last executing test programs: 3.231855626s ago: executing program 3 (id=226): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @random="be9689ce9f88", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast=0xac14140a, @multicast1}}}}}}, 0x0) 2.968258332s ago: executing program 3 (id=231): socket$inet6_sctp(0xa, 0x5, 0x84) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000fb000000000000000000e500020000000000e500fcff000000000600000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet(0x2, 0x80001, 0x84) r0 = socket$inet(0x2, 0x3, 0x4) socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'team_slave_0\x00'}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@updpolicy={0xb8, 0x19, 0x1, 0x400000, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x2, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffb}, {0x5, 0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0xb8}}, 0x4004) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0) 2.856090876s ago: executing program 4 (id=233): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r0}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000140)='8', 0x1}], 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r1], 0x28}}], 0x1, 0x0) 2.699292641s ago: executing program 3 (id=235): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r5, 0x0, 0x63, &(0x7f0000001c40)={'IDLETIMER\x00'}, &(0x7f0000004580)=0x1e) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0x20, &(0x7f00000001c0)={&(0x7f00000002c0)=""/217, 0xd9, 0x0, &(0x7f0000000080)=""/37, 0x25}}, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r6, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r8 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3804402, &(0x7f0000000600)={[{@bh}, {@data_err_abort}, {@resuid}, {@errors_remount}, {@norecovery}, {@noblock_validity}, {@stripe={'stripe', 0x3d, 0x5}}, {@noinit_itable}, {@nomblk_io_submit}, {@grpquota}, {@nogrpid}]}, 0x1, 0x54f, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbZdnamc8HbnvOvTc995t7v6fn5iQkgKE1kf0oRLwcEd8kEQfbto1GvnFibb/V+1dnsyWJRuPTv5JI8nWt/ZP89/688lJE/PZVxPHCxnZryysLpXI5Xczrk/XKpcna8sqJC5XSfDqfXpyemTn19sz0e+++M7BY3zj7z/ef3P7w1NdHV7/75e6hm0mcjgP5tvY4nsC19spETOTPyVicfmTHqQE0tpMk230A9GUkz/OxyPqAgzGSZz3w//dlRDSAIZXIfxhSrXFA695+QPfBz417H6zdAG2Mf3TttZHY07w32reaPHRnlN3vjg+g/ayNX/+8dTNbYnCvQwBs6dr1iDg5Orqx/0vy/q9/J3vY59E29H/w7NzOxj9vdhr/FNbHP9Fh/LO/Q+72Y+v8L9wdQDNdZeO/9zuOf9cnrcZH8toLzTHfWHL+QjnN+rYXI+JYjO3O6pvN55xavdPotq19/JctWfutsWB+HHdHdz/8mLlSvfQkMbe7dz3ilY7j32T9/Ccdzn/2fJztsY0j6a3Xum3bOv6nq/FTxOsdz/+DGa1k8/nJyeb1MNm6Kjb6+8aR37u1v93xZ+d/3+bxjyft87W1x2/jxz3/pt229Xv970o+a5Z35euulOr1xamIXcnHG9dPP3hsq97aP4v/2NHN+79O1//eiPi8x/hvHP751f7jf7qy+Oce6/w/fuHOR1/80K393s7/W83SsXxNL/1frwf4JM8dAAAAAAAA7DSFiDgQSaG4Xi4UisW193ccjn2FcrVWP36+unRxLpqflR2PsUJrpvtg2/shpvL3w7bq04/UZyLiUER8O7K3WS/OVstz2x08AAAAAAAAAAAAAAAAAAAA7BD7u3z+P/PHyHYfHfDU+cpvGF5b5v8gvukJ2JH8/4fhJf9heMl/GF7yH4aX/IfhJf9heMl/GF7yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbq7Jkz2dJYvX91NqvPXV5eWqhePjGX1haKlaXZ4mx18VJxvlqdL6fF2Wplq79XrlYvTU3H0pXJelqrT9aWV85VqksX6+cuVErz6bl07JlEBQAAAAAAAAAAAAAAAAAAAM+X2vLKQqlcThcVFPoqjO6Mw1AYcGG7eyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOC/AAAA///ktDiZ") openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4203c, &(0x7f00000003c0)=ANY=[@ANYRES64, @ANYRES8, @ANYRESHEX, @ANYRES64, @ANYRES32=r8, @ANYRESDEC, @ANYRESDEC, @ANYRES8=0x0, @ANYRES8, @ANYRES64], 0x0, 0x0, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r7, 0x0, 0x1}, 0x18) 2.693098672s ago: executing program 1 (id=236): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000680)="5c00000012006bab9e3fe3d86e17aa310f6b876c1d0000007ea608641626f3650400410038002e007e31a0e69ee517d34460bc24eab556a705251e6182949a3651f60a84c9f4d4938037e786a6d0bdd7fcf50e4509c53b5b64f698", 0x5b}], 0x1, 0x0, 0x0, 0x1f005807}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x22c03) setreuid(0x0, 0xee00) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)=ANY=[]) 2.610219556s ago: executing program 4 (id=238): r0 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c) 2.47514219s ago: executing program 1 (id=240): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @loopback}}]}, 0x50}}, 0x0) 2.362545587s ago: executing program 0 (id=241): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fc0f00000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001a0000000c00018008000100", @ANYRES32=r1], 0x20}}, 0x0) 1.701049549s ago: executing program 1 (id=242): socket$inet6_sctp(0xa, 0x5, 0x84) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet(0x2, 0x80001, 0x84) r0 = socket$inet(0x2, 0x3, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$key(0xf, 0x3, 0x2) openat$ptmx(0xffffffffffffff9c, 0x0, 0x121301, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@updpolicy={0xb8, 0x19, 0x1, 0x400000, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x2, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffb}, {0x5, 0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0xb8}}, 0x4004) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015"], 0xb8}}, 0x0) 1.662443866s ago: executing program 3 (id=244): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffbfff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe4627213a135f8de, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_request_inode\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000e80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_request_inode\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_queued_recursive\x00', 0x26e1, 0x0) 1.573004249s ago: executing program 4 (id=245): socket$inet6_sctp(0xa, 0x5, 0x84) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000fb000000000000000000e500020000000000e500fcff000000000600000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet(0x2, 0x80001, 0x84) r0 = socket$inet(0x2, 0x3, 0x4) socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'team_slave_0\x00'}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@updpolicy={0xb8, 0x19, 0x1, 0x400000, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x2, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffb}, {0x5, 0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0xb8}}, 0x4004) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0) 1.546737408s ago: executing program 0 (id=246): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000fcdbdf2517000000400006803c0004"], 0x54}}, 0x0) 1.504564998s ago: executing program 2 (id=247): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioperm(0x0, 0x3d, 0x800009) add_key$keyring(&(0x7f00000012c0), 0x0, 0x0, 0x0, 0xfffffffffffffffc) 1.476004241s ago: executing program 1 (id=248): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') mkdir(&(0x7f0000000000)='./control\x00', 0x0) r2 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000100)='./control\x00', 0x0) openat(r2, &(0x7f0000000280)='./control\x00', 0x470082, 0x0) 1.41711931s ago: executing program 0 (id=249): r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r1, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)}, 0x0) 1.409189976s ago: executing program 2 (id=250): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000680)="5c00000012006bab9e3fe3d86e17aa310f6b876c1d0000007ea608641626f3650400410038002e007e31a0e69ee517d34460bc24eab556a705251e6182949a3651f60a84c9f4d4938037e786a6d0bdd7fcf50e4509c53b5b64f698", 0x5b}], 0x1, 0x0, 0x0, 0x1f005807}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x22c03) setreuid(0x0, 0xee00) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)=ANY=[]) 1.370224777s ago: executing program 4 (id=251): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000380)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27}) io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0) 1.352569677s ago: executing program 2 (id=252): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'gretap0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031400d3fc12000000478888a8", 0xe, 0x2404c001, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 1.256446719s ago: executing program 0 (id=253): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x1000, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x101641) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 1.177015638s ago: executing program 2 (id=254): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@func={0x1, 0x0, 0x0, 0xc, 0x4}]}, {0x0, [0x2e, 0x30, 0x5f, 0x2e]}}, 0x0, 0x2a, 0x0, 0x1, 0xb9e1, 0x0, @void, @value}, 0x28) 1.131785702s ago: executing program 4 (id=255): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r5, 0x0, 0x63, &(0x7f0000001c40)={'IDLETIMER\x00'}, &(0x7f0000004580)=0x1e) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0x20, &(0x7f00000001c0)={&(0x7f00000002c0)=""/217, 0xd9, 0x0, &(0x7f0000000080)=""/37, 0x25}}, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r6, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3804402, &(0x7f0000000600)={[{@bh}, {@data_err_abort}, {@resuid}, {@errors_remount}, {@norecovery}, {@noblock_validity}, {@stripe={'stripe', 0x3d, 0x5}}, {@noinit_itable}, {@nomblk_io_submit}, {@grpquota}, {@nogrpid}]}, 0x1, 0x54f, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbZdnamc8HbnvOvTc995t7v6fn5iQkgKE1kf0oRLwcEd8kEQfbto1GvnFibb/V+1dnsyWJRuPTv5JI8nWt/ZP89/688lJE/PZVxPHCxnZryysLpXI5Xczrk/XKpcna8sqJC5XSfDqfXpyemTn19sz0e+++M7BY3zj7z/ef3P7w1NdHV7/75e6hm0mcjgP5tvY4nsC19spETOTPyVicfmTHqQE0tpMk230A9GUkz/OxyPqAgzGSZz3w//dlRDSAIZXIfxhSrXFA695+QPfBz417H6zdAG2Mf3TttZHY07w32reaPHRnlN3vjg+g/ayNX/+8dTNbYnCvQwBs6dr1iDg5Orqx/0vy/q9/J3vY59E29H/w7NzOxj9vdhr/FNbHP9Fh/LO/Q+72Y+v8L9wdQDNdZeO/9zuOf9cnrcZH8toLzTHfWHL+QjnN+rYXI+JYjO3O6pvN55xavdPotq19/JctWfutsWB+HHdHdz/8mLlSvfQkMbe7dz3ilY7j32T9/Ccdzn/2fJztsY0j6a3Xum3bOv6nq/FTxOsdz/+DGa1k8/nJyeb1MNm6Kjb6+8aR37u1v93xZ+d/3+bxjyft87W1x2/jxz3/pt229Xv970o+a5Z35euulOr1xamIXcnHG9dPP3hsq97aP4v/2NHN+79O1//eiPi8x/hvHP751f7jf7qy+Oce6/w/fuHOR1/80K393s7/W83SsXxNL/1frwf4JM8dAAAAAAAA7DSFiDgQSaG4Xi4UisW193ccjn2FcrVWP36+unRxLpqflR2PsUJrpvtg2/shpvL3w7bq04/UZyLiUER8O7K3WS/OVstz2x08AAAAAAAAAAAAAAAAAAAA7BD7u3z+P/PHyHYfHfDU+cpvGF5b5v8gvukJ2JH8/4fhJf9heMl/GF7yH4aX/IfhJf9heMl/GF7yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbq7Jkz2dJYvX91NqvPXV5eWqhePjGX1haKlaXZ4mx18VJxvlqdL6fF2Wplq79XrlYvTU3H0pXJelqrT9aWV85VqksX6+cuVErz6bl07JlEBQAAAAAAAAAAAAAAAAAAAM+X2vLKQqlcThcVFPoqjO6Mw1AYcGG7eyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOC/AAAA///ktDiZ") openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(r7, 0xd0009411, &(0x7f0000000a40)={{0x0, 0x4, 0x8, 0x9, 0x996184b, 0x6, 0xd1f2, 0x1, 0x9, 0x6, 0x6, 0x8, 0xfffffffffffffffd, 0xa2, 0xb00000}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r7, 0x0, 0x1}, 0x18) 1.125137107s ago: executing program 1 (id=256): ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e20}, 0x1c) listen(r0, 0x20200007) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e20, @loopback}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$unix(0x1, 0x2, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, 0x0, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)={0x34, 0x0, 0x8, 0x801, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmpv6}, @CTA_TIMEOUT_L3PROTO={0x6}]}, 0x34}}, 0x0) 1.076978777s ago: executing program 2 (id=257): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) r1 = socket(0x10, 0x803, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) write$binfmt_script(r0, &(0x7f0000000180), 0xfefc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r0, 0x0) getsockopt$SO_COOKIE(r1, 0x1, 0x39, 0x0, &(0x7f00000003c0)) 1.065986735s ago: executing program 3 (id=258): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x24, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x3f0000}]}]}]}}]}, 0x54}, 0x1, 0x7a00}, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 959.277179ms ago: executing program 0 (id=259): socket$inet6_sctp(0xa, 0x5, 0x84) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet(0x2, 0x80001, 0x84) r0 = socket$inet(0x2, 0x3, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$key(0xf, 0x3, 0x2) openat$ptmx(0xffffffffffffff9c, 0x0, 0x121301, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@updpolicy={0xb8, 0x19, 0x1, 0x400000, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x2, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffb}, {0x5, 0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0xb8}}, 0x4004) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015"], 0xb8}}, 0x0) 885.102309ms ago: executing program 2 (id=260): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO_V2(0xffffffffffffffff, 0xc038943b, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) open_by_handle_at(r0, 0x0, 0x0) write$binfmt_script(r0, &(0x7f00000008c0)={'#! ', './file0'}, 0xb) write$binfmt_script(r1, &(0x7f0000000140), 0xfcb8) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0x0, 0x100000001}) r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) r3 = syz_usbip_server_init(0x2) ioctl$BTRFS_IOC_SET_FEATURES(r3, 0x40309439, &(0x7f0000000000)={0x1, 0x2, 0x2}) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$ARCH_GET_UNTAG_MASK(0x1e, r4, 0x0, 0x4001) fstat(r2, &(0x7f0000000180)) 112.816829ms ago: executing program 4 (id=261): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv6_getroute={0x38, 0x1a, 0x1, 0x0, 0x0, {0x2}, [@RTA_GATEWAY={0x14, 0x5, @rand_addr=' \x01\x00'}, @RTA_OIF={0x8}]}, 0x38}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYRES32, @ANYRESOCT=r0, @ANYBLOB="00000000000000000000008b0000000000000020e815d8c40e24bb4ffcc8f1438a92c57f83e8a53b54042e72c8e081b5908c788e794f4d2b110c236f7107c09ade97acc00e4cbaf73455513fbd8e9c7caa185b5bc244953b186cb0936face4d731a0b7deb6ae8db121e64d54b18389f396a43310752ed9ced35a110b28159830fdb9be1a986ba4dccc84efe6e8aef583fd551f02c28f985c9b63239d49ee934d98cfaba55776f8de958b646d9ecb80c4370bfd1d71ba0000000000000000000000005c2b44c56a8da586f2131442a7583805c9c6363182283dd69535b59d8399db13d99b9dbd11896079a5ee60517dec28a69ba9f547cc7605aed11467289f952695009a34f233a5525994828e85910ccc75db72346891da9774aa5044f98ef4ff36a9c6f1ee180f16d8cf268cb29b546be5", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES8=0x0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000040000090000000000000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000003c0)='kfree\x00', r4}, 0x10) mkdir(&(0x7f0000000200)='./file0\x00', 0x50) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001640)=ANY=[@ANYBLOB="0800000004000000040000000a0000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0], 0x48) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x282080, 0x0) r6 = eventfd(0x2) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r5, 0x7, &(0x7f0000000180)=r6, 0x1) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r5, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f00000004c0)={0xd0, 0x3, 0x1, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@CTA_SEQ_ADJ_REPLY={0x4c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xffffffff}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x3}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x80000001}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x5}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x10001}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8}]}, @CTA_LABELS={0x18, 0x16, 0x1, 0x0, [0x9, 0x7, 0xc, 0x5, 0x4]}, @CTA_TUPLE_REPLY={0x48, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xb4}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @local}}}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0xff}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4c081}, 0x48010) openat$cgroup_type(r7, &(0x7f00000000c0), 0x2, 0x0) rmdir(&(0x7f0000000700)='./cgroup/../file0\x00') mount$nfs4(&(0x7f00000001c0)='\x00', &(0x7f0000000240)='.\x00', &(0x7f00000003c0), 0x200000, 0x0) 55.514946ms ago: executing program 1 (id=262): socket$inet6_sctp(0xa, 0x5, 0x84) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000fb000000000000000000e500020000000000e500fcff000000000600000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet(0x2, 0x80001, 0x84) r0 = socket$inet(0x2, 0x3, 0x4) socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'team_slave_0\x00'}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@updpolicy={0xb8, 0x19, 0x1, 0x400000, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x2, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffb}, {0x5, 0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0xb8}}, 0x4004) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0) 1.077613ms ago: executing program 3 (id=263): r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r1, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)}, 0x0) 0s ago: executing program 0 (id=264): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x10) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r3, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044) write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x7151, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.135' (ED25519) to the list of known hosts. [ 56.275623][ T5834] cgroup: Unknown subsys name 'net' [ 56.411470][ T5834] cgroup: Unknown subsys name 'cpuset' [ 56.419505][ T5834] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 57.693781][ T5834] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 61.522453][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 61.530763][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 61.539465][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 61.548667][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 61.556674][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 61.557401][ T5862] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.565173][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 61.579246][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 61.586591][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 61.593813][ T5862] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 61.599196][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 61.608739][ T5862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.618194][ T5863] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 61.619507][ T5858] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 61.626386][ T5862] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 61.639438][ T5863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.647696][ T5862] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 61.648123][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 61.655350][ T5862] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 61.662173][ T5865] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 61.677931][ T5862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.682976][ T5865] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 61.685088][ T5862] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 61.705919][ T5865] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 61.713701][ T5865] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 61.721340][ T5865] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 61.728206][ T5862] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 61.728661][ T5865] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 61.744715][ T5855] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 61.753058][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.017835][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 62.187340][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.197031][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.205087][ T5845] bridge_slave_0: entered allmulticast mode [ 62.212760][ T5845] bridge_slave_0: entered promiscuous mode [ 62.249900][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.257024][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.264308][ T5845] bridge_slave_1: entered allmulticast mode [ 62.272946][ T5845] bridge_slave_1: entered promiscuous mode [ 62.292889][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 62.316167][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.344410][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 62.356522][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.406778][ T5857] chnl_net:caif_netlink_parms(): no params data found [ 62.459576][ T5845] team0: Port device team_slave_0 added [ 62.496326][ T5845] team0: Port device team_slave_1 added [ 62.530291][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.537483][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.544939][ T5847] bridge_slave_0: entered allmulticast mode [ 62.551758][ T5847] bridge_slave_0: entered promiscuous mode [ 62.559777][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.566888][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.574185][ T5847] bridge_slave_1: entered allmulticast mode [ 62.581307][ T5847] bridge_slave_1: entered promiscuous mode [ 62.597590][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 62.645120][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.652293][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.678499][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.723725][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.733303][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.740945][ T5846] bridge_slave_0: entered allmulticast mode [ 62.747482][ T5846] bridge_slave_0: entered promiscuous mode [ 62.755272][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.762354][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.788353][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.805592][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.812805][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.820038][ T5857] bridge_slave_0: entered allmulticast mode [ 62.826697][ T5857] bridge_slave_0: entered promiscuous mode [ 62.835524][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.857457][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.864696][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.871935][ T5846] bridge_slave_1: entered allmulticast mode [ 62.879062][ T5846] bridge_slave_1: entered promiscuous mode [ 62.895213][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.902458][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.909847][ T5857] bridge_slave_1: entered allmulticast mode [ 62.916389][ T5857] bridge_slave_1: entered promiscuous mode [ 62.924401][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.986550][ T5847] team0: Port device team_slave_0 added [ 62.997206][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.023637][ T5847] team0: Port device team_slave_1 added [ 63.047557][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.061405][ T5845] hsr_slave_0: entered promiscuous mode [ 63.068502][ T5845] hsr_slave_1: entered promiscuous mode [ 63.076748][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.090609][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.114564][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.127658][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.137721][ T5844] bridge_slave_0: entered allmulticast mode [ 63.144508][ T5844] bridge_slave_0: entered promiscuous mode [ 63.153468][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.160848][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.168374][ T5844] bridge_slave_1: entered allmulticast mode [ 63.174909][ T5844] bridge_slave_1: entered promiscuous mode [ 63.209291][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.216334][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.242524][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.271960][ T5846] team0: Port device team_slave_0 added [ 63.284014][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.291315][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.317432][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.341669][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.357193][ T5846] team0: Port device team_slave_1 added [ 63.373802][ T5857] team0: Port device team_slave_0 added [ 63.401016][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.426517][ T5857] team0: Port device team_slave_1 added [ 63.434651][ T5847] hsr_slave_0: entered promiscuous mode [ 63.443595][ T5847] hsr_slave_1: entered promiscuous mode [ 63.449830][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.457560][ T5847] Cannot create hsr debugfs directory [ 63.489572][ T5844] team0: Port device team_slave_0 added [ 63.495999][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.503097][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.529417][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.553024][ T5844] team0: Port device team_slave_1 added [ 63.571795][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.578866][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.604870][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.629254][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.636221][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.662503][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.694077][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.701143][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.727187][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.755169][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.762340][ T5850] Bluetooth: hci3: command tx timeout [ 63.762346][ T5855] Bluetooth: hci2: command tx timeout [ 63.769261][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.800129][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.812227][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.819451][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.845551][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.845802][ T5850] Bluetooth: hci0: command tx timeout [ 63.856196][ T5855] Bluetooth: hci4: command tx timeout [ 63.861985][ T5850] Bluetooth: hci1: command tx timeout [ 63.929611][ T5857] hsr_slave_0: entered promiscuous mode [ 63.936563][ T5857] hsr_slave_1: entered promiscuous mode [ 63.943414][ T5857] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.951292][ T5857] Cannot create hsr debugfs directory [ 63.973615][ T5846] hsr_slave_0: entered promiscuous mode [ 63.980225][ T5846] hsr_slave_1: entered promiscuous mode [ 63.986205][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.996810][ T5846] Cannot create hsr debugfs directory [ 64.033383][ T5844] hsr_slave_0: entered promiscuous mode [ 64.040067][ T5844] hsr_slave_1: entered promiscuous mode [ 64.046198][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.054062][ T5844] Cannot create hsr debugfs directory [ 64.191146][ T5845] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 64.234799][ T5845] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 64.245894][ T5845] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 64.293748][ T5845] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 64.369007][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 64.395643][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 64.425752][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 64.434746][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 64.489793][ T5857] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 64.500096][ T5857] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 64.519873][ T5857] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 64.534683][ T5857] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 64.587173][ T5846] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 64.596484][ T5846] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 64.616382][ T5846] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 64.625782][ T5846] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 64.694791][ T5844] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.707323][ T5844] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.724627][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.741530][ T5844] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.751885][ T5844] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.809335][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.836348][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.843699][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.877652][ T4864] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.884833][ T4864] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.912560][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.941964][ T5845] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 64.952798][ T5845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.975624][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.040814][ T5857] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.075505][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.084515][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.091601][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.112763][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.119914][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.156592][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.163852][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.182129][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.196525][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.203688][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.235886][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.264678][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.271792][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.293304][ T5857] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.324590][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.331685][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.352462][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.371051][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.413547][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.434217][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.441371][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.480892][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.488050][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.583328][ T5844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.611307][ T5845] veth0_vlan: entered promiscuous mode [ 65.641293][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.666677][ T5845] veth1_vlan: entered promiscuous mode [ 65.767448][ T5845] veth0_macvtap: entered promiscuous mode [ 65.809294][ T5845] veth1_macvtap: entered promiscuous mode [ 65.838385][ T5850] Bluetooth: hci3: command tx timeout [ 65.843848][ T5850] Bluetooth: hci2: command tx timeout [ 65.871876][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.912682][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.919689][ T5850] Bluetooth: hci1: command tx timeout [ 65.928572][ T5850] Bluetooth: hci4: command tx timeout [ 65.934233][ T5862] Bluetooth: hci0: command tx timeout [ 65.950051][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.995698][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.037851][ T5845] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.049136][ T5845] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.057851][ T5845] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.066607][ T5845] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.118189][ T5847] veth0_vlan: entered promiscuous mode [ 66.137140][ T5857] veth0_vlan: entered promiscuous mode [ 66.161332][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.179500][ T5846] veth0_vlan: entered promiscuous mode [ 66.193215][ T5857] veth1_vlan: entered promiscuous mode [ 66.230446][ T5846] veth1_vlan: entered promiscuous mode [ 66.241856][ T5847] veth1_vlan: entered promiscuous mode [ 66.279061][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.287118][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.346214][ T5847] veth0_macvtap: entered promiscuous mode [ 66.353911][ T5846] veth0_macvtap: entered promiscuous mode [ 66.366515][ T5846] veth1_macvtap: entered promiscuous mode [ 66.377309][ T5857] veth0_macvtap: entered promiscuous mode [ 66.387462][ T5847] veth1_macvtap: entered promiscuous mode [ 66.396279][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.414706][ T5844] veth0_vlan: entered promiscuous mode [ 66.426387][ T5857] veth1_macvtap: entered promiscuous mode [ 66.432826][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.454331][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.466185][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.480528][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.499927][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.511496][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.521914][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.538445][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.550264][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.563793][ T5844] veth1_vlan: entered promiscuous mode [ 66.572980][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.589296][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.593695][ T5845] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 66.600339][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.623441][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.635178][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.646655][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.657291][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.667161][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.677615][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.688971][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.705589][ T5846] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.714924][ T5846] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.724692][ T5846] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.734487][ T5846] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.747076][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.767485][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.777674][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.802956][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.807268][ T5932] program syz.3.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 66.819111][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.839884][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.857583][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.875468][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.889113][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.900739][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.911268][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.916322][ C1] sd 0:0:1:0: [sda] tag#5886 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 66.922342][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.931516][ C1] sd 0:0:1:0: [sda] tag#5886 CDB: Read(6) 08 00 00 00 85 f0 [ 66.970763][ T5857] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.981764][ T5857] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.991818][ T5857] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.001014][ T5857] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.032579][ T5847] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.043055][ T5847] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.052038][ T5847] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.060855][ T5847] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.072229][ T5844] veth0_macvtap: entered promiscuous mode [ 67.085849][ T5844] veth1_macvtap: entered promiscuous mode [ 67.153090][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.165013][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.175065][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.185786][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.195789][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.207814][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.217936][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.228455][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.240897][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.292234][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.302904][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.313048][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.323562][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.333444][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.344042][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.354371][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.365320][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.376363][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.390398][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.398429][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.420095][ T5844] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.431685][ T5844] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.440599][ T5844] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.449395][ T5844] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.478826][ T2976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.487144][ T2976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.520689][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.529031][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.561150][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.582396][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.612870][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.628417][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.689411][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.709337][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.751177][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.785206][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.802256][ T5940] loop1: detected capacity change from 0 to 512 [ 67.819170][ T5940] ======================================================= [ 67.819170][ T5940] WARNING: The mand mount option has been deprecated and [ 67.819170][ T5940] and is ignored by this kernel. Remove the mand [ 67.819170][ T5940] option from the mount to silence this warning. [ 67.819170][ T5940] ======================================================= [ 67.872656][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.888693][ T29] audit: type=1326 audit(1730664619.839:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5941 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54457e719 code=0x7ffc0000 [ 67.921320][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.924323][ T5850] Bluetooth: hci2: command tx timeout [ 67.934161][ T5862] Bluetooth: hci3: command tx timeout [ 67.940043][ T29] audit: type=1326 audit(1730664619.849:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5941 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb54457e719 code=0x7ffc0000 [ 67.997006][ T29] audit: type=1326 audit(1730664619.849:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5941 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54457e719 code=0x7ffc0000 [ 68.028896][ T5850] Bluetooth: hci4: command tx timeout [ 68.034343][ T5850] Bluetooth: hci0: command tx timeout [ 68.040161][ T5862] Bluetooth: hci1: command tx timeout [ 68.118499][ T29] audit: type=1326 audit(1730664619.849:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5941 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb54457e719 code=0x7ffc0000 [ 68.179161][ T5940] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.204187][ T29] audit: type=1326 audit(1730664619.849:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5941 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54457e719 code=0x7ffc0000 [ 68.237341][ T29] audit: type=1326 audit(1730664619.849:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5941 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb54457e719 code=0x7ffc0000 [ 68.256288][ T5940] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 68.332920][ T29] audit: type=1326 audit(1730664619.849:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5941 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54457e719 code=0x7ffc0000 [ 68.375137][ T29] audit: type=1326 audit(1730664619.849:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5941 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb54457e719 code=0x7ffc0000 [ 68.436168][ T29] audit: type=1326 audit(1730664619.849:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5941 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54457e719 code=0x7ffc0000 [ 68.459078][ T29] audit: type=1326 audit(1730664619.849:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5941 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb54457e719 code=0x7ffc0000 [ 68.492320][ T5960] Process accounting resumed [ 68.587224][ T5964] program syz.4.13 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 68.627482][ T5962] netlink: 'syz.2.12': attribute type 9 has an invalid length. [ 68.641879][ T5960] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 68.671813][ T5962] bond0: entered promiscuous mode [ 68.676895][ T5962] bond_slave_0: entered promiscuous mode [ 68.726239][ T5962] bond_slave_1: entered promiscuous mode [ 68.746370][ T5846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.766391][ T5962] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 68.775133][ T5971] syz.3.15 uses obsolete (PF_INET,SOCK_PACKET) [ 68.886455][ T5962] bond0: left promiscuous mode [ 68.911487][ T5962] bond_slave_0: left promiscuous mode [ 68.917064][ T5962] bond_slave_1: left promiscuous mode [ 69.234262][ T5988] loop1: detected capacity change from 0 to 512 [ 69.284295][ T5988] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.327103][ T5988] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 69.393484][ T5994] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled [ 69.461505][ T6000] netlink: 'syz.2.23': attribute type 10 has an invalid length. [ 69.487467][ T5999] program syz.0.26 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 69.526980][ T6000] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.535334][ T6000] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.568030][ T6000] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.575317][ T6000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.583504][ T6000] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.590695][ T6000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.609391][ T6000] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 69.706523][ T6004] loop3: detected capacity change from 0 to 512 [ 69.890653][ T6004] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.903748][ T6004] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 70.116964][ T5850] Bluetooth: hci2: command tx timeout [ 70.123105][ T5850] Bluetooth: hci3: command tx timeout [ 70.129172][ T5850] Bluetooth: hci0: command tx timeout [ 70.135205][ T5850] Bluetooth: hci1: command tx timeout [ 70.141342][ T5850] Bluetooth: hci4: command tx timeout [ 70.311763][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.466948][ T5846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.519895][ T6019] Cannot find add_set index 0 as target [ 70.555708][ T6019] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 70.713806][ T6027] syzkaller0: entered allmulticast mode [ 70.730601][ T6027] syzkaller0 (unregistering): left allmulticast mode [ 70.930661][ T6034] program syz.1.38 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 71.004311][ T6038] loop3: detected capacity change from 0 to 2048 [ 71.161991][ T6038] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.207680][ T6038] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 71.232439][ T6038] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28 [ 71.267118][ T6038] EXT4-fs (loop3): This should not happen!! Data will be lost [ 71.267118][ T6038] [ 71.309954][ T6057] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 71.347242][ T6059] loop4: detected capacity change from 0 to 512 [ 71.357207][ T6038] EXT4-fs (loop3): Total free blocks count 0 [ 71.377037][ T6057] EXT4-fs (loop3): This should not happen!! Data will be lost [ 71.377037][ T6057] [ 71.417569][ T6038] EXT4-fs (loop3): Free/Dirty block details [ 71.429323][ T6059] mmap: syz.4.47 (6059) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 71.448234][ T6038] EXT4-fs (loop3): free_blocks=66060288 [ 71.464473][ T6064] program syz.0.49 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 71.477405][ T6057] EXT4-fs (loop3): Total free blocks count 0 [ 71.490963][ T6038] EXT4-fs (loop3): dirty_blocks=64 [ 71.607557][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.617989][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.626282][ T6067] loop1: detected capacity change from 0 to 128 [ 71.711710][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 71.720952][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.995350][ T6079] loop3: detected capacity change from 0 to 512 [ 72.813929][ T6079] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.54: bg 0: block 393: padding at end of block bitmap is not set [ 72.865459][ T6079] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 72.876680][ T6079] EXT4-fs (loop3): 2 truncates cleaned up [ 72.919267][ T6079] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.933727][ T29] kauditd_printk_skb: 129 callbacks suppressed [ 72.933744][ T29] audit: type=1326 audit(1730664624.889:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6087 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 72.962878][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 72.991184][ T29] audit: type=1326 audit(1730664624.889:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6087 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 73.013431][ T29] audit: type=1326 audit(1730664624.889:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6087 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 73.035609][ T29] audit: type=1326 audit(1730664624.889:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6087 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 73.059883][ T29] audit: type=1326 audit(1730664624.889:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6087 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 73.059920][ T29] audit: type=1326 audit(1730664624.889:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6087 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 73.059950][ T29] audit: type=1326 audit(1730664624.929:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6087 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 73.059976][ T29] audit: type=1326 audit(1730664624.929:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6087 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 73.060003][ T29] audit: type=1326 audit(1730664624.929:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6087 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 73.060030][ T29] audit: type=1326 audit(1730664624.929:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6087 comm="syz.4.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 73.060242][ T6092] netlink: 104 bytes leftover after parsing attributes in process `syz.2.57'. [ 73.076584][ T6095] netlink: 'syz.4.58': attribute type 3 has an invalid length. [ 73.314123][ T6102] program syz.2.63 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 73.338006][ T6089] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 73.347485][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.616099][ T35] kworker/u8:2: attempt to access beyond end of device [ 73.616099][ T35] loop1: rw=1048577, sector=145, nr_sectors = 560 limit=128 [ 74.106923][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 74.208780][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 74.238316][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 74.410766][ T6130] loop0: detected capacity change from 0 to 512 [ 74.515911][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 74.642331][ T6130] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.72: bg 0: block 393: padding at end of block bitmap is not set [ 74.768775][ T6130] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 74.831407][ T6130] EXT4-fs (loop0): 2 truncates cleaned up [ 74.854769][ T6136] netlink: 104 bytes leftover after parsing attributes in process `syz.4.74'. [ 74.873657][ T6130] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.914861][ T6139] netlink: 12 bytes leftover after parsing attributes in process `syz.2.73'. [ 75.027968][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 75.345265][ T6140] tipc: Started in network mode [ 75.354405][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.386103][ T6140] tipc: Node identity 1, cluster identity 4711 [ 75.415489][ T6140] tipc: Node number set to 1 [ 75.607204][ T6150] program syz.0.77 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 75.742649][ T6155] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 76.040285][ T6155] loop1: detected capacity change from 0 to 2048 [ 76.079420][ T6155] EXT4-fs: Ignoring removed mblk_io_submit option [ 76.110722][ T6155] EXT4-fs: Ignoring removed i_version option [ 76.712632][ T6155] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.765275][ T6171] loop2: detected capacity change from 0 to 512 [ 76.833828][ T6171] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.88: bg 0: block 393: padding at end of block bitmap is not set [ 76.894353][ T6176] netlink: 104 bytes leftover after parsing attributes in process `syz.0.89'. [ 76.904483][ T6171] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 76.933376][ T5846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.943856][ T6171] EXT4-fs (loop2): 2 truncates cleaned up [ 76.974078][ T6171] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.145165][ T6183] loop3: detected capacity change from 0 to 4096 [ 77.168557][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.181993][ T6183] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.438380][ T6193] program syz.2.96 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 77.575274][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.656867][ T6198] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 77.832838][ T6203] loop4: detected capacity change from 0 to 512 [ 77.924166][ T6203] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.978626][ T6203] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.986398][ T6209] netlink: 104 bytes leftover after parsing attributes in process `syz.1.104'. [ 78.016751][ T6215] loop2: detected capacity change from 0 to 512 [ 78.043038][ T29] kauditd_printk_skb: 110 callbacks suppressed [ 78.043055][ T29] audit: type=1326 audit(1730664629.999:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6216 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc7a57e719 code=0x7ffc0000 [ 78.064301][ T6215] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.107: bg 0: block 393: padding at end of block bitmap is not set [ 78.083696][ T6203] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #2: comm syz.4.102: corrupted inode contents [ 78.090417][ T29] audit: type=1326 audit(1730664630.039:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6216 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efc7a57e719 code=0x7ffc0000 [ 78.125132][ T6215] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 78.136273][ T6203] EXT4-fs error (device loop4): ext4_dirty_inode:5984: inode #2: comm syz.4.102: mark_inode_dirty error [ 78.139151][ T6215] EXT4-fs (loop2): 2 truncates cleaned up [ 78.153760][ T29] audit: type=1326 audit(1730664630.039:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6216 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc7a57e719 code=0x7ffc0000 [ 78.176279][ T29] audit: type=1326 audit(1730664630.039:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6216 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc7a57e719 code=0x7ffc0000 [ 78.189962][ T6215] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.198702][ T29] audit: type=1326 audit(1730664630.069:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6216 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7efc7a57e719 code=0x7ffc0000 [ 78.234534][ T29] audit: type=1326 audit(1730664630.069:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6216 comm="syz.3.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc7a57e719 code=0x7ffc0000 [ 78.266097][ T6203] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #2: comm syz.4.102: corrupted inode contents [ 78.278521][ T6203] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.102: mark_inode_dirty error [ 78.307959][ T29] audit: type=1326 audit(1730664630.259:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6220 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f200b97e719 code=0x7ffc0000 [ 78.372487][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.380538][ T29] audit: type=1326 audit(1730664630.299:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6222 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc7a57e719 code=0x7ffc0000 [ 78.404527][ T29] audit: type=1326 audit(1730664630.299:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6222 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc7a57e719 code=0x7ffc0000 [ 78.430264][ T29] audit: type=1326 audit(1730664630.299:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6222 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc7a57e719 code=0x7ffc0000 [ 78.486167][ T5857] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.495551][ T6225] program syz.3.112 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 78.603001][ T6229] netlink: 28 bytes leftover after parsing attributes in process `syz.2.114'. [ 78.623856][ T6229] netlink: 28 bytes leftover after parsing attributes in process `syz.2.114'. [ 78.666492][ T6229] bond_slave_0: entered promiscuous mode [ 78.678841][ T6229] bond_slave_0: left promiscuous mode [ 78.738938][ T6233] loop7: detected capacity change from 0 to 16384 [ 79.008721][ T6250] loop3: detected capacity change from 0 to 512 [ 79.047643][ T6247] netlink: 104 bytes leftover after parsing attributes in process `syz.4.119'. [ 79.061237][ T6250] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.121: bg 0: block 393: padding at end of block bitmap is not set [ 79.081161][ T6250] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 79.105480][ T6250] EXT4-fs (loop3): 2 truncates cleaned up [ 79.134087][ T6250] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.285289][ T6255] program syz.1.124 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 79.299081][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.790942][ T6281] loop0: detected capacity change from 0 to 512 [ 79.831100][ T6281] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 79.883110][ T6281] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 79.914459][ T6284] netlink: 104 bytes leftover after parsing attributes in process `syz.2.136'. [ 79.947323][ T6281] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended [ 79.947394][ T6288] loop1: detected capacity change from 0 to 512 [ 80.011404][ T6288] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.137: bg 0: block 393: padding at end of block bitmap is not set [ 80.026226][ T6281] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 80.080730][ T6281] System zones: 0-2, 18-18, 34-34 [ 80.093566][ T6288] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 80.121908][ T6281] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1138: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 80.153608][ T6288] EXT4-fs (loop1): 2 truncates cleaned up [ 80.161775][ T6281] EXT4-fs (loop0): 1 truncate cleaned up [ 80.162570][ T6288] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.175599][ T6281] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.213522][ T6281] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 80.309087][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.371958][ T5846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.919005][ T6317] netlink: 104 bytes leftover after parsing attributes in process `syz.4.148'. [ 81.135123][ T6324] loop2: detected capacity change from 0 to 1024 [ 81.144740][ T6324] EXT4-fs: Ignoring removed bh option [ 81.150702][ T6324] EXT4-fs: Ignoring removed nomblk_io_submit option [ 81.427407][ T6325] batadv0: entered promiscuous mode [ 81.497989][ T6324] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 81.559654][ T6324] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.585188][ T6315] ext4: Unknown parameter '˙˙˙˙˙˙˙˙˙0xffffffffffffffff˙˙˙˙˙˙˙˙' [ 81.673884][ T6333] loop4: detected capacity change from 0 to 512 [ 81.683093][ T6325] batadv_slave_0: entered promiscuous mode [ 81.689868][ T6325] batadv_slave_0: left promiscuous mode [ 81.832201][ T6325] batadv0: left promiscuous mode [ 81.861153][ T971] cfg80211: failed to load regulatory.db [ 81.883496][ T6333] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.152: bg 0: block 393: padding at end of block bitmap is not set [ 81.900149][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.938217][ T6333] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 82.014311][ T6333] EXT4-fs (loop4): 2 truncates cleaned up [ 82.068678][ T6333] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.126109][ T6349] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 82.148619][ T6349] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 82.253694][ T5857] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.292946][ T6349] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 82.324046][ T6349] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 82.340590][ T6357] netlink: 104 bytes leftover after parsing attributes in process `syz.3.162'. [ 82.518170][ T6364] syz.2.166[6364] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 82.518269][ T6364] syz.2.166[6364] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 82.565510][ T6364] syz.2.166[6364] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 82.730876][ T6374] loop1: detected capacity change from 0 to 512 [ 82.828738][ T6374] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 82.842413][ T6374] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 82.980728][ T6374] EXT4-fs (loop1): 1 truncate cleaned up [ 83.072594][ T6384] loop0: detected capacity change from 0 to 1024 [ 83.082495][ T6384] EXT4-fs: Ignoring removed bh option [ 83.088588][ T6384] EXT4-fs: Ignoring removed nomblk_io_submit option [ 83.178206][ T6384] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 83.239000][ T6384] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.267000][ T6384] ext4: Unknown parameter '˙˙˙˙˙˙˙˙˙0xffffffffffffffff˙˙˙˙˙˙˙˙' [ 83.518710][ T6374] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.566309][ T6389] loop3: detected capacity change from 0 to 512 [ 83.602783][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.656381][ T5846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.686079][ T6380] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.701078][ T6389] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.173: bg 0: block 393: padding at end of block bitmap is not set [ 83.730667][ T29] kauditd_printk_skb: 199 callbacks suppressed [ 83.730685][ T29] audit: type=1326 audit(1730664635.679:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 83.760858][ T29] audit: type=1326 audit(1730664635.679:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 83.783391][ T29] audit: type=1326 audit(1730664635.679:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 83.805829][ T29] audit: type=1326 audit(1730664635.679:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 83.828374][ T29] audit: type=1326 audit(1730664635.679:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 83.851094][ T29] audit: type=1326 audit(1730664635.679:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 83.860607][ T6389] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 83.874035][ T29] audit: type=1326 audit(1730664635.679:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 83.905183][ T29] audit: type=1326 audit(1730664635.679:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 83.927678][ T29] audit: type=1326 audit(1730664635.679:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 83.950621][ T29] audit: type=1326 audit(1730664635.679:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.4.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f538497e719 code=0x7ffc0000 [ 83.998453][ T6389] EXT4-fs (loop3): 2 truncates cleaned up [ 84.021344][ T6396] loop0: detected capacity change from 0 to 512 [ 84.059088][ T6389] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.124989][ T6396] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.143320][ T6396] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 84.175026][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.181421][ T6403] __nla_validate_parse: 2 callbacks suppressed [ 84.181442][ T6403] netlink: 104 bytes leftover after parsing attributes in process `syz.1.178'. [ 84.245612][ T6405] program syz.3.177 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 84.294469][ T6380] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.318368][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.429548][ T6413] loop3: detected capacity change from 0 to 512 [ 84.470518][ T6380] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.471532][ T6415] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 84.574048][ T6413] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.597422][ T6413] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 84.673734][ T6426] loop4: detected capacity change from 0 to 512 [ 84.802888][ T6426] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.188: bg 0: block 393: padding at end of block bitmap is not set [ 84.835730][ T6426] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 84.851848][ T6380] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.894561][ T6430] netlink: 4 bytes leftover after parsing attributes in process `syz.0.187'. [ 84.899545][ T6426] EXT4-fs (loop4): 2 truncates cleaned up [ 84.925687][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.929074][ T6426] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.148020][ T6434] loop1: detected capacity change from 0 to 1024 [ 85.157939][ T6434] EXT4-fs: Ignoring removed bh option [ 85.163877][ T6434] EXT4-fs: Ignoring removed nomblk_io_submit option [ 85.204318][ T6434] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 85.291527][ T6434] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.320978][ T6434] ext4: Unknown parameter '˙˙˙˙˙˙˙˙˙0xffffffffffffffff˙˙˙˙˙˙˙˙' [ 85.642621][ T6380] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.683441][ T6380] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.693025][ T5846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.740211][ T6380] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.755499][ T6380] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.765319][ T5857] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.902632][ T6443] program syz.0.193 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 85.930082][ T6445] capability: warning: `syz.1.190' uses deprecated v2 capabilities in a way that may be insecure [ 86.059880][ T6449] netlink: 104 bytes leftover after parsing attributes in process `syz.4.192'. [ 86.358694][ T6467] loop1: detected capacity change from 0 to 512 [ 86.466343][ T6468] Zero length message leads to an empty skb [ 87.718176][ T6477] loop4: detected capacity change from 0 to 128 [ 87.742793][ T6478] loop0: detected capacity change from 0 to 1024 [ 87.752312][ T6478] EXT4-fs: Ignoring removed bh option [ 87.758004][ T6478] EXT4-fs: Ignoring removed nomblk_io_submit option [ 87.852664][ T6478] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 87.955109][ T6467] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.203: bg 0: block 393: padding at end of block bitmap is not set [ 88.001834][ T6478] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.027723][ T6478] ext4: Unknown parameter '˙˙˙˙˙˙˙˙˙0xffffffffffffffff˙˙˙˙˙˙˙˙' [ 88.114037][ T6467] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 88.176973][ T6467] EXT4-fs (loop1): 2 truncates cleaned up [ 88.186925][ T6467] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.435055][ T6487] loop2: detected capacity change from 0 to 1024 [ 88.466029][ T6489] program syz.4.206 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 88.467375][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.533834][ T5846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.632923][ T6487] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.784647][ T6501] loop4: detected capacity change from 0 to 2048 [ 88.831504][ T6498] netlink: 104 bytes leftover after parsing attributes in process `syz.1.210'. [ 88.849545][ T6503] Illegal XDP return value 4292517888 on prog (id 86) dev N/A, expect packet loss! [ 89.130292][ T6501] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.152743][ T29] kauditd_printk_skb: 135 callbacks suppressed [ 89.152761][ T29] audit: type=1326 audit(1730664641.109:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.0.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f333037e719 code=0x7ffc0000 [ 89.228043][ T29] audit: type=1326 audit(1730664641.109:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.0.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f333037e719 code=0x7ffc0000 [ 89.264185][ T29] audit: type=1326 audit(1730664641.139:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.0.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f333037e719 code=0x7ffc0000 [ 89.356719][ T29] audit: type=1326 audit(1730664641.139:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.0.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f333037e719 code=0x7ffc0000 [ 89.358531][ T3014] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 89.397460][ T3014] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 89.411422][ T6513] syz.1.218 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 89.412207][ T3014] EXT4-fs (loop2): This should not happen!! Data will be lost [ 89.412207][ T3014] [ 89.431714][ T3014] EXT4-fs (loop2): Total free blocks count 0 [ 89.437717][ T3014] EXT4-fs (loop2): Free/Dirty block details [ 89.443947][ T3014] EXT4-fs (loop2): free_blocks=68451041280 [ 89.449866][ T3014] EXT4-fs (loop2): dirty_blocks=15472 [ 89.455260][ T3014] EXT4-fs (loop2): Block reservation details [ 89.461356][ T3014] EXT4-fs (loop2): i_reserved_data_blocks=967 [ 89.475880][ T3014] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 2048 with error 28 [ 89.487995][ T29] audit: type=1326 audit(1730664641.139:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.0.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f333037e719 code=0x7ffc0000 [ 89.639381][ T5857] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.727942][ T29] audit: type=1326 audit(1730664641.139:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.0.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f333037e719 code=0x7ffc0000 [ 89.767920][ T29] audit: type=1326 audit(1730664641.149:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.0.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f333037e719 code=0x7ffc0000 [ 89.979500][ T6519] loop0: detected capacity change from 0 to 1024 [ 89.988285][ T6519] EXT4-fs: Ignoring removed bh option [ 89.994214][ T6519] EXT4-fs: Ignoring removed nomblk_io_submit option [ 90.003380][ T29] audit: type=1326 audit(1730664641.149:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.0.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f333037e719 code=0x7ffc0000 [ 90.132136][ T6519] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 90.299176][ T6519] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.326567][ T6519] ext4: Unknown parameter '˙˙˙˙˙˙˙˙˙0xffffffffffffffff˙˙˙˙˙˙˙˙' [ 90.418213][ T29] audit: type=1326 audit(1730664641.149:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.0.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f333037e719 code=0x7ffc0000 [ 90.502643][ T6525] program syz.3.223 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.538026][ T29] audit: type=1326 audit(1730664641.149:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.0.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f333037e719 code=0x7ffc0000 [ 90.598818][ T6527] loop4: detected capacity change from 0 to 512 [ 90.601218][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.682781][ T6527] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.221: bg 0: block 393: padding at end of block bitmap is not set [ 90.759576][ T6535] netlink: 104 bytes leftover after parsing attributes in process `syz.1.227'. [ 90.821138][ T6527] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 90.906967][ T6527] EXT4-fs (loop4): 2 truncates cleaned up [ 90.922158][ T6527] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.128688][ T5857] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.304192][ T6557] program syz.1.236 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 91.721851][ T6567] loop3: detected capacity change from 0 to 1024 [ 91.731756][ T6567] EXT4-fs: Ignoring removed bh option [ 91.737636][ T6567] EXT4-fs: Ignoring removed nomblk_io_submit option [ 91.919845][ T6567] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 92.003812][ T6567] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.027184][ T6567] ext4: Unknown parameter '˙˙˙˙˙˙˙˙˙0xffffffffffffffff˙˙˙˙˙˙˙˙' [ 92.264635][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.286934][ T6576] netlink: 104 bytes leftover after parsing attributes in process `syz.1.242'. [ 92.396820][ T6582] loop3: detected capacity change from 0 to 512 [ 92.445747][ T6582] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.244: bg 0: block 393: padding at end of block bitmap is not set [ 92.503392][ T6589] program syz.2.250 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 92.577540][ T6582] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 92.656145][ T6582] EXT4-fs (loop3): 2 truncates cleaned up [ 92.678416][ T6582] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.780623][ T6599] hub 9-0:1.0: USB hub found [ 92.810643][ T6599] hub 9-0:1.0: 1 port detected [ 92.854040][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.074427][ T6610] loop2: detected capacity change from 0 to 128 [ 93.093358][ T6610] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 93.139588][ T6612] netlink: 104 bytes leftover after parsing attributes in process `syz.0.259'. [ 93.302291][ T6618] loop4: detected capacity change from 0 to 1024 [ 93.312039][ T6618] EXT4-fs: Ignoring removed bh option [ 93.318152][ T6618] EXT4-fs: Ignoring removed nomblk_io_submit option [ 93.349285][ T6618] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 93.410928][ T6618] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.496849][ T6610] ext4 filesystem being mounted at /55/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 93.789266][ T6621] netlink: 'syz.3.258': attribute type 10 has an invalid length. [ 93.806858][ T6621] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.820358][ T6621] bond0: (slave team0): Enslaving as an active interface with an up link [ 93.888974][ T6610] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 93.895726][ T6610] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 93.913269][ T6610] vhci_hcd vhci_hcd.0: Device attached [ 93.968196][ T6630] netlink: 'syz.4.261': attribute type 5 has an invalid length. [ 94.016656][ T6634] ================================================================== [ 94.024766][ T6634] BUG: KASAN: slab-out-of-bounds in skb_copy_and_csum_bits+0x433/0x9c0 [ 94.033047][ T6634] Write of size 1144 at addr ffff888060d73324 by task syz.0.264/6634 [ 94.034745][ T6630] nfs4: Bad value for 'source' [ 94.041107][ T6634] [ 94.041138][ T6634] CPU: 1 UID: 0 PID: 6634 Comm: syz.0.264 Not tainted 6.12.0-rc5-next-20241101-syzkaller #0 [ 94.041162][ T6634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 94.041173][ T6634] Call Trace: [ 94.041185][ T6634] [ 94.041193][ T6634] dump_stack_lvl+0x241/0x360 [ 94.041218][ T6634] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.041236][ T6634] ? __pfx__printk+0x10/0x10 [ 94.088507][ T5901] vhci_hcd: vhci_device speed not set [ 94.089064][ T6634] ? _printk+0xd5/0x120 [ 94.098723][ T6634] ? __virt_addr_valid+0x183/0x530 [ 94.103857][ T6634] ? __virt_addr_valid+0x183/0x530 [ 94.108989][ T6634] print_report+0x169/0x550 [ 94.113513][ T6634] ? __virt_addr_valid+0x183/0x530 [ 94.118646][ T6634] ? __virt_addr_valid+0x183/0x530 [ 94.123777][ T6634] ? __virt_addr_valid+0x45f/0x530 [ 94.128908][ T6634] ? __phys_addr+0xba/0x170 [ 94.133429][ T6634] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 94.138994][ T6634] kasan_report+0x143/0x180 [ 94.143529][ T6634] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 94.148675][ T5901] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 94.149078][ T6634] kasan_check_range+0x282/0x290 [ 94.149104][ T6634] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 94.149126][ T6634] __asan_memcpy+0x40/0x70 [ 94.171574][ T6634] skb_copy_and_csum_bits+0x433/0x9c0 [ 94.176985][ T6634] __ip_append_data+0x2fc1/0x40f0 [ 94.182028][ T6634] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 94.187590][ T6634] ? __pfx___ip_append_data+0x10/0x10 [ 94.192963][ T6634] ? lockdep_hardirqs_on+0x99/0x150 [ 94.198163][ T6634] ip_append_data+0x14c/0x190 [ 94.202846][ T6634] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 94.208387][ T6634] udp_sendmsg+0x52c/0x2a50 [ 94.212888][ T6634] ? cgroup_rstat_updated+0x69c/0xc60 [ 94.218259][ T6634] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 94.223798][ T6634] ? __pfx_udp_sendmsg+0x10/0x10 [ 94.228739][ T6634] ? __mutex_trylock_common+0x183/0x2e0 [ 94.234275][ T6634] ? __pfx_aa_sk_perm+0x10/0x10 [ 94.239122][ T6634] ? sock_rps_record_flow+0x1a/0x400 [ 94.244406][ T6634] ? inet_sendmsg+0x2ba/0x390 [ 94.249073][ T6634] __sock_sendmsg+0x1a6/0x270 [ 94.253744][ T6634] sock_sendmsg+0x134/0x200 [ 94.258237][ T6634] ? __pfx_sock_sendmsg+0x10/0x10 [ 94.263256][ T6634] ? iov_iter_bvec+0x4e/0x180 [ 94.267928][ T6634] splice_to_socket+0xa10/0x10b0 [ 94.272861][ T6634] ? __pfx_lock_release+0x10/0x10 [ 94.277894][ T6634] ? __pfx_splice_to_socket+0x10/0x10 [ 94.283277][ T6634] ? __lock_acquire+0x1397/0x2100 [ 94.288304][ T6634] ? bpf_lsm_file_permission+0x9/0x10 [ 94.293678][ T6634] ? security_file_permission+0x74/0x280 [ 94.299308][ T6634] ? rw_verify_area+0x1c3/0x6f0 [ 94.304164][ T6634] ? __pfx_splice_to_socket+0x10/0x10 [ 94.309542][ T6634] do_splice+0xd68/0x18e0 [ 94.313871][ T6634] ? __pfx_lock_release+0x10/0x10 [ 94.318887][ T6634] ? __pfx_reacquire_held_locks+0x10/0x10 [ 94.324602][ T6634] ? pipe_clear_nowait+0x196/0x220 [ 94.329707][ T6634] ? __pfx_do_splice+0x10/0x10 [ 94.334460][ T6634] ? __fget_files+0x2a/0x410 [ 94.339044][ T6634] __se_sys_splice+0x331/0x4a0 [ 94.343802][ T6634] ? __pfx___se_sys_splice+0x10/0x10 [ 94.349076][ T6634] ? exc_page_fault+0x590/0x8c0 [ 94.353924][ T6634] ? __x64_sys_splice+0x21/0xf0 [ 94.358764][ T6634] do_syscall_64+0xf3/0x230 [ 94.363256][ T6634] ? clear_bhb_loop+0x35/0x90 [ 94.367947][ T6634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.373836][ T6634] RIP: 0033:0x7f333037e719 [ 94.378248][ T6634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.397845][ T6634] RSP: 002b:00007f333123a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 94.406271][ T6634] RAX: ffffffffffffffda RBX: 00007f3330536058 RCX: 00007f333037e719 [ 94.414238][ T6634] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 94.422200][ T6634] RBP: 00007f33303f132e R08: 0000000000007151 R09: 0000000000000000 [ 94.430168][ T6634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.438130][ T6634] R13: 0000000000000001 R14: 00007f3330536058 R15: 00007ffd3d2ffb18 [ 94.446096][ T6634] [ 94.449104][ T6634] [ 94.451415][ T6634] Allocated by task 6634: [ 94.455727][ T6634] kasan_save_track+0x3f/0x80 [ 94.460400][ T6634] __kasan_slab_alloc+0x66/0x80 [ 94.465239][ T6634] kmem_cache_alloc_node_noprof+0x1d9/0x380 [ 94.471119][ T6634] kmalloc_reserve+0xa8/0x2a0 [ 94.475785][ T6634] __alloc_skb+0x1f3/0x440 [ 94.480201][ T6634] __ip_append_data+0x2da7/0x40f0 [ 94.485221][ T6634] ip_append_data+0x14c/0x190 [ 94.489893][ T6634] udp_sendmsg+0x52c/0x2a50 [ 94.494390][ T6634] __sock_sendmsg+0x1a6/0x270 [ 94.499057][ T6634] sock_sendmsg+0x134/0x200 [ 94.503548][ T6634] splice_to_socket+0xa10/0x10b0 [ 94.508488][ T6634] do_splice+0xd68/0x18e0 [ 94.512801][ T6634] __se_sys_splice+0x331/0x4a0 [ 94.517554][ T6634] do_syscall_64+0xf3/0x230 [ 94.522044][ T6634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.527934][ T6634] [ 94.530244][ T6634] The buggy address belongs to the object at ffff888060d73300 [ 94.530244][ T6634] which belongs to the cache skbuff_small_head of size 640 [ 94.544809][ T6634] The buggy address is located 36 bytes inside of [ 94.544809][ T6634] allocated 640-byte region [ffff888060d73300, ffff888060d73580) [ 94.558854][ T6634] [ 94.561164][ T6634] The buggy address belongs to the physical page: [ 94.567571][ T6634] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x60d70 [ 94.576320][ T6634] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 94.584894][ T6634] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 94.592438][ T6634] page_type: f5(slab) [ 94.596412][ T6634] raw: 00fff00000000040 ffff8881412caa00 ffffea0001f94800 dead000000000002 [ 94.604985][ T6634] raw: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 94.613564][ T6634] head: 00fff00000000040 ffff8881412caa00 ffffea0001f94800 dead000000000002 [ 94.622225][ T6634] head: 0000000000000000 0000000080150015 00000001f5000000 0000000000000000 [ 94.630895][ T6634] head: 00fff00000000002 ffffea0001835c01 ffffffffffffffff 0000000000000000 [ 94.639570][ T6634] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 94.648243][ T6634] page dumped because: kasan: bad access detected [ 94.654660][ T6634] page_owner tracks the page as allocated [ 94.660382][ T6634] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1153, tgid 1153 (kworker/u8:6), ts 67708388324, free_ts 16326915030 [ 94.681124][ T6634] post_alloc_hook+0x1f3/0x230 [ 94.685972][ T6634] get_page_from_freelist+0x3725/0x3870 [ 94.691515][ T6634] __alloc_pages_noprof+0x292/0x710 [ 94.696724][ T6634] alloc_pages_mpol_noprof+0x3e8/0x680 [ 94.702177][ T6634] alloc_slab_page+0x6a/0x140 [ 94.706848][ T6634] allocate_slab+0x5a/0x2f0 [ 94.711346][ T6634] ___slab_alloc+0xcd1/0x14b0 [ 94.716013][ T6634] __slab_alloc+0x58/0xa0 [ 94.720334][ T6634] kmem_cache_alloc_node_noprof+0x269/0x380 [ 94.726215][ T6634] kmalloc_reserve+0xa8/0x2a0 [ 94.730887][ T6634] __alloc_skb+0x1f3/0x440 [ 94.735292][ T6634] __ipv6_ifa_notify+0x2e9/0x1230 [ 94.740311][ T6634] addrconf_dad_completed+0x181/0xcd0 [ 94.745701][ T6634] addrconf_dad_work+0xdc2/0x16f0 [ 94.750800][ T6634] process_scheduled_works+0xa63/0x1850 [ 94.756349][ T6634] worker_thread+0x870/0xd30 [ 94.760933][ T6634] page last free pid 1 tgid 1 stack trace: [ 94.766721][ T6634] free_unref_page+0xcfb/0xf20 [ 94.771477][ T6634] free_contig_range+0x152/0x550 [ 94.776402][ T6634] destroy_args+0x92/0x910 [ 94.780810][ T6634] debug_vm_pgtable+0x4be/0x550 [ 94.785652][ T6634] do_one_initcall+0x248/0x880 [ 94.790418][ T6634] do_initcall_level+0x157/0x210 [ 94.795355][ T6634] do_initcalls+0x3f/0x80 [ 94.799691][ T6634] kernel_init_freeable+0x435/0x5d0 [ 94.804890][ T6634] kernel_init+0x1d/0x2b0 [ 94.809229][ T6634] ret_from_fork+0x4b/0x80 [ 94.813640][ T6634] ret_from_fork_asm+0x1a/0x30 [ 94.818401][ T6634] [ 94.820713][ T6634] Memory state around the buggy address: [ 94.826329][ T6634] ffff888060d73480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 94.834390][ T6634] ffff888060d73500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 94.842437][ T6634] >ffff888060d73580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.850481][ T6634] ^ [ 94.854535][ T6634] ffff888060d73600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.862583][ T6634] ffff888060d73680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.870629][ T6634] ================================================================== [ 94.881484][ T6634] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 94.888701][ T6634] CPU: 1 UID: 0 PID: 6634 Comm: syz.0.264 Not tainted 6.12.0-rc5-next-20241101-syzkaller #0 [ 94.898777][ T6634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 94.908884][ T6634] Call Trace: [ 94.912179][ T6634] [ 94.915128][ T6634] dump_stack_lvl+0x241/0x360 [ 94.919826][ T6634] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.925043][ T6634] ? __pfx__printk+0x10/0x10 [ 94.929657][ T6634] ? vscnprintf+0x5d/0x90 [ 94.934004][ T6634] panic+0x349/0x880 [ 94.937918][ T6634] ? check_panic_on_warn+0x21/0xb0 [ 94.943151][ T6634] ? __pfx_panic+0x10/0x10 [ 94.947566][ T6634] ? mark_lock+0x9a/0x360 [ 94.951976][ T6634] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 94.957871][ T6634] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 94.963773][ T6634] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 94.970098][ T6634] ? print_report+0x502/0x550 [ 94.974770][ T6634] check_panic_on_warn+0x86/0xb0 [ 94.979702][ T6634] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 94.985239][ T6634] end_report+0x77/0x160 [ 94.989678][ T6634] kasan_report+0x154/0x180 [ 94.994244][ T6634] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 94.999807][ T6634] kasan_check_range+0x282/0x290 [ 95.004746][ T6634] ? skb_copy_and_csum_bits+0x433/0x9c0 [ 95.010295][ T6634] __asan_memcpy+0x40/0x70 [ 95.014714][ T6634] skb_copy_and_csum_bits+0x433/0x9c0 [ 95.020094][ T6634] __ip_append_data+0x2fc1/0x40f0 [ 95.025131][ T6634] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 95.030682][ T6634] ? __pfx___ip_append_data+0x10/0x10 [ 95.036048][ T6634] ? lockdep_hardirqs_on+0x99/0x150 [ 95.041245][ T6634] ip_append_data+0x14c/0x190 [ 95.045918][ T6634] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 95.051463][ T6634] udp_sendmsg+0x52c/0x2a50 [ 95.055967][ T6634] ? cgroup_rstat_updated+0x69c/0xc60 [ 95.061339][ T6634] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 95.066884][ T6634] ? __pfx_udp_sendmsg+0x10/0x10 [ 95.071824][ T6634] ? __mutex_trylock_common+0x183/0x2e0 [ 95.077363][ T6634] ? __pfx_aa_sk_perm+0x10/0x10 [ 95.082209][ T6634] ? sock_rps_record_flow+0x1a/0x400 [ 95.087487][ T6634] ? inet_sendmsg+0x2ba/0x390 [ 95.092158][ T6634] __sock_sendmsg+0x1a6/0x270 [ 95.096832][ T6634] sock_sendmsg+0x134/0x200 [ 95.101332][ T6634] ? __pfx_sock_sendmsg+0x10/0x10 [ 95.106364][ T6634] ? iov_iter_bvec+0x4e/0x180 [ 95.111038][ T6634] splice_to_socket+0xa10/0x10b0 [ 95.115978][ T6634] ? __pfx_lock_release+0x10/0x10 [ 95.121006][ T6634] ? __pfx_splice_to_socket+0x10/0x10 [ 95.126386][ T6634] ? __lock_acquire+0x1397/0x2100 [ 95.131411][ T6634] ? bpf_lsm_file_permission+0x9/0x10 [ 95.136779][ T6634] ? security_file_permission+0x74/0x280 [ 95.142409][ T6634] ? rw_verify_area+0x1c3/0x6f0 [ 95.147262][ T6634] ? __pfx_splice_to_socket+0x10/0x10 [ 95.152636][ T6634] do_splice+0xd68/0x18e0 [ 95.156964][ T6634] ? __pfx_lock_release+0x10/0x10 [ 95.161981][ T6634] ? __pfx_reacquire_held_locks+0x10/0x10 [ 95.167693][ T6634] ? pipe_clear_nowait+0x196/0x220 [ 95.172795][ T6634] ? __pfx_do_splice+0x10/0x10 [ 95.177547][ T6634] ? __fget_files+0x2a/0x410 [ 95.182139][ T6634] __se_sys_splice+0x331/0x4a0 [ 95.186934][ T6634] ? __pfx___se_sys_splice+0x10/0x10 [ 95.192240][ T6634] ? exc_page_fault+0x590/0x8c0 [ 95.197097][ T6634] ? __x64_sys_splice+0x21/0xf0 [ 95.201947][ T6634] do_syscall_64+0xf3/0x230 [ 95.206451][ T6634] ? clear_bhb_loop+0x35/0x90 [ 95.211130][ T6634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.217032][ T6634] RIP: 0033:0x7f333037e719 [ 95.221455][ T6634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.241088][ T6634] RSP: 002b:00007f333123a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 95.249506][ T6634] RAX: ffffffffffffffda RBX: 00007f3330536058 RCX: 00007f333037e719 [ 95.257472][ T6634] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 95.265608][ T6634] RBP: 00007f33303f132e R08: 0000000000007151 R09: 0000000000000000 [ 95.273574][ T6634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.281544][ T6634] R13: 0000000000000001 R14: 00007f3330536058 R15: 00007ffd3d2ffb18 [ 95.289522][ T6634] [ 95.292782][ T6634] Kernel Offset: disabled [ 95.297096][ T6634] Rebooting in 86400 seconds..