11] bridge_slave_0: left allmulticast mode
[  157.945072][   T11] bridge_slave_0: left promiscuous mode
[  157.951034][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.069828][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  158.080804][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  158.091408][   T11] bond0 (unregistering): Released all slaves
[  158.105987][T11332] veth2: entered allmulticast mode
[  158.131924][   T11] hsr_slave_0: left promiscuous mode
[  158.138300][   T11] hsr_slave_1: left promiscuous mode
[  158.144481][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  158.152176][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  158.203443][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  158.211566][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  158.273026][   T11] veth1_macvtap: left promiscuous mode
[  158.278978][   T11] veth0_macvtap: left promiscuous mode
[  158.284758][   T11] veth1_vlan: left promiscuous mode
[  158.290447][   T11] veth0_vlan: left promiscuous mode
[  158.314193][T11340] loop0: detected capacity change from 0 to 4096
[  158.329278][T11354] loop4: detected capacity change from 0 to 2048
[  158.357808][T11354] EXT4-fs (loop4): shut down requested (0)
[  158.371550][T11356] loop3: detected capacity change from 0 to 512
[  158.385848][T11356] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  158.411025][T11356] EXT4-fs (loop3): 1 truncate cleaned up
[  158.516407][   T11] team0 (unregistering): Port device team_slave_1 removed
[  158.539258][   T11] team0 (unregistering): Port device team_slave_0 removed
[  158.554530][T11373] syz.3.2730[11373] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  158.554636][T11373] syz.3.2730[11373] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  158.580287][T11373] syz.3.2730[11373] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  158.600775][T11302] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.619621][T11302] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.628170][T11302] bridge_slave_0: entered allmulticast mode
[  158.635250][T11302] bridge_slave_0: entered promiscuous mode
[  158.642764][T11302] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.649971][T11302] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.657311][T11302] bridge_slave_1: entered allmulticast mode
[  158.663989][T11302] bridge_slave_1: entered promiscuous mode
[  158.684520][T11365] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  158.708421][T11302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  158.720737][T11302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  158.742614][T11386] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  158.791763][T11302] team0: Port device team_slave_0 added
[  158.808611][T11302] team0: Port device team_slave_1 added
[  158.851687][T11302] batman_adv: batadv0: Adding interface: batadv_slave_0
[  158.859678][T11302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.887337][T11302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  158.902845][T11302] batman_adv: batadv0: Adding interface: batadv_slave_1
[  158.910323][T11302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.937597][T11302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  158.999287][T11407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2740'.
[  159.002030][T11302] hsr_slave_0: entered promiscuous mode
[  159.017696][T11302] hsr_slave_1: entered promiscuous mode
[  159.024654][T11302] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  159.036091][T11302] Cannot create hsr debugfs directory
[  159.273453][T11425] loop2: detected capacity change from 0 to 128
[  159.282454][T11425] ext4 filesystem being mounted at /149/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.318155][T11428] syz.2.2747[11428] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.318212][T11428] syz.2.2747[11428] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.330874][T11428] syz.2.2747[11428] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.363867][T11302] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  159.384884][T11302] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  159.394528][T11302] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  159.404253][T11302] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  159.443629][T11302] 8021q: adding VLAN 0 to HW filter on device bond0
[  159.462641][T11302] 8021q: adding VLAN 0 to HW filter on device team0
[  159.479379][ T2355] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.488281][ T2355] bridge0: port 1(bridge_slave_0) entered forwarding state
[  159.499750][T11435] netlink: 'syz.0.2750': attribute type 4 has an invalid length.
[  159.509281][T11435] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2750'.
[  159.523133][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.532294][ T5832] bridge0: port 2(bridge_slave_1) entered forwarding state
[  159.638096][T11302] 8021q: adding VLAN 0 to HW filter on device batadv0
[  159.732783][T11302] veth0_vlan: entered promiscuous mode
[  159.751597][T11302] veth1_vlan: entered promiscuous mode
[  159.776197][T11302] veth0_macvtap: entered promiscuous mode
[  159.784032][T11302] veth1_macvtap: entered promiscuous mode
[  159.798482][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.809166][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.819183][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.829889][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.839901][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.850355][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.860188][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.870633][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.880538][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.891002][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.900841][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.911523][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.924430][T11302] batman_adv: batadv0: Interface activated: batadv_slave_0
[  159.937621][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  159.948215][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.958585][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  159.969102][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.979176][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  159.989641][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.999558][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  160.010043][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  160.019899][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  160.030438][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  160.040295][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  160.050909][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  160.081475][T11302] batman_adv: batadv0: Interface activated: batadv_slave_1
[  160.091592][T11302] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  160.094908][   T29] kauditd_printk_skb: 86 callbacks suppressed
[  160.094945][   T29] audit: type=1326 audit(2000000081.020:2536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.4.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520d5adff9 code=0x7ffc0000
[  160.100412][T11302] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  160.100497][T11302] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  160.106681][   T29] audit: type=1326 audit(2000000081.020:2537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.4.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520d5adff9 code=0x7ffc0000
[  160.130177][T11302] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  160.138855][   T29] audit: type=1326 audit(2000000081.020:2538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.4.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f520d5adff9 code=0x7ffc0000
[  160.203334][   T29] audit: type=1326 audit(2000000081.020:2539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.4.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520d5adff9 code=0x7ffc0000
[  160.226836][   T29] audit: type=1326 audit(2000000081.020:2540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.4.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f520d5adff9 code=0x7ffc0000
[  160.250237][   T29] audit: type=1326 audit(2000000081.020:2541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.4.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520d5adff9 code=0x7ffc0000
[  160.273858][   T29] audit: type=1326 audit(2000000081.020:2542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.4.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f520d5adff9 code=0x7ffc0000
[  160.297859][   T29] audit: type=1326 audit(2000000081.230:2543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.4.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520d5adff9 code=0x7ffc0000
[  160.321848][   T29] audit: type=1326 audit(2000000081.230:2544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.4.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f520d5adff9 code=0x7ffc0000
[  160.345524][   T29] audit: type=1326 audit(2000000081.230:2545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.4.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7f520d5adff9 code=0x7ffc0000
[  160.492725][T11482] loop4: detected capacity change from 0 to 4096
[  160.522257][T11489] loop3: detected capacity change from 0 to 512
[  160.548125][T11489] ext4 filesystem being mounted at /109/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  160.718429][T11506] netlink: 24 bytes leftover after parsing attributes in process `+}[@'.
[  160.727839][T11508] netlink: 16403 bytes leftover after parsing attributes in process `syz.4.2774'.
[  160.787325][T11516] loop4: detected capacity change from 0 to 1024
[  160.806677][T11516] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  160.837623][T11516] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  160.852482][T11516] EXT4-fs (loop4): orphan cleanup on readonly fs
[  160.862939][T11516] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5780: Corrupt filesystem
[  160.907647][T11516] EXT4-fs error (device loop4): ext4_quota_write:7251: inode #3: comm syz.4.2779: mark_inode_dirty error
[  160.944158][T11516] EXT4-fs error (device loop4): ext4_acquire_dquot:6879: comm syz.4.2779: Failed to acquire dquot type 0
[  160.965748][T11516] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5780: Corrupt filesystem
[  160.983785][T11516] EXT4-fs error (device loop4): ext4_ext_truncate:4457: inode #15: comm syz.4.2779: mark_inode_dirty error
[  161.018476][T11516] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5780: Corrupt filesystem
[  161.042715][T11516] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  161.057288][T11516] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5780: Corrupt filesystem
[  161.068357][T11516] EXT4-fs error (device loop4): ext4_truncate:4208: inode #15: comm syz.4.2779: mark_inode_dirty error
[  161.081329][T11516] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  161.092625][T11516] EXT4-fs (loop4): 1 truncate cleaned up
[  161.183577][T11544] loop1: detected capacity change from 0 to 128
[  161.198191][T11541] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2787'.
[  161.207306][T11541] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2787'.
[  161.372835][T11569] syzkaller0: entered promiscuous mode
[  161.378626][T11569] syzkaller0: entered allmulticast mode
[  161.415759][T11579] loop4: detected capacity change from 0 to 512
[  161.437921][T11579] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  161.446026][T11579] System zones: 0-2, 18-18, 34-34
[  161.451705][T11579] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2807: bg 0: block 248: padding at end of block bitmap is not set
[  161.466718][T11579] EXT4-fs error (device loop4): ext4_acquire_dquot:6879: comm syz.4.2807: Failed to acquire dquot type 1
[  161.480769][T11579] EXT4-fs (loop4): 1 truncate cleaned up
[  161.487637][T11579] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  161.685525][T11605] veth1_macvtap: left promiscuous mode
[  161.691058][T11605] macsec0: entered allmulticast mode
[  161.699034][T11605] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check.
[  161.803972][T11612] loop3: detected capacity change from 0 to 1024
[  161.812715][T11612] EXT4-fs: Ignoring removed nobh option
[  161.869635][T11622] loop3: detected capacity change from 0 to 1024
[  161.933216][T11631] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  161.950053][T11634] syz.1.2829[11634] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  161.950185][T11634] syz.1.2829[11634] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  161.961825][T11634] syz.1.2829[11634] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  162.299803][T11654] loop4: detected capacity change from 0 to 512
[  162.318825][T11654] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  162.328294][T11654] EXT4-fs (loop4): orphan cleanup on readonly fs
[  162.335239][T11654] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2838: bg 0: block 248: padding at end of block bitmap is not set
[  162.350269][T11654] EXT4-fs error (device loop4): ext4_acquire_dquot:6879: comm syz.4.2838: Failed to acquire dquot type 1
[  162.362054][T11654] EXT4-fs (loop4): 1 truncate cleaned up
[  162.374106][T11654] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  162.383271][T11654] EXT4-fs error (device loop4): __ext4_remount:6522: comm syz.4.2838: Abort forced by user
[  162.394171][T11654] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  162.438064][T11654] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  162.474293][T11654] ext4 filesystem being remounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  162.528767][T11671] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2845'.
[  162.542912][T11671] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.610422][T11671] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.698388][T11683] loop3: detected capacity change from 0 to 1024
[  162.706405][T11683] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  162.717375][T11683] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869)
[  162.727798][T11686] loop4: detected capacity change from 0 to 512
[  162.729343][T11683] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  162.744274][T11683] EXT4-fs (loop3): external journal device major/minor numbers have changed
[  162.744627][T11686] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  162.753141][T11683] EXT4-fs (loop3): filesystem has both journal inode and journal device!
[  162.771802][T11671] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.791434][T11686] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #2: comm syz.4.2851: corrupted inode contents
[  162.805009][T11686] EXT4-fs error (device loop4): ext4_dirty_inode:5984: inode #2: comm syz.4.2851: mark_inode_dirty error
[  162.816953][T11686] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #2: comm syz.4.2851: corrupted inode contents
[  162.838796][T11671] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.851449][T11690] pim6reg1: entered promiscuous mode
[  162.856996][T11690] pim6reg1: entered allmulticast mode
[  162.898956][T11671] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  162.925352][T11671] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  162.954032][T11671] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  162.977345][T11671] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  163.039896][T11704] loop4: detected capacity change from 0 to 256
[  163.086614][T11712] syz.0.2862[11712] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  163.140805][T11721] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2866'.
[  163.169736][T11719] bridge0: port 3(syz_tun) entered blocking state
[  163.176402][T11719] bridge0: port 3(syz_tun) entered disabled state
[  163.201475][T11719] syz_tun: entered allmulticast mode
[  163.216225][T11719] syz_tun: entered promiscuous mode
[  163.221672][T11719] bridge0: port 3(syz_tun) entered blocking state
[  163.228185][T11719] bridge0: port 3(syz_tun) entered forwarding state
[  163.370336][T11753] loop5: detected capacity change from 0 to 7
[  163.385935][T11753] Buffer I/O error on dev loop5, logical block 0, async page read
[  163.397786][T11753] Buffer I/O error on dev loop5, logical block 0, async page read
[  163.397816][T11753]  loop5: unable to read partition table
[  163.397935][T11753] loop_reread_partitions: partition scan of loop5 (�被x������ڬ��dƤ����ݡ�����
[  163.397935][T11753] 
) failed (rc=-5)
[  163.589030][T11782] netlink: 'syz.3.2895': attribute type 1 has an invalid length.
[  163.631023][T11782] bond1: (slave gretap1): making interface the new active one
[  163.644103][T11782] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  163.667791][T11790] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2898'.
[  163.784774][T11807] bpf_get_probe_write_proto: 2 callbacks suppressed
[  163.784792][T11807] syz.1.2907[11807] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  163.810445][T11807] syz.1.2907[11807] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  163.812569][T11813] loop3: detected capacity change from 0 to 512
[  163.824860][T11807] syz.1.2907[11807] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  163.867276][T11813] ext4 filesystem being mounted at /161/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  163.915535][T11813] loop3: detected capacity change from 512 to 64
[  163.922591][T11824] x_tables: duplicate underflow at hook 4
[  163.923181][T11826] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2914'.
[  164.048744][T11839] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11839 comm=syz.0.2921
[  164.202194][T11856] loop4: detected capacity change from 0 to 2048
[  164.256095][T11856]  loop4: p1 < > p4
[  164.260766][T11856] loop4: p4 size 8388608 extends beyond EOD, truncated
[  164.457049][T11889] geneve0: entered allmulticast mode
[  164.564125][T11864] chnl_net:caif_netlink_parms(): no params data found
[  164.671283][T11864] bridge0: port 1(bridge_slave_0) entered blocking state
[  164.678582][T11864] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.717962][T11864] bridge_slave_0: entered allmulticast mode
[  164.738071][T11864] bridge_slave_0: entered promiscuous mode
[  164.758524][T11864] bridge0: port 2(bridge_slave_1) entered blocking state
[  164.766185][T11864] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.782629][T11864] bridge_slave_1: entered allmulticast mode
[  164.808459][T11864] bridge_slave_1: entered promiscuous mode
[  164.831570][T11935] loop4: detected capacity change from 0 to 128
[  164.851883][T11935] ext4 filesystem being mounted at /54/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  164.902637][T11864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  164.927284][T11864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  165.056483][T11993] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2946'.
[  165.113961][T11864] team0: Port device team_slave_0 added
[  165.136493][   T29] kauditd_printk_skb: 254 callbacks suppressed
[  165.136510][   T29] audit: type=1400 audit(2000000086.067:2794): avc:  denied  { unmount } for  pid=9891 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  165.137995][T11864] team0: Port device team_slave_1 added
[  165.174860][T12002] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2949'.
[  165.184292][T12002] unsupported nlmsg_type 40
[  165.228561][T11864] batman_adv: batadv0: Adding interface: batadv_slave_0
[  165.235614][T11864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.261590][T11864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  165.299376][   T29] audit: type=1400 audit(2000000086.227:2795): avc:  denied  { ioctl } for  pid=12013 comm="syz.2.2953" path="socket:[41734]" dev="sockfs" ino=41734 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  165.315383][T11864] batman_adv: batadv0: Adding interface: batadv_slave_1
[  165.331532][T11864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.357678][T11864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  165.394496][T11864] hsr_slave_0: entered promiscuous mode
[  165.409200][T11864] hsr_slave_1: entered promiscuous mode
[  165.418819][   T29] audit: type=1400 audit(2000000086.347:2796): avc:  denied  { setopt } for  pid=12028 comm="syz.1.2958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  165.438662][   T29] audit: type=1400 audit(2000000086.347:2797): avc:  denied  { write } for  pid=12028 comm="syz.1.2958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  165.458628][T11864] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  165.467937][T11864] Cannot create hsr debugfs directory
[  165.499130][T12027] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2957'.
[  165.520060][T12027] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2957'.
[  165.540943][   T29] audit: type=1326 audit(2000000086.467:2798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12036 comm="syz.0.2962" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6b1432dff9 code=0x0
[  165.588440][   T29] audit: type=1400 audit(2000000086.517:2799): avc:  denied  { read } for  pid=12038 comm="syz.4.2963" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  165.611963][   T29] audit: type=1400 audit(2000000086.517:2800): avc:  denied  { open } for  pid=12038 comm="syz.4.2963" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  165.648467][   T29] audit: type=1400 audit(2000000086.567:2801): avc:  denied  { ioctl } for  pid=12038 comm="syz.4.2963" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  165.679327][T12041] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  165.716845][   T29] audit: type=1400 audit(2000000086.607:2802): avc:  denied  { mac_admin } for  pid=12040 comm="syz.1.2965" capability=33  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  165.830336][   T29] audit: type=1400 audit(2000000086.627:2803): avc:  denied  { execute_no_trans } for  pid=12046 comm="syz.4.2966" path="/58/file1" dev="tmpfs" ino=328 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  165.858780][T11864] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.909154][T11864] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.935725][T12064] syz.1.2971[12064] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  165.935801][T12064] syz.1.2971[12064] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  165.949115][T12064] syz.1.2971[12064] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  165.969585][T11864] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.029131][T11864] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.065327][T12083] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2974'.
[  166.124120][T11864] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  166.133767][T11864] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  166.158074][T11864] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  166.167194][T11864] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  166.241327][T11864] 8021q: adding VLAN 0 to HW filter on device bond0
[  166.262549][T11864] 8021q: adding VLAN 0 to HW filter on device team0
[  166.273427][ T5096] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.280601][ T5096] bridge0: port 1(bridge_slave_0) entered forwarding state
[  166.300250][ T5096] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.307945][ T5096] bridge0: port 2(bridge_slave_1) entered forwarding state
[  166.361927][T11864] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  166.384549][T12125] netlink: 'syz.1.2981': attribute type 1 has an invalid length.
[  166.445890][T12125] bond1: (slave gretap1): making interface the new active one
[  166.454069][T12125] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  166.485234][T11864] 8021q: adding VLAN 0 to HW filter on device batadv0
[  166.646693][T11864] veth0_vlan: entered promiscuous mode
[  166.661894][T11864] veth1_vlan: entered promiscuous mode
[  166.707983][T11864] veth0_macvtap: entered promiscuous mode
[  166.826874][T11864] veth1_macvtap: entered promiscuous mode
[  166.861279][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.871982][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.881891][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.892353][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.902283][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.913012][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.922869][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.933431][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.943527][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.954045][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.964464][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.975375][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.985278][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.995890][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.023398][T11864] batman_adv: batadv0: Interface activated: batadv_slave_0
[  167.038480][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.049118][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.059028][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.069627][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.079589][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.090171][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.100047][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.110722][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.120580][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.131101][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.140974][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.151470][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.161331][T11864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.171840][T11864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.185322][T11864] batman_adv: batadv0: Interface activated: batadv_slave_1
[  167.195243][T11864] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  167.204038][T11864] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  167.212817][T11864] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  167.221596][T11864] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  167.301831][T12256] loop3: detected capacity change from 0 to 128
[  167.315284][T12256] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  167.323273][T12256] FAT-fs (loop3): Filesystem has been set read-only
[  167.336742][T12256] bio_check_eod: 5 callbacks suppressed
[  167.336758][T12256] syz.3.3004: attempt to access beyond end of device
[  167.336758][T12256] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  167.358924][T12256] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  167.366941][T12256] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  167.375186][T12256] syz.3.3004: attempt to access beyond end of device
[  167.375186][T12256] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  167.390747][T12256] syz.3.3004: attempt to access beyond end of device
[  167.390747][T12256] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  167.861670][T12286] loop4: detected capacity change from 0 to 2048
[  167.893754][T12286] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  168.038627][T12304] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  168.098226][T12316] loop4: detected capacity change from 0 to 1024
[  168.105173][T12316] EXT4-fs: Ignoring removed orlov option
[  168.111373][T12316] EXT4-fs: Ignoring removed nomblk_io_submit option
[  168.138945][T12316] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842e018, mo2=0002]
[  168.148058][T12316] System zones: 0-1, 3-12
[  168.172760][T12316] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2793: inode #14: comm syz.4.3032: corrupted in-inode xattr: bad magic number in in-inode xattr
[  168.189445][T12316] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #14: comm syz.4.3032: attempt to clear invalid blocks 1886221359 len 1
[  168.278940][T12341] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  168.302069][T12343] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3043'.
[  168.329669][T12343] bond2: (slave vcan1): The slave device specified does not support setting the MAC address
[  168.365256][T12343] bond2: (slave vcan1): Error -95 calling set_mac_address
[  168.388546][T12385] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.462534][T12405] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  168.520396][T12415] sg_write: data in/out 231/14 bytes for SCSI command 0x0-- guessing data in;
[  168.520396][T12415]    program syz.4.3057 not setting count and/or reply_len properly
[  168.587189][T12420] netlink: 24 bytes leftover after parsing attributes in process `+}[@'.
[  168.746187][T12438] atomic_op ffff8881213fc928 conn xmit_atomic 0000000000000000
[  168.781839][T12442] loop3: detected capacity change from 0 to 2048
[  168.807396][T12442] EXT4-fs mount: 65 callbacks suppressed
[  168.807412][T12442] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  168.834355][T12442] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  168.861443][T11864] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.130341][T12477] block device autoloading is deprecated and will be removed.
[  169.158618][T12481] syz_tun: entered allmulticast mode
[  169.180833][T12480] syz_tun: left allmulticast mode
[  169.480463][T12537] loop1: detected capacity change from 0 to 512
[  169.488268][T12537] EXT4-fs: Ignoring removed orlov option
[  169.494859][T12537] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  169.529334][T12537] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.565733][T12537] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  169.584808][T12548] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3089'.
[  169.606670][T12537] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3086: bg 0: block 255: padding at end of block bitmap is not set
[  169.673104][T11302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.712327][T12557] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3091'.
[  169.721363][T12557] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3091'.
[  170.019016][T12619] syz.2.3098[12619] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  170.019134][T12619] syz.2.3098[12619] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  170.040178][T12619] syz.2.3098[12619] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  170.108302][T12623] loop1: detected capacity change from 0 to 512
[  170.227015][T12623] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.292358][T12623] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  170.371382][T11302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.460281][T12650] loop4: detected capacity change from 0 to 1024
[  170.467138][T12650] EXT4-fs: Ignoring removed orlov option
[  170.472960][T12650] EXT4-fs: Ignoring removed nomblk_io_submit option
[  170.487033][T12650] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  170.509257][   T29] kauditd_printk_skb: 103 callbacks suppressed
[  170.509273][   T29] audit: type=1400 audit(2000000091.437:2907): avc:  denied  { ioctl } for  pid=12649 comm="syz.4.3108" path="/93/bus/cpuacct.usage_percpu_sys" dev="loop4" ino=18 ioctlcmd=0x662a scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  170.547979][T11133] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.579593][   T29] audit: type=1326 audit(2000000091.507:2908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12663 comm="syz.0.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1432dff9 code=0x7ffc0000
[  170.579631][T12668] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3122'.
[  170.603207][   T29] audit: type=1326 audit(2000000091.507:2909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12663 comm="syz.0.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f6b1432dff9 code=0x7ffc0000
[  170.635675][   T29] audit: type=1326 audit(2000000091.507:2910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12663 comm="syz.0.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b1432dff9 code=0x7ffc0000
[  170.663593][   T29] audit: type=1400 audit(2000000091.587:2911): avc:  denied  { audit_write } for  pid=12671 comm="syz.0.3116" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  170.685032][   T29] audit: type=1107 audit(2000000091.587:2912): pid=12671 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='
�'
[  170.744914][T12687] loop0: detected capacity change from 0 to 512
[  170.785141][T12687] EXT4-fs: Ignoring removed i_version option
[  170.797063][T12692] syz.1.3121[12692] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  170.797198][T12692] syz.1.3121[12692] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  170.811110][T12687] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  170.833009][T12692] syz.1.3121[12692] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  170.843924][T12687] EXT4-fs (loop0): 1 truncate cleaned up
[  170.861835][T12687] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.865355][T12693] loop3: detected capacity change from 0 to 512
[  170.883114][   T29] audit: type=1400 audit(2000000091.807:2913): avc:  denied  { bind } for  pid=12689 comm="syz.1.3121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  170.921210][T12693] EXT4-fs (loop3): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  171.008887][T12712] syz.2.3129[12712] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  171.009083][T12712] syz.2.3129[12712] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  171.023230][T12712] syz.2.3129[12712] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  171.075920][T12693] Quota error (device loop3): v2_read_file_info: Free block number 58381 out of range (1, 6).
[  171.097874][T12693] EXT4-fs warning (device loop3): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  171.163462][T11864] EXT4-fs (loop3): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[  171.239698][T12753] syzkaller0: refused to change device tx_queue_len
[  171.273295][T12708] ==================================================================
[  171.275016][T12766] syz.2.3138[12766] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  171.281419][T12708] BUG: KCSAN: data-race in __xa_set_mark / xas_find_marked
[  171.281460][T12708] 
[  171.281467][T12708] write to 0xffff888105a82224 of 4 bytes by task 12687 on cpu 0:
[  171.310133][T12708]  __xa_set_mark+0x182/0x1b0
[  171.314744][T12708]  __folio_mark_dirty+0x3b5/0x4e0
[  171.319787][T12708]  mark_buffer_dirty+0x148/0x250
[  171.324748][T12708]  block_write_end+0x123/0x210
[  171.329533][T12708]  ext4_write_end+0x136/0x720
[  171.334217][T12708]  generic_perform_write+0x33c/0x4a0
[  171.339510][T12708]  ext4_buffered_write_iter+0x1ea/0x370
[  171.345078][T12708]  ext4_file_write_iter+0x293/0xe10
[  171.350295][T12708]  iter_file_splice_write+0x5f1/0x980
[  171.355681][T12708]  direct_splice_actor+0x160/0x2c0
[  171.360802][T12708]  splice_direct_to_actor+0x302/0x670
[  171.366186][T12708]  do_splice_direct+0xd7/0x150
[  171.370960][T12708]  do_sendfile+0x39b/0x970
[  171.375393][T12708]  __x64_sys_sendfile64+0x110/0x150
[  171.380604][T12708]  x64_sys_call+0xed5/0x2d60
[  171.385314][T12708]  do_syscall_64+0xc9/0x1c0
[  171.389826][T12708]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.395764][T12708] 
[  171.398139][T12708] read to 0xffff888105a82224 of 4 bytes by task 12708 on cpu 1:
[  171.405868][T12708]  xas_find_marked+0x60a/0x660
[  171.410666][T12708]  find_get_entry+0x54/0x390
[  171.415286][T12708]  filemap_get_folios_tag+0x9e/0x210
[  171.420620][T12708]  file_write_and_wait_range+0x162/0x250
[  171.426358][T12708]  generic_buffers_fsync_noflush+0x46/0x120
[  171.432264][T12708]  ext4_sync_file+0x1ff/0x6c0
[  171.436960][T12708]  vfs_fsync_range+0x116/0x130
[  171.441741][T12708]  ext4_buffered_write_iter+0x326/0x370
[  171.447305][T12708]  ext4_file_write_iter+0x293/0xe10
[  171.452520][T12708]  iter_file_splice_write+0x5f1/0x980
[  171.457906][T12708]  direct_splice_actor+0x160/0x2c0
[  171.463029][T12708]  splice_direct_to_actor+0x302/0x670
[  171.468411][T12708]  do_splice_direct+0xd7/0x150
[  171.473188][T12708]  do_sendfile+0x39b/0x970
[  171.477634][T12708]  __x64_sys_sendfile64+0x110/0x150
[  171.482869][T12708]  x64_sys_call+0xed5/0x2d60
[  171.487477][T12708]  do_syscall_64+0xc9/0x1c0
[  171.491989][T12708]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.498012][T12708] 
[  171.500347][T12708] value changed: 0x04000021 -> 0x0e000021
[  171.506166][T12708] 
[  171.508499][T12708] Reported by Kernel Concurrency Sanitizer on:
[  171.514666][T12708] CPU: 1 UID: 0 PID: 12708 Comm: syz.0.3118 Tainted: G        W          6.12.0-rc1-syzkaller-00349-g8f602276d390 #0
[  171.527015][T12708] Tainted: [W]=WARN
[  171.530818][T12708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  171.540878][T12708] ==================================================================
[  171.621722][ T8961] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.