last executing test programs: 2.277993727s ago: executing program 2 (id=315): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x2, 0x49, 0x1, 0xffffffffffffffff, 0xfffffffe}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r0, 0x0, 0xa002a0}, 0x38) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r2}, 0x18) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={0x0, &(0x7f0000000140)=""/184, &(0x7f0000000200), &(0x7f0000001540), 0x1, r0}, 0x38) 1.895024664s ago: executing program 3 (id=320): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000140)="24000000010006", 0x7) 1.866748314s ago: executing program 3 (id=321): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net\x00') fchdir(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = gettid() ppoll(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) tkill(r2, 0x7) r3 = socket$kcm(0x2, 0x1000000000000005, 0x0) sendmsg$inet(r3, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x0, @rand_addr=0xa9fe0000}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000080)='r', 0x1}], 0x1, &(0x7f0000007880)=[@ip_retopts={{0x10, 0x84}}], 0x10}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) prctl$PR_SET_THP_DISABLE(0x29, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) set_mempolicy_home_node(&(0x7f0000378000/0x2000)=nil, 0x2000, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$unix(0x1, 0x5, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x0, 0x0) mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x11, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x3, 0x17b, 0x20080, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000100000000000000000b000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3}) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000140)="24000000010006", 0x7) syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x41c3, 0x800, 0x0, 0x335}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) 1.847891995s ago: executing program 2 (id=322): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r0 = socket$rds(0x15, 0x5, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, 0x0, 0x0) 1.802786865s ago: executing program 2 (id=324): bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x1000000, &(0x7f0000000680)={[{@dioread_lock}, {@nogrpid}, {@abort}, {@nodelalloc}, {@user_xattr}, {@grpjquota, 0x2e}, {@nombcache}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4c7, &(0x7f0000000700)="$eJzs3M9vFFUcAPDvTGkpP1uQqPxQVtHYiLa0oHLwoEYTLhoTPeCxlkqQAobWRAiRagwejX+BejQx8eTFkybGqBc1XvVuTIjhAnowa2Z3pt2l2+1sf1BxP59ktu/Nr/e+b+Z1Z+ftTgBdq5K9JBFbI+LXiBioZ5tXqNT/3Lh2aeKva5cmkqhWX/ozqa13/dqliWLVYrsteWYojUjfS2Jvi3KnL1w8PT41NXk+z4/MnHljZPrCxUdPnRk/OXly8uzY0aNHDo8+8fjYY6XiuLzE8iyu63vePrdv97FXPnx+ohqvfv9ZVt+t+fLGOOoGS5XbTiUqUc3Nz+2rvT644r3/t2xrSCcb1rEidKQnIrLD1Vvr/wPRE/MHbyCee3cu8806VRBYM9l7044Fc3vyv+nc+xfwf5To49Clinf87PNvMd3K64/1dvXp7HWyFv+NfPrxhXrbpNln2cH6J/bqItvf2WJe/3yyOrBE+Vsj4vjs3x9lU7S8D9FGUnpNAIA5X2XXP4+0uv5Lm65ttudjKIMRcTAidkbEHRGxK9K5de6KiLs7LL9yU37h9c/PmzrcZUey678n87GtYqovKeJK5nLbavH3Jq+dmpo8lLfJUPRuzPKjbcr4+tlfPlhsWaXh+i+bsvKLa8G8Hn9s2Ni8zYnxmfEVhNzk6jsReza0ij+ZGwnIWmB3ROxZxv6zNjv18Kf7svT2LQuXLx1/G6swzlT9JOKh+vGfjZviLyT1khYbnxzpj6nJQyPFWbHQDz9debEx39uQboq/v1xM/csNtoXs+G9uef7n8RfdoBivne68jCu/vb/oZ5qFxz+J47ONa+Tn/6b5ZsvO/77k5Vq6L5/31vjMzPnRiL58RtP8sfm9Ffli/Sz+oQOt+//OiH8+zrfbGxHZSXxPRNwbEfvzut8XEfdHxIE28X/3zAOvt2+hZZ7/qyCL/0S74x8xmDSO1y8j0XP62y8XK7/c/78jtdRQPqfM/7+yFVxJ2wEAAMDtIq2NQSfpcJFuuDm1KzanU+emZw5W4s2zJ+pj1YPRmxZ3ugYa7oeO5veGi/zYTfnDEbGj9k2jTbX88MS5qW3rGThQ+61OU/+PNB0eri/7vWe9awesuY7G0Rq/dPb5F6tfGeCW8ntN6F76P3Qv/R+6l/4P3atV/78ccWMdqgLcYt7/oXvp/9C99H/oXvo/dKWFP4kvHreynF/6zyd2HlvR5mueqA6syZ5nO9+qZ40ijcaHdiyaSCJieUVE2n6dvhKll0z0dfBAh3KJdMl1nlqqWXpX9EyMLLE/T2yMiLJbXV69Vi1x/mQST5kEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABua/8GAAD//6si49Y=") fspick(0xffffffffffffff9c, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='kfree\x00', r0}, 0x18) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./bus\x00', 0x0, &(0x7f0000000140)={[{@rodir}, {@rodir}, {@rodir}, {@shortname_win95}, {@shortname_win95}, {@shortname_lower}, {@uni_xlate}, {@fat=@nocase}, {@rodir}, {@rodir}, {@utf8no}, {@utf8}]}, 0x1, 0x356, &(0x7f0000000200)="$eJzs3U9oI9UfAPBvdrJJu7C/9vCDRUEYvQladise9NSydGExF5Xgn4MY3K5KUxcaDHYPzdaLeBQ86smbBz142LMIinjz4NUVxD940OOCiyPJTJJpk3a7QnYtfj6H8O1732/ee5mhmU6b15dXYqMWcTmNiLm5SlRXzq/EzUosRhJD12JSbUobAHA83Myy+CPLHbGkMuMpAQAzNnj/f/V0qeXtLw/Lz7z7A8CxV/z8P39YztxBHVdmMiUAYMYm7v8/tKe7tvdX/dXSXwUAAMfVsy+8+NRqI+KZNJ2L2Hyn2+w248lx/+rleD3asR5nYyFuReQXCv2HyuDxwsXG2tk0TXvx82I0+xXdZsRmr9vMrxRWk0F9Pc7FQiwW9cXVRpZlyYXPGmvn0oGIuNYbjB+blW7zZJwqxv/+VKzHcqTx/4n6iIuNteW0eILm5rC+F7E7vm/Rn/9SLMS3r8SVaMel6NcOL2saazvn0vR81thT323W5y6NXoUD74AAAAAAAAAAAAAAAAAAAAAAAMA/spSOLI72v8nG+/csLU3pH+yPk9cX+wPt5vsDZfUssuz3tx5tvpvEnv2B9u/P021W48S9XToAAAAAAAAAAAAAAAAAAAD8a3S2a9Fqt9e3OttXN8pBb6uzfSIi+i1vfP3JF/MxmXOboFqMUepKi6arG60sGSZnyZ6cIkj6gw9bPr4+mnE5pz5axdRp1A/uardPP/jjB+OWB5LhM/81zkli+gKTfdMoB5v/y6d0Jy/UKFi+Tc6NLMsOKt95abIqKhHVOz9whwdZP/jqp9fue6xz5vFBy+dZ7uFHFp678f5Hv2602v2RY3AEa1udW9lGq/h6+sl2cJCUzp9K5EGlfCZUDyvfLYL5iP6hbCXf/fb8/e99c7TRs3LLm1Nyknw5n+7vquVBJR+03DU/bayTU07+GQRnPlxpXd/54ZejVpW+SdioAwAAAAAAAAAAAAAAAAAA7orSZ8ULxYd9Tx5W9cTTs58ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANw94///Xwp2J1qOEvzZi8mu+vpWJ6J2r5cJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/3N8BAAD//zGNaeE=") bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_usb_connect(0x5, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xf4, 0x85, 0x41, 0x40, 0x1690, 0x7588, 0x70a4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x86, 0x10, 0x4, [{{0x9, 0x4, 0x4, 0x8, 0x0, 0x6c, 0xec, 0xd0, 0x6}}]}}]}}, 0x0) (fail_nth: 7) 1.346198724s ago: executing program 1 (id=327): socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)=ANY=[@ANYRES64], 0x48) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x4000050) r0 = open$dir(0x0, 0x18100, 0x0) fcntl$notify(r0, 0x402, 0x80000023) setxattr$security_evm(0x0, &(0x7f0000000140), 0x0, 0x0, 0x1) setxattr$security_evm(0x0, &(0x7f00000001c0), 0x0, 0x0, 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x18, 0x6, 0x20, 0x0) r1 = socket$inet(0x2, 0x3, 0xd) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000e600000000000000000000000000001b8213edbbfcde3e578d"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x1, 0x0, 0x25dfdbfb, {}, [@FRA_TUN_ID={0xc, 0x14}, @FRA_GENERIC_POLICY=@FRA_L3MDEV={0x5, 0x13, 0x1}]}, 0x30}}, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000400)='./file1\x00', 0x1c, &(0x7f00000000c0)={[{@nombcache}, {@data_writeback}, {@nodiscard}, {@lazytime}, {@noblock_validity}, {@jqfmt_vfsv1}], [{@fsname={'fsname', 0x3d, '\'-%\''}}]}, 0x3, 0x44f, &(0x7f00000010c0)="$eJzs3M1vFGUYAPBnZtsiX7YifvChVtHY+NHSgsrBgxpNPGhiogc81rYQZKGG1kQI0WoMHg2Jd+PRxL/Ak16MejLxqndDQgwX0NOa2Z1pt8t2ocu2g+zvlwy873z0fZ6deXffmbfbAPrWaPZPErEjIv6IiOFGdfUOo43/rl05P/PPlfMzSdRqb/+d1Pe7euX8TLFrcdz2vDKWRqSfJ7GvTbsLZ8+dnK5W587k9YnFUx9MLJw99+yJU9PH547PnZ46cuTwockXnp96rid5ZjFd3fvx/P49r7978c2Zoxff++W7pMi/JY9VlrpucrTTxidqta5/8O1oZ1M5GSgxENalEhHZ6Rqs9//hqMTKyRuO1z4rNThgQ9Vqtdr2tTcv1YA7WBJlRwCUo/igz+5/i2WThh63hcsvN26Asryv5Utjy0Ck+T6DLfe3vTQaEUeX/v06W6LTcwgAgB75IRv/PNNu/JfG/U373Z3PDY1ExD0RsSsi7o2I3RFxX0R93wci4sF1tt86SXL9+Ce91FViNykb/72Yz22tHv8Vo78YqeS1nfX8B5NjJ6pzB/PXZCwGt2T1yQ5t/Pjq71+uta15/JctWfvFWDCP49LAltXHzE4vTt9Kzs0ufxqxd6Bd/snyTEASEXsiYm+XbZx46tv9a227cf4d9GCeqfZNxJON878ULfkXks7zkxN3RXXu4ERxVVzv198uvLVW+7eUfw9k539b2+t/Of+RpHm+dmH9bVz484s172m6vf6Hknfq5aF83UfTi4tnJiOGkjcaQTevn1o5tqgX+2f5jx1o3/93xcorsS8isov4oYh4OCIeyWN/NCIei4gDHfL/+ZXH3+8+/42V5T+7rvO/UhiK1jXtC5WTP32/qtGR9eSfnf/D9dJYvuZm3v9uJq7urmYAAAD4/0kjYkck6fhyOU3Hxxu/L787tqXV+YXFp4/Nf3h6tvEdgZEYTIsnXcNNz0Mn89v6oj7VUj+UPzf+qrK1Xh+fma/Olp089Lnta/T/zF+VsqMDNpzva0H/0v+hf+n/0L/0f+hfbfr/1jLiADZfu8//T0qIA9h8Lf1/edrvpRJiATaX+3/oX/o/9C/9H/rSwta48ZfkFTagUPx9hXLDqES3h0da/mt4xxQG84vhdonn5HS1xDclAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHvovAAD//+qG390=") syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket(0x10, 0x3, 0x9) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000600)=ANY=[], 0x110) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, 0x0) r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r6, r7, 0x0, 0x7fffffffffffffff) sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000011008188e6b62aa73f72cc9f0ba1f8483d0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x2004c084) getsockopt$inet_mreqsrc(r1, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28) 1.117493498s ago: executing program 1 (id=329): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x18) r2 = io_uring_setup(0x6b9e, &(0x7f0000000240)={0x0, 0xfffffffe, 0x800, 0x103fc, 0x4000159}) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x2b) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000840)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000340)={'vcan0\x00', 0x0}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x0, 0x0}, &(0x7f00000003c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000480)={'team0\x00', 0x0}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000540)={r0, 0x58, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000700)={0x12c, r6, 0x800, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_STRSET_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @ETHTOOL_A_STRSET_STRINGSETS={0xa8, 0x2, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}, {0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0xb}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}]}, @ETHTOOL_A_STRSET_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}]}, 0x12c}, 0x1, 0x0, 0x0, 0x48885}, 0x40000) sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4400, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) r12 = openat$tun(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0) ioctl$TUNSETTXFILTER(r12, 0x400454d1, &(0x7f0000000900)=ANY=[@ANYBLOB="01000300976e319da04eaaaaaaaaaaaaaaaaaaeaaa19b248c921668969a2958f9dcf"]) r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r13, 0x0, 0xffffffffffffffff}, 0x18) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x3, 0x0, 0xd, 0xa, [{0x8, 0x5}, {0x4, 0x5}, {0x6, 0x1}]}]}}, &(0x7f0000000f40)=""/4089, 0x3e, 0xff9, 0x1}, 0x28) r14 = creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f8b) ioctl$BLKTRACESETUP(r14, 0xc0481273, &(0x7f0000000000)={'\x00', 0x8, 0x2, 0x803fd, 0x1, 0x800}) close_range(r2, 0xffffffffffffffff, 0x0) 1.066332659s ago: executing program 4 (id=330): shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000000}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffff", 0x41}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000380)=""/176) 1.065368879s ago: executing program 3 (id=331): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000140)="24000000010006", 0x7) 1.064859299s ago: executing program 3 (id=332): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x2, 0x49, 0x1, 0xffffffffffffffff, 0xfffffffe}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r0, 0x0, 0xa002a0}, 0x38) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r2}, 0x18) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={0x0, &(0x7f0000000140)=""/184, &(0x7f0000000200), &(0x7f0000001540), 0x1, r0}, 0x38) 955.371471ms ago: executing program 3 (id=333): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x18) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f00000004c0)=[{0x27, 0x0, 0x5, 0xfffff034}, {0x80000006, 0x0, 0x12, 0xf9}]}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x7f, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r4, &(0x7f0000000200), 0xfffffd9d) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r5, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl1\x00', 0x0, 0x2f, 0x5, 0x2a, 0x2, 0x65, @dev={0xfe, 0x80, '\x00', 0x12}, @private0, 0x8000, 0x80, 0xfffffffc, 0x3}}) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000300)={@local, 0x1c, r6}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@setlink={0x3c, 0x13, 0x1, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r7}, @IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}]}, 0x3c}}, 0x0) 830.320014ms ago: executing program 2 (id=334): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r0 = socket$rds(0x15, 0x5, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0) 704.182236ms ago: executing program 0 (id=335): socket(0x2c, 0x2, 0x8) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) utime(&(0x7f0000000100)='./file0\x00', 0x0) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x18) (async, rerun: 32) readv(0xffffffffffffffff, &(0x7f0000000ec0)=[{&(0x7f0000001380)=""/4096, 0x1000}], 0x1) (async, rerun: 32) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x11}, 0x0, 0x10000, 0x1, 0x1, 0x3, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x67}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r2, 0x4, 0x29, 0xfffffffffffffec4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x2, 0x1}, 0x1205, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x40000000000000, r1, 0x0) syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r3 = socket(0x10, 0x80002, 0x0) (async) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) (async, rerun: 32) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) (async, rerun: 32) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r6}, 0x10) syncfs(r5) ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000000)='bridge0\x00') (async) sendmsg$nl_route(r3, 0x0, 0x0) (async, rerun: 64) r7 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) (async, rerun: 64) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) (rerun: 64) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) 635.362447ms ago: executing program 1 (id=336): r0 = creat(0x0, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000030000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x14, &(0x7f00000004c0)=ANY=[@ANYRESDEC=r1, @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c3"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback=0x22, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'wlc\x00', 0x15, 0x88, 0xc000067}, 0x2c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18) ustat(0x83, &(0x7f0000000580)) shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffb000/0x4000)=nil) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000680)=ANY=[@ANYBLOB="1500006e4fffff4c4b9a293a74088dcfd03cb067c81dbbb7614cb85be0ce179b462f8da394c8243dbdfa2dd41d00000000000000000000000000790dd2b35937c8f1213bef83894cf5b849b370f7ff068577c0dc2185263c7e84521f93c7a6a2ffc6e782d933bc2f27c2bac0ad5ecf5302"], 0x15) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000004000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7", @ANYRES8=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = dup(r3) write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f0000000600)=""/80) 576.714969ms ago: executing program 2 (id=337): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) pipe2(&(0x7f00000006c0)={0xffffffffffffffff}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$cgroup_devices(r2, 0x0, 0x2, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 576.303199ms ago: executing program 0 (id=338): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$packet_fanout_data(r3, 0x107, 0x16, &(0x7f0000000100)={0x36, &(0x7f0000000280)=[{0x2, 0xa6, 0x2, 0x3}, {0x2, 0x8, 0x8, 0xfffc}, {0xaee, 0x2, 0xac, 0x1000}, {0x40, 0xaf, 0x5, 0x2}, {0x6, 0x80, 0x0, 0x2}, {0x0, 0x3, 0x5, 0x9}]}, 0x10) write$binfmt_misc(r2, &(0x7f0000000100), 0x6) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000140)={0xe, 0x18, 0xfa00, @id_tos={0x0, r4, 0x300}}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0xffff060e}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) 575.822779ms ago: executing program 2 (id=339): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x200000000000002f, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x989}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r2}, 0x18) llistxattr(0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7fff}, 0x18) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) r5 = socket(0x2, 0x80805, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r6, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x7a, &(0x7f0000000340)={r7, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r5, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r5, 0x84, 0x70, &(0x7f00000019c0)={0x0, @in6={{0xa, 0x4e24, 0xd5f5, @local, 0x4}}, [0x6, 0x0, 0x7, 0x800, 0x2, 0xfffffffffffffffe, 0x7, 0x8, 0x4, 0x5, 0x33, 0x7, 0xa, 0x8, 0x4]}, &(0x7f0000001ac0)=0x100) recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) 574.881669ms ago: executing program 1 (id=340): socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)=ANY=[@ANYRES64], 0x48) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x4000050) r0 = open$dir(0x0, 0x18100, 0x0) fcntl$notify(r0, 0x402, 0x80000023) setxattr$security_evm(0x0, &(0x7f0000000140), 0x0, 0x0, 0x1) setxattr$security_evm(0x0, &(0x7f00000001c0), 0x0, 0x0, 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x18, 0x6, 0x20, 0x0) r1 = socket$inet(0x2, 0x3, 0xd) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000e600000000000000000000000000001b8213edbbfcde3e578d"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x1, 0x0, 0x25dfdbfb, {}, [@FRA_TUN_ID={0xc, 0x14}, @FRA_GENERIC_POLICY=@FRA_L3MDEV={0x5, 0x13, 0x1}]}, 0x30}}, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000400)='./file1\x00', 0x1c, &(0x7f00000000c0)={[{@nombcache}, {@data_writeback}, {@nodiscard}, {@lazytime}, {@noblock_validity}, {@jqfmt_vfsv1}], [{@fsname={'fsname', 0x3d, '\'-%\''}}]}, 0x3, 0x44f, &(0x7f00000010c0)="$eJzs3M1vFGUYAPBnZtsiX7YifvChVtHY+NHSgsrBgxpNPGhiogc81rYQZKGG1kQI0WoMHg2Jd+PRxL/Ak16MejLxqndDQgwX0NOa2Z1pt8t2ocu2g+zvlwy873z0fZ6deXffmbfbAPrWaPZPErEjIv6IiOFGdfUOo43/rl05P/PPlfMzSdRqb/+d1Pe7euX8TLFrcdz2vDKWRqSfJ7GvTbsLZ8+dnK5W587k9YnFUx9MLJw99+yJU9PH547PnZ46cuTwockXnp96rid5ZjFd3fvx/P49r7978c2Zoxff++W7pMi/JY9VlrpucrTTxidqta5/8O1oZ1M5GSgxENalEhHZ6Rqs9//hqMTKyRuO1z4rNThgQ9Vqtdr2tTcv1YA7WBJlRwCUo/igz+5/i2WThh63hcsvN26Asryv5Utjy0Ck+T6DLfe3vTQaEUeX/v06W6LTcwgAgB75IRv/PNNu/JfG/U373Z3PDY1ExD0RsSsi7o2I3RFxX0R93wci4sF1tt86SXL9+Ce91FViNykb/72Yz22tHv8Vo78YqeS1nfX8B5NjJ6pzB/PXZCwGt2T1yQ5t/Pjq71+uta15/JctWfvFWDCP49LAltXHzE4vTt9Kzs0ufxqxd6Bd/snyTEASEXsiYm+XbZx46tv9a227cf4d9GCeqfZNxJON878ULfkXks7zkxN3RXXu4ERxVVzv198uvLVW+7eUfw9k539b2+t/Of+RpHm+dmH9bVz484s172m6vf6Hknfq5aF83UfTi4tnJiOGkjcaQTevn1o5tqgX+2f5jx1o3/93xcorsS8isov4oYh4OCIeyWN/NCIei4gDHfL/+ZXH3+8+/42V5T+7rvO/UhiK1jXtC5WTP32/qtGR9eSfnf/D9dJYvuZm3v9uJq7urmYAAAD4/0kjYkck6fhyOU3Hxxu/L787tqXV+YXFp4/Nf3h6tvEdgZEYTIsnXcNNz0Mn89v6oj7VUj+UPzf+qrK1Xh+fma/Olp089Lnta/T/zF+VsqMDNpzva0H/0v+hf+n/0L/0f+hfbfr/1jLiADZfu8//T0qIA9h8Lf1/edrvpRJiATaX+3/oX/o/9C/9H/rSwta48ZfkFTagUPx9hXLDqES3h0da/mt4xxQG84vhdonn5HS1xDclAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHvovAAD//+qG390=") syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket(0x10, 0x3, 0x9) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000600)=ANY=[], 0x110) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, 0x0) r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendfile(r6, r7, 0x0, 0x7fffffffffffffff) sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000011008188e6b62aa73f72cc9f0ba1f8483d0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x2004c084) getsockopt$inet_mreqsrc(r1, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28) 539.641789ms ago: executing program 0 (id=341): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) sendto$inet(r0, &(0x7f0000000580)="e1", 0xfffffffffffffef1, 0x40000, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2}, 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r2}, @call={0x85, 0x0, 0x0, 0x26}]}, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32=r3, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20) recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000800)=""/140, 0x8c}], 0x1}, 0x10000) 462.39802ms ago: executing program 0 (id=342): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r0}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="18020000530b00000000000000000000850000004100000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000810000007b8af8ff00800000bfa2000000000045ec020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f0000000600)={0x0, @in6={{0xa, 0x4e23, 0x7, @dev={0xfe, 0x80, '\x00', 0x30}, 0x2001}}, 0x6, 0x6}, 0x90) r2 = syz_open_procfs(0x0, &(0x7f0000000300)='net/arp\x00') read(r2, 0x0, 0x0) pread64(r2, &(0x7f0000000080)=""/220, 0xdc, 0x4009) syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x30000c6, &(0x7f00000000c0), 0x2, 0x572, &(0x7f0000001600)="$eJzs3d9rU+cbAPDnpKm/v99WENnGGAUv5nCmtt0PB7twl2OTCdu9C2ks0tRIk4rthOnFvNnNkMEYE8but3svZf/A/gphCjKkbBe76TjpSW1t0jbamur5fCDyvnlP+p7nvOd5fU9OQgLIrZH0n0LEqxHxXRIxFBFJ1laMrHFkebvFR9cq6SOJpaXP/0pa26X19t9qv+5gVnklIn7/JuJEYX2/jfmF6XKtVp3N6qPNmcujjfmFkxdnylPVqeql8YmJ0+9OjH/w/nvbFutb5/758bO7H5/+9tjiD789OHwriTNxKGtbHcem9nVtub66MhIj2TEZjDNPbDjWy46/AJJ+7wBPZSDL88FI54ChGMiyHnj5fR0RS0BOJfIfcqq9Dmhf2/d0HfwSePjR8gXQ+viLy++NxL7WtdGBxWTNlVF6vTu8Df2nfdy5f/tW+ohe34cAeAbXb0TEqWJx/fyXZPPf0zu1hW2e7MP8B8/P3XT983an9U9hZf0THdY/Bzvk7tPYPP8LD7ahm67S9d+HHde/Kzethgey2v9aa77B5MLFWjWd2/4fEcdjcG9a3+h+zunFe0vd2lav/+6kh/rRtUp7LZjtx4Pi3rWvmSw3y88S82oPb0S81nH9m6yMf9Jh/NPjcW6LfRyt3n6jW9ua+O/fvrW4Lv6dtfRLxJsdx//xHa1k4/uTo63zYbR9Vqz3982jf3Trv9/xp+N/YOP4h5PV92sbvffx875/q93a1sQfneLvfP7vSb5olfdkz10tN5uzYxF7kk/XPz/++LXtenv7NP7jxzae/zqd//sj4sstxn/zyK+vbyn+Po3/ZE/j33vh3idf/dSt/83jT8f/nVbpePZMNv8NbRTXVnfwWY8fAAAAAAAA7CaFiDgUSaG0Ui4USqXlz3cciQOFWr3RPHGhPndpMlrflR2OwUL7TvfQqs9DjGWfh23Xx5+oT0TE4Yj4fmB/q16q1GuT/Q4eAAAAAAAAAAAAAAAAAAAAdomDXb7/n/pzoN97B+w4P/kN+bVp/m/HLz0Bu5L//yG/5D/kl/yH/JL/kF/yH/JL/kN+yX/IL/kPAAAAAAAAAAAAAAAAAAAAAAAAAAAA2+rc2bPpY2nx0bVKWp+8Mj83Xb9ycrLamC7NzFVKlfrs5dJUvT5Vq5Yq9ZnN/l6tXr88Nh5zV0eb1UZztDG/cH6mPnepef7iTHmqer46+FyiAgAAAAAAAAAAAAAAAAAAgBdLY35hulyrVWd3qpDsfBcK/SwUd8du5KdQjOfSV79nJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB47L8AAAD//84fMw8=") r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x20042, 0x1) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r4}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0) fallocate(r3, 0x0, 0x0, 0x8000c62) r5 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) sendfile(r5, r5, 0x0, 0x100000800000009) 325.842163ms ago: executing program 0 (id=343): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000140)="24000000010006", 0x7) 308.264013ms ago: executing program 1 (id=344): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) pipe2(&(0x7f00000006c0)={0xffffffffffffffff}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r3}, 0x18) openat$cgroup_devices(r2, &(0x7f0000000140)='devices.deny\x00', 0x2, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 288.001974ms ago: executing program 1 (id=345): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net\x00') fchdir(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = gettid() ppoll(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) tkill(r2, 0x7) r3 = socket$kcm(0x2, 0x1000000000000005, 0x0) sendmsg$inet(r3, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x0, @rand_addr=0xa9fe0000}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000080)='r', 0x1}], 0x1, &(0x7f0000007880)=[@ip_retopts={{0x10, 0x84}}], 0x10}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) prctl$PR_SET_THP_DISABLE(0x29, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) set_mempolicy_home_node(&(0x7f0000378000/0x2000)=nil, 0x2000, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) socket$unix(0x1, 0x5, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x0, 0x0) mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x11, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(0xffffffffffffffff, &(0x7f0000000140)="24000000010006", 0x7) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) 282.653064ms ago: executing program 0 (id=346): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) pipe2$9p(&(0x7f00000001c0), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00'}, 0x18) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000600)={0xffffffffffffffff}) recvmsg(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/249, 0xf9}], 0x1}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000035c0)="5c00000013006bcd9e3fe3dc4e48aa31086b8703340000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x240000c0) 206.236295ms ago: executing program 4 (id=347): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r0 = socket$rds(0x15, 0x5, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0) 205.925725ms ago: executing program 4 (id=348): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148) fallocate(r2, 0x0, 0xbf5, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000040)={0xc, r2, 0x0, 0x0, 0x0, 0xfffffffffdffffff}) 90.044538ms ago: executing program 3 (id=349): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000180)={'syztnl1\x00', &(0x7f0000000200)={'gretap0\x00', 0x0, 0x8, 0x700, 0x2, 0x10000, {{0xa, 0x4, 0x3, 0x1, 0x28, 0x66, 0x0, 0x5, 0x29, 0x0, @multicast2, @broadcast, {[@generic={0xf23076dd901e6174, 0xa, "d7ed887339c018bd"}, @ssrr={0x89, 0x7, 0xfc, [@initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=@getqdisc={0x30, 0x26, 0x800, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xf}, {0x4, 0xf}, {0xe, 0xf}}, [{0x4}, {0x4}, {0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x4804) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) sendto$inet(r0, &(0x7f0000000580)="e1", 0xfffffffffffffef1, 0x40000, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='kmem_cache_free\x00', r5}, 0x18) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2440, 0x0) fcntl$setlease(r6, 0x400, 0x0) utime(&(0x7f0000000080)='./file0\x00', 0x0) pwrite64(r3, &(0x7f0000000140)="f6", 0xffffff07, 0x8000c61) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20) recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000800)=""/140, 0xa5}], 0x1162}, 0x40010220) 69.028328ms ago: executing program 4 (id=350): socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3, 0x4010, 0xffffffffffffffff, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0}, 0x18) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYRESDEC, @ANYRES32=0x0, @ANYBLOB="54320900221b01001c0012800b00010062726964676500000c0002800800020002000000183d2c5e9ddd045937d942e64f5db53cbf2597e9cfb721b7c60f719d0849bc91a7483d0b1e34d4343f266466bd8712ca46acd133968c1f81dfa5234c1549daf205a9da5aff570d71b267e21808ea9d5fce56cf53b944d0dea4d9e27608f30f859f74d230f61296c9624ff0d8dab0654574112ed87c324fe8bcb3f45fe3"], 0x3c}, 0x1, 0x0, 0x0, 0x40650}, 0x92) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r4}, 0x18) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) quotactl_fd$Q_SYNC(r2, 0xffffffff80000101, 0x0, 0x0) close(0xffffffffffffffff) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r6}, &(0x7f0000000380), &(0x7f00000003c0)=r7}, 0x20) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) r9 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r10 = add_key$user(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, &(0x7f00000003c0)="ae", 0x1, r9) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r9, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000000c0)=@chain={'key_or_keyring:', r10}) keyctl$link(0x8, r10, r9) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2000003, 0x13, r8, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) 847.95µs ago: executing program 4 (id=351): r0 = creat(0x0, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000030000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x14, &(0x7f00000004c0)=ANY=[@ANYRESDEC=r1, @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c3"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback=0x22, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'wlc\x00', 0x15, 0x88, 0xc000067}, 0x2c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18) ustat(0x83, &(0x7f0000000580)) shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffb000/0x4000)=nil) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000680)=ANY=[@ANYBLOB="1500006e4fffff4c4b9a293a74088dcfd03cb067c81dbbb7614cb85be0ce179b462f8da394c8243dbdfa2dd41d00000000000000000000000000790dd2b35937c8f1213bef83894cf5b849b370f7ff068577c0dc2185263c7e84521f93c7a6a2ffc6e782d933bc2f27c2bac0ad5ecf5302"], 0x15) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000004000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7", @ANYRES8=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = dup(r3) write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f0000000600)=""/80) 0s ago: executing program 4 (id=352): perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x4}, 0x40, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000200)={0x2, 0xa, 0x8, 0x2, 0x7, 0x0, 0x70bd2c, 0x25dfdbfe, [@sadb_x_filter={0x5, 0x1a, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@private=0xa010100, 0x1d, 0x10, 0x10}]}, 0x38}}, 0x48080) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000003280)={0x0, 0x0, &(0x7f0000003240)={&(0x7f0000000300)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0x3}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x884}, 0x40) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) write(r3, &(0x7f0000004200)='t', 0x1) sendfile(r3, r2, 0x0, 0x3ffff) sendfile(r3, r2, 0x0, 0x7ffff000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000380), &(0x7f0000000280)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.112' (ED25519) to the list of known hosts. [ 27.195571][ T29] audit: type=1400 audit(1757072741.336:62): avc: denied { mounton } for pid=3292 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 27.196331][ T3292] cgroup: Unknown subsys name 'net' [ 27.218507][ T29] audit: type=1400 audit(1757072741.336:63): avc: denied { mount } for pid=3292 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.246355][ T29] audit: type=1400 audit(1757072741.366:64): avc: denied { unmount } for pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.387594][ T3292] cgroup: Unknown subsys name 'cpuset' [ 27.393763][ T3292] cgroup: Unknown subsys name 'rlimit' [ 27.513984][ T29] audit: type=1400 audit(1757072741.656:65): avc: denied { setattr } for pid=3292 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.538221][ T29] audit: type=1400 audit(1757072741.656:66): avc: denied { create } for pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 27.544195][ T3296] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.558791][ T29] audit: type=1400 audit(1757072741.656:67): avc: denied { write } for pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.587769][ T29] audit: type=1400 audit(1757072741.656:68): avc: denied { read } for pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.588692][ T3292] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.608695][ T29] audit: type=1400 audit(1757072741.666:69): avc: denied { mounton } for pid=3292 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.642836][ T29] audit: type=1400 audit(1757072741.666:70): avc: denied { mount } for pid=3292 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 27.666708][ T29] audit: type=1400 audit(1757072741.716:71): avc: denied { relabelto } for pid=3296 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 29.485973][ T3303] chnl_net:caif_netlink_parms(): no params data found [ 29.528434][ T3302] chnl_net:caif_netlink_parms(): no params data found [ 29.560886][ T3307] chnl_net:caif_netlink_parms(): no params data found [ 29.584358][ T3303] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.591510][ T3303] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.598879][ T3303] bridge_slave_0: entered allmulticast mode [ 29.605681][ T3303] bridge_slave_0: entered promiscuous mode [ 29.623685][ T3303] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.631003][ T3303] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.638840][ T3303] bridge_slave_1: entered allmulticast mode [ 29.645373][ T3303] bridge_slave_1: entered promiscuous mode [ 29.689975][ T3303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.709881][ T3302] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.717028][ T3302] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.724306][ T3302] bridge_slave_0: entered allmulticast mode [ 29.730673][ T3302] bridge_slave_0: entered promiscuous mode [ 29.737470][ T3302] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.744590][ T3302] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.752059][ T3302] bridge_slave_1: entered allmulticast mode [ 29.758807][ T3302] bridge_slave_1: entered promiscuous mode [ 29.765834][ T3303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.787863][ T3307] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.795009][ T3307] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.802368][ T3307] bridge_slave_0: entered allmulticast mode [ 29.808951][ T3307] bridge_slave_0: entered promiscuous mode [ 29.829238][ T3302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.840799][ T3307] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.848177][ T3307] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.855413][ T3307] bridge_slave_1: entered allmulticast mode [ 29.862151][ T3307] bridge_slave_1: entered promiscuous mode [ 29.875686][ T3302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.891901][ T3303] team0: Port device team_slave_0 added [ 29.900267][ T3303] team0: Port device team_slave_1 added [ 29.910574][ T3310] chnl_net:caif_netlink_parms(): no params data found [ 29.928580][ T3309] chnl_net:caif_netlink_parms(): no params data found [ 29.949764][ T3302] team0: Port device team_slave_0 added [ 29.957085][ T3307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.969749][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.976795][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.002999][ T3303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.016677][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.024073][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.050632][ T3303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.062091][ T3302] team0: Port device team_slave_1 added [ 30.073497][ T3307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.114279][ T3302] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.121522][ T3302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.147807][ T3302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.161203][ T3307] team0: Port device team_slave_0 added [ 30.168022][ T3307] team0: Port device team_slave_1 added [ 30.176470][ T3302] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.183533][ T3302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.210167][ T3302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.248527][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.255575][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.282104][ T3307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.303149][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.310449][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.317935][ T3310] bridge_slave_0: entered allmulticast mode [ 30.324539][ T3310] bridge_slave_0: entered promiscuous mode [ 30.332990][ T3303] hsr_slave_0: entered promiscuous mode [ 30.339154][ T3303] hsr_slave_1: entered promiscuous mode [ 30.350198][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.357426][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.385039][ T3307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.401907][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.409387][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.416604][ T3310] bridge_slave_1: entered allmulticast mode [ 30.423615][ T3310] bridge_slave_1: entered promiscuous mode [ 30.440655][ T3309] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.448026][ T3309] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.455190][ T3309] bridge_slave_0: entered allmulticast mode [ 30.461718][ T3309] bridge_slave_0: entered promiscuous mode [ 30.468650][ T3309] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.476041][ T3309] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.483504][ T3309] bridge_slave_1: entered allmulticast mode [ 30.490004][ T3309] bridge_slave_1: entered promiscuous mode [ 30.502761][ T3302] hsr_slave_0: entered promiscuous mode [ 30.508914][ T3302] hsr_slave_1: entered promiscuous mode [ 30.514994][ T3302] debugfs: 'hsr0' already exists in 'hsr' [ 30.521103][ T3302] Cannot create hsr debugfs directory [ 30.554156][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.579138][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.595580][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.618148][ T3307] hsr_slave_0: entered promiscuous mode [ 30.624265][ T3307] hsr_slave_1: entered promiscuous mode [ 30.630436][ T3307] debugfs: 'hsr0' already exists in 'hsr' [ 30.636264][ T3307] Cannot create hsr debugfs directory [ 30.642888][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.680639][ T3310] team0: Port device team_slave_0 added [ 30.700163][ T3309] team0: Port device team_slave_0 added [ 30.708825][ T3310] team0: Port device team_slave_1 added [ 30.723603][ T3309] team0: Port device team_slave_1 added [ 30.757858][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.765059][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.791343][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.813879][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.820868][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.847225][ T3309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.860323][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.867320][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.893335][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.913871][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.921688][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.948232][ T3309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.007053][ T3309] hsr_slave_0: entered promiscuous mode [ 31.013518][ T3309] hsr_slave_1: entered promiscuous mode [ 31.019542][ T3309] debugfs: 'hsr0' already exists in 'hsr' [ 31.025458][ T3309] Cannot create hsr debugfs directory [ 31.038790][ T3310] hsr_slave_0: entered promiscuous mode [ 31.044875][ T3310] hsr_slave_1: entered promiscuous mode [ 31.050879][ T3310] debugfs: 'hsr0' already exists in 'hsr' [ 31.056616][ T3310] Cannot create hsr debugfs directory [ 31.095191][ T3303] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 31.108561][ T3303] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 31.127692][ T3303] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 31.138227][ T3303] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 31.190977][ T3302] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 31.208155][ T3302] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 31.223695][ T3302] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 31.233370][ T3302] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 31.254125][ T3307] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 31.263694][ T3307] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 31.278251][ T3307] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 31.291546][ T3307] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 31.316166][ T3309] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 31.324914][ T3309] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 31.345317][ T3303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.352953][ T3309] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 31.369095][ T3309] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 31.386608][ T3302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.408941][ T3310] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 31.417811][ T3310] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 31.428572][ T3303] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.441827][ T3310] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 31.450554][ T3310] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 31.469005][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.476083][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.492834][ T3302] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.508779][ T403] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.516007][ T403] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.526071][ T403] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.533125][ T403] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.542418][ T403] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.549562][ T403] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.584039][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.613282][ T3307] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.626991][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.634340][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.659152][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.666302][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.700541][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.722350][ T3309] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.735903][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.746097][ T3303] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.755347][ T3302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.767600][ T403] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.774754][ T403] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.789959][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.797186][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.814556][ T3310] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.836462][ T3309] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 31.847133][ T3309] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 31.879215][ T2174] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.886316][ T2174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.895115][ T2174] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.902290][ T2174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.920024][ T3307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.990309][ T3309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.016760][ T3302] veth0_vlan: entered promiscuous mode [ 32.025403][ T3302] veth1_vlan: entered promiscuous mode [ 32.055078][ T3302] veth0_macvtap: entered promiscuous mode [ 32.078194][ T3302] veth1_macvtap: entered promiscuous mode [ 32.084786][ T3303] veth0_vlan: entered promiscuous mode [ 32.109652][ T3303] veth1_vlan: entered promiscuous mode [ 32.117191][ T3307] veth0_vlan: entered promiscuous mode [ 32.135845][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.145356][ T3307] veth1_vlan: entered promiscuous mode [ 32.157022][ T3303] veth0_macvtap: entered promiscuous mode [ 32.164738][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.173344][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.190417][ T3303] veth1_macvtap: entered promiscuous mode [ 32.199441][ T403] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.220099][ T3307] veth0_macvtap: entered promiscuous mode [ 32.228540][ T3309] veth0_vlan: entered promiscuous mode [ 32.235868][ T403] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.245252][ T3307] veth1_macvtap: entered promiscuous mode [ 32.258880][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.270388][ T3309] veth1_vlan: entered promiscuous mode [ 32.277989][ T403] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.288839][ T403] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.301326][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.312032][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.322925][ T403] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.338228][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.350882][ T403] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.373751][ T3309] veth0_macvtap: entered promiscuous mode [ 32.380706][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 32.380736][ T29] audit: type=1400 audit(1757072746.526:81): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/root/syzkaller.J3UPdc/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 32.412598][ T29] audit: type=1400 audit(1757072746.536:82): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 32.435523][ T29] audit: type=1400 audit(1757072746.536:83): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/root/syzkaller.J3UPdc/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 32.460718][ T29] audit: type=1400 audit(1757072746.536:84): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 32.482589][ T29] audit: type=1400 audit(1757072746.536:85): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/root/syzkaller.J3UPdc/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 32.509192][ T29] audit: type=1400 audit(1757072746.536:86): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/root/syzkaller.J3UPdc/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4654 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 32.536603][ T29] audit: type=1400 audit(1757072746.536:87): avc: denied { unmount } for pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 32.556647][ T29] audit: type=1400 audit(1757072746.556:88): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 32.581866][ T29] audit: type=1400 audit(1757072746.556:89): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="gadgetfs" ino=4657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 32.582007][ T3302] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 32.607323][ T403] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.629288][ T403] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.639045][ T3309] veth1_macvtap: entered promiscuous mode [ 32.664946][ T403] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.674069][ T403] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.682857][ T29] audit: type=1400 audit(1757072746.816:90): avc: denied { read write } for pid=3302 comm="syz-executor" name="loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 32.695073][ T403] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.721212][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.730848][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.753355][ T403] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.769168][ T3310] veth0_vlan: entered promiscuous mode [ 32.791954][ T403] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.805172][ T403] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.816449][ T3310] veth1_vlan: entered promiscuous mode [ 32.840526][ T403] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.883827][ T3310] veth0_macvtap: entered promiscuous mode [ 32.907119][ T403] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.921449][ T3310] veth1_macvtap: entered promiscuous mode [ 32.933303][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.953419][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.973252][ T403] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.998804][ T403] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.008776][ T3486] FAULT_INJECTION: forcing a failure. [ 33.008776][ T3486] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 33.020929][ T3488] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7'. [ 33.028519][ T3486] CPU: 0 UID: 0 PID: 3486 Comm: syz.2.6 Not tainted syzkaller #0 PREEMPT(voluntary) [ 33.028592][ T3486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 33.028604][ T3486] Call Trace: [ 33.028609][ T3486] [ 33.028616][ T3486] __dump_stack+0x1d/0x30 [ 33.028665][ T3486] dump_stack_lvl+0xe8/0x140 [ 33.028684][ T3486] dump_stack+0x15/0x1b [ 33.028701][ T3486] should_fail_ex+0x265/0x280 [ 33.028746][ T3486] should_fail+0xb/0x20 [ 33.028763][ T3486] should_fail_usercopy+0x1a/0x20 [ 33.028846][ T3486] _copy_from_user+0x1c/0xb0 [ 33.028872][ T3486] kstrtouint_from_user+0x69/0xf0 [ 33.028997][ T3486] ? 0xffffffff81000000 [ 33.029011][ T3486] ? selinux_file_permission+0x1e4/0x320 [ 33.029064][ T3486] proc_fail_nth_write+0x50/0x160 [ 33.029089][ T3486] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 33.029127][ T3486] vfs_write+0x269/0x960 [ 33.029151][ T3486] ksys_write+0xda/0x1a0 [ 33.029216][ T3486] __x64_sys_write+0x40/0x50 [ 33.029238][ T3486] x64_sys_call+0x27fe/0x2ff0 [ 33.029258][ T3486] do_syscall_64+0xd2/0x200 [ 33.029284][ T3486] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 33.029367][ T3486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 33.029394][ T3486] RIP: 0033:0x7f75c6ffd69f [ 33.029409][ T3486] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 33.029426][ T3486] RSP: 002b:00007f75c5a67030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 33.029515][ T3486] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f75c6ffd69f [ 33.029527][ T3486] RDX: 0000000000000001 RSI: 00007f75c5a670a0 RDI: 0000000000000007 [ 33.029539][ T3486] RBP: 00007f75c5a67090 R08: 0000000000000000 R09: 0000000000000000 [ 33.029551][ T3486] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 33.029563][ T3486] R13: 00007f75c7236038 R14: 00007f75c7235fa0 R15: 00007ffecf9a1478 [ 33.029581][ T3486] [ 33.036316][ T403] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.229894][ T3493] loop2: detected capacity change from 0 to 128 [ 33.247376][ T3490] : renamed from bond0 (while UP) [ 33.264689][ T3495] loop0: detected capacity change from 0 to 128 [ 33.282416][ T3495] FAULT_INJECTION: forcing a failure. [ 33.282416][ T3495] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 33.295838][ T3495] CPU: 0 UID: 0 PID: 3495 Comm: syz.0.9 Not tainted syzkaller #0 PREEMPT(voluntary) [ 33.295869][ T3495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 33.295881][ T3495] Call Trace: [ 33.295887][ T3495] [ 33.295895][ T3495] __dump_stack+0x1d/0x30 [ 33.295914][ T3495] dump_stack_lvl+0xe8/0x140 [ 33.295932][ T3495] dump_stack+0x15/0x1b [ 33.295983][ T3495] should_fail_ex+0x265/0x280 [ 33.296007][ T3495] should_fail_alloc_page+0xf2/0x100 [ 33.296034][ T3495] __alloc_frozen_pages_noprof+0xff/0x360 [ 33.296101][ T3495] alloc_pages_mpol+0xb3/0x250 [ 33.296129][ T3495] folio_alloc_noprof+0x97/0x150 [ 33.296223][ T3495] filemap_alloc_folio_noprof+0x66/0x210 [ 33.296259][ T3495] __filemap_get_folio+0x28f/0x6b0 [ 33.296305][ T3495] ? __mark_inode_dirty+0x1af/0x750 [ 33.296330][ T3495] cont_write_begin+0x5c8/0x970 [ 33.296363][ T3495] ? generic_write_end+0x133/0x150 [ 33.296398][ T3495] fat_write_begin+0x4f/0xe0 [ 33.296421][ T3495] ? __pfx_fat_get_block+0x10/0x10 [ 33.296440][ T3495] cont_write_begin+0x1b0/0x970 [ 33.296470][ T3495] fat_write_begin+0x4f/0xe0 [ 33.296561][ T3495] ? __pfx_fat_get_block+0x10/0x10 [ 33.296602][ T3495] generic_perform_write+0x181/0x490 [ 33.296694][ T3495] __generic_file_write_iter+0x9e/0x120 [ 33.296717][ T3495] generic_file_write_iter+0x8d/0x2f0 [ 33.296737][ T3495] ? mntput_no_expire+0x6f/0x460 [ 33.296849][ T3495] ? css_rstat_updated+0xb7/0x240 [ 33.296881][ T3495] ? __cgroup_account_cputime+0x81/0xa0 [ 33.296914][ T3495] ? update_se+0xa4/0x140 [ 33.296961][ T3495] ? update_curr+0xfd/0x1b0 [ 33.296997][ T3495] ? pick_task_fair+0xd5/0x130 [ 33.297076][ T3495] ? pick_next_task_fair+0x20/0x2b0 [ 33.297100][ T3495] do_iter_readv_writev+0x49c/0x540 [ 33.297183][ T3495] vfs_writev+0x2df/0x8b0 [ 33.297225][ T3495] __se_sys_pwritev2+0xfc/0x1c0 [ 33.297253][ T3495] __x64_sys_pwritev2+0x67/0x80 [ 33.297332][ T3495] x64_sys_call+0x2c55/0x2ff0 [ 33.297356][ T3495] do_syscall_64+0xd2/0x200 [ 33.297382][ T3495] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 33.297403][ T3495] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 33.297498][ T3495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 33.297540][ T3495] RIP: 0033:0x7f12b56febe9 [ 33.297558][ T3495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 33.297632][ T3495] RSP: 002b:00007f12b415f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 33.297651][ T3495] RAX: ffffffffffffffda RBX: 00007f12b5935fa0 RCX: 00007f12b56febe9 [ 33.297663][ T3495] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000004 [ 33.297740][ T3495] RBP: 00007f12b415f090 R08: 0000000000000000 R09: 0000000000000000 [ 33.297754][ T3495] R10: 0000000000005412 R11: 0000000000000246 R12: 0000000000000001 [ 33.297766][ T3495] R13: 00007f12b5936038 R14: 00007f12b5935fa0 R15: 00007ffc8a557d38 [ 33.297839][ T3495] [ 33.606073][ T3493] syz.2.8: attempt to access beyond end of device [ 33.606073][ T3493] loop2: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 33.606996][ T403] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.632498][ T3493] syz.2.8: attempt to access beyond end of device [ 33.632498][ T3493] loop2: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 33.645880][ T3493] syz.2.8: attempt to access beyond end of device [ 33.645880][ T3493] loop2: rw=2049, sector=177, nr_sectors = 24 limit=128 [ 33.667015][ T3493] syz.2.8: attempt to access beyond end of device [ 33.667015][ T3493] loop2: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 33.681113][ T3493] syz.2.8: attempt to access beyond end of device [ 33.681113][ T3493] loop2: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 33.698952][ T3493] syz.2.8: attempt to access beyond end of device [ 33.698952][ T3493] loop2: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 33.715071][ T3493] syz.2.8: attempt to access beyond end of device [ 33.715071][ T3493] loop2: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 33.728665][ T3493] syz.2.8: attempt to access beyond end of device [ 33.728665][ T3493] loop2: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 33.765604][ T3493] syz.2.8: attempt to access beyond end of device [ 33.765604][ T3493] loop2: rw=2049, sector=289, nr_sectors = 9 limit=128 [ 33.799636][ T3483] : renamed from bond0 (while UP) [ 33.886040][ T3515] netlink: 8 bytes leftover after parsing attributes in process `syz.4.16'. [ 33.894885][ T3515] netlink: 24 bytes leftover after parsing attributes in process `syz.4.16'. [ 33.918467][ T3515] netlink: 8 bytes leftover after parsing attributes in process `syz.4.16'. [ 33.927233][ T3515] netlink: 24 bytes leftover after parsing attributes in process `syz.4.16'. [ 33.959865][ T3521] loop1: detected capacity change from 0 to 1024 [ 33.969088][ T3521] EXT4-fs: Ignoring removed orlov option [ 33.984398][ T3524] netlink: 'syz.0.19': attribute type 5 has an invalid length. [ 33.993178][ T3515] Zero length message leads to an empty skb [ 34.001357][ T3521] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.018471][ T3524] loop0: detected capacity change from 0 to 128 [ 34.098674][ T3510] loop2: detected capacity change from 0 to 512 [ 34.105850][ T3510] ======================================================= [ 34.105850][ T3510] WARNING: The mand mount option has been deprecated and [ 34.105850][ T3510] and is ignored by this kernel. Remove the mand [ 34.105850][ T3510] option from the mount to silence this warning. [ 34.105850][ T3510] ======================================================= [ 34.142512][ T3510] EXT4-fs: Ignoring removed bh option [ 34.148068][ T3510] EXT4-fs: Ignoring removed mblk_io_submit option [ 34.159066][ T3510] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 34.175916][ T3510] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 34.206105][ T3510] EXT4-fs (loop2): orphan cleanup on readonly fs [ 34.220597][ T3510] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.14: Failed to acquire dquot type 1 [ 34.233849][ T3510] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.14: Invalid block bitmap block 0 in block_group 0 [ 34.248258][ T3510] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.14: Invalid block bitmap block 0 in block_group 0 [ 34.274235][ T3510] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.14: Invalid block bitmap block 0 in block_group 0 [ 34.297922][ T3510] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.14: Failed to acquire dquot type 1 [ 34.330170][ T3510] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.14: Failed to acquire dquot type 1 [ 34.342293][ T3510] EXT4-fs (loop2): 1 orphan inode deleted [ 34.363810][ T3537] loop4: detected capacity change from 0 to 512 [ 34.365026][ T3510] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 34.385158][ T3537] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 34.398562][ T3537] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 34.430630][ T3510] syz.2.14 (3510) used greatest stack depth: 9072 bytes left [ 34.467057][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.477467][ T3537] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.21: invalid indirect mapped block 4294967295 (level 0) [ 34.495174][ T3537] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.21: invalid indirect mapped block 4294967295 (level 1) [ 34.521419][ T3537] EXT4-fs (loop4): 1 orphan inode deleted [ 34.527366][ T3537] EXT4-fs (loop4): 1 truncate cleaned up [ 34.545261][ T3537] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.635682][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.726535][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.995986][ T3565] loop3: detected capacity change from 0 to 2048 [ 35.305091][ T3295] loop3: p2 p3 p7 [ 35.443431][ T3570] loop0: detected capacity change from 0 to 1024 [ 35.463574][ T3570] EXT4-fs: Ignoring removed orlov option [ 35.498059][ T3570] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.594331][ T3579] netlink: 4 bytes leftover after parsing attributes in process `syz.1.35'. [ 35.612293][ T3581] loop4: detected capacity change from 0 to 512 [ 35.631030][ T3565] loop3: p2 p3 p7 [ 35.659558][ T3581] ext4: Unknown parameter 'fsname' [ 35.707792][ T3584] netlink: 4 bytes leftover after parsing attributes in process `syz.1.35'. [ 35.745758][ T3589] 9pnet_fd: Insufficient options for proto=fd [ 35.763127][ T3579] atomic_op ffff88811a03a928 conn xmit_atomic 0000000000000000 [ 35.775212][ T3589] netlink: 'syz.2.37': attribute type 10 has an invalid length. [ 35.783115][ T3589] netlink: 40 bytes leftover after parsing attributes in process `syz.2.37'. [ 35.814057][ T3589] batman_adv: batadv0: Adding interface: veth1_vlan [ 35.820830][ T3589] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.853083][ T3579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 35.899508][ T2993] loop3: p2 p3 p7 [ 35.904189][ T3589] batman_adv: batadv0: Interface activated: veth1_vlan [ 35.917135][ T3579] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 35.927806][ T3593] netlink: 'syz.4.36': attribute type 10 has an invalid length. [ 35.952887][ T2993] loop3: p2 p3 p7 [ 36.091138][ T3598] bridge_slave_0: left allmulticast mode [ 36.097165][ T3598] bridge_slave_0: left promiscuous mode [ 36.102985][ T3598] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.131815][ T3598] bridge_slave_1: left allmulticast mode [ 36.137825][ T3598] bridge_slave_1: left promiscuous mode [ 36.143796][ T3598] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.170553][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.181643][ T3601] netlink: 'syz.2.40': attribute type 10 has an invalid length. [ 36.189664][ T3601] netlink: 40 bytes leftover after parsing attributes in process `syz.2.40'. [ 36.216699][ T3598] bond0: (slave bond_slave_0): Releasing backup interface [ 36.235435][ T3598] bond0: (slave bond_slave_1): Releasing backup interface [ 36.262040][ T2993] loop3: p2 p3 p7 [ 36.266360][ T3598] team0: Port device team_slave_0 removed [ 36.294194][ T3598] team0: Port device team_slave_1 removed [ 36.294247][ T3605] FAULT_INJECTION: forcing a failure. [ 36.294247][ T3605] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 36.301906][ T3598] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 36.313842][ T3605] CPU: 0 UID: 0 PID: 3605 Comm: syz.3.42 Not tainted syzkaller #0 PREEMPT(voluntary) [ 36.313871][ T3605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 36.313882][ T3605] Call Trace: [ 36.313889][ T3605] [ 36.313896][ T3605] __dump_stack+0x1d/0x30 [ 36.313958][ T3605] dump_stack_lvl+0xe8/0x140 [ 36.313978][ T3605] dump_stack+0x15/0x1b [ 36.314055][ T3605] should_fail_ex+0x265/0x280 [ 36.314076][ T3605] should_fail+0xb/0x20 [ 36.314094][ T3605] should_fail_usercopy+0x1a/0x20 [ 36.314115][ T3605] _copy_from_user+0x1c/0xb0 [ 36.314146][ T3605] __sys_bpf+0x178/0x7b0 [ 36.314176][ T3605] __x64_sys_bpf+0x41/0x50 [ 36.314199][ T3605] x64_sys_call+0x2aea/0x2ff0 [ 36.314219][ T3605] do_syscall_64+0xd2/0x200 [ 36.314318][ T3605] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 36.314406][ T3605] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 36.314432][ T3605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 36.314453][ T3605] RIP: 0033:0x7fa38803ebe9 [ 36.314469][ T3605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 36.314486][ T3605] RSP: 002b:00007fa386aa7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 36.314506][ T3605] RAX: ffffffffffffffda RBX: 00007fa388275fa0 RCX: 00007fa38803ebe9 [ 36.314559][ T3605] RDX: 0000000000000094 RSI: 00002000000004c0 RDI: 0000000000000005 [ 36.314571][ T3605] RBP: 00007fa386aa7090 R08: 0000000000000000 R09: 0000000000000000 [ 36.314583][ T3605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 36.314641][ T3605] R13: 00007fa388276038 R14: 00007fa388275fa0 R15: 00007ffd7ced12c8 [ 36.314677][ T3605] [ 36.398617][ T2993] loop3: p2 p3 p7 [ 36.400154][ T3598] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 36.477096][ T3606] netlink: 'syz.0.41': attribute type 10 has an invalid length. [ 36.513654][ T3606] netlink: 40 bytes leftover after parsing attributes in process `syz.0.41'. [ 36.524675][ T3598] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 36.532642][ T3598] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 36.550465][ T3598] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 36.557756][ T3598] batman_adv: batadv0: Removing interface: veth1_vlan [ 36.577994][ T3601] batman_adv: batadv0: Adding interface: veth1_vlan [ 36.584639][ T3601] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.624385][ T3601] batman_adv: batadv0: Interface activated: veth1_vlan [ 36.655474][ T3603] bridge_slave_0: left allmulticast mode [ 36.661282][ T3603] bridge_slave_0: left promiscuous mode [ 36.667229][ T3603] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.687337][ T3603] bridge_slave_1: left allmulticast mode [ 36.693428][ T3603] bridge_slave_1: left promiscuous mode [ 36.699383][ T3603] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.730463][ T3603] bond0: (slave bond_slave_0): Releasing backup interface [ 36.754450][ T2993] loop3: p2 p3 p7 [ 36.783745][ T3603] bond0: (slave bond_slave_1): Releasing backup interface [ 36.824325][ T3616] loop2: detected capacity change from 0 to 1024 [ 36.848143][ T3603] team0: Port device team_slave_0 removed [ 36.854545][ T3619] capability: warning: `syz.4.45' uses 32-bit capabilities (legacy support in use) [ 36.874343][ T3603] team0: Port device team_slave_1 removed [ 36.882255][ T3603] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 36.890002][ T3603] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 36.908090][ T3616] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.981077][ T3603] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 36.988791][ T3603] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 37.023103][ T3606] batman_adv: batadv0: Adding interface: veth1_vlan [ 37.030121][ T3606] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.057005][ T3606] batman_adv: batadv0: Interface activated: veth1_vlan [ 37.077296][ T3623] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.46: Allocating blocks 385-513 which overlap fs metadata [ 37.100956][ T3623] EXT4-fs (loop2): pa ffff88810054e0e0: logic 16, phys. 129, len 24 [ 37.109164][ T3623] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 37.115593][ T2993] loop3: p2 p3 p7 [ 37.222977][ T3470] Process accounting resumed [ 37.243777][ T3629] loop4: detected capacity change from 0 to 2048 [ 37.295145][ T2993] loop3: p2 p3 p7 [ 37.315139][ T3583] loop4: p2 p3 p7 [ 37.315736][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.329481][ T3634] capability: warning: `syz.1.50' uses deprecated v2 capabilities in a way that may be insecure [ 37.370099][ T3629] loop4: p2 p3 p7 [ 37.474193][ T3642] loop2: detected capacity change from 0 to 512 [ 37.508645][ T3642] EXT4-fs: Ignoring removed bh option [ 37.514172][ T3642] EXT4-fs: Ignoring removed mblk_io_submit option [ 37.522903][ T3648] audit_log_lost: 408 callbacks suppressed [ 37.522920][ T3648] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 37.536799][ T3648] audit: out of memory in audit_log_start [ 37.621391][ T29] audit: type=1400 audit(1757072751.736:493): avc: denied { create } for pid=3643 comm="syz.1.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 37.654339][ T2993] loop3: p2 p3 p7 [ 37.671019][ T3642] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 37.821983][ T29] audit: type=1326 audit(1757072751.846:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.3.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38803ebe9 code=0x7ffc0000 [ 37.846187][ T29] audit: type=1326 audit(1757072751.856:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.3.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38803ebe9 code=0x7ffc0000 [ 37.869685][ T29] audit: type=1326 audit(1757072751.866:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.3.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa38803ebe9 code=0x7ffc0000 [ 37.893093][ T29] audit: type=1326 audit(1757072751.866:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.3.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38803ebe9 code=0x7ffc0000 [ 37.917865][ T29] audit: type=1326 audit(1757072751.896:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.3.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38803ebe9 code=0x7ffc0000 [ 37.942140][ T29] audit: type=1326 audit(1757072751.896:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.3.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa38803ebe9 code=0x7ffc0000 [ 37.965332][ T29] audit: type=1326 audit(1757072751.896:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz.3.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38803ebe9 code=0x7ffc0000 [ 38.054302][ T3654] loop0: detected capacity change from 0 to 2048 [ 38.097724][ T3642] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 38.106047][ T3642] EXT4-fs (loop2): orphan cleanup on readonly fs [ 38.114863][ T2993] loop3: p2 p3 p7 [ 38.127259][ T3642] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.51: Failed to acquire dquot type 1 [ 38.137382][ T3654] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.152305][ T3642] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.51: Invalid block bitmap block 0 in block_group 0 [ 38.176297][ T3661] loop4: detected capacity change from 0 to 512 [ 38.208694][ T10] Process accounting resumed [ 38.228958][ T3516] udevd[3516]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 38.241873][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 38.253047][ T3295] udevd[3295]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 38.279295][ T3642] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.51: Invalid block bitmap block 0 in block_group 0 [ 38.300690][ T3661] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.331790][ T3642] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.51: Invalid block bitmap block 0 in block_group 0 [ 38.349577][ T3516] udevd[3516]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 38.360705][ T3295] udevd[3295]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 38.367614][ T3661] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.384177][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 38.415890][ T3642] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.51: Invalid block bitmap block 0 in block_group 0 [ 38.480199][ T3642] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.51: Failed to acquire dquot type 1 [ 38.511346][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.538757][ T3642] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.51: Failed to acquire dquot type 1 [ 38.541443][ T3676] loop1: detected capacity change from 0 to 512 [ 38.556920][ T3676] EXT4-fs: Ignoring removed bh option [ 38.562372][ T3676] EXT4-fs: Ignoring removed mblk_io_submit option [ 38.593068][ T3642] EXT4-fs (loop2): 1 orphan inode deleted [ 38.607575][ T3676] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 38.623459][ T3642] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 38.647241][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.661909][ T3676] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 38.750911][ T3676] EXT4-fs (loop1): orphan cleanup on readonly fs [ 38.761752][ T3676] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 38.773930][ T3676] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 38.788320][ T3676] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 38.802077][ T3676] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 39.059347][ T3676] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 39.072290][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.114766][ T3676] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 39.159035][ T3691] tipc: Started in network mode [ 39.163999][ T3691] tipc: Node identity 9a5a5f51169, cluster identity 4711 [ 39.171425][ T3691] tipc: Enabled bearer , priority 0 [ 39.179818][ T3676] EXT4-fs (loop1): 1 orphan inode deleted [ 39.193314][ T3690] tipc: Disabling bearer [ 39.223895][ T3676] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 39.250680][ T3693] syz.2.66 uses obsolete (PF_INET,SOCK_PACKET) [ 39.264190][ T3693] loop2: detected capacity change from 0 to 512 [ 39.299969][ T3693] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.307893][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.337373][ T3693] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.387992][ T3700] loop0: detected capacity change from 0 to 2048 [ 39.442425][ T3700] loop0: p2 p3 p7 [ 39.453853][ T3708] loop1: detected capacity change from 0 to 1024 [ 39.468188][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.658262][ T3708] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.918091][ T3724] loop2: detected capacity change from 0 to 1024 [ 39.950141][ T3724] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.983345][ T3708] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.73: Allocating blocks 385-513 which overlap fs metadata [ 40.028100][ T3708] EXT4-fs (loop1): pa ffff88810054e0e0: logic 16, phys. 129, len 24 [ 40.036321][ T3708] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 40.041250][ T3728] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.76: Allocating blocks 385-513 which overlap fs metadata [ 40.113864][ T3734] EXT4-fs (loop2): pa ffff88810727b230: logic 16, phys. 129, len 24 [ 40.121964][ T3734] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 40.133136][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.135589][ T3730] loop0: detected capacity change from 0 to 512 [ 40.162433][ T3730] EXT4-fs: Ignoring removed bh option [ 40.168037][ T3730] EXT4-fs: Ignoring removed mblk_io_submit option [ 40.192188][ T3737] loop1: detected capacity change from 0 to 512 [ 40.240886][ T3730] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 40.251845][ T3737] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.78: casefold flag without casefold feature [ 40.334650][ T3737] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.78: couldn't read orphan inode 15 (err -117) [ 40.393275][ T3740] loop3: detected capacity change from 0 to 512 [ 40.407169][ T3730] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 40.416663][ T3737] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.437242][ T3740] EXT4-fs: Ignoring removed bh option [ 40.442807][ T3740] EXT4-fs: Ignoring removed mblk_io_submit option [ 40.501070][ T3740] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 40.517067][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.531889][ T3730] EXT4-fs (loop0): orphan cleanup on readonly fs [ 40.540886][ T3737] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.541444][ T3747] loop4: detected capacity change from 0 to 128 [ 40.554883][ T3730] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 40.574024][ T3740] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 40.587255][ T3730] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 40.600709][ T3730] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 40.608486][ T3740] EXT4-fs (loop3): orphan cleanup on readonly fs [ 40.641183][ T3737] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.658250][ T3740] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 40.671342][ T3730] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 40.691553][ T3740] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 40.706648][ T3751] tipc: Started in network mode [ 40.711651][ T3751] tipc: Node identity d6ccc3ae37fd, cluster identity 4711 [ 40.718892][ T3751] tipc: Enabled bearer , priority 0 [ 40.732752][ T3737] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.744076][ T3740] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 40.759273][ T3730] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 40.767064][ T3740] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 40.785022][ T3740] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 40.786699][ T3730] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 40.808497][ T3740] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 40.819649][ T3740] EXT4-fs (loop3): 1 orphan inode deleted [ 40.820151][ T3750] tipc: Disabling bearer [ 40.825618][ T3730] EXT4-fs (loop0): 1 orphan inode deleted [ 40.841181][ T3740] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 40.858019][ T3737] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.869557][ T3730] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 40.914147][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.943323][ T2174] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.956001][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.972799][ T2174] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.992206][ T2174] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.006676][ T2174] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.044832][ T3759] loop2: detected capacity change from 0 to 1024 [ 41.052979][ T3759] EXT4-fs: Ignoring removed orlov option [ 41.066117][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.078909][ T3759] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.116477][ T3763] loop3: detected capacity change from 0 to 2048 [ 41.163444][ T3763] loop3: p2 p3 p7 [ 41.186176][ T2993] loop3: p2 p3 p7 [ 41.589677][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.666145][ T3784] loop4: detected capacity change from 0 to 2048 [ 41.685840][ T3782] loop0: detected capacity change from 0 to 2048 [ 41.754388][ T3295] loop4: p2 p3 p7 [ 41.776174][ T3782] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.784989][ T3784] loop4: p2 p3 p7 [ 41.802962][ T3786] loop2: detected capacity change from 0 to 512 [ 41.827329][ T3786] EXT4-fs: Ignoring removed bh option [ 41.833042][ T3786] EXT4-fs: Ignoring removed mblk_io_submit option [ 41.853513][ T3786] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 41.867081][ T3786] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 41.884633][ T3786] EXT4-fs (loop2): orphan cleanup on readonly fs [ 41.920771][ T3786] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 41.942069][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.983120][ T3786] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 42.099020][ T3786] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 42.137029][ T3786] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 42.150678][ T3786] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 42.176792][ T3786] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 42.213321][ T3786] EXT4-fs (loop2): 1 orphan inode deleted [ 42.229483][ T3786] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 42.277728][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.355473][ T3821] loop1: detected capacity change from 0 to 512 [ 42.419790][ T3815] loop4: detected capacity change from 0 to 1024 [ 42.420541][ T3829] loop0: detected capacity change from 0 to 512 [ 42.428274][ T3821] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.107: casefold flag without casefold feature [ 42.450773][ T3821] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.107: couldn't read orphan inode 15 (err -117) [ 42.507316][ T3821] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.521746][ T3815] EXT4-fs: Ignoring removed orlov option [ 42.542586][ T3829] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.596292][ T3815] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.615956][ T3821] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.626254][ T3829] ext4 filesystem being mounted at /27/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.648568][ T3835] loop3: detected capacity change from 0 to 2048 [ 42.689871][ T3821] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.717383][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.757935][ T3841] netlink: 'syz.0.112': attribute type 1 has an invalid length. [ 42.779215][ T3821] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.802130][ T3583] loop3: p2 p3 p7 [ 42.815790][ T3841] __nla_validate_parse: 1 callbacks suppressed [ 42.815808][ T3841] netlink: 12 bytes leftover after parsing attributes in process `syz.0.112'. [ 42.849106][ T3841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.112'. [ 42.851327][ T3835] loop3: p2 p3 p7 [ 42.878728][ T3821] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.890646][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.902974][ T29] kauditd_printk_skb: 238 callbacks suppressed [ 42.902990][ T29] audit: type=1400 audit(1757072757.056:709): avc: denied { read } for pid=2978 comm="acpid" name="mouse9" dev="devtmpfs" ino=764 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 42.931596][ T29] audit: type=1400 audit(1757072757.056:710): avc: denied { open } for pid=2978 comm="acpid" path="/dev/input/mouse9" dev="devtmpfs" ino=764 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 42.954933][ T29] audit: type=1400 audit(1757072757.056:711): avc: denied { ioctl } for pid=2978 comm="acpid" path="/dev/input/mouse9" dev="devtmpfs" ino=764 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 42.972881][ T2993] loop3: p2 p3 p7 [ 43.017075][ T3845] tipc: Enabling of bearer rejected, failed to enable media [ 43.239031][ T3861] loop4: detected capacity change from 0 to 512 [ 43.264579][ T3863] loop0: detected capacity change from 0 to 1024 [ 43.266925][ T29] audit: type=1400 audit(1757072757.396:712): avc: denied { write } for pid=3862 comm="syz.0.119" name="arp" dev="proc" ino=4026532451 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 43.295834][ T3861] EXT4-fs: Ignoring removed bh option [ 43.301411][ T3861] EXT4-fs: Ignoring removed mblk_io_submit option [ 43.312349][ T3863] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.410060][ T3861] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 43.476073][ T3872] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.119: Allocating blocks 385-513 which overlap fs metadata [ 43.518935][ T3871] loop2: detected capacity change from 0 to 2048 [ 43.528824][ T29] audit: type=1326 audit(1757072757.676:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3873 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38803ebe9 code=0x7ffc0000 [ 43.553444][ T3861] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 43.608602][ T3583] loop2: p2 p3 p7 [ 43.621219][ T3861] EXT4-fs (loop4): orphan cleanup on readonly fs [ 43.644755][ T3871] loop2: p2 p3 p7 [ 43.649255][ T29] audit: type=1326 audit(1757072757.676:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3873 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa38803ebe9 code=0x7ffc0000 [ 43.672624][ T29] audit: type=1326 audit(1757072757.676:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3873 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38803ebe9 code=0x7ffc0000 [ 43.696081][ T29] audit: type=1326 audit(1757072757.676:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3873 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa38803ebe9 code=0x7ffc0000 [ 43.719297][ T29] audit: type=1326 audit(1757072757.676:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3873 comm="syz.3.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38803ebe9 code=0x7ffc0000 [ 43.739856][ T3861] Quota error (device loop4): do_insert_tree: Free block already used in tree: block 4 [ 43.758174][ T3875] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 43.758214][ T3384] IPVS: starting estimator thread 0... [ 43.762116][ T2993] loop2: p2 p3 p7 [ 43.791946][ T3876] EXT4-fs (loop0): pa ffff88810727b2a0: logic 16, phys. 129, len 24 [ 43.800190][ T3876] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 43.813573][ T3861] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.115: Failed to acquire dquot type 1 [ 43.846968][ T3880] IPVS: using max 3024 ests per chain, 151200 per kthread [ 43.875627][ T3861] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.115: Invalid block bitmap block 0 in block_group 0 [ 43.875860][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.919157][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 43.919280][ T3516] udevd[3516]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory [ 43.940653][ T3295] udevd[3295]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 43.944880][ T3882] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 43.957816][ T3882] batman_adv: batadv0: Removing interface: veth1_vlan [ 43.995781][ T3861] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.115: Invalid block bitmap block 0 in block_group 0 [ 44.036486][ T3516] udevd[3516]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 44.038381][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 44.076144][ T3861] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.115: Invalid block bitmap block 0 in block_group 0 [ 44.090262][ T3586] udevd[3586]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory [ 44.129582][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 44.162663][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 44.175379][ T3295] udevd[3295]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory [ 44.188279][ T3861] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.115: Failed to acquire dquot type 1 [ 44.206436][ T3882] netlink: 'syz.2.124': attribute type 10 has an invalid length. [ 44.214551][ T3882] netlink: 40 bytes leftover after parsing attributes in process `syz.2.124'. [ 44.266891][ T3882] batman_adv: batadv0: Adding interface: veth1_vlan [ 44.273553][ T3882] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.301653][ T3861] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.115: Failed to acquire dquot type 1 [ 44.314715][ T3882] batman_adv: batadv0: Interface activated: veth1_vlan [ 44.361321][ T3888] bridge_slave_0: left allmulticast mode [ 44.367182][ T3888] bridge_slave_0: left promiscuous mode [ 44.373029][ T3888] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.382724][ T3861] EXT4-fs (loop4): 1 orphan inode deleted [ 44.391122][ T3888] bridge_slave_1: left allmulticast mode [ 44.396950][ T3888] bridge_slave_1: left promiscuous mode [ 44.402631][ T3888] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.408365][ T3861] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 44.441603][ T3888] : (slave bond_slave_0): Releasing backup interface [ 44.456816][ T3888] : (slave bond_slave_1): Releasing backup interface [ 44.475440][ T3892] netlink: 'syz.3.126': attribute type 10 has an invalid length. [ 44.483285][ T3892] netlink: 40 bytes leftover after parsing attributes in process `syz.3.126'. [ 44.494095][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.505926][ T3888] team0: Port device team_slave_0 removed [ 44.536104][ T3888] team0: Port device team_slave_1 removed [ 44.546928][ T3888] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 44.554717][ T3888] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 44.575353][ T3888] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 44.582939][ T3888] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 44.644862][ T3892] batman_adv: batadv0: Adding interface: veth1_vlan [ 44.651666][ T3892] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.679185][ T3892] batman_adv: batadv0: Interface activated: veth1_vlan [ 44.981135][ T3916] loop3: detected capacity change from 0 to 2048 [ 45.027548][ T3916] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.064875][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.102664][ T9] IPVS: starting estimator thread 0... [ 45.154403][ T3925] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 45.216327][ T3929] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 45.216327][ T3929] The task syz.3.138 (3929) triggered the difference, watch for misbehavior. [ 45.216940][ T3920] IPVS: using max 2832 ests per chain, 141600 per kthread [ 45.279334][ T3929] loop3: detected capacity change from 0 to 512 [ 45.285936][ T66] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.307393][ T3929] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.320370][ T66] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.335513][ T3929] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.346896][ T66] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.355334][ T66] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.367375][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.395753][ T3929] EXT4-fs error (device loop3): ext4_readdir:264: inode #12: block 32: comm syz.3.138: path /30/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 45.482873][ T3938] loop1: detected capacity change from 0 to 2048 [ 45.490670][ T3929] EXT4-fs (loop3): Remounting filesystem read-only [ 45.666117][ T3583] loop1: p2 p3 p7 [ 46.051354][ T3938] loop1: p2 p3 p7 [ 46.077230][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.182884][ T3357] Process accounting resumed [ 46.271294][ T3957] loop0: detected capacity change from 0 to 2048 [ 46.281078][ T2993] loop1: p2 p3 p7 [ 46.312371][ T3957] loop0: p2 p3 p7 [ 46.404934][ T2993] loop0: p2 p3 p7 [ 46.477471][ T2993] loop1: p2 p3 p7 [ 46.550721][ T2993] loop1: p2 p3 p7 [ 46.790053][ T3586] udevd[3586]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 46.831524][ T3975] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 46.985542][ T3384] Process accounting resumed [ 47.017926][ T3981] loop0: detected capacity change from 0 to 512 [ 47.045782][ T3988] netlink: 'wÞ£ÿ': attribute type 25 has an invalid length. [ 47.061847][ T3981] EXT4-fs: Ignoring removed bh option [ 47.067431][ T3981] EXT4-fs: Ignoring removed mblk_io_submit option [ 47.147987][ T3981] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 47.171373][ T3981] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 47.205704][ T3981] EXT4-fs (loop0): orphan cleanup on readonly fs [ 47.223646][ T3981] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 47.244153][ T3993] loop4: detected capacity change from 0 to 2048 [ 47.298270][ T3981] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 47.343724][ T3295] loop4: p2 p3 p7 [ 47.346169][ T3955] syz.3.149 (3955) used greatest stack depth: 7864 bytes left [ 47.366106][ T3993] loop4: p2 p3 p7 [ 47.382909][ T3981] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 47.443168][ T4005] loop2: detected capacity change from 0 to 2048 [ 47.477598][ T4007] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 47.484328][ T4007] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 47.491920][ T4007] vhci_hcd vhci_hcd.0: Device attached [ 47.499837][ T3981] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 47.525022][ T3295] loop2: p2 p3 p7 [ 47.534062][ T4007] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(6) [ 47.540721][ T4007] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 47.548358][ T4007] vhci_hcd vhci_hcd.0: Device attached [ 47.566616][ T4005] loop2: p2 p3 p7 [ 47.589091][ T4007] loop3: detected capacity change from 0 to 128 [ 47.592362][ T2993] loop2: p2 p3 p7 [ 47.606142][ T3981] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 47.624360][ T4007] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002] [ 47.646918][ T4007] System zones: 1-3, 19-19, 35-36 [ 47.655640][ T4007] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 47.696297][ T4007] ext4 filesystem being mounted at /34/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 47.696412][ T3981] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 47.729190][ T3412] vhci_hcd: vhci_device speed not set [ 47.809058][ T4008] vhci_hcd: connection closed [ 47.809305][ T12] vhci_hcd: stop threads [ 47.810210][ T4010] vhci_hcd: connection closed [ 47.814031][ T12] vhci_hcd: release socket [ 47.814048][ T12] vhci_hcd: disconnect device [ 47.833400][ T3412] usb 7-1: new full-speed USB device number 2 using vhci_hcd [ 47.844067][ T3412] usb 7-1: enqueue for inactive port 0 [ 47.850875][ T3412] usb 7-1: enqueue for inactive port 0 [ 47.856535][ T3412] usb 7-1: enqueue for inactive port 0 [ 47.862918][ T12] vhci_hcd: stop threads [ 47.867205][ T12] vhci_hcd: release socket [ 47.872017][ T12] vhci_hcd: disconnect device [ 47.878635][ T3981] EXT4-fs (loop0): 1 orphan inode deleted [ 47.885510][ T2993] loop1: p2 p3 p7 [ 47.937842][ T3412] vhci_hcd: vhci_device speed not set [ 47.997478][ T3981] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 48.107821][ T4023] bridge_slave_0: left allmulticast mode [ 48.113612][ T4023] bridge_slave_0: left promiscuous mode [ 48.119696][ T4023] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.198979][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.248541][ T4023] bridge_slave_1: left allmulticast mode [ 48.254301][ T4023] bridge_slave_1: left promiscuous mode [ 48.260087][ T4023] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.270185][ T4026] netlink: 'syz.4.168': attribute type 10 has an invalid length. [ 48.278084][ T4026] netlink: 40 bytes leftover after parsing attributes in process `syz.4.168'. [ 48.286276][ T4028] loop2: detected capacity change from 0 to 2048 [ 48.297381][ T3384] Process accounting resumed [ 48.348362][ T3303] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 48.367433][ T29] kauditd_printk_skb: 140 callbacks suppressed [ 48.367447][ T29] audit: type=1326 audit(1757072762.516:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4031 comm="syz.0.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12b56febe9 code=0x7ffc0000 [ 48.397268][ T29] audit: type=1326 audit(1757072762.516:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4031 comm="syz.0.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12b56febe9 code=0x7ffc0000 [ 48.421825][ T29] audit: type=1326 audit(1757072762.526:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4031 comm="syz.0.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f12b56febe9 code=0x7ffc0000 [ 48.445429][ T29] audit: type=1326 audit(1757072762.526:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4031 comm="syz.0.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12b56febe9 code=0x7ffc0000 [ 48.469002][ T29] audit: type=1326 audit(1757072762.526:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4031 comm="syz.0.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12b56febe9 code=0x7ffc0000 [ 48.492424][ T29] audit: type=1326 audit(1757072762.526:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4031 comm="syz.0.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f12b56febe9 code=0x7ffc0000 [ 48.515958][ T29] audit: type=1326 audit(1757072762.526:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4031 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12b56febe9 code=0x7ffc0000 [ 48.539121][ T29] audit: type=1326 audit(1757072762.526:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4031 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12b56febe9 code=0x7ffc0000 [ 48.541889][ T3583] loop2: p2 p3 p7 [ 48.562228][ T29] audit: type=1326 audit(1757072762.526:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4031 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f12b56febe9 code=0x7ffc0000 [ 48.610910][ T4023] bond0: (slave bond_slave_0): Releasing backup interface [ 48.648726][ T4023] bond0: (slave bond_slave_1): Releasing backup interface [ 48.650194][ T4034] loop3: detected capacity change from 0 to 512 [ 48.701616][ T4023] team0: Port device team_slave_0 removed [ 48.723019][ T2993] loop1: p2 p3 p7 [ 48.739229][ T4023] team0: Port device team_slave_1 removed [ 48.748332][ T29] audit: type=1326 audit(1757072762.716:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4031 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12b56febe9 code=0x7ffc0000 [ 48.750016][ T4023] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.778922][ T4023] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 48.819006][ T4034] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.887607][ T4034] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.928543][ T4039] loop1: detected capacity change from 0 to 2048 [ 48.958519][ T4023] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.966035][ T4023] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 49.028079][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.094149][ T4026] batman_adv: batadv0: Adding interface: veth1_vlan [ 49.101071][ T4026] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.137969][ T3295] loop1: p2 p3 p7 [ 49.165860][ T4039] loop1: p2 p3 p7 [ 49.194109][ T2993] loop1: p2 p3 p7 [ 49.198982][ T4026] batman_adv: batadv0: Interface activated: veth1_vlan [ 49.215078][ T4044] loop3: detected capacity change from 0 to 1024 [ 49.217924][ T4028] Alternate GPT is invalid, using primary GPT. [ 49.228149][ T4028] loop2: p2 p3 p7 [ 49.277235][ T4044] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.305290][ T4044] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 49.370462][ T4044] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 49.382760][ T4044] EXT4-fs (loop3): This should not happen!! Data will be lost [ 49.382760][ T4044] [ 49.392578][ T4044] EXT4-fs (loop3): Total free blocks count 0 [ 49.399163][ T4044] EXT4-fs (loop3): Free/Dirty block details [ 49.405077][ T4044] EXT4-fs (loop3): free_blocks=68451041280 [ 49.406485][ T4052] netlink: 4 bytes leftover after parsing attributes in process `syz.3.174'. [ 49.411013][ T4044] EXT4-fs (loop3): dirty_blocks=80 [ 49.411031][ T4044] EXT4-fs (loop3): Block reservation details [ 49.411068][ T4044] EXT4-fs (loop3): i_reserved_data_blocks=5 [ 49.428216][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 49.451163][ T4052] hsr0: entered promiscuous mode [ 49.458123][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 49.461892][ T3295] udevd[3295]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory [ 49.535520][ T4052] macsec1: entered promiscuous mode [ 49.541080][ T4052] macsec1: entered allmulticast mode [ 49.546654][ T4052] hsr0: entered allmulticast mode [ 49.552293][ T4052] hsr_slave_0: entered allmulticast mode [ 49.557952][ T4059] loop4: detected capacity change from 0 to 512 [ 49.558134][ T4052] hsr_slave_1: entered allmulticast mode [ 49.593510][ T3295] udevd[3295]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 49.605423][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 49.608253][ T3516] udevd[3516]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory [ 49.648612][ T4059] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.648984][ T4052] hsr0: left allmulticast mode [ 49.666432][ T4052] hsr_slave_0: left allmulticast mode [ 49.672028][ T4052] hsr_slave_1: left allmulticast mode [ 49.719290][ T3295] udevd[3295]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 49.728285][ T3516] udevd[3516]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory [ 49.731724][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 49.760239][ T4059] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.772970][ T4032] : renamed from bond0 (while UP) [ 49.795591][ T2993] loop2: p2 p3 p7 [ 49.833204][ T12] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28 [ 49.867805][ T3516] udevd[3516]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory [ 49.957092][ T3310] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.026066][ T4068] loop3: detected capacity change from 0 to 512 [ 50.070845][ T4068] EXT4-fs: Ignoring removed bh option [ 50.076377][ T4068] EXT4-fs: Ignoring removed mblk_io_submit option [ 50.127560][ T4068] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 50.187076][ T4068] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 50.206977][ T2993] loop2: p2 p3 p7 [ 50.211880][ T4068] EXT4-fs (loop3): orphan cleanup on readonly fs [ 50.247914][ T4068] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 50.317190][ T4068] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 50.378699][ T4068] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 50.386770][ T4084] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 50.398899][ T4084] batman_adv: batadv0: Removing interface: veth1_vlan [ 50.431222][ T4068] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 50.468736][ T4068] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 50.482255][ T4087] loop0: detected capacity change from 0 to 2048 [ 50.497239][ T4068] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 50.537372][ T4068] EXT4-fs (loop3): 1 orphan inode deleted [ 50.547392][ T4068] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 50.553094][ T4087] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.632101][ T2993] loop2: p2 p3 p7 [ 50.639258][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.658640][ T4084] netlink: 'syz.4.185': attribute type 10 has an invalid length. [ 50.666512][ T4084] netlink: 40 bytes leftover after parsing attributes in process `syz.4.185'. [ 50.750876][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.788425][ T4084] batman_adv: batadv0: Adding interface: veth1_vlan [ 50.795074][ T4084] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 50.921743][ T4084] batman_adv: batadv0: Interface activated: veth1_vlan [ 50.965459][ T10] IPVS: starting estimator thread 0... [ 50.987835][ T4101] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 51.030064][ T4108] loop3: detected capacity change from 0 to 512 [ 51.038470][ T4108] EXT4-fs: Ignoring removed bh option [ 51.043938][ T4108] EXT4-fs: Ignoring removed mblk_io_submit option [ 51.057107][ T4107] IPVS: using max 2976 ests per chain, 148800 per kthread [ 51.069363][ T4108] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 51.135796][ T4104] netlink: 'syz.2.187': attribute type 10 has an invalid length. [ 51.138312][ T4108] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 51.144053][ T4104] netlink: 40 bytes leftover after parsing attributes in process `syz.2.187'. [ 51.153260][ T4108] EXT4-fs (loop3): orphan cleanup on readonly fs [ 51.169108][ T4108] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.191: Failed to acquire dquot type 1 [ 51.213327][ T4108] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.191: Invalid block bitmap block 0 in block_group 0 [ 51.266515][ T4092] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 51.273784][ T4092] batman_adv: batadv0: Removing interface: veth1_vlan [ 51.293043][ T4108] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.191: Invalid block bitmap block 0 in block_group 0 [ 51.326389][ T4108] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.191: Invalid block bitmap block 0 in block_group 0 [ 51.377711][ T4108] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.191: Failed to acquire dquot type 1 [ 51.420785][ T4108] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.191: Failed to acquire dquot type 1 [ 51.466892][ T4108] EXT4-fs (loop3): 1 orphan inode deleted [ 51.488623][ T4108] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 51.561038][ T4104] batman_adv: batadv0: Adding interface: veth1_vlan [ 51.567788][ T4104] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.595708][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.607098][ T4104] batman_adv: batadv0: Interface activated: veth1_vlan [ 51.620506][ T4125] tipc: Started in network mode [ 51.625439][ T4125] tipc: Node identity 860f2732254f, cluster identity 4711 [ 51.632664][ T4125] tipc: Enabled bearer , priority 0 [ 51.655288][ T4121] tipc: Disabling bearer [ 51.699853][ T4133] loop3: detected capacity change from 0 to 512 [ 51.712351][ T2993] loop2: p2 p3 p7 [ 51.726981][ T4133] EXT4-fs: Ignoring removed bh option [ 51.732557][ T4133] EXT4-fs: Ignoring removed mblk_io_submit option [ 51.742044][ T4133] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 51.768630][ T4133] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 51.813214][ T4133] EXT4-fs (loop3): orphan cleanup on readonly fs [ 51.870094][ T4133] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 51.891439][ T4149] loop1: detected capacity change from 0 to 512 [ 51.916672][ T4133] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 51.933755][ T4149] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 51.968695][ T4133] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 51.982835][ T4149] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002] [ 51.987243][ T4133] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 52.009827][ T4149] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.203: corrupted in-inode xattr: e_value size too large [ 52.014287][ T4133] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 52.026234][ T4156] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 52.044233][ T3357] IPVS: starting estimator thread 0... [ 52.050393][ T4133] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 52.092980][ T4149] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.203: couldn't read orphan inode 15 (err -117) [ 52.115459][ T4133] EXT4-fs (loop3): 1 orphan inode deleted [ 52.130277][ T4133] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 52.147019][ T4159] IPVS: using max 3024 ests per chain, 151200 per kthread [ 52.156143][ T4149] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.189958][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.203671][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.274560][ T4168] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 52.359734][ T4169] loop4: detected capacity change from 0 to 2048 [ 52.445018][ T3583] loop4: p2 p3 p7 [ 53.031443][ T4175] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 53.039000][ T4175] batman_adv: batadv0: Removing interface: veth1_vlan [ 53.109526][ T4169] loop4: p2 p3 p7 [ 53.133879][ T4176] netlink: 'syz.0.211': attribute type 10 has an invalid length. [ 53.141888][ T4176] netlink: 40 bytes leftover after parsing attributes in process `syz.0.211'. [ 53.223493][ T4176] batman_adv: batadv0: Adding interface: veth1_vlan [ 53.230241][ T4176] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.266152][ T4176] batman_adv: batadv0: Interface activated: veth1_vlan [ 53.519419][ T4192] loop0: detected capacity change from 0 to 1024 [ 53.572664][ T4192] EXT4-fs: Ignoring removed orlov option [ 53.610560][ T4192] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.712440][ T3412] Process accounting resumed [ 53.942799][ T4211] loop4: detected capacity change from 0 to 512 [ 53.968597][ T4209] loop3: detected capacity change from 0 to 2048 [ 54.001204][ T4211] EXT4-fs: Ignoring removed bh option [ 54.006679][ T4211] EXT4-fs: Ignoring removed mblk_io_submit option [ 54.014141][ T29] kauditd_printk_skb: 160 callbacks suppressed [ 54.014156][ T29] audit: type=1326 audit(1757072768.166:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e06d7ebe9 code=0x7ffc0000 [ 54.044136][ T29] audit: type=1326 audit(1757072768.166:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e06d7ebe9 code=0x7ffc0000 [ 54.094730][ T4211] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 54.097198][ T3583] loop3: p2 p3 p7 [ 54.111367][ T29] audit: type=1326 audit(1757072768.216:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5e06d7ebe9 code=0x7ffc0000 [ 54.135319][ T29] audit: type=1326 audit(1757072768.216:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e06d7ebe9 code=0x7ffc0000 [ 54.159061][ T29] audit: type=1326 audit(1757072768.216:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e06d7ebe9 code=0x7ffc0000 [ 54.183019][ T29] audit: type=1326 audit(1757072768.216:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5e06d7ebe9 code=0x7ffc0000 [ 54.206775][ T29] audit: type=1326 audit(1757072768.216:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e06d7ebe9 code=0x7ffc0000 [ 54.217345][ T4211] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 54.231011][ T29] audit: type=1326 audit(1757072768.216:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5e06d7ebe9 code=0x7ffc0000 [ 54.246061][ T4209] loop3: p2 p3 p7 [ 54.262557][ T29] audit: type=1326 audit(1757072768.216:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e06d7ebe9 code=0x7ffc0000 [ 54.262588][ T29] audit: type=1326 audit(1757072768.216:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7f5e06d7ebe9 code=0x7ffc0000 [ 54.317805][ T4211] EXT4-fs (loop4): orphan cleanup on readonly fs [ 54.319483][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.344753][ T4211] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.220: Failed to acquire dquot type 1 [ 54.367192][ T4211] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.220: Invalid block bitmap block 0 in block_group 0 [ 54.401731][ T4211] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.220: Invalid block bitmap block 0 in block_group 0 [ 54.438368][ T4211] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.220: Invalid block bitmap block 0 in block_group 0 [ 54.542725][ T4211] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.220: Failed to acquire dquot type 1 [ 54.583901][ T3516] udevd[3516]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 54.596727][ T3295] udevd[3295]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 54.608398][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 54.650818][ T3516] udevd[3516]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 54.662568][ T3295] udevd[3295]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 54.674900][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 54.731583][ T4225] loop2: detected capacity change from 0 to 512 [ 54.750253][ T4211] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.220: Failed to acquire dquot type 1 [ 54.826348][ T4211] EXT4-fs (loop4): 1 orphan inode deleted [ 54.857711][ T10] Process accounting resumed [ 54.877579][ T4211] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 54.946014][ T4239] loop0: detected capacity change from 0 to 2048 [ 54.957402][ T4225] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.209212][ T4230] netlink: 28 bytes leftover after parsing attributes in process `syz.3.232'. [ 55.228437][ T4249] loop4: detected capacity change from 0 to 1024 [ 55.264885][ T4249] EXT4-fs: Ignoring removed orlov option [ 55.360030][ T4260] loop2: detected capacity change from 0 to 128 [ 55.424958][ T4261] loop3: detected capacity change from 0 to 2048 [ 55.479280][ T4265] loop1: detected capacity change from 0 to 512 [ 55.481348][ T3295] loop3: p2 p3 p7 [ 55.502226][ T4261] loop3: p2 p3 p7 [ 55.510397][ T4265] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.758551][ T3295] udevd[3295]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 55.771108][ T3516] udevd[3516]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 55.782633][ T3583] udevd[3583]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 55.804428][ T3295] udevd[3295]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 55.888369][ T3357] Process accounting resumed [ 56.206642][ T4283] loop0: detected capacity change from 0 to 2048 [ 56.318608][ T4290] loop2: detected capacity change from 0 to 512 [ 56.349072][ T4290] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.480096][ T4298] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 56.679868][ T3412] Process accounting resumed [ 57.106626][ T4327] Set syz0 is full, maxelem 0 reached [ 57.174015][ T4329] loop1: detected capacity change from 0 to 2048 [ 57.198233][ T4332] loop4: detected capacity change from 0 to 1024 [ 57.276190][ T4332] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.266: Allocating blocks 385-513 which overlap fs metadata [ 57.292654][ T4332] EXT4-fs (loop4): pa ffff88810054e540: logic 16, phys. 129, len 24 [ 57.300725][ T4332] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 57.345997][ T4341] loop1: detected capacity change from 0 to 2048 [ 57.370203][ T4343] mmap: syz.4.268 (4343) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 57.392137][ T3583] loop1: p2 p3 p7 [ 57.409413][ T4341] loop1: p2 p3 p7 [ 57.475178][ T3412] Process accounting resumed [ 57.543873][ T4362] bridge_slave_0: left allmulticast mode [ 57.549769][ T4362] bridge_slave_0: left promiscuous mode [ 57.555471][ T4362] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.564207][ T4362] bridge_slave_1: left allmulticast mode [ 57.570068][ T4362] bridge_slave_1: left promiscuous mode [ 57.575819][ T4362] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.595327][ T4362] : (slave bond_slave_0): Releasing backup interface [ 57.605469][ T4362] : (slave bond_slave_1): Releasing backup interface [ 57.618810][ T4362] team0: Port device team_slave_0 removed [ 57.628733][ T4362] team0: Port device team_slave_1 removed [ 57.635674][ T4362] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 57.643123][ T4362] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 57.652700][ T4366] netlink: 'syz.1.277': attribute type 10 has an invalid length. [ 57.660778][ T4366] netlink: 40 bytes leftover after parsing attributes in process `syz.1.277'. [ 57.671967][ T4362] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 57.679792][ T4362] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 57.714153][ T4366] batman_adv: batadv0: Adding interface: veth1_vlan [ 57.720965][ T4366] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.748948][ T4366] batman_adv: batadv0: Interface activated: veth1_vlan [ 57.855376][ T4379] loop0: detected capacity change from 0 to 2048 [ 57.862851][ T4381] FAULT_INJECTION: forcing a failure. [ 57.862851][ T4381] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 57.876022][ T4381] CPU: 0 UID: 0 PID: 4381 Comm: syz.2.283 Not tainted syzkaller #0 PREEMPT(voluntary) [ 57.876056][ T4381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 57.876068][ T4381] Call Trace: [ 57.876075][ T4381] [ 57.876083][ T4381] __dump_stack+0x1d/0x30 [ 57.876106][ T4381] dump_stack_lvl+0xe8/0x140 [ 57.876150][ T4381] dump_stack+0x15/0x1b [ 57.876169][ T4381] should_fail_ex+0x265/0x280 [ 57.876190][ T4381] should_fail+0xb/0x20 [ 57.876241][ T4381] should_fail_usercopy+0x1a/0x20 [ 57.876299][ T4381] _copy_from_user+0x1c/0xb0 [ 57.876324][ T4381] bpf_test_init+0xdf/0x160 [ 57.876390][ T4381] bpf_prog_test_run_skb+0x144/0xbd0 [ 57.876413][ T4381] ? __rcu_read_unlock+0x4f/0x70 [ 57.876435][ T4381] ? __fget_files+0x184/0x1c0 [ 57.876460][ T4381] ? __rcu_read_unlock+0x4f/0x70 [ 57.876484][ T4381] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 57.876554][ T4381] bpf_prog_test_run+0x227/0x390 [ 57.876588][ T4381] __sys_bpf+0x4b9/0x7b0 [ 57.876675][ T4381] __x64_sys_bpf+0x41/0x50 [ 57.876700][ T4381] x64_sys_call+0x2aea/0x2ff0 [ 57.876782][ T4381] do_syscall_64+0xd2/0x200 [ 57.876810][ T4381] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 57.876843][ T4381] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 57.876873][ T4381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.876923][ T4381] RIP: 0033:0x7f75c6ffebe9 [ 57.877022][ T4381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.877038][ T4381] RSP: 002b:00007f75c5a67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 57.877094][ T4381] RAX: ffffffffffffffda RBX: 00007f75c7235fa0 RCX: 00007f75c6ffebe9 [ 57.877105][ T4381] RDX: 000000000000004c RSI: 0000200000000240 RDI: 000000000000000a [ 57.877117][ T4381] RBP: 00007f75c5a67090 R08: 0000000000000000 R09: 0000000000000000 [ 57.877129][ T4381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 57.877142][ T4381] R13: 00007f75c7236038 R14: 00007f75c7235fa0 R15: 00007ffecf9a1478 [ 57.877162][ T4381] [ 58.593427][ T4379] loop0: p2 p3 p7 [ 58.609584][ T3412] Process accounting resumed [ 58.672367][ T4403] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 58.742905][ T10] IPVS: starting estimator thread 0... [ 58.743982][ T4404] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 58.822121][ T4419] loop0: detected capacity change from 0 to 2048 [ 58.836932][ T4412] IPVS: using max 2736 ests per chain, 136800 per kthread [ 58.891846][ T4419] loop0: p2 p3 p7 [ 58.934386][ T2993] loop0: p2 p3 p7 [ 59.121820][ T10] Process accounting resumed [ 59.162954][ T29] kauditd_printk_skb: 298 callbacks suppressed [ 59.162969][ T29] audit: type=1400 audit(1757072773.306:1301): avc: denied { search } for pid=3032 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 59.191139][ T29] audit: type=1400 audit(1757072773.306:1302): avc: denied { search } for pid=3032 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 59.197262][ T4426] loop3: detected capacity change from 0 to 2048 [ 59.212979][ T29] audit: type=1400 audit(1757072773.306:1303): avc: denied { search } for pid=3032 comm="dhcpcd" name="data" dev="tmpfs" ino=13 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 59.213010][ T29] audit: type=1400 audit(1757072773.306:1304): avc: denied { read } for pid=3032 comm="dhcpcd" name="n25" dev="tmpfs" ino=3464 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.263192][ T29] audit: type=1400 audit(1757072773.306:1305): avc: denied { open } for pid=3032 comm="dhcpcd" path="/run/udev/data/n25" dev="tmpfs" ino=3464 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.291407][ T29] audit: type=1400 audit(1757072773.436:1306): avc: denied { getattr } for pid=3032 comm="dhcpcd" path="/run/udev/data/n25" dev="tmpfs" ino=3464 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.324179][ T3516] loop3: p2 p3 p7 [ 59.350513][ T4426] loop3: p2 p3 p7 [ 59.354941][ T29] audit: type=1400 audit(1757072773.496:1307): avc: denied { read open } for pid=4433 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 59.381076][ T29] audit: type=1400 audit(1757072773.496:1308): avc: denied { getattr } for pid=4433 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 59.581025][ T4450] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 59.701222][ T29] audit: type=1326 audit(1757072773.826:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4452 comm="syz.2.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75c6ffebe9 code=0x7ffc0000 [ 59.724802][ T29] audit: type=1326 audit(1757072773.826:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4452 comm="syz.2.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f75c6ffebe9 code=0x7ffc0000 [ 59.988568][ T4455] loop4: detected capacity change from 0 to 1024 [ 59.996430][ T4457] loop2: detected capacity change from 0 to 2048 [ 60.019121][ T4455] EXT4-fs: Ignoring removed orlov option [ 60.058748][ T4472] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 60.199931][ T4481] loop1: detected capacity change from 0 to 512 [ 60.255767][ T4481] EXT4-fs: Ignoring removed bh option [ 60.261384][ T4481] EXT4-fs: Ignoring removed mblk_io_submit option [ 60.279025][ T4481] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 60.312821][ T4481] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 60.321032][ T4481] EXT4-fs (loop1): orphan cleanup on readonly fs [ 60.693114][ T4481] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 60.712970][ T4481] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 60.751110][ T4504] loop4: detected capacity change from 0 to 128 [ 60.758364][ T4481] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 60.796441][ T4481] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm +}[@: Invalid block bitmap block 0 in block_group 0 [ 60.810844][ T4481] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 60.853830][ T4481] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 60.877907][ T4481] EXT4-fs (loop1): 1 orphan inode deleted [ 60.914134][ T4516] loop2: detected capacity change from 0 to 512 [ 60.950949][ T4516] EXT4-fs warning (device loop2): dx_probe:861: inode #2: comm syz.2.324: dx entry: limit 0 != root limit 125 [ 60.962827][ T4516] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.324: Corrupt directory, running e2fsck is recommended [ 61.024893][ T4516] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 61.056911][ T4516] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.324: corrupted in-inode xattr: invalid ea_ino [ 61.070718][ T4516] EXT4-fs (loop2): Remounting filesystem read-only [ 61.100953][ T4516] FAULT_INJECTION: forcing a failure. [ 61.100953][ T4516] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 61.114281][ T4516] CPU: 0 UID: 0 PID: 4516 Comm: syz.2.324 Not tainted syzkaller #0 PREEMPT(voluntary) [ 61.114312][ T4516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 61.114367][ T4516] Call Trace: [ 61.114374][ T4516] [ 61.114382][ T4516] __dump_stack+0x1d/0x30 [ 61.114416][ T4516] dump_stack_lvl+0xe8/0x140 [ 61.114438][ T4516] dump_stack+0x15/0x1b [ 61.114454][ T4516] should_fail_ex+0x265/0x280 [ 61.114528][ T4516] should_fail_alloc_page+0xf2/0x100 [ 61.114614][ T4516] __alloc_frozen_pages_noprof+0xff/0x360 [ 61.114732][ T4516] alloc_pages_mpol+0xb3/0x250 [ 61.114767][ T4516] vma_alloc_folio_noprof+0x1aa/0x300 [ 61.114797][ T4516] handle_mm_fault+0xec2/0x2c20 [ 61.114824][ T4516] do_user_addr_fault+0x636/0x1090 [ 61.114896][ T4516] ? __x64_sys_openat+0xf2/0x120 [ 61.114931][ T4516] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 61.114959][ T4516] exc_page_fault+0x62/0xa0 [ 61.115034][ T4516] asm_exc_page_fault+0x26/0x30 [ 61.115055][ T4516] RIP: 0033:0x7f75c6ed02a0 [ 61.115069][ T4516] Code: d2 12 00 89 c3 85 c0 0f 88 f5 07 00 00 83 f8 1d 0f 8f 4d 09 00 00 48 8d 3d 7d ee 18 00 31 c0 e8 46 df fe ff 41 ba 01 00 00 00 44 0f c1 15 57 00 49 00 41 83 fa 05 7f 06 49 83 fd 1a 77 1b 48 [ 61.115085][ T4516] RSP: 002b:00007f75c5a64f70 EFLAGS: 00010206 [ 61.115101][ T4516] RAX: 0000000000000000 RBX: 000000000000000a RCX: 0000000000000000 [ 61.115150][ T4516] RDX: 0000000000000000 RSI: 00007f75c7081af4 RDI: 00007f75c705f110 [ 61.115164][ T4516] RBP: 00007f75c5a67090 R08: 0000000000000000 R09: 0000000000000000 [ 61.115186][ T4516] R10: 0000000000000001 R11: 0000000000000293 R12: 0000000000000005 [ 61.115198][ T4516] R13: 0000000000000024 R14: 0000200000000140 R15: 00007ffecf9a1478 [ 61.115217][ T4516] [ 61.115228][ T4516] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 61.297337][ T4516] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 61.298978][ T3357] Process accounting resumed [ 61.306311][ T4516] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 61.345670][ T4530] loop1: detected capacity change from 0 to 512 [ 61.353062][ T4530] ext4: Unknown parameter 'fsname' [ 61.414254][ T4532] netlink: 'syz.1.327': attribute type 10 has an invalid length. [ 62.104738][ T4554] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 62.161267][ T4565] loop1: detected capacity change from 0 to 512 [ 62.168592][ T4565] ext4: Unknown parameter 'fsname' [ 62.228868][ T4572] loop0: detected capacity change from 0 to 1024 [ 62.244094][ T4575] netlink: 'syz.1.340': attribute type 10 has an invalid length. [ 62.340508][ T4572] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.342: Allocating blocks 385-513 which overlap fs metadata [ 62.365315][ T4572] EXT4-fs (loop0): pa ffff88810054e540: logic 16, phys. 129, len 24 [ 62.373506][ T4572] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 62.499914][ T4589] loop4: detected capacity change from 0 to 512 [ 62.514176][ T4583] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 62.521721][ T4583] batman_adv: batadv0: Removing interface: veth1_vlan [ 62.554593][ T4589] ext4 filesystem being mounted at /67/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.569694][ T4583] netlink: 'syz.0.346': attribute type 10 has an invalid length. [ 62.577519][ T4583] netlink: 40 bytes leftover after parsing attributes in process `syz.0.346'. [ 62.589899][ T4583] batman_adv: batadv0: Adding interface: veth1_vlan [ 62.596510][ T4583] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.639472][ T4583] batman_adv: batadv0: Interface activated: veth1_vlan [ 62.701412][ T4600] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 62.750596][ T4603] loop4: detected capacity change from 0 to 1024 [ 62.757712][ T4603] EXT4-fs: Ignoring removed orlov option [ 62.935921][ T4603] ================================================================== [ 62.944054][ T4603] BUG: KCSAN: data-race in filemap_read / filemap_read [ 62.951097][ T4603] [ 62.953440][ T4603] write to 0xffff88812fcc3b28 of 8 bytes by task 4606 on cpu 1: [ 62.961175][ T4603] filemap_read+0x974/0xa00 [ 62.965701][ T4603] generic_file_read_iter+0x79/0x330 [ 62.971011][ T4603] ext4_file_read_iter+0x1cc/0x290 [ 62.976250][ T4603] copy_splice_read+0x442/0x660 [ 62.981097][ T4603] splice_direct_to_actor+0x290/0x680 [ 62.986461][ T4603] do_splice_direct+0xda/0x150 [ 62.991219][ T4603] do_sendfile+0x380/0x650 [ 62.995811][ T4603] __x64_sys_sendfile64+0x105/0x150 [ 63.001016][ T4603] x64_sys_call+0x2bb0/0x2ff0 [ 63.005701][ T4603] do_syscall_64+0xd2/0x200 [ 63.010384][ T4603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.016480][ T4603] [ 63.018822][ T4603] read to 0xffff88812fcc3b28 of 8 bytes by task 4603 on cpu 0: [ 63.026449][ T4603] filemap_read+0x6f/0xa00 [ 63.030869][ T4603] generic_file_read_iter+0x79/0x330 [ 63.036358][ T4603] ext4_file_read_iter+0x1cc/0x290 [ 63.041532][ T4603] copy_splice_read+0x442/0x660 [ 63.046422][ T4603] splice_direct_to_actor+0x290/0x680 [ 63.051880][ T4603] do_splice_direct+0xda/0x150 [ 63.056731][ T4603] do_sendfile+0x380/0x650 [ 63.061172][ T4603] __x64_sys_sendfile64+0x105/0x150 [ 63.066478][ T4603] x64_sys_call+0x2bb0/0x2ff0 [ 63.071177][ T4603] do_syscall_64+0xd2/0x200 [ 63.075716][ T4603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.081625][ T4603] [ 63.083980][ T4603] value changed: 0x00000000000002f1 -> 0x00000000000002f2 [ 63.091100][ T4603] [ 63.093787][ T4603] Reported by Kernel Concurrency Sanitizer on: [ 63.100023][ T4603] CPU: 0 UID: 0 PID: 4603 Comm: syz.4.352 Not tainted syzkaller #0 PREEMPT(voluntary) [ 63.109843][ T4603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 63.120084][ T4603] ==================================================================