last executing test programs: 4.16825554s ago: executing program 2 (id=347): r0 = syz_io_uring_setup(0x5bc, &(0x7f00000007c0)={0x0, 0xf17a, 0x0, 0x40000006, 0x49}, &(0x7f0000000300)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x49, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1}) io_uring_enter(r0, 0x6e2, 0x3900, 0x3, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10, &(0x7f0000000080)={[{@inlinecrypt}, {@acl}, {@i_version}, {@grpquota}, {@nombcache}, {@noinit_itable}]}, 0x0, 0x481, &(0x7f0000001300)="$eJzs3M9rHFUcAPDvzG5S7a/EWqv2h41WMfgjadKqPXhR9KYg6KFehJikpXbbSJOCLUWjSD1Kwbt4EtG/wJNeRD0JXvUuhaJFaPWgKzM7kyZpdtP83NT9fGA27+283fe+O/Nm3szLbgAdqy97SCK2RsQvEdHTyM4t0Nf4c/3qhdG/rl4YTaJef/X3JC937eqF0bJo+botRaY/jUg/TIpK5po8d/7kSK02fqbID06dentw8tz5J0+cGjk+fnz89PCRI4cPDT3z9PBTqxJnFte13e9O7E2qr196efTopTd/+KoaEbv2NdbPjmNF0i0zyb4s8D/qufnFHlmVyjaObbPSSbWNDWFJKhGRba6uvP/3RCVubLyeePGDtjYOWFPZuWlT89XTdeB/LIl2twBoj/JEn13/lss6DT02hCvPNS6AsrivF0tjTTXSokzXGtZ/X0Qcnf7702yJYjv8s3UNKwQAOt432fjniYXGf2nsmlVuezGH0hsRd0XEjoi4OyJ2RsQ9EXnZe4vxzFI0poYqM/mbx5/p5WUHdwuy8d+zxdzW3PFfY/RXr9f/rRS5bXn8XcmxE7Xxg8Vn0h9dm7L8UIs6vn3h54+breubNf7Llqz+cixYtONydd4NurGRqZHVGpReeT9id3Wh+JOZmYAkIu6PiN1Le+vtZeLEY1/sbVZo8fhbWIV5pvpnEY82tv90zIu/lLSenxy8I2rjBwfLveJmP/508ZVm9a8o/lWQbf/Nc/f/eSV6/kxmz9dOLr2Oi79+1PSacrn7f3fyWj5n3V08987I1NSZoYju5KU8P+f54RuvLfNl+Sz+/gML9/8dxWuy+PdERLYT74uIByJif9H2ByPioYg40CL+759/+K3lx7+2svjHFjz+zez/vXO3/9ITlZPffd2s/lvb/ofzVH/xTH78W0Tz5kRtPDusL3tvBgAAgNtPGhFbI0kHZtJpOjDQ+B/+nbE5rU1MTj1+bOLs6bHGdwR6oyst73T1FPdDs6vtoWS6eMfG/dHh4l5xeb/0UHHf+JPKnXl+YHSiNtbm2KHTbWnS/zO/VdrdOmDN+b4WdK75/T9tUzuA9ef8D51L/4fOVTXkh4416/z/5dmLe/LEe/nj/pkVC84FtPjlEOD2YPwPnUv/h86l/0Pn0v+hI63ke/0bO9G9MZqx9MTnXRuiGYslIm1V5o1Y94bFhvhYVjuRtPwxizVMtDpq9K7fAQoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCF/gsAAP//E5nw/w==") prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) preadv(0xffffffffffffffff, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x0) sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x18, &(0x7f00000000c0), 0x31}, 0x0) 2.155189909s ago: executing program 4 (id=365): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r2}, 0x18) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0xfd, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8084) 2.130792635s ago: executing program 4 (id=366): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1e, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x2710}, 0x10) listen(r2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r4 = accept4(r2, 0x0, 0x0, 0x0) sendto(r4, &(0x7f0000000000)="00c881d76049ac562e4e5094890b55e5ea113389145c57e7b3479bf3f2cf8ac5d94a71e37b8bc9f4e71c8b097042535f04d39b07b6e29be0a2734c7332f8", 0x3e, 0x0, 0x0, 0x0) recvfrom(r3, &(0x7f00000001c0)=""/62, 0x3e, 0x10120, 0x0, 0x0) 2.089160773s ago: executing program 4 (id=367): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="31832abd70000000000019000000180001801400020065727370616e30"], 0x2c}, 0x1, 0x0, 0x0, 0x50}, 0x4886) 1.987180081s ago: executing program 4 (id=368): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fcntl$lock(r1, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r1, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd}) fcntl$lock(r1, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x90}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.942576028s ago: executing program 1 (id=369): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000380)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', 0x0}) sendto$packet(r2, &(0x7f00000003c0)="10", 0x1, 0x80, &(0x7f0000000140)={0x11, 0xf7, r3, 0x1, 0x0, 0x6, @local}, 0x14) 1.816347093s ago: executing program 1 (id=370): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x40900, 0x0) syz_io_uring_setup(0x497, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x194815e034b0847b, &(0x7f0000b63fe4)={0xa, 0x2, 0x7, @rand_addr, 0x400}, 0x1c) r3 = dup(r2) connect$unix(r3, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x24008894, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0) socket$packet(0x11, 0xa, 0x300) socket$kcm(0x2, 0xa, 0x73) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) openat(0xffffffffffffff9c, 0x0, 0x20842, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.29985318s ago: executing program 0 (id=385): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$UHID_INPUT(r1, &(0x7f0000002080)={0xc, {"a2e3ad204fc752f91b5d34f70b06d038e7ff7fc6e5539b3250098b089b3b08381a090890e0878f0e1ac6e7049b5b4b959b5d9a241b5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31330d095d0636cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08c4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e800ba9abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40d4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889632b3570243f989cce3803f465e41e610c2021d653a5520094ec79553299388b0000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c2d88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b19bb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0545359bafffa45237f104b98110403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae2d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e709000000000000004fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83000000000000010058b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff7544130700000000000000f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc6c71737b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f9354b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c558069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e0090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c73144f8e4a737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c10613d17ca51075f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb401000000608d6f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655bff4801784c416b22f73d32d678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d7000bdbfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f4820000000000000900a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2e0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15f2dbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af500ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0xfffffffffffffedd}}, 0x1006) 1.1870472s ago: executing program 3 (id=386): syz_open_dev$tty20(0xc, 0x4, 0x0) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@nojournal_checksum}, {@dioread_lock}, {@resgid}, {}, {@resgid}, {@inlinecrypt}, {@debug}, {@usrquota}]}, 0x3, 0x570, &(0x7f0000000680)="$eJzs3V1rHFUYAOB3Nkm/tSmUoiIS6IWV2k2T+FFBsF6KFgt6X5dkGmo23ZLdlCYW2l7YG2+kCCIWxB/gvZfFP+CvKGihSAl64U1kNrPtNtnN52q2zvPAtOfMzObM2TPv2Xd2dtkACmsk+6cU8WLcjK+TiMNt2wYj3ziyst/So+uT2ZLE8vInfySR5Ota+yf5/wfzygsR8cuXESdLa9utLyzOVKrVdC6vjzZmr4zWFxZPXZqtTKfT6eXxiYkzb06Mv/P2Wz3r62vn//ru43sfnPnq+NK3Pz04cieJs3Eo39bejx242V4ZiZH8ORmKs6t2HOtBY/0k2e0DYFsG8jgfimwOOBwDedQD/383ImIZKKhE/ENBtfKA1rV9j66DnxkP31+5AFrb/8GV90ZiX/Pa6MBS8tSVUXa9O9yD9rM2fv797p1siQ3eh7jRg/YAWm7eiojTg4Nr578kn/+273TzzeP1rW6jaK8/sJvuZfnP653yn9Lj/Cc65D8HO8Tudmwc/6UHPWimqyz/e7dj/vt46hoeyGvPNXO+oeTipWp6OiKej4gTMbQ3q693P+fM0v3lbtva879sydpv5YL5cTwY3Pv0Y6YqjcpO+tzu4a2Il57kv0msmf/3NXPd1eOfPR/nN9nGsfTuK922bdz/dr3PgJd/jHi14/g/uaOVrH9/crR5Poy2zoq1/rx97Ndu7W+t/72Xjf+B9fs/nLTfr61vvY0f9v2ddtu23fN/T/Jps7wnX3et0mjMjUXsST5au378yWNb9db+Wf9PHF9//ut0/u+PiM822f/bR2933bUfxn9qS+O/9cL9D7/4vlv7mxv/N5qlE/mazcx/mz3AnTx3AAAAAAAA0G9KEXEoklL5cblUKpdXPt9xNA6UqrV64+TF2vzlqWh+V3Y4hkqtO92H2z4PMZZ/HrZVH19Vn4iIIxHxzcD+Zr08WatO7XbnAQAAAAAAAAAAAAAAAAAAoE8c7PL9/8xvA7t9dMC/zk9+Q3FtGP+9+KUnoC95/Yfi6hL/pgUoAIEOxSX+objEPxSX+IfiEv9QXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeur8uXPZsrz06PpkVp+6ujA/U7t6aiqtz5Rn5yfLk7W5K+XpWm26mpYna7Mb/b1qrXZlbDzmr4020npjtL6weGG2Nn+5ceHSbGU6vZAO/Se9AgAAAAAAAAAAAAAAAAAAgGdLfWFxplKtpnMKXQvvxW4fxucv7+ThSedRTto6uGJbTQz2yzAp9LSwyxMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALT5JwAA//821zOC") open(&(0x7f0000000680)='./bus\x00', 0x4001410c2, 0x2e) mount(&(0x7f00000004c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) renameat2(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0/file0\x00', 0x2) r0 = open(&(0x7f0000000300)='./file1\x00', 0x14927e, 0x0) fallocate(r0, 0x0, 0x0, 0x1001f0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x40, 0x8005, 0x0, 0x0, 0xa, 0x4, "ef359f413bb93852f7d6a4ae6dddfbd1000000000000ff91031905b9aaaaf755a3f6a004000000000001000200", "036c47c6780820d1cbf733970000cf33768bbd9bffbcc2542ded71038259ca171ce1a310ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204, 0xffffffffffffffff]}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x9, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000340)="be4f39", 0x3) 1.120297493s ago: executing program 2 (id=387): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, 0xffffffffffffffff, 0x0, 0x3}}, 0x20) 1.101100054s ago: executing program 3 (id=388): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x103341) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000500)='kfree\x00', r2, 0x0, 0xffff}, 0x18) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000140)={0x80, 0x6, 0x302, 0xb92, 0x0, 0x2, 0x0}) 1.003237387s ago: executing program 2 (id=389): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) 715.586365ms ago: executing program 3 (id=390): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 672.8523ms ago: executing program 1 (id=391): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8d}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x0, 0x2, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff9}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0x1}, 0x18) r2 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x9, @local, 0x4}, 0x1c) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1) 599.213293ms ago: executing program 3 (id=392): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00"/11], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = socket(0x1e, 0x4, 0x0) r3 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 599.015833ms ago: executing program 1 (id=393): set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000400)={&(0x7f0000000000)=@in={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000280)='+', 0x1}], 0x1, &(0x7f0000000180)=[@init={0x18, 0x84, 0x0, {0x897b, 0x3, 0x6, 0x400}}], 0x18, 0x4014}, 0x2c0408d0) 527.66334ms ago: executing program 3 (id=394): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x2500, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0) 514.766561ms ago: executing program 1 (id=395): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r1, 0x0, 0x0, 0x4, 0x5) 403.188659ms ago: executing program 3 (id=396): prlimit64(0x0, 0xe, &(0x7f0000000440)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e27}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000800)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000200)='sys_enter\x00', r3}, 0x10) nanosleep(0x0, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="020000000100000000100000040000000000000010000000000000002000000000000000"], 0x24, 0x0) socket$inet(0xa, 0x801, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) ppoll(&(0x7f0000000500)=[{r6}], 0x1, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x1000c40, &(0x7f00000002c0), 0x5, 0x51c, &(0x7f0000000700)="$eJzs3cFvI1cZAPBvZjebNE2bFCoVENClFBa0WjvxtlHVU7mAUFUJUXHikIbEG0Vx4ih2ShNWavI/IFGJA4ITZyQQHCr1xBHBDW69lANSgRWoQeJgNONx1t3YG3c3awv795NGM29mMt97Y8178RfHL4CJdTUijiLiSkS8ERHzxf6kWOKV9pKd99Gd22snd26vJdFqvf6PJD+e7Yuun8k8XlxzJiK++62IHyRn4zYODrdWa7XqXlEuN7d3y42Dwxub26sb1Y3qTqWyvLS8+NLNFysDtWNmgHOe3f7Vh9/cfPV77/7uCx/86ejrP8qqNVcc627HRWo3feo0TuZyRLz6KIKNwKWiPVdGXREeSBoRn4qI5/Lnfz4u5a/mYHo81gDA/4FWaz5a891lAGDcpXkOLElLRS5gLtK0VGrn8J6O2bRWbzSv36rv76y3c2ULMZXe2qxVF4tc4UJMJVl56e1s+265Eh8v34yIpyLix9OP5eXS2uB5BgDgYj1+z/j/7+n2+A8AjLmeH57pfn++Mry6AADDMciHZwGA8WL8B4DJc3f8nx1pPQCA4fH+HwAmj/EfACbN+53x/9KoawIADMV3XnstW1onxfdfr795sL9Vf/PGerWxVdreXyut1fd2Sxv1+katWlqrb593vVq9vrv0Quy/VW5WG81y4+BwZbu+v9Ncyb/Xe6U6NZRWAQD389Sz7/0liYijlx/Ll+iay8FYDeMtHXUFgJGR84fJ5Vu4YXJ5jw+T69fFf/yeN5dn348Iv/MAQVtvP8APARft2mfl/2FSyf/D5JL/h8kl/w+Tq9VK+s35n56eAgCMlU+Y4/cnARhDQ/37PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIyJuXxZ6CqnaakU8URELMRUcmuzVl2MiCcj4s/TU9NZeWmkNQYAHl76t6SY/+va/PNz9x69kvxnOl9HxA9/+vpP3lptNveWsv3/PN3ffKfYXxlF/QGA83TG6c443vHRndtrnWWY9fnwG+3JRbO4J8XSPnI5LmerP87kkw7P/itplwvZ7yuXLiD+0XFEfKZX+5M8N7JQzHx6b/ws9hNDjZ9+LH6aH2uvs3vx6TNXnu4b87y5XmFSvJf1P6/0ev7SuJqvZ3pOfjyT91APr9P/nZzp/zrP+0ze1/Tq/64OGuOF33+777HjiM9d7hU/OY2f9In//IDx3//8F5/rd6z184hr0Tt+d6xyc3u33Dg4vJHd+OpGdadSWV5aXnzp5ouVcp6jLncy1d3aI8TfX77+ZN/2//K3RUd5Nv7MOe3/yn1b3TrtgH/x3ze+/6V+8Y8jvvbl3q//0/eJn42JXy22+/f0bauzv+k7fXcWf719/48/6et//Zy4HR/89XB9wFMBgCFoHBxurdZq1b0L3ZiKC75g10byiOpsYwQbMcRY2a/JD3udZ4qU2Wrn+ek+5w8/e/eZbN/I7+qFbIyuTwKG4+5DP+qaAAAAAAAAAAAAAAAA/TzyfydKR91CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxtn/AgAA//8LKMVX") 402.959867ms ago: executing program 1 (id=397): r0 = syz_io_uring_setup(0x5bc, &(0x7f00000007c0)={0x0, 0xf17a, 0x0, 0x40000006, 0x49}, &(0x7f0000000300)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x49, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1}) io_uring_enter(r0, 0x6e2, 0x3900, 0x3, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10, &(0x7f0000000080)={[{@inlinecrypt}, {@acl}, {@i_version}, {@grpquota}, {@nombcache}, {@noinit_itable}]}, 0x0, 0x481, &(0x7f0000001300)="$eJzs3M9rHFUcAPDvzG5S7a/EWqv2h41WMfgjadKqPXhR9KYg6KFehJikpXbbSJOCLUWjSD1Kwbt4EtG/wJNeRD0JXvUuhaJFaPWgKzM7kyZpdtP83NT9fGA27+283fe+O/Nm3szLbgAdqy97SCK2RsQvEdHTyM4t0Nf4c/3qhdG/rl4YTaJef/X3JC937eqF0bJo+botRaY/jUg/TIpK5po8d/7kSK02fqbID06dentw8tz5J0+cGjk+fnz89PCRI4cPDT3z9PBTqxJnFte13e9O7E2qr196efTopTd/+KoaEbv2NdbPjmNF0i0zyb4s8D/qufnFHlmVyjaObbPSSbWNDWFJKhGRba6uvP/3RCVubLyeePGDtjYOWFPZuWlT89XTdeB/LIl2twBoj/JEn13/lss6DT02hCvPNS6AsrivF0tjTTXSokzXGtZ/X0Qcnf7702yJYjv8s3UNKwQAOt432fjniYXGf2nsmlVuezGH0hsRd0XEjoi4OyJ2RsQ9EXnZe4vxzFI0poYqM/mbx5/p5WUHdwuy8d+zxdzW3PFfY/RXr9f/rRS5bXn8XcmxE7Xxg8Vn0h9dm7L8UIs6vn3h54+breubNf7Llqz+cixYtONydd4NurGRqZHVGpReeT9id3Wh+JOZmYAkIu6PiN1Le+vtZeLEY1/sbVZo8fhbWIV5pvpnEY82tv90zIu/lLSenxy8I2rjBwfLveJmP/508ZVm9a8o/lWQbf/Nc/f/eSV6/kxmz9dOLr2Oi79+1PSacrn7f3fyWj5n3V08987I1NSZoYju5KU8P+f54RuvLfNl+Sz+/gML9/8dxWuy+PdERLYT74uIByJif9H2ByPioYg40CL+759/+K3lx7+2svjHFjz+zez/vXO3/9ITlZPffd2s/lvb/ofzVH/xTH78W0Tz5kRtPDusL3tvBgAAgNtPGhFbI0kHZtJpOjDQ+B/+nbE5rU1MTj1+bOLs6bHGdwR6oyst73T1FPdDs6vtoWS6eMfG/dHh4l5xeb/0UHHf+JPKnXl+YHSiNtbm2KHTbWnS/zO/VdrdOmDN+b4WdK75/T9tUzuA9ef8D51L/4fOVTXkh4416/z/5dmLe/LEe/nj/pkVC84FtPjlEOD2YPwPnUv/h86l/0Pn0v+hI63ke/0bO9G9MZqx9MTnXRuiGYslIm1V5o1Y94bFhvhYVjuRtPwxizVMtDpq9K7fAQoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCF/gsAAP//E5nw/w==") prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) preadv(0xffffffffffffffff, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x0) sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x18, &(0x7f00000000c0), 0x31}, 0x0) 388.14859ms ago: executing program 4 (id=398): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000002500)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000340)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7fe, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x2}, r3, 0xb}}, 0x48) write$RDMA_USER_CM_CMD_DESTROY_ID(r2, &(0x7f0000000f80)={0x1, 0xe, 0xfa00, {&(0x7f0000000300), r3}}, 0x18) 346.56625ms ago: executing program 4 (id=399): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x100000c01, 0x61, 0x0, 0x0, 0x6e}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/current\x00') write$cgroup_subtree(r1, 0x0, 0x4c) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000002000000000000000000000000000000000000008a53e0932d5603000000d98de6cc31ffeae62fe367edc77d769eb7d5ecb5c0bed67dd96078caa276a13b5005fbc84f9c737532288ae8"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18) r3 = socket(0xa, 0x3, 0x3a) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES8=r3, @ANYBLOB="725bf64baf179c5118f9ee53ba50c88cf2b403b8c0d23f8c4635c8a652bc3a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) setsockopt$MRT6_INIT(r3, 0x29, 0xc8, &(0x7f0000000340), 0x4) 279.145746ms ago: executing program 0 (id=400): r0 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi") r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xd, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0xc4, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0xb0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x3, r4}}]}, {0x4, 0xa}, {0xc}, {0xffac, 0x8, {0x0, 0x2}}}}, @m_mpls={0x5c, 0x2, 0x0, 0x0, {{0x9}, {0x30}, {0x4}, {0xc}, {0xc}}}]}]}, 0xc4}}, 0x0) r5 = openat(r0, &(0x7f0000000040)='./file1\x00', 0x146042, 0x22) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32=0x0, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x40f00, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r7, 0x0, 0xfffffffffffffffd}, 0x18) r8 = syz_io_uring_setup(0x14f5, &(0x7f0000000640)={0x0, 0xd144, 0x8, 0xffffffff, 0x285}, &(0x7f00000001c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='0'], 0x30}}) io_uring_enter(r8, 0x3516, 0xddd6, 0x4, 0x0, 0x0) pwritev2(r5, &(0x7f0000000f80)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0x6000, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x0, 0x2) r11 = socket$nl_route(0x10, 0x3, 0x0) r12 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r11, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x0, 0x0, 0x0, 0x5}}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}}, {0x4}}]}]}, 0x6c}}, 0x0) quotactl$Q_QUOTAOFF(0xffffffff80000300, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) r14 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r14, 0x1, 0xf, 0x0, 0x0) bind$inet(r14, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r15 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r15, 0x29, 0x4e, &(0x7f0000000040)=0x74, 0x4) 147.148388ms ago: executing program 2 (id=401): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, 0x0, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[], 0x0) 141.315546ms ago: executing program 0 (id=402): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000400)='itimer_state\x00', r1}, 0x18) setitimer(0x2, 0x0, 0x0) 134.134249ms ago: executing program 2 (id=403): execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) r0 = socket(0x2d, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000440)={0x2d, 0x0, 0x2}, 0xc) 59.275141ms ago: executing program 2 (id=404): setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0xfffff010}]}, 0x10) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x24, &(0x7f0000000400)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0xc0085504, &(0x7f0000000000)=0x10) 59.032359ms ago: executing program 0 (id=405): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000280)={'vlan0\x00', &(0x7f0000000000)=@ethtool_per_queue_op={0x4b, 0xe, [0x1, 0x6, 0x3, 0x10000, 0xf8a7, 0x2, 0x43b2, 0x0, 0x4, 0xfffffff7, 0x1, 0x1, 0x6, 0x5, 0x4, 0x6, 0x3, 0x7, 0x2, 0x80000000, 0x2, 0xfffffff8, 0x5, 0x8, 0xffffff12, 0x10000, 0x20000, 0xffffffff, 0x5, 0xd, 0x10, 0x5, 0x25c800, 0x2, 0x2, 0x1, 0x10001, 0xc, 0xd, 0x3, 0x6, 0x6, 0x352, 0x9, 0xd, 0x0, 0x6a32, 0x0, 0x80000001, 0x8, 0x3e, 0x2, 0x2, 0x10, 0x5, 0xffffffff, 0x4, 0x9, 0x3, 0x0, 0x8, 0x2, 0x4, 0x201, 0x8, 0xd, 0x6, 0x80, 0x6, 0x2, 0x9, 0xb, 0xa7, 0x81, 0x7f, 0xd, 0x6, 0x6, 0x6, 0x7, 0x8, 0x1, 0x6bfa, 0x0, 0xfffffffa, 0x17dafec8, 0xffff, 0xfffffffb, 0x6, 0x43, 0x2, 0x3, 0x1, 0x700, 0x3, 0x5, 0x7fff, 0x80000000, 0x9b, 0x9, 0x400, 0x80, 0x3, 0x6, 0x6, 0x100, 0x800, 0x0, 0x7, 0xa00, 0x1, 0x9, 0x8, 0x0, 0x8000, 0x1, 0xff, 0x40, 0x9, 0xb, 0x2, 0x101, 0x2, 0xab, 0x0, 0xffffffc0, 0x8, 0x7]}}) r1 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @empty}, 0xc) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x1c) syz_emit_ethernet(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000fef000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r2 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x5f91, 0xc000, 0x7, 0x1000337}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='9', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) 22.521108ms ago: executing program 0 (id=406): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20040845}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000004c40)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_basic={{0xa}, {0x10, 0x2, [@TCA_BASIC_ACT={0x4}, @TCA_BASIC_CLASSID={0x8, 0x1, {0xc, 0x6}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 0s ago: executing program 0 (id=407): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r2}, 0x18) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) sendmmsg(r0, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.168' (ED25519) to the list of known hosts. [ 28.092177][ T6541] cgroup: Unknown subsys name 'net' [ 28.262338][ T6541] cgroup: Unknown subsys name 'cpuset' [ 28.264146][ T6541] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 28.431019][ T6541] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 29.511706][ T6555] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 29.514160][ T6555] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 29.515636][ T6555] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 29.516984][ T6555] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 29.526377][ T6566] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 29.526452][ T6566] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 29.527608][ T6566] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 29.527761][ T6566] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 29.528368][ T6566] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 29.528572][ T6566] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 29.529395][ T6566] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 29.529907][ T6566] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 29.530099][ T6566] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 29.530358][ T6566] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 29.530817][ T6566] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 29.532489][ T6568] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 29.532689][ T6568] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 29.536220][ T53] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 29.536547][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 29.542679][ T6146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 29.542926][ T6146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 29.543372][ T6558] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 29.543682][ T6558] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 29.544136][ T6561] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 29.546430][ T6558] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 29.701358][ T6556] chnl_net:caif_netlink_parms(): no params data found [ 29.727435][ T6553] chnl_net:caif_netlink_parms(): no params data found [ 29.738377][ T6551] chnl_net:caif_netlink_parms(): no params data found [ 29.758199][ T6556] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.759687][ T6556] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.761669][ T6556] bridge_slave_0: entered allmulticast mode [ 29.763182][ T6556] bridge_slave_0: entered promiscuous mode [ 29.773489][ T6557] chnl_net:caif_netlink_parms(): no params data found [ 29.777148][ T6556] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.777191][ T6556] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.777290][ T6556] bridge_slave_1: entered allmulticast mode [ 29.777704][ T6556] bridge_slave_1: entered promiscuous mode [ 29.808010][ T6556] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.809815][ T6553] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.809904][ T6553] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.809965][ T6553] bridge_slave_0: entered allmulticast mode [ 29.810367][ T6553] bridge_slave_0: entered promiscuous mode [ 29.811435][ T6553] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.811452][ T6553] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.811497][ T6553] bridge_slave_1: entered allmulticast mode [ 29.811938][ T6553] bridge_slave_1: entered promiscuous mode [ 29.833471][ T6551] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.833585][ T6551] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.833639][ T6551] bridge_slave_0: entered allmulticast mode [ 29.834223][ T6551] bridge_slave_0: entered promiscuous mode [ 29.836005][ T6556] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.840885][ T6553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.843021][ T6553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.844352][ T6560] chnl_net:caif_netlink_parms(): no params data found [ 29.849621][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.850813][ T6551] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.852508][ T6551] bridge_slave_1: entered allmulticast mode [ 29.853998][ T6551] bridge_slave_1: entered promiscuous mode [ 29.877355][ T6556] team0: Port device team_slave_0 added [ 29.878080][ T6556] team0: Port device team_slave_1 added [ 29.886350][ T6553] team0: Port device team_slave_0 added [ 29.887553][ T6557] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.887629][ T6557] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.887693][ T6557] bridge_slave_0: entered allmulticast mode [ 29.888133][ T6557] bridge_slave_0: entered promiscuous mode [ 29.888834][ T6557] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.888852][ T6557] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.888907][ T6557] bridge_slave_1: entered allmulticast mode [ 29.889345][ T6557] bridge_slave_1: entered promiscuous mode [ 29.896260][ T6551] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.906370][ T6553] team0: Port device team_slave_1 added [ 29.907410][ T6551] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.913678][ T6556] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.913700][ T6556] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.913712][ T6556] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.914483][ T6556] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.914490][ T6556] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.914501][ T6556] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.935247][ T6557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.946457][ T6553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.946480][ T6553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.946493][ T6553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.953644][ T6560] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.954821][ T6560] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.955991][ T6560] bridge_slave_0: entered allmulticast mode [ 29.957395][ T6560] bridge_slave_0: entered promiscuous mode [ 29.959803][ T6557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.963984][ T6551] team0: Port device team_slave_0 added [ 29.965327][ T6553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.965351][ T6553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.965365][ T6553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.977284][ T6556] hsr_slave_0: entered promiscuous mode [ 29.978635][ T6556] hsr_slave_1: entered promiscuous mode [ 29.980014][ T6560] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.980137][ T6560] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.980199][ T6560] bridge_slave_1: entered allmulticast mode [ 29.980592][ T6560] bridge_slave_1: entered promiscuous mode [ 29.988674][ T6551] team0: Port device team_slave_1 added [ 29.990038][ T6553] hsr_slave_0: entered promiscuous mode [ 29.990321][ T6553] hsr_slave_1: entered promiscuous mode [ 29.990518][ T6553] debugfs: 'hsr0' already exists in 'hsr' [ 29.990547][ T6553] Cannot create hsr debugfs directory [ 29.999746][ T6560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.000894][ T6557] team0: Port device team_slave_0 added [ 30.002118][ T6557] team0: Port device team_slave_1 added [ 30.012078][ T6560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.018361][ T6551] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.018766][ T6551] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.018784][ T6551] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.019408][ T6551] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.019416][ T6551] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.019429][ T6551] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.045964][ T6560] team0: Port device team_slave_0 added [ 30.046317][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.046333][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.046623][ T6557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.047501][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.047511][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.047525][ T6557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.066294][ T6560] team0: Port device team_slave_1 added [ 30.084890][ T6560] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.084915][ T6560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.085043][ T6560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.086771][ T6557] hsr_slave_0: entered promiscuous mode [ 30.087038][ T6557] hsr_slave_1: entered promiscuous mode [ 30.087207][ T6557] debugfs: 'hsr0' already exists in 'hsr' [ 30.087215][ T6557] Cannot create hsr debugfs directory [ 30.088499][ T6551] hsr_slave_0: entered promiscuous mode [ 30.088748][ T6551] hsr_slave_1: entered promiscuous mode [ 30.088910][ T6551] debugfs: 'hsr0' already exists in 'hsr' [ 30.088917][ T6551] Cannot create hsr debugfs directory [ 30.100794][ T6560] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.102224][ T6560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.102245][ T6560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.163387][ T6560] hsr_slave_0: entered promiscuous mode [ 30.163716][ T6560] hsr_slave_1: entered promiscuous mode [ 30.163919][ T6560] debugfs: 'hsr0' already exists in 'hsr' [ 30.163929][ T6560] Cannot create hsr debugfs directory [ 30.216274][ T6553] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 30.222688][ T6553] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 30.228697][ T6553] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 30.234608][ T6553] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 30.244789][ T6556] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 30.253712][ T6556] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 30.256051][ T6556] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 30.259160][ T6553] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.259219][ T6553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.259381][ T6553] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.259411][ T6553] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.264513][ T6556] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 30.290846][ T6553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.292689][ T6551] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 30.298865][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.300619][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.310209][ T6553] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.314450][ T6551] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 30.316678][ T6551] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 30.318869][ T6551] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 30.335369][ T1915] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.335415][ T1915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.339450][ T6557] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 30.345576][ T1915] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.345617][ T1915] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.348017][ T6557] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 30.356093][ T6557] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 30.360123][ T6557] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 30.380207][ T6553] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.382858][ T6553] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.390168][ T6560] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 30.405411][ T6560] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 30.414322][ T6560] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 30.416525][ T6560] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 30.442923][ T6556] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.454934][ T6553] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.459585][ T6551] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.465145][ T6557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.466743][ T6556] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.478595][ T6551] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.480704][ T6557] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.496262][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.496319][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.499061][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.499089][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.502935][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.502966][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.506320][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.506350][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.508986][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.509013][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.518163][ T6557] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.519933][ T6557] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.524020][ T6560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.527681][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.527710][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.540059][ T6560] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.550835][ T1915] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.550874][ T1915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.556632][ T6556] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.556664][ T6556] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.566877][ T6560] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.573256][ T6560] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.577065][ T1915] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.577102][ T1915] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.587463][ T6553] veth0_vlan: entered promiscuous mode [ 30.590132][ T6553] veth1_vlan: entered promiscuous mode [ 30.617492][ T6553] veth0_macvtap: entered promiscuous mode [ 30.619661][ T6553] veth1_macvtap: entered promiscuous mode [ 30.630097][ T6553] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.633482][ T6553] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.639971][ T6557] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.650767][ T6557] veth0_vlan: entered promiscuous mode [ 30.655040][ T6557] veth1_vlan: entered promiscuous mode [ 30.664970][ T6557] veth0_macvtap: entered promiscuous mode [ 30.666662][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.666914][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.666934][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.666951][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.676066][ T6556] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.685587][ T6557] veth1_macvtap: entered promiscuous mode [ 30.695798][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.696846][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.710161][ T41] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.710219][ T41] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.710257][ T41] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.710280][ T41] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.724086][ T6556] veth0_vlan: entered promiscuous mode [ 30.725740][ T6556] veth1_vlan: entered promiscuous mode [ 30.736931][ T6556] veth0_macvtap: entered promiscuous mode [ 30.750541][ T6560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.752772][ T6556] veth1_macvtap: entered promiscuous mode [ 30.757152][ T6551] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.764201][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.764226][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.775567][ T6556] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.776432][ T6556] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.792581][ T1915] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.792634][ T1915] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.792667][ T1915] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.792687][ T1915] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.793915][ T1915] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.793924][ T1915] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.799560][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.799570][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.813687][ T6560] veth0_vlan: entered promiscuous mode [ 30.818265][ T6560] veth1_vlan: entered promiscuous mode [ 30.832086][ T1915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.832114][ T1915] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.834228][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.834237][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.855747][ T1915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.855777][ T1915] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.858960][ T6551] veth0_vlan: entered promiscuous mode [ 30.859845][ T6553] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 30.863893][ T6560] veth0_macvtap: entered promiscuous mode [ 30.865960][ T6560] veth1_macvtap: entered promiscuous mode [ 30.913028][ T6560] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.914036][ T6560] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.922407][ T6669] netlink: 'syz.4.5': attribute type 1 has an invalid length. [ 30.925219][ T6551] veth1_vlan: entered promiscuous mode [ 30.929262][ T42] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.929311][ T42] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.929328][ T42] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.929345][ T42] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.929942][ T6669] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5'. [ 30.941608][ T6672] loop0: detected capacity change from 0 to 1024 [ 30.941952][ T6672] EXT4-fs: Ignoring removed nobh option [ 30.943828][ T6672] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 30.944093][ T6672] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 30.944184][ T6672] EXT4-fs error (device loop0): ext4_get_journal_inode:5808: comm syz.0.6: inode #4294967295: comm syz.0.6: iget: illegal inode # [ 30.944379][ T6672] EXT4-fs (loop0): no journal found [ 30.944390][ T6672] EXT4-fs (loop0): can't get journal size [ 30.949979][ T6672] EXT4-fs (loop0): failed to initialize system zone (-22) [ 30.950037][ T6672] EXT4-fs (loop0): mount failed [ 30.998032][ T6672] netlink: 'syz.0.6': attribute type 13 has an invalid length. [ 31.044339][ T6672] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.044624][ T6672] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.262218][ T6690] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11'. [ 31.276485][ T6672] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 31.279618][ T6672] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 31.541416][ T6555] Bluetooth: hci1: command tx timeout [ 31.609695][ T1915] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 31.609755][ T1915] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 31.609793][ T1915] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 31.609971][ T1915] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 31.610932][ T6551] veth0_macvtap: entered promiscuous mode [ 31.613603][ T6551] veth1_macvtap: entered promiscuous mode [ 31.617030][ T6551] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.617893][ T6551] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.621201][ T6555] Bluetooth: hci2: command tx timeout [ 31.621318][ T6555] Bluetooth: hci4: command tx timeout [ 31.621461][ T6561] Bluetooth: hci0: command tx timeout [ 31.621508][ T6561] Bluetooth: hci3: command tx timeout [ 31.645057][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.645105][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.645125][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.645138][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.678207][ T1915] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.678236][ T1915] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.689508][ T6699] Zero length message leads to an empty skb [ 31.757012][ T31] audit: type=1326 audit(31.730:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6705 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa235b9e8 code=0x7ffc0000 [ 31.757049][ T31] audit: type=1326 audit(31.730:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6705 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa235b9e8 code=0x7ffc0000 [ 31.757074][ T31] audit: type=1326 audit(31.730:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6705 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa235b9e8 code=0x7ffc0000 [ 31.757090][ T31] audit: type=1326 audit(31.730:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6705 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa235b9e8 code=0x7ffc0000 [ 31.757106][ T31] audit: type=1326 audit(31.730:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6705 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa235b9e8 code=0x7ffc0000 [ 31.757121][ T31] audit: type=1326 audit(31.730:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6705 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa235b9e8 code=0x7ffc0000 [ 31.757136][ T31] audit: type=1326 audit(31.730:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6705 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa235b9e8 code=0x7ffc0000 [ 31.757150][ T31] audit: type=1326 audit(31.730:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6705 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffa235b9e8 code=0x7ffc0000 [ 31.757164][ T31] audit: type=1326 audit(31.730:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6705 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa235b9e8 code=0x7ffc0000 [ 31.757175][ T31] audit: type=1326 audit(31.730:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6705 comm="syz.3.18" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=25 compat=0 ip=0xffffa235b9e8 code=0x7ffc0000 [ 31.815814][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.815843][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.833454][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.833482][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.861962][ T6715] loop3: detected capacity change from 0 to 8192 [ 31.863658][ T6715] ======================================================= [ 31.863658][ T6715] WARNING: The mand mount option has been deprecated and [ 31.863658][ T6715] and is ignored by this kernel. Remove the mand [ 31.863658][ T6715] option from the mount to silence this warning. [ 31.863658][ T6715] ======================================================= [ 31.890740][ T1915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.890766][ T1915] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.936301][ T6720] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 31.936868][ T6720] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 31.936903][ T6720] bridge_slave_1: left allmulticast mode [ 31.936913][ T6720] bridge_slave_1: left promiscuous mode [ 31.936984][ T6720] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.961724][ T6720] bridge_slave_0: left allmulticast mode [ 31.961758][ T6720] bridge_slave_0: left promiscuous mode [ 31.961832][ T6720] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.975208][ T6729] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2'. [ 32.139742][ T6751] lo speed is unknown, defaulting to 1000 [ 32.148126][ T6751] lo speed is unknown, defaulting to 1000 [ 32.155924][ T6751] lo speed is unknown, defaulting to 1000 [ 32.157120][ T6751] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 32.158342][ T6751] infiniband s{z2: RDMA CMA: cma_listen_on_dev, error -98 [ 32.207022][ T6751] lo speed is unknown, defaulting to 1000 [ 32.210335][ T6751] lo speed is unknown, defaulting to 1000 [ 32.213152][ T6751] lo speed is unknown, defaulting to 1000 [ 32.214741][ T6751] lo speed is unknown, defaulting to 1000 [ 32.216534][ T6751] lo speed is unknown, defaulting to 1000 [ 32.220296][ T6751] lo speed is unknown, defaulting to 1000 [ 32.282539][ T6763] loop4: detected capacity change from 0 to 2048 [ 32.448247][ T6769] loop4: detected capacity change from 0 to 1024 [ 32.472507][ T6769] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.498789][ T6769] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt. [ 32.529530][ T6553] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.557112][ T6773] lo speed is unknown, defaulting to 1000 [ 32.779667][ T6790] loop4: detected capacity change from 0 to 128 [ 32.796864][ T6790] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 32.796894][ T6790] FAT-fs (loop4): Filesystem has been set read-only [ 32.799635][ T6790] syz.4.50: attempt to access beyond end of device [ 32.799635][ T6790] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 32.799765][ T6790] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 32.799777][ T6790] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 32.800259][ T6790] syz.4.50: attempt to access beyond end of device [ 32.800259][ T6790] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 32.800305][ T6790] syz.4.50: attempt to access beyond end of device [ 32.800305][ T6790] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 32.800335][ T6790] syz.4.50: attempt to access beyond end of device [ 32.800335][ T6790] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 32.800363][ T6790] syz.4.50: attempt to access beyond end of device [ 32.800363][ T6790] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 32.800391][ T6790] syz.4.50: attempt to access beyond end of device [ 32.800391][ T6790] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 32.800418][ T6790] syz.4.50: attempt to access beyond end of device [ 32.800418][ T6790] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 32.800445][ T6790] syz.4.50: attempt to access beyond end of device [ 32.800445][ T6790] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 32.800471][ T6790] syz.4.50: attempt to access beyond end of device [ 32.800471][ T6790] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 32.800602][ T6790] syz.4.50: attempt to access beyond end of device [ 32.800602][ T6790] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 32.850365][ T6793] Buffer I/O error on dev loop4, logical block 2065, async page read [ 32.853702][ T6793] Buffer I/O error on dev loop4, logical block 2066, async page read [ 32.855599][ T6793] Buffer I/O error on dev loop4, logical block 2067, async page read [ 32.857539][ T6793] Buffer I/O error on dev loop4, logical block 2068, async page read [ 32.859254][ T6793] Buffer I/O error on dev loop4, logical block 2069, async page read [ 32.861085][ T6793] Buffer I/O error on dev loop4, logical block 2070, async page read [ 32.861138][ T6793] Buffer I/O error on dev loop4, logical block 2071, async page read [ 32.861174][ T6793] Buffer I/O error on dev loop4, logical block 2072, async page read [ 32.861519][ T6790] Buffer I/O error on dev loop4, logical block 2065, async page read [ 32.861553][ T6790] Buffer I/O error on dev loop4, logical block 2066, async page read [ 33.099066][ T6801] loop1: detected capacity change from 0 to 128 [ 33.120252][ T6801] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 33.157023][ T6804] loop0: detected capacity change from 0 to 512 [ 33.159979][ T6804] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 33.160018][ T6804] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 33.180689][ T6804] EXT4-fs (loop0): 1 truncate cleaned up [ 33.181756][ T6804] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.213632][ T6556] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.217509][ T6551] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 33.265095][ T6808] loop1: detected capacity change from 0 to 164 [ 33.280116][ T6808] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 33.386174][ T6820] loop0: detected capacity change from 0 to 512 [ 33.386508][ T6820] EXT4-fs: inline encryption not supported [ 33.391167][ T6820] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 33.396979][ T6820] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.62: invalid indirect mapped block 2683928664 (level 1) [ 33.399110][ T6820] EXT4-fs (loop0): 1 truncate cleaned up [ 33.414071][ T6820] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.436046][ T6820] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.62: Invalid block bitmap block 3 in block_group 0 [ 33.437821][ T6820] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.62: Invalid block bitmap block 3 in block_group 0 [ 33.439829][ T6820] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.62: Invalid block bitmap block 3 in block_group 0 [ 33.466352][ T6556] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.515341][ T6831] netlink: 'syz.0.67': attribute type 10 has an invalid length. [ 33.521940][ T6831] team0: Port device dummy0 added [ 33.531129][ T6831] netlink: 'syz.0.67': attribute type 10 has an invalid length. [ 33.550615][ T6831] team0: Port device dummy0 removed [ 33.556610][ T6831] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 33.621186][ T6558] Bluetooth: hci1: command tx timeout [ 33.638571][ T6837] netlink: 7 bytes leftover after parsing attributes in process `syz.0.69'. [ 33.638750][ T6837] netlink: 68 bytes leftover after parsing attributes in process `syz.0.69'. [ 33.660082][ T6841] process 'syz.1.66' launched './file0' with NULL argv: empty string added [ 33.668085][ T6843] netlink: 8 bytes leftover after parsing attributes in process `syz.3.72'. [ 33.701350][ T6558] Bluetooth: hci4: command tx timeout [ 33.702359][ T6555] Bluetooth: hci3: command tx timeout [ 33.703206][ T6555] Bluetooth: hci0: command tx timeout [ 33.703683][ T6555] Bluetooth: hci2: command tx timeout [ 33.754761][ T6853] loop2: detected capacity change from 0 to 1024 [ 33.756107][ T6853] EXT4-fs: Ignoring removed nobh option [ 33.760037][ T6853] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 33.762418][ T6853] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 33.762498][ T6853] EXT4-fs error (device loop2): ext4_get_journal_inode:5808: comm syz.2.77: inode #4294967295: comm syz.2.77: iget: illegal inode # [ 33.771190][ T6853] EXT4-fs (loop2): no journal found [ 33.771221][ T6853] EXT4-fs (loop2): can't get journal size [ 33.778374][ T6853] EXT4-fs (loop2): failed to initialize system zone (-22) [ 33.779712][ T6853] EXT4-fs (loop2): mount failed [ 33.856842][ T6853] netlink: 'syz.2.77': attribute type 13 has an invalid length. [ 33.881516][ T6860] loop0: detected capacity change from 0 to 512 [ 33.903907][ T6860] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.938703][ T6860] 9pnet_fd: Insufficient options for proto=fd [ 34.042009][ T6866] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 34.046004][ T6556] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.134342][ T6853] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 34.138005][ T6853] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 34.427987][ T1915] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.428248][ T1915] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.428270][ T1915] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.428287][ T1915] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.502986][ T9] cfg80211: failed to load regulatory.db [ 34.920090][ T6928] loop0: detected capacity change from 0 to 512 [ 34.941790][ T6928] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.963391][ T6928] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 34.972592][ T6556] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.049090][ T6941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.108'. [ 35.074614][ T6944] netlink: 56 bytes leftover after parsing attributes in process `syz.0.112'. [ 35.074737][ T6944] netlink: 24 bytes leftover after parsing attributes in process `syz.0.112'. [ 35.202046][ T6957] loop2: detected capacity change from 0 to 512 [ 35.202355][ T6957] EXT4-fs: inline encryption not supported [ 35.202365][ T6957] EXT4-fs: Ignoring removed i_version option [ 35.204023][ T6957] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.118: inode has both inline data and extents flags [ 35.204125][ T6957] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.118: couldn't read orphan inode 15 (err -117) [ 35.204904][ T6957] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.228842][ T6560] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.394544][ T6982] loop1: detected capacity change from 0 to 512 [ 35.397162][ T6982] EXT4-fs: inline encryption not supported [ 35.397386][ T6982] EXT4-fs: Ignoring removed i_version option [ 35.399760][ T6982] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.130: inode has both inline data and extents flags [ 35.400877][ T6982] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.130: couldn't read orphan inode 15 (err -117) [ 35.416843][ T6982] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.440014][ T6551] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.536654][ T7004] loop9: detected capacity change from 0 to 7 [ 35.544580][ T7004] ldm_validate_partition_table(): Disk read failed. [ 35.546093][ T7004] Dev loop9: unable to read RDB block 0 [ 35.547118][ T7004] loop9: unable to read partition table [ 35.548191][ T7004] loop9: partition table beyond EOD, truncated [ 35.549306][ T7004] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 35.549306][ T7004] ) failed (rc=-5) [ 35.633519][ T7017] netlink: 'syz.3.145': attribute type 1 has an invalid length. [ 35.633550][ T7017] netlink: 'syz.3.145': attribute type 2 has an invalid length. [ 35.633950][ T7018] capability: warning: `syz.0.146' uses deprecated v2 capabilities in a way that may be insecure [ 35.701743][ T6558] Bluetooth: hci1: command tx timeout [ 35.789094][ T6561] Bluetooth: hci2: command tx timeout [ 35.789130][ T6561] Bluetooth: hci0: command tx timeout [ 35.789159][ T6561] Bluetooth: hci3: command tx timeout [ 35.792369][ T6558] Bluetooth: hci4: command tx timeout [ 35.824510][ T7049] loop0: detected capacity change from 0 to 512 [ 35.841591][ T7049] fscrypt (loop0, inode 2): Error -61 getting encryption context [ 35.841737][ T7049] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -61 [ 35.841861][ T7049] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #13: comm syz.0.158: iget: bad i_size value: 12154757448730 [ 35.842010][ T7049] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.158: couldn't read orphan inode 13 (err -117) [ 35.842533][ T7049] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.849564][ T7049] fscrypt (loop0, inode 2): Error -61 getting encryption context [ 35.876132][ T6556] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.992326][ T7071] loop4: detected capacity change from 0 to 512 [ 36.005937][ T7071] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.024665][ T7056] loop1: detected capacity change from 0 to 512 [ 36.040685][ T7056] fscrypt (loop1, inode 2): Error -61 getting encryption context [ 36.042748][ T7056] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -61 [ 36.044960][ T7076] __nla_validate_parse: 3 callbacks suppressed [ 36.045102][ T7076] netlink: 12 bytes leftover after parsing attributes in process `syz.2.170'. [ 36.048751][ T7056] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #13: comm syz.1.163: iget: bad i_size value: 12154757448730 [ 36.052383][ T7056] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.163: couldn't read orphan inode 13 (err -117) [ 36.055067][ T7056] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.077313][ T7076] netlink: 4 bytes leftover after parsing attributes in process `syz.2.170'. [ 36.126943][ T6553] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.171539][ T6551] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.250590][ T7091] sctp: [Deprecated]: syz.4.172 (pid 7091) Use of struct sctp_assoc_value in delayed_ack socket option. [ 36.250590][ T7091] Use struct sctp_sack_info instead [ 36.295167][ T7093] loop3: detected capacity change from 0 to 512 [ 36.309813][ T7093] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 36.313204][ T7093] EXT4-fs warning (device loop3): dx_probe:837: inode #2: comm syz.3.178: Unimplemented hash flags: 0x0001 [ 36.313220][ T7093] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.178: Corrupt directory, running e2fsck is recommended [ 36.314199][ T7093] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.178: path /33/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=4294967295, rec_len=7, size=1024 fake=0 [ 36.426442][ T7093] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.508948][ T7121] loop3: detected capacity change from 0 to 512 [ 36.511924][ T7121] EXT4-fs: inline encryption not supported [ 36.511937][ T7121] EXT4-fs: Ignoring removed i_version option [ 36.519954][ T7121] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.189: inode has both inline data and extents flags [ 36.521588][ T7121] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.189: couldn't read orphan inode 15 (err -117) [ 36.524482][ T7121] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.586624][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.654972][ T7139] loop0: detected capacity change from 0 to 512 [ 36.708122][ T7139] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.711650][ T7145] macvtap0: refused to change device tx_queue_len [ 36.729423][ T6556] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.849971][ T7154] loop3: detected capacity change from 0 to 2048 [ 36.984141][ T7154] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.556321][ T31] kauditd_printk_skb: 567 callbacks suppressed [ 37.556356][ T31] audit: type=1326 audit(550.511:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7158 comm="syz.2.202" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ed5b9e8 code=0x7ffc0000 [ 37.556381][ T31] audit: type=1326 audit(550.511:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7158 comm="syz.2.202" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ed5b9e8 code=0x7ffc0000 [ 37.556398][ T31] audit: type=1326 audit(550.511:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7158 comm="syz.2.202" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffff8ed5b9e8 code=0x7ffc0000 [ 37.556414][ T31] audit: type=1326 audit(550.511:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7158 comm="syz.2.202" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ed5b9e8 code=0x7ffc0000 [ 37.575887][ T7162] netlink: 28 bytes leftover after parsing attributes in process `syz.4.203'. [ 37.577407][ T7162] netlink: 28 bytes leftover after parsing attributes in process `syz.4.203'. [ 37.580187][ T7162] netlink: 28 bytes leftover after parsing attributes in process `syz.4.203'. [ 37.582503][ T7162] netlink: 28 bytes leftover after parsing attributes in process `syz.4.203'. [ 37.635047][ T7167] loop0: detected capacity change from 0 to 512 [ 37.638576][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.640050][ T7167] EXT4-fs: inline encryption not supported [ 37.640061][ T7167] EXT4-fs: Ignoring removed i_version option [ 37.649440][ T7167] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.205: inode has both inline data and extents flags [ 37.649584][ T7167] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.205: couldn't read orphan inode 15 (err -117) [ 37.650130][ T7167] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.711860][ T7179] netlink: 16 bytes leftover after parsing attributes in process `syz.3.209'. [ 37.713759][ T7179] netlink: 112 bytes leftover after parsing attributes in process `syz.3.209'. [ 37.781510][ T6555] Bluetooth: hci1: command tx timeout [ 37.790131][ T7191] loop2: detected capacity change from 0 to 764 [ 37.793519][ T7193] tipc: Started in network mode [ 37.794365][ T7193] tipc: Node identity 2d5b31334ffc55cc002e, cluster identity 4711 [ 37.811949][ T7191] rock: directory entry would overflow storage [ 37.811966][ T7191] rock: sig=0x4f50, size=4, remaining=3 [ 37.811987][ T7191] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 37.863253][ T6555] Bluetooth: hci4: command tx timeout [ 37.863296][ T6555] Bluetooth: hci3: command tx timeout [ 37.863314][ T6555] Bluetooth: hci0: command tx timeout [ 37.863328][ T6555] Bluetooth: hci2: command tx timeout [ 37.948923][ T31] audit: type=1326 audit(550.911:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7207 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ed5b9e8 code=0x7ffc0000 [ 37.952534][ T31] audit: type=1326 audit(550.911:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7207 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=218 compat=0 ip=0xffff8ed5b9e8 code=0x7ffc0000 [ 37.952561][ T31] audit: type=1326 audit(550.911:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7207 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ed5b9e8 code=0x7ffc0000 [ 37.952582][ T31] audit: type=1326 audit(550.911:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7207 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ed5b9e8 code=0x7ffc0000 [ 38.048877][ T7216] loop3: detected capacity change from 0 to 128 [ 38.053570][ T7216] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 38.061671][ T7216] FAT-fs (loop3): error, invalid FAT chain (i_pos 548, last_block 8) [ 38.063316][ T7216] FAT-fs (loop3): Filesystem has been set read-only [ 38.064938][ T7216] FAT-fs (loop3): error, corrupted file size (i_pos 548, 522) [ 38.077600][ T7218] netlink: 8 bytes leftover after parsing attributes in process `syz.2.227'. [ 38.078025][ T7218] netlink: 8 bytes leftover after parsing attributes in process `syz.2.227'. [ 38.091492][ T7220] loop3: detected capacity change from 0 to 512 [ 38.102337][ T7220] EXT4-fs (loop3): orphan cleanup on readonly fs [ 38.104166][ T7220] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.228: bad orphan inode 13 [ 38.106396][ T7220] ext4_test_bit(bit=12, block=18) = 1 [ 38.107432][ T7220] is_bad_inode(inode)=0 [ 38.108304][ T7220] NEXT_ORPHAN(inode)=2130706432 [ 38.109454][ T7220] max_ino=32 [ 38.110160][ T7220] i_nlink=1 [ 38.115172][ T7220] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 38.129957][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.185672][ T7228] ieee802154 phy0 wpan0: encryption failed: -22 [ 38.379888][ T7247] loop3: detected capacity change from 0 to 1024 [ 38.393084][ T7247] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.396649][ T31] audit: type=1326 audit(551.361:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7246 comm="syz.3.240" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa235b9e8 code=0x7ffc0000 [ 38.396735][ T31] audit: type=1326 audit(551.361:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7246 comm="syz.3.240" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa235b9e8 code=0x7ffc0000 [ 38.409832][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.454433][ T7257] loop2: detected capacity change from 0 to 128 [ 38.466107][ T7259] netlink: 'syz.3.245': attribute type 21 has an invalid length. [ 38.696942][ T7284] loop2: detected capacity change from 0 to 1764 [ 38.869780][ T7300] xt_hashlimit: max too large, truncated to 1048576 [ 38.870558][ T7300] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 38.900878][ T7302] loop2: detected capacity change from 0 to 2048 [ 38.922950][ T6543] loop2: p1 < > p4 [ 38.925441][ T6543] loop2: p4 size 8388608 extends beyond EOD, truncated [ 38.932798][ T7302] loop2: p1 < > p4 [ 38.935448][ T7302] loop2: p4 size 8388608 extends beyond EOD, truncated [ 39.114849][ T7069] udevd[7069]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 39.297578][ T7337] loop2: detected capacity change from 0 to 164 [ 39.300175][ T7337] ISOFS: unable to read i-node block [ 39.415631][ T7339] loop2: detected capacity change from 0 to 32768 [ 39.462366][ T6543] loop2: p1 p2 p3 < > p4 < p5 p6 > [ 39.463377][ T6543] loop2: p1 start 460800 is beyond EOD, truncated [ 39.464290][ T7345] team1: entered promiscuous mode [ 39.464302][ T7345] team1: entered allmulticast mode [ 39.464549][ T7345] 8021q: adding VLAN 0 to HW filter on device team1 [ 39.467601][ T6543] loop2: p2 size 83886080 extends beyond EOD, truncated [ 39.470630][ T6543] loop2: p5 start 460800 is beyond EOD, truncated [ 39.472144][ T6543] loop2: p6 size 83886080 extends beyond EOD, truncated [ 39.486284][ T7339] loop2: p1 p2 p3 < > p4 < p5 p6 > [ 39.487780][ T7339] loop2: p1 start 460800 is beyond EOD, truncated [ 39.487830][ T7339] loop2: p2 size 83886080 extends beyond EOD, truncated [ 39.492510][ T7339] loop2: p5 start 460800 is beyond EOD, truncated [ 39.492798][ T7339] loop2: p6 size 83886080 extends beyond EOD, truncated [ 39.703547][ T6562] IPVS: starting estimator thread 0... [ 39.704449][ T7361] IPVS: sh: SCTP 172.20.20.187:0 - no destination available [ 39.743643][ T7339] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 39.745794][ T7339] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 39.781041][ T6561] Bluetooth: hci5: command 0x1003 tx timeout [ 39.781040][ T6558] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 39.791346][ T7362] IPVS: using max 70 ests per chain, 168000 per kthread [ 39.881814][ T7376] binfmt_misc: register: failed to install interpreter file ./file0 [ 39.931582][ T7386] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 39.967397][ T7389] lo speed is unknown, defaulting to 1000 [ 40.129823][ T7412] loop3: detected capacity change from 0 to 1024 [ 40.154457][ T7412] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.170268][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.178904][ T7416] loop1: detected capacity change from 0 to 512 [ 40.189497][ T7416] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 40.191429][ T7416] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 40.202924][ T7416] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 40.203641][ T7416] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 40.203690][ T7416] System zones: 0-2, 18-18, 34-35 [ 40.204341][ T7416] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.242229][ T7416] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 40.254142][ T6551] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.346139][ T7427] syz_tun: entered promiscuous mode [ 40.346226][ T7427] macvtap1: entered promiscuous mode [ 40.346309][ T7427] macvtap1: entered allmulticast mode [ 40.346320][ T7427] syz_tun: entered allmulticast mode [ 40.360854][ T7427] syz_tun: left allmulticast mode [ 40.361014][ T7427] syz_tun: left promiscuous mode [ 40.478470][ T7441] hugetlbfs: Bad value '.' for mount option 'nr_inodes' [ 40.478470][ T7441] [ 40.536197][ T7445] openvswitch: netlink: Flow key attr not present in new flow. [ 40.640198][ T6556] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.712792][ T7465] 0X: renamed from caif0 [ 40.714157][ T7465] A link change request failed with some changes committed already. Interface 60X may have been left with an inconsistent configuration, please check. [ 40.853644][ T7481] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 40.853668][ T7481] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 40.854882][ T7481] vhci_hcd vhci_hcd.0: Device attached [ 40.856830][ T7484] vhci_hcd: connection closed [ 40.857659][ T674] vhci_hcd: stop threads [ 40.857833][ T674] vhci_hcd: release socket [ 40.857857][ T674] vhci_hcd: disconnect device [ 41.109316][ T7490] loop2: detected capacity change from 0 to 512 [ 41.115966][ T7490] EXT4-fs: inline encryption not supported [ 41.116381][ T7487] __nla_validate_parse: 15 callbacks suppressed [ 41.116398][ T7487] netlink: 12 bytes leftover after parsing attributes in process `syz.4.346'. [ 41.123486][ T7490] EXT4-fs: Ignoring removed i_version option [ 41.140024][ T7490] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.347: inode has both inline data and extents flags [ 41.144526][ T7490] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.347: couldn't read orphan inode 15 (err -117) [ 41.147236][ T7490] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.160170][ T7487] netlink: 12 bytes leftover after parsing attributes in process `syz.4.346'. [ 41.189228][ T7487] netlink: 12 bytes leftover after parsing attributes in process `syz.4.346'. [ 41.909129][ T7509] loop4: detected capacity change from 0 to 128 [ 41.915271][ T7509] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 41.916725][ T7509] FAT-fs (loop4): Filesystem has been set read-only [ 41.918050][ T7509] bio_check_eod: 20223 callbacks suppressed [ 41.919403][ T7509] syz.4.352: attempt to access beyond end of device [ 41.919403][ T7509] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 41.921993][ T7509] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 41.923509][ T7509] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 41.925262][ T7509] syz.4.352: attempt to access beyond end of device [ 41.925262][ T7509] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 41.928676][ T7509] syz.4.352: attempt to access beyond end of device [ 41.928676][ T7509] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 41.928764][ T7509] syz.4.352: attempt to access beyond end of device [ 41.928764][ T7509] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 41.928813][ T7509] syz.4.352: attempt to access beyond end of device [ 41.928813][ T7509] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 41.928857][ T7509] syz.4.352: attempt to access beyond end of device [ 41.928857][ T7509] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 41.928898][ T7509] syz.4.352: attempt to access beyond end of device [ 41.928898][ T7509] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 41.928937][ T7509] syz.4.352: attempt to access beyond end of device [ 41.928937][ T7509] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 41.928975][ T7509] syz.4.352: attempt to access beyond end of device [ 41.928975][ T7509] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 41.929009][ T7509] syz.4.352: attempt to access beyond end of device [ 41.929009][ T7509] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 41.953268][ T7505] lo speed is unknown, defaulting to 1000 [ 42.381392][ T7523] netlink: 24 bytes leftover after parsing attributes in process `syz.1.357'. [ 42.702521][ T7535] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 42.829399][ T7542] netlink: 'syz.4.365': attribute type 10 has an invalid length. [ 42.834514][ T7542] team0: Port device dummy0 added [ 42.837273][ T7542] netlink: 'syz.4.365': attribute type 10 has an invalid length. [ 42.840932][ T7542] team0: Port device dummy0 removed [ 42.844046][ T7542] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 42.847698][ T7537] syz.1.363 uses obsolete (PF_INET,SOCK_PACKET) [ 43.366888][ T7556] netlink: 40 bytes leftover after parsing attributes in process `syz.3.372'. [ 43.366951][ T7556] netlink: 40 bytes leftover after parsing attributes in process `syz.3.372'. [ 43.503867][ T7566] loop3: detected capacity change from 0 to 1024 [ 43.505691][ T7566] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 43.505945][ T7566] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 43.509530][ T7566] JBD2: no valid journal superblock found [ 43.509560][ T7566] EXT4-fs (loop3): Could not load journal inode [ 43.561285][ T7568] loop0: detected capacity change from 0 to 512 [ 43.561584][ T7568] EXT4-fs: Ignoring removed bh option [ 43.583123][ T7568] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.626286][ T6556] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.798556][ T7589] loop3: detected capacity change from 0 to 1024 [ 43.800759][ T7589] EXT4-fs: inline encryption not supported [ 43.851590][ T7589] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 43.851654][ T7589] System zones: 0-1, 3-12 [ 43.852289][ T7589] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.882194][ T6560] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.922578][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.508240][ T7614] netlink: 277 bytes leftover after parsing attributes in process `syz.3.394'. [ 44.511836][ T31] kauditd_printk_skb: 161 callbacks suppressed [ 44.511861][ T31] audit: type=1326 audit(1070.481:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7613 comm="syz.1.395" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb295b9e8 code=0x7ffc0000 [ 44.514028][ T31] audit: type=1326 audit(1070.481:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7613 comm="syz.1.395" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb295b9e8 code=0x7ffc0000 [ 44.522169][ T31] audit: type=1326 audit(1070.491:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7613 comm="syz.1.395" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb295b9e8 code=0x7ffc0000 [ 44.523168][ T31] audit: type=1326 audit(1070.491:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7613 comm="syz.1.395" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb295b9e8 code=0x7ffc0000 [ 44.523461][ T31] audit: type=1326 audit(1070.491:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7613 comm="syz.1.395" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb295b9e8 code=0x7ffc0000 [ 44.537250][ T31] audit: type=1326 audit(1070.501:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7613 comm="syz.1.395" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb295b9e8 code=0x7ffc0000 [ 44.537809][ T31] audit: type=1326 audit(1070.501:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7613 comm="syz.1.395" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb295b9e8 code=0x7ffc0000 [ 44.538341][ T31] audit: type=1326 audit(1070.501:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7613 comm="syz.1.395" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb295b9e8 code=0x7ffc0000 [ 44.539146][ T31] audit: type=1326 audit(1070.501:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7613 comm="syz.1.395" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffb2959dd4 code=0x7ffc0000 [ 44.539886][ T31] audit: type=1326 audit(1070.501:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7613 comm="syz.1.395" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffb2959dd4 code=0x7ffc0000 [ 44.629241][ T7619] loop1: detected capacity change from 0 to 512 [ 44.642501][ T7619] EXT4-fs: inline encryption not supported [ 44.642528][ T7619] EXT4-fs: Ignoring removed i_version option [ 44.659797][ T7619] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.397: inode has both inline data and extents flags [ 44.659910][ T7619] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.397: couldn't read orphan inode 15 (err -117) [ 44.660452][ T7619] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.674294][ T7627] loop3: detected capacity change from 0 to 512 [ 44.697566][ T7627] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.735763][ T7631] loop0: detected capacity change from 0 to 2048 [ 44.738360][ T7631] EXT4-fs: Ignoring removed bh option [ 44.746522][ T7631] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.756272][ T7631] netlink: 12 bytes leftover after parsing attributes in process `syz.0.400'. [ 44.758788][ T7631] netlink: 28 bytes leftover after parsing attributes in process `syz.0.400'. [ 44.758841][ T7631] netlink: 12 bytes leftover after parsing attributes in process `syz.0.400'. [ 44.763174][ T7631] netlink: 'syz.0.400': attribute type 6 has an invalid length. [ 44.861676][ T6556] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.903245][ T7638] syz.0.402 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 45.137359][ T7641] ------------[ cut here ]------------ [ 45.137371][ T7641] WARNING: CPU: 1 PID: 7641 at mm/page_alloc.c:5159 __alloc_frozen_pages_noprof+0xd0/0x318 [ 45.139874][ T7641] Modules linked in: [ 45.140546][ T7641] CPU: 1 UID: 0 PID: 7641 Comm: syz.2.404 Not tainted syzkaller #0 PREEMPT [ 45.141889][ T7641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 45.143530][ T7641] pstate: 23400005 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 45.144780][ T7641] pc : __alloc_frozen_pages_noprof+0xd0/0x318 [ 45.145718][ T7641] lr : __alloc_frozen_pages_noprof+0xac/0x318 [ 45.146669][ T7641] sp : ffff80009e047760 [ 45.147268][ T7641] x29: ffff80009e047820 x28: dfff800000000000 x27: 0000000000000003 [ 45.148509][ T7641] x26: 1ffff00012e78250 x25: dfff800000000000 x24: ffff80009e047780 [ 45.149702][ T7641] x23: ffff700013c08ef0 x22: 0000000000000000 x21: 0000000000040cc0 [ 45.150905][ T7641] x20: 0000000000000000 x19: 0000000000000014 x18: 0000000000000000 [ 45.152152][ T7641] x17: 0000000000000000 x16: ffff80008ad68dc8 x15: 0000000000000005 [ 45.153279][ T7641] x14: 1ffff00013c08ef4 x13: 0000000000000000 x12: 0000000000000000 [ 45.154452][ T7641] x11: ffff700013c08ef9 x10: dfff800000000000 x9 : 0000000000000001 [ 45.155592][ T7641] x8 : ffff800092c19000 x7 : 0000000000000000 x6 : ffff80009e047ae8 [ 45.156788][ T7641] x5 : ffff80009e047ae8 x4 : 0000000000000000 x3 : 0000000000000020 [ 45.157964][ T7641] x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000 [ 45.159172][ T7641] Call trace: [ 45.159636][ T7641] __alloc_frozen_pages_noprof+0xd0/0x318 (P) [ 45.160516][ T7641] alloc_pages_mpol+0x1e4/0x460 [ 45.161227][ T7641] alloc_frozen_pages_noprof+0xe0/0x210 [ 45.162086][ T7641] ___kmalloc_large_node+0xac/0x154 [ 45.162829][ T7641] __kmalloc_large_node_noprof+0x2c/0x8c [ 45.163665][ T7641] __kmalloc_noprof+0x4bc/0x728 [ 45.164471][ T7641] raw_ioctl+0x1320/0x3368 [ 45.165120][ T7641] __arm64_sys_ioctl+0x14c/0x1c4 [ 45.165779][ T7641] invoke_syscall+0x98/0x254 [ 45.166475][ T7641] el0_svc_common+0xe8/0x23c [ 45.167129][ T7641] do_el0_svc+0x48/0x58 [ 45.167736][ T7641] el0_svc+0x5c/0x254 [ 45.168334][ T7641] el0t_64_sync_handler+0x84/0x12c [ 45.169088][ T7641] el0t_64_sync+0x198/0x19c [ 45.169721][ T7641] irq event stamp: 1638 [ 45.170354][ T7641] hardirqs last enabled at (1637): [] kasan_quarantine_put+0x1a0/0x1c8 [ 45.171852][ T7641] hardirqs last disabled at (1638): [] el1_brk64+0x20/0x54 [ 45.173150][ T7641] softirqs last enabled at (1620): [] local_bh_enable+0x10/0x34 [ 45.174446][ T7641] softirqs last disabled at (1618): [] local_bh_disable+0x10/0x34 [ 45.175854][ T7641] ---[ end trace 0000000000000000 ]--- [ 45.407564][ T6557] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.590631][ T6551] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.