last executing test programs: 2.216642232s ago: executing program 1 (id=3156): perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0) read$hiddev(r2, &(0x7f0000000600)=""/98, 0x62) 1.441866534s ago: executing program 4 (id=3164): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = socket(0x40000000015, 0x5, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7dff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x0, 0x0) r2 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r2, 0x0, 0x400000002000000, 0x2) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r0, &(0x7f00000040c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000003e40), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r3}, 0x18) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x36) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x7ffffffff000, 0x3, &(0x7f0000fee000/0x2000)=nil) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x54, 0x10, 0x1, 0x70bdad, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe, 0xc}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) 1.349073822s ago: executing program 1 (id=3165): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x52, &(0x7f0000000300)={@link_local, @random="2059249b3790", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "108114", 0x1c, 0x11, 0x0, @empty, @mcast2, {[], {0x0, 0xe22, 0x1c, 0x0, @opaque="65ef83f7775bcf09dbfa95cc714fe4297b681bd9"}}}}}}, 0x0) 1.323257813s ago: executing program 1 (id=3166): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000c00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0x100}, 0x18) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x490, &(0x7f0000000580)="$eJzs3UFrXNUeAPD/nSR9aZu+pO910Vd4feW1khbtTNLYNrioFURXBbXuY0wmIWSSCZlJ24QiKX4AQUQFV67cCH4AQfoRRCjoXkQU0VYXLtSRmdxpa5xJAqa5OPP7wek9556Z+Z/TyZy5557L3AC61omIuBwRPRFxJiIG0/25NMX6Rqo/7t7dm1P1lEStdvX7JJJ0X/O1knR7MH1af0S89HzEq8mf41ZW1+YnS6XiclouVBeWCpXVtbNzC5Ozxdni4tjY6IXxi+Pnx0d2ra+Xnv367Tc+eO7SJ09c/3Li29Ov1Zs1kNY93I/dtNH1vsb/RVNvRCw/imAZ6En705d1QwAA2JEjEfGviPh/4/h/MHoaR3MAAABAJ6k9PRC/JBE1AAAAoGPlGtfAJrl8er3vQORy+fzGNbxH4kCuVK5UH58pryxOb1wrOxR9uZm5UnEkvVZ4KPqSenm0kX9QPrepPBYRhyPircH9jXJ+qlyazvrkBwAAAHSJg5vm/z8Nbsz/AQAAgA4zlHUDAAAAgEfO/B8AAAA6n/k/AAAAdLQXrlypp1rz/tfT11ZX5svXzk4XK/P5hZWp/FR5eSk/Wy7PNn6zb2G71yuVy0tPxuLKjUK1WKkWKqtrEwvllcXqROO+3hNF94kGAACAvXf4f7e/SCJi/an9jVS3L60zV4fOlsu6AUBmerJuAJCZ3qwbAGTGHB9Itqnvb1fx6e63BQAAeDSG/2P9H7qV9X/oXtb/oXtZ/4fuZY4PWP8HAIDON9BISS6frgUORC6Xz0ccatwWoC+ZmSsVRyLinxHx+WDfP+rl0awbDQAAAAAAAAAAAAAAAAAAAAAAAAB/M7VaEjUAAACgo0XkvknS+38ND54a2Hx+YF/y82BjGxHX37v6zo3JanV5tL7/h/v7q++m+89lcQYDAAAA2Kw5T2/O4wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgN927e3OqmfYy7nfPRMRQq/i90d/Y9kdfRBz4MYneh56XRETPLsRfvxURR1vFT+rNiqG0FZvj5yJif8bxD+5CfOhmt+vjz+VWn79cnGhsW3/+etP0V7Uf/3L3x7+eNuPfoR3GOHbno0Lb+LcijvW2Hn+a8ZM28U/uMP4rL6+ttaurvR8x3PL7J/lDrEJ1YalQWV07O7cwOVucLS6OjY1eGL84fn58pDAzVyqm/7aM8eZ/P/5tq/4faBN/aJv+n9ph/3+9c+Puv7eIf/pk6/f/6Bbx638Tj6XfA/X64WZ+fSP/sOMffnZ8q/5Pt+n/du//6R32/8yLr3+1w4cCAHugsro2P1kqFZdlZGRk7meyHpkAAIDd9uCgP+uWAAAAAAAAAAAAAAAAAAAAQPfai58Ty7qPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA78XsAAAD//7cw1BU=") mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0xc) 1.250712709s ago: executing program 1 (id=3167): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) write(r1, &(0x7f0000000240)="18", 0x1) tee(r0, r4, 0x8f5, 0x100000000000000) write$cgroup_type(r4, &(0x7f0000000180), 0x9) write(r2, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x4006, &(0x7f0000000380)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@quota}, {@resuid}, {@lazytime}]}, 0x1, 0x443, &(0x7f0000001040)="$eJzs28tvG8UfAPDvrpP019cvpiqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCgJC5YgqcUcckfgLOMEFASckrsAZVapQLi2cjNbebRzXdpNg1yH+fKRNZnbHmfl6duzZnWwAA2ss+5FE7IqIXyNitJ5dXWCs/uvm8uWZv5YvzyRRrb7xZ1Ird2P58kxRtHjdziIzFJF+ksSBFvUuXLx0drpSmbuQ5ycWz707sXDx0jNnzk2fnjs9d37qxIljRyefOz71bFfizOK6sf+D+YP7Xnnr6mszJ6++/ePXSRF/UxxdMtbp4OPVaper66/dDelkqI8NYV1K9WEaw7XxPxqlWOm80Xj54742DuiparVava/94aUqsIUl0e8WAP1RfNFn17/FdpemHpvC9RfqF0BZ3DfzrX5kKNK8zHDT9W03jUXEyaW/v8i2aL4Psb1HlQIAA+3bbP7zdKv5XxqN94X+n6+hlCPinojYExHHI2JvRNwbUSt7f0Q8sM76mxdJbp9/ptc2FNgaZfO/5/O1rdXzv2L2F+VSnttdi384OXWmMnckf08Ox/C2LD/ZoY7vXvrls3bHGud/2ZbVX8wF83ZcG9q2+jWz04vT/ybmRtc/itg/1Cr+5NZKQBIR+yJi/wbrOPPkVwfbHWsT/8ia/nAX1pmqX0Y8Ue//pWiKv5B0Xp+c+F9U5o5MFGfF7X76+crr7eq/c//3Vtb/O1qe/0X8v5eTxvXahfXXceW3T9teU270/B9J3ly17/3pxcULkxEjyau1fLlx/1RTuamV8ln8hw+1Hv97YuWdOBAR2Un8YEQ8FBEP521/JCIejYhDHeL/4cXH3tl4/L2VxT/bsf+jqf9XEiPRvKd1onT2+29WVVpeT/xZ/x+rpQ7ne9by+beWdm3sbAYAAID/njQidkWSjt9Kp+n4eP1/+PfGjrQyv7D41Kn5987P1p8RKMdwWtzpGm24HzqZX9YX+amm/NH8vvHnpe21/PjMfGW238HDgNvZZvxn/ij1u3VAz3leCwaX8Q+Dy/iHwWX8w+BqMf49egYDotX3/4d9aAdw9zWN/47LfiYGsLW4/ofBZfzD4DL+YSAtbI87PyS/NRJpRGyCZmyVRKSbohkSPUr0+5MJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgO/4JAAD//5025W8=") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x100, 0x7}, 0x2202, 0x10000, 0x0, 0x9, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x101880}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x1c, 0x2, 0x3, 0x801, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFQA_CFG_CMD={0x8, 0x1, {0x4, 0x0, 0x29}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c8c0}, 0x20000810) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r7 = fcntl$dupfd(r6, 0x0, r6) write$tun(r7, &(0x7f0000000400)=ANY=[], 0xa2) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) sendmsg$nl_route_sched(r8, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=@deltaction={0x60, 0x31, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@TCA_ACT_TAB={0x48, 0x1, [{0xc, 0x6, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x14, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}, @TCA_ACT_TAB={0x4}]}, 0x60}}, 0x200440c4) r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xb, &(0x7f00000004c0)=ANY=[@ANYRES64=r9, @ANYRESHEX=r9], &(0x7f0000000440)='GPL\x00', 0xd6c3, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r10}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000380)={0xffffffffffffffff}, 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r9, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0xfffe, 0x7000000, @empty, 0x4}, {0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffc}, r11, 0x400}}, 0xfdff) 1.156615197s ago: executing program 4 (id=3170): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000002001000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x52, &(0x7f0000000300)={@link_local, @random="2059249b3790", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "108114", 0x1c, 0x11, 0x0, @empty, @mcast2, {[], {0x0, 0xe22, 0x1c, 0x0, @opaque="65ef83f7775bcf09dbfa95cc714fe4297b681bd9"}}}}}}, 0x0) 1.140420218s ago: executing program 4 (id=3171): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x490, &(0x7f0000000580)="$eJzs3UFrXNUeAPD/nSR9aZu+pO910Vd4feW1khbtTNLYNrioFURXBbXuY0wmIWSSCZlJ24QiKX4AQUQFV67cCH4AQfoRRCjoXkQU0VYXLtSRmdxpa5xJAqa5OPP7wek9556Z+Z/TyZy5557L3AC61omIuBwRPRFxJiIG0/25NMX6Rqo/7t7dm1P1lEStdvX7JJJ0X/O1knR7MH1af0S89HzEq8mf41ZW1+YnS6XiclouVBeWCpXVtbNzC5Ozxdni4tjY6IXxi+Pnx0d2ra+Xnv367Tc+eO7SJ09c/3Li29Ov1Zs1kNY93I/dtNH1vsb/RVNvRCw/imAZ6En705d1QwAA2JEjEfGviPh/4/h/MHoaR3MAAABAJ6k9PRC/JBE1AAAAoGPlGtfAJrl8er3vQORy+fzGNbxH4kCuVK5UH58pryxOb1wrOxR9uZm5UnEkvVZ4KPqSenm0kX9QPrepPBYRhyPircH9jXJ+qlyazvrkBwAAAHSJg5vm/z8Nbsz/AQAAgA4zlHUDAAAAgEfO/B8AAAA6n/k/AAAAdLQXrlypp1rz/tfT11ZX5svXzk4XK/P5hZWp/FR5eSk/Wy7PNn6zb2G71yuVy0tPxuLKjUK1WKkWKqtrEwvllcXqROO+3hNF94kGAACAvXf4f7e/SCJi/an9jVS3L60zV4fOlsu6AUBmerJuAJCZ3qwbAGTGHB9Itqnvb1fx6e63BQAAeDSG/2P9H7qV9X/oXtb/oXtZ/4fuZY4PWP8HAIDON9BISS6frgUORC6Xz0ccatwWoC+ZmSsVRyLinxHx+WDfP+rl0awbDQAAAAAAAAAAAAAAAAAAAAAAAAB/M7VaEjUAAACgo0XkvknS+38ND54a2Hx+YF/y82BjGxHX37v6zo3JanV5tL7/h/v7q++m+89lcQYDAAAA2Kw5T2/O4wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgN927e3OqmfYy7nfPRMRQq/i90d/Y9kdfRBz4MYneh56XRETPLsRfvxURR1vFT+rNiqG0FZvj5yJif8bxD+5CfOhmt+vjz+VWn79cnGhsW3/+etP0V7Uf/3L3x7+eNuPfoR3GOHbno0Lb+LcijvW2Hn+a8ZM28U/uMP4rL6+ttaurvR8x3PL7J/lDrEJ1YalQWV07O7cwOVucLS6OjY1eGL84fn58pDAzVyqm/7aM8eZ/P/5tq/4faBN/aJv+n9ph/3+9c+Puv7eIf/pk6/f/6Bbx638Tj6XfA/X64WZ+fSP/sOMffnZ8q/5Pt+n/du//6R32/8yLr3+1w4cCAHugsro2P1kqFZdlZGRk7meyHpkAAIDd9uCgP+uWAAAAAAAAAAAAAAAAAAAAQPfai58Ty7qPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA78XsAAAD//7cw1BU=") mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0xc) 988.56661ms ago: executing program 4 (id=3173): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1f) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r1}, 0x18) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000040)={[{@errors_remount}, {@discard}]}, 0x1, 0x512, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tdcxGRFX87dNRcTXvhzxzeRg3ObO7vpirVbdysuVVn2z0tzZvb5WX1ytrlY35ufn3lh4c+H1hdks90TtLPUyP/nS529/+lu/u/Hna99uV+tzH4lC9LXjJHWbXuhsi572Nto6jWAj0PvMC6OuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//yLg4A8=") 888.949418ms ago: executing program 1 (id=3174): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000380), &(0x7f0000000280)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='kmem_cache_free\x00', r3}, 0x18) syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000008, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b2620df1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc561a62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x4, 0x279, &(0x7f0000000840)="$eJzs281OE28Ux/EfL3/gD0KrKArGeKIb3UygXkFDIDE20SA1viQmg0y16dCSToOpMcLOrddBXLozMd4AG6/AhTs2LlkYx3SmQgslalRG7fezmUMefs0zOWeaZ9HZvv1ipVQInIJbU2+PqV/a0I6UVq/6FOtpXnujekCtNnR5PPf+3M07d69lc7m5BbP57OKVjJmNnX/z+OnLC29rI7dejb0e1Fb6/vbHzIetia3J7c+Lj4qBFQMrV2rm2lKlUnOXfM+Wi0HJMbvhe27gWbEceNW29YJfWV2tm1teHh1erXpBYG65biWvbrWK1ap1cx+6xbI5jmOjw8K35DcXFtxs0rvA71WtZt1ZSVMHVvKbiWwIAAAkKj7/D3D+70qc/7tB4/x/r/n8tuP8DwAAAAAAAAAAAAAAAAAAAADA32AnDFNhGKa+Xv+Tojd8wubf/0saljQi6ZikUUljklKS0pKOSzohaVzSSUmnJE1IOi3pjKTJls9K+l5x0GH976P/XYHnv7vR/+7W8uLukLTyfC2/lo+v8Xq2oKJ8eZpWSp+iXjbF9fzV3Ny0RdI6u7LezK+v5fva8zNKNQamU34mzlt7fjCau918RqnGgHXKZzrmh3TpYkveUUrvHqgiX8vRTO7ln82YzV7P7ctPRf/3r3NsV8f+Oc5h63H+O+YjnO7Yn35N9Sd775CC+pOS6/telYLiJ4rGLP0B26D4ZUXS30w4CntNT3onAAAAAAAAAAAAAAAAAIAfcRQ/J0z6HgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2O9LAAAA///v3F3G") r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fallocate(r4, 0x1, 0xa20, 0x8000c64) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x42, 0x81) 887.945758ms ago: executing program 3 (id=3175): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x24, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x20050800) 834.300613ms ago: executing program 1 (id=3177): perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000e80), 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x4, 0xfffefffe}, &(0x7f0000000100), &(0x7f0000000140)) pipe2$watch_queue(&(0x7f0000000400), 0x80) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0) read$hiddev(r3, &(0x7f0000000600)=""/98, 0x62) 807.827345ms ago: executing program 4 (id=3178): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x52, &(0x7f0000000300)={@link_local, @random="2059249b3790", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "108114", 0x1c, 0x11, 0x0, @empty, @mcast2, {[], {0x0, 0xe22, 0x1c, 0x0, @opaque="65ef83f7775bcf09dbfa95cc714fe4297b681bd9"}}}}}}, 0x0) 806.259815ms ago: executing program 3 (id=3179): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x80, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x3c, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc8}}, 0x20050800) 783.136767ms ago: executing program 3 (id=3181): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f00000002c0)={[{@sysvgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@usrjquota}, {@acl}, {@grpjquota}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8001, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x1, 0x6}, 0x18004, 0x7fffffff, 0x2, 0x3, 0x2, 0x800, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0x1, 0xffffffffffffffff, 0x1) readv(0xffffffffffffffff, &(0x7f0000001340)=[{&(0x7f0000000580)=""/148, 0x94}], 0x1) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) r1 = socket$netlink(0x10, 0x3, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r3, 0x0, 0x80000}, 0x18) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r4, 0xc0105500, &(0x7f0000000000)={0x3, 0x10, 0x6, 0x3, 0x0, 0x100, 0x0}) preadv(r0, &(0x7f00000004c0), 0x0, 0x0, 0xf) r5 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000540)=@newtfilter={0x64, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {}, {0xfff3, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x34, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x18, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x2}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r6, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000740)={0x50, 0x0, 0x403, 0x70bd29, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'netpci0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008800}, 0x4000800) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b) 769.994248ms ago: executing program 4 (id=3182): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYRES8=r0], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r5, &(0x7f0000004200)='t', 0x1) sendfile(r5, r4, 0x0, 0x3ffff) sendfile(r5, r4, 0x0, 0x7ffff000) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000240)=[0x7fffffff, 0x1916, 0xc, 0xe1, 0x8, 0x6ef, 0x7, 0xfffffffc]) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8f0, &(0x7f0000002400)=0x0) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) io_submit(r7, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x2}]) 614.455541ms ago: executing program 3 (id=3186): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020900000700000000000000000000000500"], 0x38}}, 0x0) 583.387833ms ago: executing program 0 (id=3187): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}}, @NFT_MSG_NEWSET={0x80, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x3c, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xbc}}, 0x20050800) 536.740327ms ago: executing program 3 (id=3188): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f00000002c0)={[{@sysvgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@usrjquota}, {@acl}, {@grpjquota}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1, 0x0, 0x80000}, 0x18) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) 522.251268ms ago: executing program 2 (id=3189): bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_INFO(r1, 0x80e85411, 0x0) 493.916191ms ago: executing program 0 (id=3190): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x24, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x20050800) 484.585261ms ago: executing program 2 (id=3191): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xffffffff}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) creat(&(0x7f0000000280)='./file0\x00', 0x0) mount$9p_tcp(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000004e22']) 441.389885ms ago: executing program 0 (id=3192): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x80, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x3c, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc8}}, 0x20050800) 440.807305ms ago: executing program 2 (id=3193): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1f) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r1}, 0x18) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000040)={[{@errors_remount}, {@discard}]}, 0x1, 0x512, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tdcxGRFX87dNRcTXvhzxzeRg3ObO7vpirVbdysuVVn2z0tzZvb5WX1ytrlY35ufn3lh4c+H1hdks90TtLPUyP/nS529/+lu/u/Hna99uV+tzH4lC9LXjJHWbXuhsi572Nto6jWAj0PvMC6OuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//yLg4A8=") 410.988117ms ago: executing program 0 (id=3194): bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={0xffffffffffffffff, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000c00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000590000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r0}, &(0x7f00000002c0), &(0x7f0000000500)='%pK \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x2, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000a40)={'#! ', './file0', [], 0xa, "8ba4e02ca4f6c2c3b59e5b1faba5c5ee0decd3e1f3b0fc4098cb80b0bc9bca6038ad602c65061055e8f9d68f894e4b504ee9d200e47ce8d244896aef063996dce833d6da6338cf9624772c94c43fe39a941ea6"}, 0x5e) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x490, &(0x7f0000000580)="$eJzs3UFrXNUeAPD/nSR9aZu+pO910Vd4feW1khbtTNLYNrioFURXBbXuY0wmIWSSCZlJ24QiKX4AQUQFV67cCH4AQfoRRCjoXkQU0VYXLtSRmdxpa5xJAqa5OPP7wek9556Z+Z/TyZy5557L3AC61omIuBwRPRFxJiIG0/25NMX6Rqo/7t7dm1P1lEStdvX7JJJ0X/O1knR7MH1af0S89HzEq8mf41ZW1+YnS6XiclouVBeWCpXVtbNzC5Ozxdni4tjY6IXxi+Pnx0d2ra+Xnv367Tc+eO7SJ09c/3Li29Ov1Zs1kNY93I/dtNH1vsb/RVNvRCw/imAZ6En705d1QwAA2JEjEfGviPh/4/h/MHoaR3MAAABAJ6k9PRC/JBE1AAAAoGPlGtfAJrl8er3vQORy+fzGNbxH4kCuVK5UH58pryxOb1wrOxR9uZm5UnEkvVZ4KPqSenm0kX9QPrepPBYRhyPircH9jXJ+qlyazvrkBwAAAHSJg5vm/z8Nbsz/AQAAgA4zlHUDAAAAgEfO/B8AAAA6n/k/AAAAdLQXrlypp1rz/tfT11ZX5svXzk4XK/P5hZWp/FR5eSk/Wy7PNn6zb2G71yuVy0tPxuLKjUK1WKkWKqtrEwvllcXqROO+3hNF94kGAACAvXf4f7e/SCJi/an9jVS3L60zV4fOlsu6AUBmerJuAJCZ3qwbAGTGHB9Itqnvb1fx6e63BQAAeDSG/2P9H7qV9X/oXtb/oXtZ/4fuZY4PWP8HAIDON9BISS6frgUORC6Xz0ccatwWoC+ZmSsVRyLinxHx+WDfP+rl0awbDQAAAAAAAAAAAAAAAAAAAAAAAAB/M7VaEjUAAACgo0XkvknS+38ND54a2Hx+YF/y82BjGxHX37v6zo3JanV5tL7/h/v7q++m+89lcQYDAAAA2Kw5T2/O4wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgN927e3OqmfYy7nfPRMRQq/i90d/Y9kdfRBz4MYneh56XRETPLsRfvxURR1vFT+rNiqG0FZvj5yJif8bxD+5CfOhmt+vjz+VWn79cnGhsW3/+etP0V7Uf/3L3x7+eNuPfoR3GOHbno0Lb+LcijvW2Hn+a8ZM28U/uMP4rL6+ttaurvR8x3PL7J/lDrEJ1YalQWV07O7cwOVucLS6OjY1eGL84fn58pDAzVyqm/7aM8eZ/P/5tq/4faBN/aJv+n9ph/3+9c+Puv7eIf/pk6/f/6Bbx638Tj6XfA/X64WZ+fSP/sOMffnZ8q/5Pt+n/du//6R32/8yLr3+1w4cCAHugsro2P1kqFZdlZGRk7meyHpkAAIDd9uCgP+uWAAAAAAAAAAAAAAAAAAAAQPfai58Ty7qPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA78XsAAAD//7cw1BU=") 386.599029ms ago: executing program 3 (id=3195): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) close_range(r1, r0, 0x2) r2 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)={0x8282, 0x2, 0xc}, 0x18) statx(r2, &(0x7f00000000c0)='./file1\x00', 0x4000, 0x8, &(0x7f0000000100)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r3, 0x6612) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000600)=ANY=[@ANYRES16, @ANYRESHEX, @ANYBLOB, @ANYRESHEX], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r4}, 0x10) mremap(&(0x7f0000ff3000/0x3000)=nil, 0x3000, 0xd000, 0x0, &(0x7f0000ff3000/0xd000)=nil) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r5}, 0x4) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r6, 0x0, 0x4}, 0x18) stat(&(0x7f00000004c0)='./file1\x00', &(0x7f0000000640)) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000380)=0x2) lremovexattr(&(0x7f00000005c0)='./file1\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB='user.kTree\x00']) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00'}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=@gettaction={0x15c, 0x32, 0x10, 0x70bd26, 0x25dfdbff, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x3}, @action_gd=@TCA_ACT_TAB={0x60, 0x1, [{0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x10, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}]}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x14, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2d096cf6}}, {0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x9}, @action_gd=@TCA_ACT_TAB={0x68, 0x1, [{0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0x10, 0x3, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x9}]}, 0x15c}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x4, r9}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2000a804) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r9], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0) 292.515226ms ago: executing program 2 (id=3196): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x490, &(0x7f0000000580)="$eJzs3UFrXNUeAPD/nSR9aZu+pO910Vd4feW1khbtTNLYNrioFURXBbXuY0wmIWSSCZlJ24QiKX4AQUQFV67cCH4AQfoRRCjoXkQU0VYXLtSRmdxpa5xJAqa5OPP7wek9556Z+Z/TyZy5557L3AC61omIuBwRPRFxJiIG0/25NMX6Rqo/7t7dm1P1lEStdvX7JJJ0X/O1knR7MH1af0S89HzEq8mf41ZW1+YnS6XiclouVBeWCpXVtbNzC5Ozxdni4tjY6IXxi+Pnx0d2ra+Xnv367Tc+eO7SJ09c/3Li29Ov1Zs1kNY93I/dtNH1vsb/RVNvRCw/imAZ6En705d1QwAA2JEjEfGviPh/4/h/MHoaR3MAAABAJ6k9PRC/JBE1AAAAoGPlGtfAJrl8er3vQORy+fzGNbxH4kCuVK5UH58pryxOb1wrOxR9uZm5UnEkvVZ4KPqSenm0kX9QPrepPBYRhyPircH9jXJ+qlyazvrkBwAAAHSJg5vm/z8Nbsz/AQAAgA4zlHUDAAAAgEfO/B8AAAA6n/k/AAAAdLQXrlypp1rz/tfT11ZX5svXzk4XK/P5hZWp/FR5eSk/Wy7PNn6zb2G71yuVy0tPxuLKjUK1WKkWKqtrEwvllcXqROO+3hNF94kGAACAvXf4f7e/SCJi/an9jVS3L60zV4fOlsu6AUBmerJuAJCZ3qwbAGTGHB9Itqnvb1fx6e63BQAAeDSG/2P9H7qV9X/oXtb/oXtZ/4fuZY4PWP8HAIDON9BISS6frgUORC6Xz0ccatwWoC+ZmSsVRyLinxHx+WDfP+rl0awbDQAAAAAAAAAAAAAAAAAAAAAAAAB/M7VaEjUAAACgo0XkvknS+38ND54a2Hx+YF/y82BjGxHX37v6zo3JanV5tL7/h/v7q++m+89lcQYDAAAA2Kw5T2/O4wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgN927e3OqmfYy7nfPRMRQq/i90d/Y9kdfRBz4MYneh56XRETPLsRfvxURR1vFT+rNiqG0FZvj5yJif8bxD+5CfOhmt+vjz+VWn79cnGhsW3/+etP0V7Uf/3L3x7+eNuPfoR3GOHbno0Lb+LcijvW2Hn+a8ZM28U/uMP4rL6+ttaurvR8x3PL7J/lDrEJ1YalQWV07O7cwOVucLS6OjY1eGL84fn58pDAzVyqm/7aM8eZ/P/5tq/4faBN/aJv+n9ph/3+9c+Puv7eIf/pk6/f/6Bbx638Tj6XfA/X64WZ+fSP/sOMffnZ8q/5Pt+n/du//6R32/8yLr3+1w4cCAHugsro2P1kqFZdlZGRk7meyHpkAAIDd9uCgP+uWAAAAAAAAAAAAAAAAAAAAQPfai58Ty7qPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA78XsAAAD//7cw1BU=") mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0xc) 226.492772ms ago: executing program 0 (id=3197): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f00000002c0)={[{@sysvgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@usrjquota}, {@acl}, {@grpjquota}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8001, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x1, 0x6}, 0x18004, 0x7fffffff, 0x2, 0x3, 0x2, 0x800, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0x1, 0xffffffffffffffff, 0x1) readv(0xffffffffffffffff, &(0x7f0000001340)=[{&(0x7f0000000580)=""/148, 0x94}], 0x1) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) r1 = socket$netlink(0x10, 0x3, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r3, 0x0, 0x80000}, 0x18) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r4, 0xc0105500, &(0x7f0000000000)={0x3, 0x10, 0x6, 0x3, 0x0, 0x100, 0x0}) preadv(r0, &(0x7f00000004c0), 0x0, 0x0, 0xf) r5 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000540)=@newtfilter={0x64, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {}, {0xfff3, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x34, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x18, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x2}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r6, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000740)={0x50, 0x0, 0x403, 0x70bd29, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'netpci0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008800}, 0x4000800) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b) 146.705428ms ago: executing program 2 (id=3198): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, 0x0}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000c00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', 0xffffffffffffffff, 0x0, 0x100}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r1}, &(0x7f00000002c0), &(0x7f0000000500)='%pK \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x2, 0x0) sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=ANY=[@ANYBLOB="500000001000370400"/20, @ANYRES32, @ANYBLOB="83040500010000003000128008000100677265002400028008000700ac"], 0x50}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x12}, 0x50) set_mempolicy_home_node(&(0x7f00003dc000/0x4000)=nil, 0x4000, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000001000390400"/20, @ANYRES32, @ANYBLOB="01980000000000002400128008000100677265001800028008000700ac14140090368f411c060003003f0000"], 0x44}, 0x1, 0x0, 0x0, 0xc811}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000a40)={'#! ', './file0', [], 0xa, "8ba4e02ca4f6c2c3b59e5b1faba5c5ee0decd3e1f3b0fc4098cb80b0bc9bca6038ad602c65061055e8f9d68f894e4b504ee9d200e47ce8d244896aef063996dce833d6da6338cf9624772c94c43fe39a941ea6"}, 0x5e) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000), 0xfffffd26) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x401c5820, &(0x7f00000001c0)=0x8) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x490, &(0x7f0000000580)="$eJzs3UFrXNUeAPD/nSR9aZu+pO910Vd4feW1khbtTNLYNrioFURXBbXuY0wmIWSSCZlJ24QiKX4AQUQFV67cCH4AQfoRRCjoXkQU0VYXLtSRmdxpa5xJAqa5OPP7wek9556Z+Z/TyZy5557L3AC61omIuBwRPRFxJiIG0/25NMX6Rqo/7t7dm1P1lEStdvX7JJJ0X/O1knR7MH1af0S89HzEq8mf41ZW1+YnS6XiclouVBeWCpXVtbNzC5Ozxdni4tjY6IXxi+Pnx0d2ra+Xnv367Tc+eO7SJ09c/3Li29Ov1Zs1kNY93I/dtNH1vsb/RVNvRCw/imAZ6En705d1QwAA2JEjEfGviPh/4/h/MHoaR3MAAABAJ6k9PRC/JBE1AAAAoGPlGtfAJrl8er3vQORy+fzGNbxH4kCuVK5UH58pryxOb1wrOxR9uZm5UnEkvVZ4KPqSenm0kX9QPrepPBYRhyPircH9jXJ+qlyazvrkBwAAAHSJg5vm/z8Nbsz/AQAAgA4zlHUDAAAAgEfO/B8AAAA6n/k/AAAAdLQXrlypp1rz/tfT11ZX5svXzk4XK/P5hZWp/FR5eSk/Wy7PNn6zb2G71yuVy0tPxuLKjUK1WKkWKqtrEwvllcXqROO+3hNF94kGAACAvXf4f7e/SCJi/an9jVS3L60zV4fOlsu6AUBmerJuAJCZ3qwbAGTGHB9Itqnvb1fx6e63BQAAeDSG/2P9H7qV9X/oXtb/oXtZ/4fuZY4PWP8HAIDON9BISS6frgUORC6Xz0ccatwWoC+ZmSsVRyLinxHx+WDfP+rl0awbDQAAAAAAAAAAAAAAAAAAAAAAAAB/M7VaEjUAAACgo0XkvknS+38ND54a2Hx+YF/y82BjGxHX37v6zo3JanV5tL7/h/v7q++m+89lcQYDAAAA2Kw5T2/O4wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgN927e3OqmfYy7nfPRMRQq/i90d/Y9kdfRBz4MYneh56XRETPLsRfvxURR1vFT+rNiqG0FZvj5yJif8bxD+5CfOhmt+vjz+VWn79cnGhsW3/+etP0V7Uf/3L3x7+eNuPfoR3GOHbno0Lb+LcijvW2Hn+a8ZM28U/uMP4rL6+ttaurvR8x3PL7J/lDrEJ1YalQWV07O7cwOVucLS6OjY1eGL84fn58pDAzVyqm/7aM8eZ/P/5tq/4faBN/aJv+n9ph/3+9c+Puv7eIf/pk6/f/6Bbx638Tj6XfA/X64WZ+fSP/sOMffnZ8q/5Pt+n/du//6R32/8yLr3+1w4cCAHugsro2P1kqFZdlZGRk7meyHpkAAIDd9uCgP+uWAAAAAAAAAAAAAAAAAAAAQPfai58Ty7qPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA78XsAAAD//7cw1BU=") 58.012055ms ago: executing program 2 (id=3199): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102000028"], 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d6"], &(0x7f0000000100)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x2982, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) syz_io_uring_setup(0x404eb3, &(0x7f0000000200)={0x0, 0x2900, 0x8000, 0x3, 0xda}, &(0x7f0000000140)=0x0, &(0x7f00000006c0)) r4 = syz_io_uring_complete(r3) io_uring_setup(0x2184, &(0x7f0000000700)={0x0, 0xdbb2, 0x4000, 0x1, 0x11cb, 0x0, r4}) fsetxattr$security_capability(r1, &(0x7f0000000080), &(0x7f0000000180)=@v3={0x3000000, [{0xd5a, 0x10ba8}, {0x6}]}, 0x18, 0x1) ioctl$VT_RESIZE(r2, 0x5609, &(0x7f0000000100)={0x6, 0x2, 0x800}) ioctl$TCXONC(r1, 0x540a, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x187680, 0x0) fsync(r5) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES64, @ANYBLOB="00002c00128009000100626f6e64000000001c00028008000b00042000060000000000080007294a9ae4d5134997467b9476f26786a028d799d2a418e141f63757b8d46dc141a0c36b7031023276d087d7b88d72b488d7689316e41ad7f046799ac053fe0f67347cec551925f55cc623862cf773ee99b6c318aa38f199f2cc9d059a06f4bd4ef67de605a380f482dfe914347b3dce2a000000000000"], 0x4c}}, 0x0) r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==") syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r8 = openat$cgroup_ro(r4, &(0x7f00000003c0)='memory.numa_stat\x00', 0x275a, 0x0) signalfd4(r1, &(0x7f00000002c0)={[0x1ff]}, 0x8, 0x800) ftruncate(r8, 0x2000009) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) pwritev2(r9, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x20010, r4, 0x1cee6000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'bond_slave_0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002340)=@newqdisc={0x234, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r10, {0xe, 0x6}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x204, 0x2, {{0x8, [0x6, 0xd, 0x1, 0x0, 0x0, 0xb, 0x3, 0xf, 0x6, 0x10, 0x7, 0xe, 0xa, 0x7, 0xf], 0x1, [0x8, 0x2, 0x7, 0x7fff, 0x6, 0x7, 0x3, 0x7, 0x400, 0xff1b, 0x21, 0x9, 0x80, 0x4, 0x4], [0x8001, 0x81, 0x9, 0x5, 0x5, 0x6, 0x8, 0xb4, 0x1, 0x7, 0x7fff, 0xffff, 0x3ff, 0xfff, 0x3, 0x5]}, [@TCA_MQPRIO_MIN_RATE64={0x70, 0x3, 0x0, 0x1, [{0xc}, {0xc, 0x3, 0xf2}, {0xc, 0x3, 0x2}, {0xc, 0x3, 0x3}, {0xc, 0x3, 0x2}, {0xc, 0x3, 0x30}, {0xc, 0x3, 0x6}, {0xc}, {0xc, 0x3, 0xf797}]}, @TCA_MQPRIO_MODE={0x6}, @TCA_MQPRIO_MAX_RATE64={0x88, 0x4, 0x0, 0x1, [{0xc, 0x4, 0xfff}, {0xc, 0x4, 0x6}, {0xc, 0x4, 0xc00000000000000}, {0xc, 0x4, 0xf}, {0xc, 0x4, 0x81}, {0xfffffe66, 0x4, 0x2}, {0xc}, {0xc, 0x4, 0x3}, {0xc, 0x4, 0x3831}, {0xc, 0x4, 0x5}, {0xc, 0x4, 0xc98}]}, @TCA_MQPRIO_MODE={0x6, 0x1, 0x1}, @TCA_MQPRIO_SHAPER={0x6, 0x2, 0x1}, @TCA_MQPRIO_MODE={0x6}, @TCA_MQPRIO_MAX_RATE64={0x94, 0x4, 0x0, 0x1, [{0xc, 0x4, 0x8}, {0xc, 0x4, 0x6}, {0xc}, {0xc, 0x4, 0xfffffffffffff800}, {0xc, 0x4, 0x7}, {0xc, 0x4, 0xffffffffffffffff}, {0xc, 0x4, 0x4000000000000000}, {0xc, 0x4, 0x8}, {0xc, 0x4, 0xffffffffffffb04e}, {0xc, 0x4, 0x100}, {0xc, 0x4, 0x1}, {0xc, 0x4, 0x1}]}]}}}]}, 0x234}, 0x1, 0x0, 0x0, 0x4048801}, 0x0) 0s ago: executing program 0 (id=3200): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = socket(0x40000000015, 0x5, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7dff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) r2 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r2, 0x0, 0x400000002000000, 0x2) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r0, &(0x7f00000040c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000003e40), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r3}, 0x18) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x36) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x7ffffffff000, 0x3, &(0x7f0000fee000/0x2000)=nil) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x54, 0x10, 0x1, 0x70bdad, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe, 0xc}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r4}, 0x10) kernel console output (not intermixed with test programs): ta write (off=8, len=24) cancelled because transaction is not started [ 125.050745][T12285] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2596'. [ 125.062221][T12285] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2596'. [ 125.067506][T12287] loop3: detected capacity change from 0 to 512 [ 125.077658][T12285] loop2: detected capacity change from 0 to 512 [ 125.091279][T12287] ext4 filesystem being mounted at /493/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.101375][T12285] ext4 filesystem being mounted at /572/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.110915][T12287] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2597: bg 0: block 64: padding at end of block bitmap is not set [ 125.161011][T12297] loop3: detected capacity change from 0 to 128 [ 125.171592][T12297] ext4 filesystem being mounted at /495/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 125.278868][T12307] loop0: detected capacity change from 0 to 128 [ 125.367583][T12313] loop4: detected capacity change from 0 to 8192 [ 125.384192][T12313] vfat: Unknown parameter '‡±¿í§¾XfÙ…C ê' [ 125.446786][T12318] tipc: Enabled bearer , priority 0 [ 125.459995][T12320] vhci_hcd: invalid port number 96 [ 125.465134][T12320] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 125.467022][T12318] syzkaller0: entered promiscuous mode [ 125.477852][T12318] syzkaller0: entered allmulticast mode [ 125.505117][T12324] loop4: detected capacity change from 0 to 512 [ 125.515442][T12318] tipc: Resetting bearer [ 125.521857][T12317] tipc: Resetting bearer [ 125.543345][T12317] tipc: Disabling bearer [ 125.555108][T12326] loop1: detected capacity change from 0 to 512 [ 125.562855][T12326] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 125.573767][T12324] ext4 filesystem being mounted at /562/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.587723][T12326] EXT4-fs (loop1): 1 truncate cleaned up [ 125.594628][T12324] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2611: bg 0: block 64: padding at end of block bitmap is not set [ 125.722671][T12335] 9pnet_virtio: no channels available for device 127.0.0.1 [ 125.730903][T12337] loop4: detected capacity change from 0 to 128 [ 125.776053][T12337] ext4 filesystem being mounted at /564/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 125.840863][T12338] netlink: 'syz.0.2614': attribute type 27 has an invalid length. [ 125.864550][T12344] loop4: detected capacity change from 0 to 512 [ 125.895886][T12333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 125.904015][T12344] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 125.920753][T12344] EXT4-fs (loop4): orphan cleanup on readonly fs [ 125.932104][T12333] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 125.968152][T12344] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.2618: corrupted inode contents [ 126.019355][T12344] EXT4-fs (loop4): Remounting filesystem read-only [ 126.047180][T12344] EXT4-fs (loop4): 1 truncate cleaned up [ 126.053455][ T3697] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 126.063990][ T3697] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 126.080161][ T3697] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 126.190032][T12354] vhci_hcd: invalid port number 96 [ 126.195211][T12354] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 126.228275][T12357] loop0: detected capacity change from 0 to 512 [ 126.242016][T12363] loop4: detected capacity change from 0 to 512 [ 126.242506][T12357] EXT4-fs mount: 420 callbacks suppressed [ 126.242519][T12357] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.248870][T12363] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 126.254258][T12357] ext4 filesystem being mounted at /503/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.269132][T12363] EXT4-fs (loop4): 1 truncate cleaned up [ 126.293192][T12363] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.306025][T12363] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.325612][T12368] loop3: detected capacity change from 0 to 512 [ 126.351406][T12372] loop4: detected capacity change from 0 to 512 [ 126.352264][T12368] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.370382][T12368] ext4 filesystem being mounted at /497/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.395214][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.400058][T12372] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.417908][T12372] ext4 filesystem being mounted at /571/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.437526][T12372] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2628: bg 0: block 64: padding at end of block bitmap is not set [ 126.444729][ T29] kauditd_printk_skb: 303 callbacks suppressed [ 126.444787][ T29] audit: type=1326 audit(1755579850.627:10002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12379 comm="syz.3.2629" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc7feb2ebe9 code=0x0 [ 126.481752][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.552020][T12383] loop3: detected capacity change from 0 to 512 [ 126.572354][T12383] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.588033][T12383] ext4 filesystem being mounted at /498/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.601203][ T29] audit: type=1326 audit(1755579850.787:10003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d7fdcebe9 code=0x7ffc0000 [ 126.634998][ T29] audit: type=1326 audit(1755579850.787:10004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d7fdcebe9 code=0x7ffc0000 [ 126.658751][ T29] audit: type=1326 audit(1755579850.787:10005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d7fdcebe9 code=0x7ffc0000 [ 126.682360][ T29] audit: type=1326 audit(1755579850.787:10006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0d7fdcd550 code=0x7ffc0000 [ 126.705954][ T29] audit: type=1326 audit(1755579850.787:10007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d7fdcebe9 code=0x7ffc0000 [ 126.729527][ T29] audit: type=1326 audit(1755579850.787:10008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d7fdcebe9 code=0x7ffc0000 [ 126.753123][ T29] audit: type=1326 audit(1755579850.787:10009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0d7fdcd550 code=0x7ffc0000 [ 126.776743][ T29] audit: type=1326 audit(1755579850.787:10010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f0d7fdd0417 code=0x7ffc0000 [ 126.800377][ T29] audit: type=1326 audit(1755579850.787:10011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0d7fdcebe9 code=0x7ffc0000 [ 126.849257][T12390] 9pnet_fd: p9_fd_create_tcp (12390): problem connecting socket to 127.0.0.1 [ 126.929587][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.990727][T12394] vhci_hcd: invalid port number 96 [ 126.995855][T12394] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 127.055736][T12400] loop0: detected capacity change from 0 to 512 [ 127.082705][T12400] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.097410][T12400] ext4 filesystem being mounted at /505/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.155698][T12402] netlink: 'syz.1.2636': attribute type 27 has an invalid length. [ 127.197250][T12400] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2637: bg 0: block 64: padding at end of block bitmap is not set [ 127.225950][T12402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.237412][T12402] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 127.279397][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.291895][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.345335][T12409] loop3: detected capacity change from 0 to 512 [ 127.352116][T12409] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 127.365809][T12409] EXT4-fs (loop3): 1 truncate cleaned up [ 127.372001][T12409] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 127.372825][T12411] loop0: detected capacity change from 0 to 512 [ 127.392178][T12411] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 127.402693][T12409] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.414988][T12411] EXT4-fs (loop0): 1 truncate cleaned up [ 127.421186][T12411] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.438356][T12411] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 127.438356][T12411] program syz.0.2639 not setting count and/or reply_len properly [ 127.468154][T12423] 9pnet_fd: p9_fd_create_tcp (12423): problem connecting socket to 127.0.0.1 [ 127.483407][T12425] loop4: detected capacity change from 0 to 512 [ 127.491461][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.508032][T12427] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12427 comm=syz.0.2646 [ 127.524431][T12425] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 127.532508][T12413] loop2: detected capacity change from 0 to 512 [ 127.532646][T12425] EXT4-fs (loop4): orphan cleanup on readonly fs [ 127.539540][T12413] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 127.557274][T12425] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.2645: corrupted inode contents [ 127.571709][T12413] EXT4-fs (loop2): 1 truncate cleaned up [ 127.577594][T12428] loop3: detected capacity change from 0 to 512 [ 127.577781][T12413] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.596433][T12425] EXT4-fs (loop4): Remounting filesystem read-only [ 127.607982][T12425] EXT4-fs (loop4): 1 truncate cleaned up [ 127.613754][ T123] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 127.624431][ T123] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 127.638910][T12437] loop0: detected capacity change from 0 to 128 [ 127.645609][ T123] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 127.656253][T12425] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 127.658667][T12413] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 127.658667][T12413] program syz.2.2641 not setting count and/or reply_len properly [ 127.688226][T12437] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 127.703183][T12428] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.709179][T12437] ext4 filesystem being mounted at /508/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 127.726221][T12428] ext4 filesystem being mounted at /500/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.737162][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.783089][ T3310] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 127.792587][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.809919][T12448] vhci_hcd: invalid port number 96 [ 127.815077][T12448] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 127.815199][T12450] loop0: detected capacity change from 0 to 512 [ 127.854969][T12450] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.869718][T12450] ext4 filesystem being mounted at /509/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.885507][T12444] netlink: 'syz.1.2651': attribute type 27 has an invalid length. [ 127.904412][T12450] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2653: bg 0: block 64: padding at end of block bitmap is not set [ 127.929136][T12459] loop2: detected capacity change from 0 to 8192 [ 127.935917][T12459] vfat: Unknown parameter '‡±¿í§¾XfÙ…C ê' [ 127.942847][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.975374][T12453] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.986197][T12453] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 128.025651][T12463] __nla_validate_parse: 4 callbacks suppressed [ 128.025733][T12463] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2658'. [ 128.044377][T12463] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2658'. [ 128.057605][T12463] loop0: detected capacity change from 0 to 512 [ 128.074107][T12471] loop4: detected capacity change from 0 to 512 [ 128.076188][T12463] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.094565][T12463] ext4 filesystem being mounted at /510/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.106908][T12471] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.120879][T12471] ext4 filesystem being mounted at /578/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.141649][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.151496][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.168452][T12480] loop4: detected capacity change from 0 to 128 [ 128.177096][T12480] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 128.200368][T12480] ext4 filesystem being mounted at /579/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 128.230715][T12490] loop0: detected capacity change from 0 to 512 [ 128.240950][T12490] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.254078][T12490] ext4 filesystem being mounted at /513/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.265720][ T3303] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 128.270329][T12490] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2668: bg 0: block 64: padding at end of block bitmap is not set [ 128.312452][T12493] netlink: 'syz.1.2666': attribute type 27 has an invalid length. [ 128.314111][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.333016][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.375161][T12497] loop4: detected capacity change from 0 to 512 [ 128.388683][T12497] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 128.402528][T12507] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2674'. [ 128.403189][T12487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.413601][T12497] EXT4-fs (loop4): 1 truncate cleaned up [ 128.424755][T12497] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.437459][T12487] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 128.441583][T12497] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.460206][T12510] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2674'. [ 128.476280][T12510] loop3: detected capacity change from 0 to 512 [ 128.494005][T12510] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.526931][T12510] ext4 filesystem being mounted at /503/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.550860][T12520] loop4: detected capacity change from 0 to 128 [ 128.571203][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.603523][T12528] loop1: detected capacity change from 0 to 512 [ 128.611508][T12524] loop0: detected capacity change from 0 to 128 [ 128.623081][T12524] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 128.623611][T12528] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.647587][T12528] ext4 filesystem being mounted at /492/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.648434][T12524] ext4 filesystem being mounted at /517/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 128.670244][T12528] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2683: bg 0: block 64: padding at end of block bitmap is not set [ 128.694885][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.704935][ T3310] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 128.768603][T12539] loop3: detected capacity change from 0 to 512 [ 128.781663][T12539] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.794301][T12550] loop4: detected capacity change from 0 to 512 [ 128.794419][T12539] ext4 filesystem being mounted at /504/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.804651][T12550] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 128.824628][T12550] EXT4-fs (loop4): 1 truncate cleaned up [ 128.828615][T12547] netlink: 'syz.0.2687': attribute type 27 has an invalid length. [ 128.830933][T12550] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.866479][T12534] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 128.866479][T12534] program syz.4.2685 not setting count and/or reply_len properly [ 128.884676][T12543] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.891854][T12555] loop1: detected capacity change from 0 to 512 [ 128.898276][T12543] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 128.910555][T12555] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 128.925905][T12555] EXT4-fs (loop1): 1 truncate cleaned up [ 128.937767][T12555] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.958399][T12541] netlink: 260 bytes leftover after parsing attributes in process `syz.1.2686'. [ 128.967560][T12541] netlink: 260 bytes leftover after parsing attributes in process `syz.1.2686'. [ 128.978928][T12541] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 128.978928][T12541] program syz.1.2686 not setting count and/or reply_len properly [ 129.009307][T12562] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2691'. [ 129.020272][T12562] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2691'. [ 129.032914][T12562] loop0: detected capacity change from 0 to 512 [ 129.041224][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.052589][T12562] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.058048][T12558] netlink: 'syz.2.2689': attribute type 27 has an invalid length. [ 129.075978][T12562] ext4 filesystem being mounted at /520/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.107387][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.142678][T12558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.151553][T12558] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 129.214378][T12576] netlink: 44 bytes leftover after parsing attributes in process `+}[@'. [ 129.247784][T12576] loop2: detected capacity change from 0 to 8192 [ 129.294536][T12571] loop0: detected capacity change from 0 to 512 [ 129.301561][T12571] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 129.313508][T12571] EXT4-fs (loop0): 1 truncate cleaned up [ 129.321487][T12571] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.342463][T12571] netlink: 260 bytes leftover after parsing attributes in process `syz.0.2694'. [ 129.353173][T12571] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 129.353173][T12571] program syz.0.2694 not setting count and/or reply_len properly [ 129.390744][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.409367][T12583] loop2: detected capacity change from 0 to 512 [ 129.421265][T12583] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.434129][T12583] ext4 filesystem being mounted at /588/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.446002][T12583] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2697: bg 0: block 64: padding at end of block bitmap is not set [ 129.468289][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.489985][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.509020][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.568622][T12594] netlink: 'syz.2.2700': attribute type 27 has an invalid length. [ 129.613582][T12590] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.622925][T12590] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 129.678465][T12601] tipc: Enabled bearer , priority 0 [ 129.685820][T12601] syzkaller0: entered promiscuous mode [ 129.691340][T12601] syzkaller0: entered allmulticast mode [ 129.700753][T12601] tipc: Resetting bearer [ 129.706622][T12595] loop3: detected capacity change from 0 to 512 [ 129.713271][T12600] tipc: Resetting bearer [ 129.720286][T12595] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 129.731046][T12600] tipc: Disabling bearer [ 129.740419][T12595] EXT4-fs (loop3): 1 truncate cleaned up [ 129.748548][T12595] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.785188][T12595] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 129.785188][T12595] program syz.3.2702 not setting count and/or reply_len properly [ 129.844129][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.857504][T12605] loop2: detected capacity change from 0 to 1024 [ 129.873229][T12605] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 129.890619][T12605] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #3: block 1: comm syz.2.2704: lblock 1 mapped to illegal pblock 1 (length 1) [ 129.905953][T12605] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.2704: Failed to acquire dquot type 0 [ 129.917777][T12605] EXT4-fs error (device loop2): ext4_free_blocks:6696: comm syz.2.2704: Freeing blocks not in datazone - block = 0, count = 4096 [ 129.931851][T12605] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.2704: Invalid inode bitmap blk 0 in block_group 0 [ 129.950258][ T3699] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:15: lblock 1 mapped to illegal pblock 1 (length 1) [ 129.966980][ T3699] EXT4-fs error (device loop2): ext4_release_dquot:6973: comm kworker/u8:15: Failed to release dquot type 0 [ 129.967908][T12605] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem [ 129.997310][T12605] EXT4-fs (loop2): 1 orphan inode deleted [ 130.041011][T12605] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.057320][T12615] loop3: detected capacity change from 0 to 8192 [ 130.136494][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.161258][T12620] vhci_hcd: invalid port number 96 [ 130.166414][T12620] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 130.188111][T12623] loop2: detected capacity change from 0 to 512 [ 130.222723][T12623] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.236765][T12623] ext4 filesystem being mounted at /592/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.249098][T12623] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2711: bg 0: block 64: padding at end of block bitmap is not set [ 130.275321][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.306867][T12632] 9pnet_fd: p9_fd_create_tcp (12632): problem connecting socket to 127.0.0.1 [ 130.317956][T12630] tipc: Enabled bearer , priority 0 [ 130.340712][T12630] syzkaller0: entered promiscuous mode [ 130.346207][T12630] syzkaller0: entered allmulticast mode [ 130.353534][T12630] tipc: Resetting bearer [ 130.370039][T12628] loop1: detected capacity change from 0 to 512 [ 130.376452][T12629] tipc: Resetting bearer [ 130.383641][T12629] tipc: Disabling bearer [ 130.392043][T12628] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.404881][T12628] ext4 filesystem being mounted at /499/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.436682][T12640] loop0: detected capacity change from 0 to 512 [ 130.451018][T12643] loop3: detected capacity change from 0 to 512 [ 130.461362][T12640] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 130.470078][T12640] EXT4-fs (loop0): orphan cleanup on readonly fs [ 130.477590][T12640] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.2717: corrupted inode contents [ 130.489899][T12640] EXT4-fs (loop0): Remounting filesystem read-only [ 130.497509][T12643] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.510260][T12635] loop2: detected capacity change from 0 to 512 [ 130.510934][T12643] ext4 filesystem being mounted at /509/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.517086][T12635] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 130.527309][T12640] EXT4-fs (loop0): 1 truncate cleaned up [ 130.543633][ T123] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 130.543767][T12643] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2716: bg 0: block 64: padding at end of block bitmap is not set [ 130.554296][ T123] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 130.570659][T12635] EXT4-fs (loop2): 1 truncate cleaned up [ 130.585917][T12635] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.593426][ T123] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 130.609766][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.620559][T12635] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 130.620559][T12635] program syz.2.2715 not setting count and/or reply_len properly [ 130.709891][T12669] loop2: detected capacity change from 0 to 512 [ 130.720436][T12664] vhci_hcd: invalid port number 96 [ 130.725583][T12664] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 130.742097][T12669] ext4 filesystem being mounted at /596/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.754609][T12669] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2724: bg 0: block 64: padding at end of block bitmap is not set [ 130.845117][T12690] loop2: detected capacity change from 0 to 8192 [ 130.981881][T12721] loop2: detected capacity change from 0 to 128 [ 130.990803][T12721] ext4 filesystem being mounted at /599/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 131.238229][T12738] chnl_net:caif_netlink_parms(): no params data found [ 131.277327][T12738] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.284522][T12738] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.291861][T12738] bridge_slave_0: entered allmulticast mode [ 131.298339][T12738] bridge_slave_0: entered promiscuous mode [ 131.305291][T12738] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.312375][T12738] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.328271][T12738] bridge_slave_1: entered allmulticast mode [ 131.343594][T12738] bridge_slave_1: entered promiscuous mode [ 131.358703][T12792] loop1: detected capacity change from 0 to 512 [ 131.377987][T12738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.388077][T12786] vhci_hcd: invalid port number 96 [ 131.393265][T12786] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 131.401956][T12738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.411691][T12792] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 131.419954][T12792] EXT4-fs (loop1): orphan cleanup on readonly fs [ 131.441668][T12792] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.2731: corrupted inode contents [ 131.463173][T12792] EXT4-fs (loop1): Remounting filesystem read-only [ 131.471277][T12738] team0: Port device team_slave_0 added [ 131.478319][T12738] team0: Port device team_slave_1 added [ 131.485419][T12792] EXT4-fs (loop1): 1 truncate cleaned up [ 131.491303][ T51] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 131.501840][ T51] __quota_error: 275 callbacks suppressed [ 131.501852][ T51] Quota error (device loop1): write_blk: dquota write failed [ 131.514957][ T51] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries [ 131.524948][ T51] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 131.535472][ T51] Quota error (device loop1): write_blk: dquota write failed [ 131.542888][ T51] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list [ 131.553977][T12812] loop4: detected capacity change from 0 to 512 [ 131.555434][ T51] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started [ 131.570470][ T51] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 131.587767][T12820] loop0: detected capacity change from 0 to 512 [ 131.605876][T12738] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 131.610490][T12812] ext4 filesystem being mounted at /588/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 131.612900][T12738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.612925][T12738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 131.616746][ T51] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 131.674349][T12738] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 131.681424][T12738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.707346][T12738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 131.735088][T12820] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 131.745645][T12834] loop3: detected capacity change from 0 to 512 [ 131.752732][T12820] EXT4-fs (loop0): orphan cleanup on readonly fs [ 131.772678][T12820] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.2733: corrupted inode contents [ 131.773345][T12738] hsr_slave_0: entered promiscuous mode [ 131.793414][T12738] hsr_slave_1: entered promiscuous mode [ 131.796939][T12834] ext4 filesystem being mounted at /515/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 131.799243][T12738] debugfs: 'hsr0' already exists in 'hsr' [ 131.815158][T12738] Cannot create hsr debugfs directory [ 131.828782][T12820] EXT4-fs (loop0): Remounting filesystem read-only [ 131.829765][T12839] tipc: Enabled bearer , priority 0 [ 131.845041][T12834] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2736: bg 0: block 64: padding at end of block bitmap is not set [ 131.862193][T12820] EXT4-fs (loop0): 1 truncate cleaned up [ 131.868722][T12839] syzkaller0: entered promiscuous mode [ 131.874295][T12839] syzkaller0: entered allmulticast mode [ 131.881319][ T123] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 131.891875][ T123] Quota error (device loop0): write_blk: dquota write failed [ 131.899236][ T123] Quota error (device loop0): remove_free_dqentry: Can't write block (5) with free entries [ 131.909286][ T123] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 131.912296][T12839] tipc: Resetting bearer [ 131.919819][ T123] Quota error (device loop0): write_blk: dquota write failed [ 131.932950][ T123] Quota error (device loop0): free_dqentry: Can't move quota data block (5) to free list [ 131.942909][ T123] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 131.970112][T12837] tipc: Resetting bearer [ 131.988188][T12837] tipc: Disabling bearer [ 132.055987][T12853] loop4: detected capacity change from 0 to 512 [ 132.072403][T12853] ext4 filesystem being mounted at /590/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.080460][T12852] vhci_hcd: invalid port number 96 [ 132.087926][T12852] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 132.143799][T12859] loop0: detected capacity change from 0 to 4096 [ 132.150525][T12859] EXT4-fs: Ignoring removed nomblk_io_submit option [ 132.157146][T12859] EXT4-fs: Ignoring removed nobh option [ 132.163056][T12859] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 132.355807][T12863] loop4: detected capacity change from 0 to 512 [ 132.368669][T12866] loop0: detected capacity change from 0 to 512 [ 132.377500][T12863] ext4 filesystem being mounted at /591/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.390085][T12866] ext4 filesystem being mounted at /532/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.418257][T12866] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2754: bg 0: block 64: padding at end of block bitmap is not set [ 132.493760][T12898] loop0: detected capacity change from 0 to 512 [ 132.500816][T12898] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 132.512879][T12898] EXT4-fs (loop0): 1 truncate cleaned up [ 132.544217][T12911] loop0: detected capacity change from 0 to 512 [ 132.568918][T12911] ext4 filesystem being mounted at /535/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.582727][T12911] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2751: bg 0: block 64: padding at end of block bitmap is not set [ 132.599707][T12916] loop4: detected capacity change from 0 to 4096 [ 132.606893][T12916] EXT4-fs: Ignoring removed nomblk_io_submit option [ 132.613637][T12916] EXT4-fs: Ignoring removed nobh option [ 132.620992][T12916] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 132.655505][T12927] tipc: Enabled bearer , priority 0 [ 132.664313][T12927] syzkaller0: entered promiscuous mode [ 132.669851][T12927] syzkaller0: entered allmulticast mode [ 132.678713][T12927] tipc: Resetting bearer [ 132.686853][T12925] tipc: Resetting bearer [ 132.696517][T12925] tipc: Disabling bearer [ 132.722222][ T3701] bridge_slave_1: left allmulticast mode [ 132.727895][ T3701] bridge_slave_1: left promiscuous mode [ 132.733627][ T3701] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.742457][ T3701] bridge_slave_0: left allmulticast mode [ 132.748108][ T3701] bridge_slave_0: left promiscuous mode [ 132.753893][ T3701] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.798453][T12948] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12948 comm=syz.4.2759 [ 132.837017][T12957] loop0: detected capacity change from 0 to 512 [ 132.861152][T12957] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 132.888557][ T3701] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 132.890559][T12957] EXT4-fs (loop0): 1 truncate cleaned up [ 132.908553][ T3701] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 132.922647][ T3701] bond0 (unregistering): Released all slaves [ 132.953057][T12971] syzkaller0: entered promiscuous mode [ 132.958556][T12971] syzkaller0: entered allmulticast mode [ 132.987352][T12738] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 133.010773][ T3701] tipc: Disabling bearer [ 133.015773][ T3701] tipc: Left network mode [ 133.021232][T12738] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 133.035969][T12738] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 133.039542][T12967] netlink: 'syz.4.2765': attribute type 27 has an invalid length. [ 133.055416][T12738] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 133.084833][T12991] loop0: detected capacity change from 0 to 512 [ 133.092051][T12967] bridge0: port 3(syz_tun) entered disabled state [ 133.115530][ T3701] hsr_slave_0: left promiscuous mode [ 133.126477][ T3701] hsr_slave_1: left promiscuous mode [ 133.133512][ T3701] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 133.164918][T12991] ext4 filesystem being mounted at /539/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.250886][T13013] loop1: detected capacity change from 0 to 512 [ 133.293322][T13013] ext4 filesystem being mounted at /504/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.307769][T13013] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2771: bg 0: block 64: padding at end of block bitmap is not set [ 133.354373][T12981] bridge0: port 3(syz_tun) entered blocking state [ 133.360923][T12981] bridge0: port 3(syz_tun) entered forwarding state [ 133.374043][T12981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.399923][T12981] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 133.441851][T13030] syzkaller0: entered promiscuous mode [ 133.447420][T13030] syzkaller0: entered allmulticast mode [ 133.476034][T13046] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13046 comm=syz.0.2773 [ 133.484804][T12738] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.502561][T12738] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.511576][ T3699] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.518733][ T3699] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.530033][ T3695] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.537090][ T3695] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.566455][T13053] __nla_validate_parse: 13 callbacks suppressed [ 133.566471][T13053] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2777'. [ 133.587327][T13056] loop3: detected capacity change from 0 to 128 [ 133.590588][T13053] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2777'. [ 133.622117][T13053] loop0: detected capacity change from 0 to 512 [ 133.636437][T13060] loop3: detected capacity change from 0 to 128 [ 133.643791][T12738] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.653319][T13053] ext4 filesystem being mounted at /543/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.686865][T13066] 9pnet_fd: p9_fd_create_tcp (13066): problem connecting socket to 127.0.0.1 [ 133.749380][T13079] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13079 comm=syz.3.2784 [ 133.770660][T12738] veth0_vlan: entered promiscuous mode [ 133.778366][T12738] veth1_vlan: entered promiscuous mode [ 133.795457][T12738] veth0_macvtap: entered promiscuous mode [ 133.805817][T12738] veth1_macvtap: entered promiscuous mode [ 133.813375][T13085] tipc: Enabled bearer , priority 0 [ 133.820586][T13085] syzkaller0: entered promiscuous mode [ 133.826068][T13085] syzkaller0: entered allmulticast mode [ 133.834349][T12738] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 133.844443][T12738] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 133.853288][T13085] tipc: Resetting bearer [ 133.859840][T13084] tipc: Resetting bearer [ 133.866393][T13084] tipc: Disabling bearer [ 133.875051][ T3697] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.884091][ T3697] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.892931][ T3697] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.902302][ T3701] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.931670][T13089] loop3: detected capacity change from 0 to 128 [ 133.933395][T13083] netlink: 'syz.0.2786': attribute type 27 has an invalid length. [ 133.982866][T13083] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.992351][T13083] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 134.029374][T13099] loop2: detected capacity change from 0 to 512 [ 134.041020][T13099] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.054692][T13099] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2791: bg 0: block 64: padding at end of block bitmap is not set [ 134.092464][T13109] 9pnet_fd: p9_fd_create_tcp (13109): problem connecting socket to 127.0.0.1 [ 134.121400][T13113] syzkaller0: entered promiscuous mode [ 134.126936][T13113] syzkaller0: entered allmulticast mode [ 134.141570][T13094] loop3: detected capacity change from 0 to 512 [ 134.148211][T13094] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 134.159612][T13094] EXT4-fs (loop3): 1 truncate cleaned up [ 134.165348][T13120] loop0: detected capacity change from 0 to 128 [ 134.174268][T13094] netlink: 260 bytes leftover after parsing attributes in process `syz.3.2789'. [ 134.183399][T13094] netlink: 260 bytes leftover after parsing attributes in process `syz.3.2789'. [ 134.208034][T13094] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 134.208034][T13094] program syz.3.2789 not setting count and/or reply_len properly [ 134.252036][T13129] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13129 comm=syz.2.2803 [ 134.252944][T13131] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2804'. [ 134.298148][T13131] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2804'. [ 134.308328][T13137] 9pnet_fd: p9_fd_create_tcp (13137): problem connecting socket to 127.0.0.1 [ 134.342122][T13131] loop1: detected capacity change from 0 to 512 [ 134.353808][T13144] loop2: detected capacity change from 0 to 128 [ 134.366044][T13142] loop0: detected capacity change from 0 to 512 [ 134.406978][T13131] ext4 filesystem being mounted at /506/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.418752][ T4323] bridge0: port 3(syz_tun) entered disabled state [ 134.435939][T13142] ext4 filesystem being mounted at /557/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.448347][ T4323] syz_tun (unregistering): left allmulticast mode [ 134.454904][ T4323] syz_tun (unregistering): left promiscuous mode [ 134.457250][T13160] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2815'. [ 134.461339][ T4323] bridge0: port 3(syz_tun) entered disabled state [ 134.480075][T13142] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2810: bg 0: block 64: padding at end of block bitmap is not set [ 134.499371][T13164] loop3: detected capacity change from 0 to 512 [ 134.506284][T13164] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 134.534451][T13164] EXT4-fs (loop3): 1 truncate cleaned up [ 134.547327][T13172] loop0: detected capacity change from 0 to 128 [ 134.563912][T13140] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 134.563912][T13140] program syz.3.2808 not setting count and/or reply_len properly [ 134.593424][T13172] ext4 filesystem being mounted at /558/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 134.630865][T13172] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 134.631280][T13150] chnl_net:caif_netlink_parms(): no params data found [ 134.675276][T13150] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.682450][T13150] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.690037][T13150] bridge_slave_0: entered allmulticast mode [ 134.696504][T13185] netlink: 'syz.2.2818': attribute type 27 has an invalid length. [ 134.696586][T13150] bridge_slave_0: entered promiscuous mode [ 134.723213][T13185] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.730414][T13185] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.761673][T13185] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 134.772183][T13185] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 134.798872][T13150] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.806287][T13150] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.814029][T13150] bridge_slave_1: entered allmulticast mode [ 134.821329][T13150] bridge_slave_1: entered promiscuous mode [ 134.845891][T13186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 134.853854][T13186] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.863241][T13186] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 134.878922][ T3697] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.887879][ T3701] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.897978][T13150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 134.908822][T13150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 134.918105][ T3701] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.931161][T13188] loop0: detected capacity change from 0 to 512 [ 134.938619][T13188] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 134.939783][ T3701] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.950956][T13188] EXT4-fs (loop0): 1 truncate cleaned up [ 134.965146][T13150] team0: Port device team_slave_0 added [ 134.967501][T13188] netlink: 260 bytes leftover after parsing attributes in process `syz.0.2819'. [ 134.980022][T13188] netlink: 260 bytes leftover after parsing attributes in process `syz.0.2819'. [ 134.992660][T13188] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 134.992660][T13188] program syz.0.2819 not setting count and/or reply_len properly [ 134.993759][T13150] team0: Port device team_slave_1 added [ 135.028834][T13150] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 135.036057][T13150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 135.062105][T13150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 135.073459][T13150] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 135.080498][T13150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 135.106456][T13150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 135.132745][T13150] hsr_slave_0: entered promiscuous mode [ 135.138815][T13150] hsr_slave_1: entered promiscuous mode [ 135.144760][T13150] debugfs: 'hsr0' already exists in 'hsr' [ 135.150496][T13150] Cannot create hsr debugfs directory [ 135.202239][T13198] netlink: 44 bytes leftover after parsing attributes in process `+}[@'. [ 135.236773][ T3699] bridge_slave_1: left allmulticast mode [ 135.242531][ T3699] bridge_slave_1: left promiscuous mode [ 135.242546][T13198] loop3: detected capacity change from 0 to 8192 [ 135.248249][ T3699] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.262749][ T3699] bridge_slave_0: left allmulticast mode [ 135.268456][ T3699] bridge_slave_0: left promiscuous mode [ 135.274118][ T3699] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.341849][ T3699] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 135.357638][T13201] loop1: detected capacity change from 0 to 512 [ 135.365847][ T3699] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 135.376098][T13201] ext4 filesystem being mounted at /508/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.377820][ T3699] bond0 (unregistering): Released all slaves [ 135.424610][T13207] loop3: detected capacity change from 0 to 128 [ 135.443208][T13209] tipc: Enabled bearer , priority 0 [ 135.452004][T13209] syzkaller0: entered promiscuous mode [ 135.457484][T13209] syzkaller0: entered allmulticast mode [ 135.465016][ T3699] tipc: Left network mode [ 135.467213][T13209] tipc: Resetting bearer [ 135.470652][T13207] ext4 filesystem being mounted at /533/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 135.485725][T13208] tipc: Resetting bearer [ 135.492151][T13208] tipc: Disabling bearer [ 135.505602][ T3699] hsr_slave_0: left promiscuous mode [ 135.516619][ T3699] hsr_slave_1: left promiscuous mode [ 135.534194][T13215] loop2: detected capacity change from 0 to 512 [ 135.552145][T13215] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.565962][T13220] loop3: detected capacity change from 0 to 128 [ 135.574436][T13215] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2827: bg 0: block 64: padding at end of block bitmap is not set [ 135.591000][T13220] ext4 filesystem being mounted at /534/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 135.636784][T13220] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 135.645340][T13226] loop2: detected capacity change from 0 to 512 [ 135.666038][T13226] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.677718][T13226] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2831: bg 0: block 64: padding at end of block bitmap is not set [ 135.743778][T13234] loop2: detected capacity change from 0 to 8192 [ 135.904005][T13242] loop0: detected capacity change from 0 to 128 [ 135.913522][T13242] ext4 filesystem being mounted at /562/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 135.933221][T13150] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 135.945211][T13243] team0 (unregistering): Port device team_slave_0 removed [ 135.953185][T13243] team0 (unregistering): Port device team_slave_1 removed [ 135.971959][T13246] tipc: Enabled bearer , priority 0 [ 135.978717][T13150] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 135.987757][T13246] syzkaller0: entered promiscuous mode [ 135.993343][T13246] syzkaller0: entered allmulticast mode [ 136.000466][T13150] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 136.008950][T13150] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 136.020184][T13246] tipc: Resetting bearer [ 136.026703][T13245] tipc: Resetting bearer [ 136.033074][T13245] tipc: Disabling bearer [ 136.059560][T13150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.070857][T13150] 8021q: adding VLAN 0 to HW filter on device team0 [ 136.080249][ T3697] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.087371][ T3697] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.097005][ T3697] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.104197][ T3697] bridge0: port 2(bridge_slave_1) entered forwarding state [ 136.124170][T13150] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 136.134581][T13150] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 136.169988][T13258] loop0: detected capacity change from 0 to 512 [ 136.182959][T13258] ext4 filesystem being mounted at /565/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.195483][T13258] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2841: bg 0: block 64: padding at end of block bitmap is not set [ 136.198413][T13150] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 136.300413][T13150] veth0_vlan: entered promiscuous mode [ 136.307565][T13150] veth1_vlan: entered promiscuous mode [ 136.321096][T13150] veth0_macvtap: entered promiscuous mode [ 136.327912][T13150] veth1_macvtap: entered promiscuous mode [ 136.338024][T13150] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 136.348525][T13150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 136.357768][T13277] loop0: detected capacity change from 0 to 512 [ 136.365202][ T3695] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.378812][ T3695] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.388133][ T112] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.397232][ T112] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.399098][T13277] ext4 filesystem being mounted at /566/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.447042][T13285] loop4: detected capacity change from 0 to 512 [ 136.461411][T13285] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.474042][T13285] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2843: bg 0: block 64: padding at end of block bitmap is not set [ 136.492160][T13289] loop1: detected capacity change from 0 to 128 [ 136.501418][T13289] ext4 filesystem being mounted at /514/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 136.524704][T13289] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 136.618583][ T326] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 2 [ 136.630959][ T29] kauditd_printk_skb: 131 callbacks suppressed [ 136.630973][ T29] audit: type=1326 audit(1755579860.817:10401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13291 comm="syz.4.2845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff4619ebe9 code=0x7ffc0000 [ 136.673750][ T29] audit: type=1326 audit(1755579860.827:10402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13291 comm="syz.4.2845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff4619ebe9 code=0x7ffc0000 [ 136.697380][ T29] audit: type=1326 audit(1755579860.827:10403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13291 comm="syz.4.2845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff4619ebe9 code=0x7ffc0000 [ 136.721018][ T29] audit: type=1326 audit(1755579860.827:10404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13291 comm="syz.4.2845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff4619ebe9 code=0x7ffc0000 [ 136.744694][ T29] audit: type=1326 audit(1755579860.827:10405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13291 comm="syz.4.2845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7eff4619d550 code=0x7ffc0000 [ 136.768298][ T29] audit: type=1326 audit(1755579860.827:10406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13291 comm="syz.4.2845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff4619ebe9 code=0x7ffc0000 [ 136.792079][ T29] audit: type=1326 audit(1755579860.827:10407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13291 comm="syz.4.2845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff4619ebe9 code=0x7ffc0000 [ 136.815815][ T29] audit: type=1326 audit(1755579860.827:10408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13291 comm="syz.4.2845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7eff4619d550 code=0x7ffc0000 [ 136.839547][ T29] audit: type=1326 audit(1755579860.827:10409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13291 comm="syz.4.2845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7eff461a0417 code=0x7ffc0000 [ 136.863136][ T29] audit: type=1326 audit(1755579860.827:10410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13291 comm="syz.4.2845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7eff4619ebe9 code=0x7ffc0000 [ 136.864820][T13295] loop1: detected capacity change from 0 to 8192 [ 137.099815][T13310] 9pnet_fd: p9_fd_create_tcp (13310): problem connecting socket to 127.0.0.1 [ 137.181303][T13318] loop1: detected capacity change from 0 to 512 [ 137.192015][T13318] ext4 filesystem being mounted at /522/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.454423][T13325] loop4: detected capacity change from 0 to 512 [ 137.461090][T13325] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 137.471920][T13325] EXT4-fs (loop4): 1 truncate cleaned up [ 137.517334][T13332] loop3: detected capacity change from 0 to 128 [ 137.559037][T13340] 9pnet_fd: p9_fd_create_tcp (13340): problem connecting socket to 127.0.0.1 [ 137.582913][T13344] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13344 comm=syz.4.2867 [ 137.610595][T13347] loop4: detected capacity change from 0 to 512 [ 137.621126][T13347] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.632934][T13347] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2868: bg 0: block 64: padding at end of block bitmap is not set [ 137.649789][T13345] loop2: detected capacity change from 0 to 512 [ 137.662305][T13345] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.724456][T13342] loop3: detected capacity change from 0 to 512 [ 137.731301][T13342] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 137.746547][T13342] EXT4-fs (loop3): 1 truncate cleaned up [ 137.766804][T13342] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 137.766804][T13342] program syz.3.2866 not setting count and/or reply_len properly [ 137.836001][T13362] loop3: detected capacity change from 0 to 512 [ 137.854979][T13362] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 137.866068][T13362] EXT4-fs (loop3): 1 truncate cleaned up [ 137.901663][T13365] loop3: detected capacity change from 0 to 512 [ 137.922788][T13365] ext4 filesystem being mounted at /541/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.934897][T13365] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2871: bg 0: block 64: padding at end of block bitmap is not set [ 138.095238][T13388] loop1: detected capacity change from 0 to 128 [ 138.210227][T13412] tipc: Enabled bearer , priority 0 [ 138.224034][T13412] syzkaller0: entered promiscuous mode [ 138.229639][T13412] syzkaller0: entered allmulticast mode [ 138.248946][T13412] tipc: Resetting bearer [ 138.264488][T13411] tipc: Resetting bearer [ 138.280415][T13411] tipc: Disabling bearer [ 138.309910][T13433] loop0: detected capacity change from 0 to 512 [ 138.316924][T13433] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 138.343808][T13440] loop1: detected capacity change from 0 to 128 [ 138.356349][T13433] EXT4-fs (loop0): 1 truncate cleaned up [ 138.370047][T13402] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 138.370047][T13402] program syz.0.2879 not setting count and/or reply_len properly [ 138.412052][T13440] ext4 filesystem being mounted at /527/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 138.412868][T13454] loop2: detected capacity change from 0 to 512 [ 138.507254][T13454] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 138.529514][T13454] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2882: bg 0: block 64: padding at end of block bitmap is not set [ 138.596229][T13480] __nla_validate_parse: 5 callbacks suppressed [ 138.596246][T13480] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2886'. [ 138.693805][T13493] team0 (unregistering): Port device team_slave_0 removed [ 138.704920][T13493] team0 (unregistering): Port device team_slave_1 removed [ 138.729858][T13498] loop2: detected capacity change from 0 to 512 [ 138.781252][T13498] ext4 filesystem being mounted at /23/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 138.892234][T13531] loop3: detected capacity change from 0 to 128 [ 138.987595][T13541] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2892'. [ 138.997219][T13541] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2892'. [ 139.008742][T13541] loop2: detected capacity change from 0 to 512 [ 139.021958][T13541] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.036177][T13539] loop3: detected capacity change from 0 to 512 [ 139.050965][T13539] ext4 filesystem being mounted at /544/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.061772][T13546] loop2: detected capacity change from 0 to 512 [ 139.070925][T13546] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 139.078919][T13546] EXT4-fs (loop2): orphan cleanup on readonly fs [ 139.086377][T13546] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.2893: corrupted inode contents [ 139.098351][T13546] EXT4-fs (loop2): Remounting filesystem read-only [ 139.104991][T13546] EXT4-fs (loop2): 1 truncate cleaned up [ 139.110829][ T112] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 139.121348][ T112] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 139.131881][ T112] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 139.157747][T13552] loop2: detected capacity change from 0 to 128 [ 139.165954][T13552] ext4 filesystem being mounted at /27/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 139.185195][T13552] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 139.287396][T13559] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2897'. [ 139.311009][T13561] loop2: detected capacity change from 0 to 512 [ 139.321136][T13561] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.333092][T13561] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2898: bg 0: block 64: padding at end of block bitmap is not set [ 139.390743][T13570] loop2: detected capacity change from 0 to 128 [ 139.530473][T13581] netlink: 'syz.0.2903': attribute type 27 has an invalid length. [ 139.572922][T13581] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.582087][T13581] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 139.601804][T13615] loop2: detected capacity change from 0 to 512 [ 139.608678][T13615] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 139.628068][T13615] EXT4-fs (loop2): 1 truncate cleaned up [ 139.639791][T13578] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 139.639791][T13578] program syz.2.2902 not setting count and/or reply_len properly [ 139.664850][T13623] loop0: detected capacity change from 0 to 512 [ 139.685941][T13623] ext4 filesystem being mounted at /577/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.708039][T13633] loop2: detected capacity change from 0 to 128 [ 139.724679][T13633] ext4 filesystem being mounted at /35/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 139.741849][T13640] loop0: detected capacity change from 0 to 128 [ 139.769750][T13640] ext4 filesystem being mounted at /578/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 139.827254][T13652] loop3: detected capacity change from 0 to 128 [ 139.838017][T13655] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2909'. [ 139.840121][T13640] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 139.888684][T13663] netlink: 44 bytes leftover after parsing attributes in process `+}[@'. [ 139.912975][T13666] loop4: detected capacity change from 0 to 512 [ 139.921430][T13666] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 139.932805][T13666] EXT4-fs (loop4): 1 truncate cleaned up [ 139.978960][T13683] tipc: Enabled bearer , priority 0 [ 139.986479][T13683] syzkaller0: entered promiscuous mode [ 139.992053][T13683] syzkaller0: entered allmulticast mode [ 140.001898][T13683] tipc: Resetting bearer [ 140.008330][T13681] tipc: Resetting bearer [ 140.009577][T13663] loop3: detected capacity change from 0 to 8192 [ 140.021979][T13681] tipc: Disabling bearer [ 140.036066][T13663] vfat: Unknown parameter '‡±¿í§¾XfÙ…C ê' [ 140.062964][T13680] netlink: 'syz.4.2914': attribute type 27 has an invalid length. [ 140.104542][T13696] loop3: detected capacity change from 0 to 128 [ 140.114619][T13680] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.121866][T13680] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.175550][T13702] loop3: detected capacity change from 0 to 4096 [ 140.177497][T13680] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.183661][T13702] EXT4-fs: Ignoring removed nomblk_io_submit option [ 140.192315][T13680] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.196021][T13702] EXT4-fs: Ignoring removed nobh option [ 140.253971][T13702] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 140.256502][T13719] loop1: detected capacity change from 0 to 512 [ 140.307116][T13719] ext4 filesystem being mounted at /530/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.321554][T13719] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2918: bg 0: block 64: padding at end of block bitmap is not set [ 140.327181][T13685] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.345893][T13685] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 140.363683][ T1568] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.373020][ T1568] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.382369][ T1568] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.391483][T13727] loop3: detected capacity change from 0 to 512 [ 140.398576][ T1568] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.412526][T13727] ext4 filesystem being mounted at /550/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.421547][T13729] syzkaller0: entered promiscuous mode [ 140.426491][T13727] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2919: bg 0: block 64: padding at end of block bitmap is not set [ 140.428519][T13729] syzkaller0: entered allmulticast mode [ 140.470350][T13735] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2922'. [ 140.471424][T13737] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2923'. [ 140.481317][T13735] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2922'. [ 140.507831][T13735] loop3: detected capacity change from 0 to 512 [ 140.516702][T13739] loop4: detected capacity change from 0 to 128 [ 140.524752][T13739] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 140.537233][T13735] ext4 filesystem being mounted at /551/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.561487][T13739] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 140.597028][T13750] loop1: detected capacity change from 0 to 128 [ 140.604961][T13750] ext4 filesystem being mounted at /534/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 140.649819][T13753] loop4: detected capacity change from 0 to 128 [ 140.685306][T13759] syzkaller0: entered promiscuous mode [ 140.690919][T13759] syzkaller0: entered allmulticast mode [ 140.736192][T13755] netlink: 'syz.1.2929': attribute type 27 has an invalid length. [ 140.766816][T13765] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13765 comm=syz.3.2933 [ 140.780969][T13755] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.790742][T13755] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 140.821356][T13771] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2936'. [ 140.833641][T13771] loop3: detected capacity change from 0 to 512 [ 140.843508][T13758] loop4: detected capacity change from 0 to 512 [ 140.850323][T13758] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 140.861209][T13771] ext4 filesystem being mounted at /556/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.861801][T13758] EXT4-fs (loop4): 1 truncate cleaned up [ 140.883275][T13769] loop2: detected capacity change from 0 to 512 [ 140.895686][T13758] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 140.895686][T13758] program syz.4.2930 not setting count and/or reply_len properly [ 140.918291][T13769] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.956383][T13788] loop4: detected capacity change from 0 to 512 [ 140.970316][T13790] loop3: detected capacity change from 0 to 128 [ 140.978620][T13790] ext4 filesystem being mounted at /559/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 140.990912][T13788] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 140.998942][T13794] loop1: detected capacity change from 0 to 128 [ 141.005907][T13788] EXT4-fs (loop4): orphan cleanup on readonly fs [ 141.013309][T13794] ext4 filesystem being mounted at /537/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 141.025532][T13788] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.2939: corrupted inode contents [ 141.027702][T13790] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 141.038092][T13788] EXT4-fs (loop4): Remounting filesystem read-only [ 141.051053][T13788] EXT4-fs (loop4): 1 truncate cleaned up [ 141.058628][ T3697] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 141.069221][ T3697] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 141.080786][ T3697] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 141.612973][T13911] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13911 comm=syz.2.2946 [ 141.647951][T13918] loop2: detected capacity change from 0 to 512 [ 141.654795][T13907] loop0: detected capacity change from 0 to 512 [ 141.672343][T13907] ext4 filesystem being mounted at /580/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 141.672743][T13918] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 141.720571][T13934] loop2: detected capacity change from 0 to 128 [ 141.728355][T13934] ext4 filesystem being mounted at /40/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 141.820055][T13944] vhci_hcd: invalid port number 96 [ 141.825242][T13944] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 141.855333][ T47] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 2 [ 141.889297][T13950] loop1: detected capacity change from 0 to 8192 [ 141.896017][T13950] vfat: Unknown parameter '‡±¿í§¾XfÙ…C ê' [ 141.923241][T13953] loop1: detected capacity change from 0 to 128 [ 141.931942][T13953] ext4 filesystem being mounted at /542/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 141.976884][T13957] loop4: detected capacity change from 0 to 512 [ 141.983767][T13957] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 141.995174][T13946] loop2: detected capacity change from 0 to 512 [ 142.002369][T13946] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 142.002372][T13957] EXT4-fs (loop4): 1 truncate cleaned up [ 142.021906][T13946] EXT4-fs (loop2): 1 truncate cleaned up [ 142.039846][T13946] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 142.039846][T13946] program syz.2.2951 not setting count and/or reply_len properly [ 142.076327][T13969] loop4: detected capacity change from 0 to 512 [ 142.107345][T13969] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.120606][ T29] kauditd_printk_skb: 174 callbacks suppressed [ 142.120619][ T29] audit: type=1326 audit(1755579866.307:10573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13973 comm="syz.2.2961" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f69a10cebe9 code=0x0 [ 142.125614][T13969] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2959: bg 0: block 64: padding at end of block bitmap is not set [ 142.195619][T13978] loop4: detected capacity change from 0 to 128 [ 142.204558][T13978] ext4 filesystem being mounted at /26/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 142.232284][T13976] loop2: detected capacity change from 0 to 512 [ 142.258576][T13976] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.406250][T13986] loop4: detected capacity change from 0 to 512 [ 142.416673][T13984] loop3: detected capacity change from 0 to 512 [ 142.439148][ T326] I/O error, dev loop1, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 2 [ 142.462666][T13986] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.530334][T13986] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2963: bg 0: block 64: padding at end of block bitmap is not set [ 142.546911][T13984] ext4 filesystem being mounted at /563/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.576316][T13991] loop0: detected capacity change from 0 to 8192 [ 142.583471][T13991] vfat: Unknown parameter '‡±¿í§¾XfÙ…C ê' [ 142.601016][T13998] loop4: detected capacity change from 0 to 128 [ 142.614160][T13998] ext4 filesystem being mounted at /28/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 142.701083][T14005] loop4: detected capacity change from 0 to 128 [ 142.709410][T14005] ext4 filesystem being mounted at /29/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 142.734451][T14005] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 142.878731][T14012] loop1: detected capacity change from 0 to 512 [ 142.891353][T14012] ext4 filesystem being mounted at /546/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.950008][T14017] vhci_hcd: invalid port number 96 [ 142.955138][T14017] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 142.964605][ T29] audit: type=1326 audit(1755579867.147:10574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14018 comm="syz.2.2976" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f69a10cebe9 code=0x0 [ 142.995731][T14022] loop1: detected capacity change from 0 to 512 [ 143.011184][T14022] ext4 filesystem being mounted at /548/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.013750][T14008] loop4: detected capacity change from 0 to 512 [ 143.023800][T14022] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2977: bg 0: block 64: padding at end of block bitmap is not set [ 143.029587][T14008] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 143.053184][T14008] EXT4-fs (loop4): 1 truncate cleaned up [ 143.066069][T14008] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 143.066069][T14008] program syz.4.2971 not setting count and/or reply_len properly [ 143.090732][T14026] loop2: detected capacity change from 0 to 512 [ 143.096530][T14030] loop1: detected capacity change from 0 to 512 [ 143.110265][T14030] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 143.115345][T14026] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.118368][T14030] EXT4-fs (loop1): orphan cleanup on readonly fs [ 143.141538][T14030] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.2978: corrupted inode contents [ 143.153833][T14030] EXT4-fs (loop1): Remounting filesystem read-only [ 143.160914][T14030] EXT4-fs (loop1): 1 truncate cleaned up [ 143.162234][T14036] loop4: detected capacity change from 0 to 512 [ 143.173304][ T51] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 143.183853][ T51] Quota error (device loop1): write_blk: dquota write failed [ 143.191253][ T51] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries [ 143.201293][ T51] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 143.211830][ T51] Quota error (device loop1): write_blk: dquota write failed [ 143.214930][T14036] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.219248][ T51] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list [ 143.219287][ T51] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started [ 143.249483][ T51] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 143.258283][ T51] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 143.280449][T14040] loop4: detected capacity change from 0 to 128 [ 143.304636][ T29] audit: type=1326 audit(1755579867.487:10575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14041 comm="syz.1.2981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c2c4ebe9 code=0x7ffc0000 [ 143.329807][ T29] audit: type=1326 audit(1755579867.507:10576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14041 comm="syz.1.2981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f06c2c4ebe9 code=0x7ffc0000 [ 143.335113][T14044] tipc: Started in network mode [ 143.358252][T14044] tipc: Node identity 824f94b0ce1b, cluster identity 4711 [ 143.365498][T14044] tipc: Enabled bearer , priority 0 [ 143.375846][T14044] syzkaller0: entered promiscuous mode [ 143.381461][T14044] syzkaller0: entered allmulticast mode [ 143.391091][T14044] tipc: Resetting bearer [ 143.397562][T14043] tipc: Resetting bearer [ 143.404416][T14043] tipc: Disabling bearer [ 143.413367][T14042] netlink: 'syz.1.2981': attribute type 27 has an invalid length. [ 143.445561][T14047] loop3: detected capacity change from 0 to 128 [ 143.453837][T14047] ext4 filesystem being mounted at /565/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 143.456632][T14042] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.475280][T14042] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 143.505065][T14047] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 143.575802][T14063] loop3: detected capacity change from 0 to 512 [ 143.601037][T14063] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 143.609248][T14063] EXT4-fs (loop3): orphan cleanup on readonly fs [ 143.616889][T14063] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.2990: corrupted inode contents [ 143.630222][T14063] EXT4-fs (loop3): Remounting filesystem read-only [ 143.630780][T14056] netlink: 'syz.4.2987': attribute type 27 has an invalid length. [ 143.637058][T14063] EXT4-fs (loop3): 1 truncate cleaned up [ 143.650680][ T1568] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 143.661290][ T1568] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 143.671990][ T1568] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 143.710966][T14060] netlink: 'syz.1.2989': attribute type 27 has an invalid length. [ 143.717376][T14064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.727526][T14064] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 143.731382][T14069] loop3: detected capacity change from 0 to 512 [ 143.761271][T14069] ext4 filesystem being mounted at /567/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.780890][T14069] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2991: bg 0: block 64: padding at end of block bitmap is not set [ 143.804445][T14067] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.818314][T14067] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 143.847154][T14076] loop2: detected capacity change from 0 to 512 [ 143.879747][T14079] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14079 comm=syz.3.2994 [ 143.892611][T14076] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 143.903150][T14076] EXT4-fs (loop2): orphan cleanup on readonly fs [ 143.911937][T14076] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.2993: corrupted inode contents [ 143.924678][T14076] EXT4-fs (loop2): Remounting filesystem read-only [ 143.931872][T14076] EXT4-fs (loop2): 1 truncate cleaned up [ 143.932242][ T326] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 2 [ 143.947283][T14085] __nla_validate_parse: 13 callbacks suppressed [ 143.947296][T14085] netlink: 44 bytes leftover after parsing attributes in process `+}[@'. [ 143.962080][ T3695] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 143.972776][ T3695] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 143.992503][ T3695] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 144.002779][T14085] loop1: detected capacity change from 0 to 8192 [ 144.009330][T14085] vfat: Unknown parameter '‡±¿í§¾XfÙ…C ê' [ 144.035294][T14081] loop4: detected capacity change from 0 to 512 [ 144.042350][T14081] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 144.071520][T14081] EXT4-fs (loop4): 1 truncate cleaned up [ 144.089938][T14081] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 144.089938][T14081] program syz.4.2995 not setting count and/or reply_len properly [ 144.132346][T14090] netlink: 'syz.3.2998': attribute type 27 has an invalid length. [ 144.148711][T14102] loop4: detected capacity change from 0 to 128 [ 144.158065][T14102] ext4 filesystem being mounted at /39/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 144.248536][T14095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.262367][T14095] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 144.326556][T14111] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3004'. [ 144.336401][T14111] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3004'. [ 144.348927][T14111] loop3: detected capacity change from 0 to 512 [ 144.349067][T14109] loop1: detected capacity change from 0 to 512 [ 144.388219][T14111] ext4 filesystem being mounted at /571/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.441900][T14109] ext4 filesystem being mounted at /556/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.480358][T14131] loop0: detected capacity change from 0 to 128 [ 144.505103][T14129] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3009'. [ 144.547355][T14131] ext4 filesystem being mounted at /588/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 144.565863][T14120] netlink: 'syz.4.3007': attribute type 27 has an invalid length. [ 144.573802][T14129] loop3: detected capacity change from 0 to 8192 [ 144.584588][T14129] vfat: Unknown parameter '‡±¿í§¾XfÙ…C ê' [ 144.651428][T14120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.661486][T14120] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 144.702405][T14136] loop3: detected capacity change from 0 to 128 [ 144.754618][T14140] loop4: detected capacity change from 0 to 512 [ 144.772067][T14144] loop3: detected capacity change from 0 to 512 [ 144.781218][T14140] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.794025][T14140] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3014: bg 0: block 64: padding at end of block bitmap is not set [ 144.824468][T14144] ext4 filesystem being mounted at /576/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.850808][T14144] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3016: bg 0: block 64: padding at end of block bitmap is not set [ 144.851737][T14147] netlink: 'syz.0.3015': attribute type 27 has an invalid length. [ 144.898223][T14151] loop4: detected capacity change from 0 to 128 [ 144.906690][T14151] ext4 filesystem being mounted at /42/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 144.922749][T14154] loop3: detected capacity change from 0 to 128 [ 144.929680][T14142] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.931440][T14154] ext4 filesystem being mounted at /577/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 144.946807][T14142] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 145.014620][T14158] tipc: Enabled bearer , priority 0 [ 145.021766][T14158] syzkaller0: entered promiscuous mode [ 145.027245][T14158] syzkaller0: entered allmulticast mode [ 145.032881][T14159] loop2: detected capacity change from 0 to 128 [ 145.057129][T14158] tipc: Resetting bearer [ 145.077446][T14164] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3023'. [ 145.087623][T14167] loop4: detected capacity change from 0 to 128 [ 145.088492][T14156] tipc: Resetting bearer [ 145.097910][T14169] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3025'. [ 145.110707][T14167] ext4 filesystem being mounted at /44/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 145.123161][T14156] tipc: Disabling bearer [ 145.146175][T14169] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3025'. [ 145.158704][T14169] loop1: detected capacity change from 0 to 512 [ 145.181122][T14169] ext4 filesystem being mounted at /558/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 145.211841][T14182] loop3: detected capacity change from 0 to 512 [ 145.218786][T14181] loop0: detected capacity change from 0 to 512 [ 145.226660][T14184] netlink: 44 bytes leftover after parsing attributes in process `+}[@'. [ 145.231486][T14182] ext4 filesystem being mounted at /578/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 145.254080][T14182] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3028: bg 0: block 64: padding at end of block bitmap is not set [ 145.271753][T14181] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 145.284219][T14181] EXT4-fs (loop0): orphan cleanup on readonly fs [ 145.291463][T14184] loop4: detected capacity change from 0 to 8192 [ 145.294228][T14181] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.3030: corrupted inode contents [ 145.310702][T14181] EXT4-fs (loop0): Remounting filesystem read-only [ 145.317363][T14181] EXT4-fs (loop0): 1 truncate cleaned up [ 145.323363][ T3699] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 145.333965][ T3699] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 145.348832][ T3699] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 145.398396][T14189] netlink: 'syz.1.3031': attribute type 27 has an invalid length. [ 145.430187][T14199] loop0: detected capacity change from 0 to 128 [ 145.438629][T14189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.449692][T14189] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 145.494897][T14202] loop0: detected capacity change from 0 to 512 [ 145.501335][T14200] loop3: detected capacity change from 0 to 512 [ 145.521208][T14205] loop1: detected capacity change from 0 to 128 [ 145.529140][T14200] ext4 filesystem being mounted at /579/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 145.541726][T14202] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 145.549850][T14202] EXT4-fs (loop0): orphan cleanup on readonly fs [ 145.558505][T14202] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.3035: corrupted inode contents [ 145.571210][T14205] ext4 filesystem being mounted at /560/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 145.588713][T14202] EXT4-fs (loop0): Remounting filesystem read-only [ 145.599324][T14205] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 145.609027][T14202] EXT4-fs (loop0): 1 truncate cleaned up [ 145.614964][ T3695] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 145.625567][ T3695] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 145.636279][ T3695] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 145.668921][T14220] loop0: detected capacity change from 0 to 128 [ 145.668988][T14218] loop4: detected capacity change from 0 to 512 [ 145.677545][T14220] ext4 filesystem being mounted at /596/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 145.682367][T14218] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 145.703299][T14218] EXT4-fs (loop4): 1 truncate cleaned up [ 145.735337][T14224] tipc: Enabled bearer , priority 0 [ 145.742506][T14224] syzkaller0: entered promiscuous mode [ 145.747990][T14224] syzkaller0: entered allmulticast mode [ 145.764818][T14223] tipc: Resetting bearer [ 145.772329][T14223] tipc: Disabling bearer [ 145.782100][T14228] loop0: detected capacity change from 0 to 128 [ 145.786961][T14230] loop1: detected capacity change from 0 to 512 [ 145.795788][T14230] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 145.808024][T14230] EXT4-fs (loop1): 1 truncate cleaned up [ 145.820439][T14230] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 145.820439][T14230] program syz.1.3044 not setting count and/or reply_len properly [ 145.941263][T14251] loop1: detected capacity change from 0 to 512 [ 145.951278][T14251] ext4 filesystem being mounted at /565/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.003519][T14239] chnl_net:caif_netlink_parms(): no params data found [ 146.029137][T14262] loop2: detected capacity change from 0 to 512 [ 146.039991][T14262] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 146.050835][T14239] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.051350][T14262] EXT4-fs (loop2): 1 truncate cleaned up [ 146.057906][T14239] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.071063][T14239] bridge_slave_0: entered allmulticast mode [ 146.077478][T14239] bridge_slave_0: entered promiscuous mode [ 146.084312][T14239] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.091374][T14239] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.098722][T14239] bridge_slave_1: entered allmulticast mode [ 146.105362][T14239] bridge_slave_1: entered promiscuous mode [ 146.123551][T14239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 146.127819][T14271] loop2: detected capacity change from 0 to 512 [ 146.134990][T14239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 146.154050][T14257] loop1: detected capacity change from 0 to 512 [ 146.161134][T14257] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 146.166575][T14271] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.173826][T14257] EXT4-fs (loop1): 1 truncate cleaned up [ 146.187772][T14239] team0: Port device team_slave_0 added [ 146.193473][T14271] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3054: bg 0: block 64: padding at end of block bitmap is not set [ 146.194440][T14239] team0: Port device team_slave_1 added [ 146.221805][T14257] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 146.221805][T14257] program syz.1.3051 not setting count and/or reply_len properly [ 146.246343][T14239] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 146.253333][T14239] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.279338][T14239] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 146.290718][T14239] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 146.297659][T14239] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.323671][T14239] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 146.348186][T14281] loop3: detected capacity change from 0 to 128 [ 146.363678][T14281] ext4 filesystem being mounted at /580/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 146.365080][T14239] hsr_slave_0: entered promiscuous mode [ 146.380008][T14239] hsr_slave_1: entered promiscuous mode [ 146.414854][T14291] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3061'. [ 146.426508][T14291] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3061'. [ 146.437922][T14291] loop2: detected capacity change from 0 to 512 [ 146.439284][T14281] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 146.458713][T14291] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.495723][T14297] loop1: detected capacity change from 0 to 512 [ 146.503456][T14297] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 146.516886][T14297] EXT4-fs (loop1): 1 truncate cleaned up [ 146.544832][T14306] loop1: detected capacity change from 0 to 128 [ 146.565307][T14308] loop1: detected capacity change from 0 to 128 [ 146.573498][T14308] ext4 filesystem being mounted at /571/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 146.620199][T14315] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14315 comm=syz.3.3070 [ 146.701921][ T326] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 2 [ 146.744361][T14328] loop1: detected capacity change from 0 to 8192 [ 146.755266][T14332] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 146.844296][T14239] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 146.854332][T14239] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 146.862712][T14239] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 146.872198][T14239] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 146.920573][ T3688] bridge_slave_1: left allmulticast mode [ 146.926293][ T3688] bridge_slave_1: left promiscuous mode [ 146.932135][ T3688] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.941684][T14341] loop3: detected capacity change from 0 to 8192 [ 146.948601][ T3688] bridge_slave_0: left allmulticast mode [ 146.954308][ T3688] bridge_slave_0: left promiscuous mode [ 146.960002][ T3688] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.011881][T14343] vhci_hcd: invalid port number 96 [ 147.017028][T14343] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 147.026068][ T3688] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 147.038659][ T3688] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 147.055313][ T3688] bond0 (unregistering): Released all slaves [ 147.077735][T14239] 8021q: adding VLAN 0 to HW filter on device bond0 [ 147.094875][T14239] 8021q: adding VLAN 0 to HW filter on device team0 [ 147.104091][ T1568] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.111213][ T1568] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.123951][ T3688] tipc: Left network mode [ 147.132827][ T3695] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.139917][ T3695] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.154377][ T3688] hsr_slave_0: left promiscuous mode [ 147.161285][ T3688] hsr_slave_1: left promiscuous mode [ 147.167016][ T3688] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 147.175323][ T3688] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 147.183316][T14351] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14351 comm=syz.3.3082 [ 147.216460][T14354] loop4: detected capacity change from 0 to 512 [ 147.232668][T14354] ext4 filesystem being mounted at /50/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.246315][T14346] loop1: detected capacity change from 0 to 512 [ 147.255353][T14346] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 147.266527][T14361] loop3: detected capacity change from 0 to 128 [ 147.275593][T14346] EXT4-fs (loop1): 1 truncate cleaned up [ 147.293271][T14361] ext4 filesystem being mounted at /592/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 147.369047][T14373] loop1: detected capacity change from 0 to 512 [ 147.378373][T14239] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 147.392781][T14373] ext4 filesystem being mounted at /578/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.406816][T14366] loop4: detected capacity change from 0 to 8192 [ 147.416511][T14373] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3088: bg 0: block 64: padding at end of block bitmap is not set [ 147.451756][T14366] vfat: Unknown parameter '‡±¿í§¾XfÙ…C ê' [ 147.484826][T14388] tipc: Started in network mode [ 147.489817][T14388] tipc: Node identity 5e0f8653e13a, cluster identity 4711 [ 147.496960][T14388] tipc: Enabled bearer , priority 0 [ 147.505046][T14388] syzkaller0: entered promiscuous mode [ 147.510573][T14388] syzkaller0: entered allmulticast mode [ 147.531214][T14387] tipc: Resetting bearer [ 147.540124][ T29] kauditd_printk_skb: 284 callbacks suppressed [ 147.540136][ T29] audit: type=1326 audit(1755579871.727:10837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14393 comm="syz.1.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c2c4ebe9 code=0x7ffc0000 [ 147.573772][T14387] tipc: Disabling bearer [ 147.576902][ T29] audit: type=1326 audit(1755579871.757:10838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14393 comm="syz.1.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06c2c4ebe9 code=0x7ffc0000 [ 147.603162][ T29] audit: type=1326 audit(1755579871.757:10839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14393 comm="syz.1.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c2c4ebe9 code=0x7ffc0000 [ 147.603257][ T29] audit: type=1326 audit(1755579871.757:10840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14393 comm="syz.1.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c2c4ebe9 code=0x7ffc0000 [ 147.650378][ T29] audit: type=1326 audit(1755579871.757:10841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14393 comm="syz.1.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06c2c4ebe9 code=0x7ffc0000 [ 147.674158][ T29] audit: type=1326 audit(1755579871.757:10842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14393 comm="syz.1.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c2c4ebe9 code=0x7ffc0000 [ 147.699059][ T29] audit: type=1326 audit(1755579871.757:10843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14393 comm="syz.1.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c2c4ebe9 code=0x7ffc0000 [ 147.722666][ T29] audit: type=1326 audit(1755579871.757:10844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14393 comm="syz.1.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06c2c4ebe9 code=0x7ffc0000 [ 147.746228][ T29] audit: type=1326 audit(1755579871.757:10845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14393 comm="syz.1.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c2c4ebe9 code=0x7ffc0000 [ 147.753353][T14400] loop3: detected capacity change from 0 to 128 [ 147.769836][ T29] audit: type=1326 audit(1755579871.757:10846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14393 comm="syz.1.3093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06c2c4ebe9 code=0x7ffc0000 [ 147.823679][T14239] veth0_vlan: entered promiscuous mode [ 147.831719][T14239] veth1_vlan: entered promiscuous mode [ 147.843868][T14407] loop3: detected capacity change from 0 to 128 [ 147.845635][T14239] veth0_macvtap: entered promiscuous mode [ 147.859322][T14239] veth1_macvtap: entered promiscuous mode [ 147.871727][T14407] ext4 filesystem being mounted at /596/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 147.873615][T14239] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 147.891159][T14239] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 147.906801][ T3688] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.931043][ T3688] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.940738][T14413] loop2: detected capacity change from 0 to 128 [ 147.952451][T14407] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 147.953619][T14413] ext4 filesystem being mounted at /62/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 147.972599][ T3688] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.982708][ T3688] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.009844][ T47] I/O error, dev loop1, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 2 [ 148.061339][T14420] loop0: detected capacity change from 0 to 8192 [ 148.067946][T14420] vfat: Unknown parameter '‡±¿í§¾XfÙ…C ê' [ 148.090863][T14423] netlink: 'syz.4.3103': attribute type 27 has an invalid length. [ 148.115838][T14429] loop2: detected capacity change from 0 to 128 [ 148.138068][T14431] loop0: detected capacity change from 0 to 128 [ 148.142616][T14423] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.150445][T14429] ext4 filesystem being mounted at /63/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 148.166484][T14431] ext4 filesystem being mounted at /1/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 148.176800][T14423] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 148.256901][T14440] tipc: Enabled bearer , priority 0 [ 148.264073][T14440] syzkaller0: entered promiscuous mode [ 148.269718][T14440] syzkaller0: entered allmulticast mode [ 148.284739][T14439] tipc: Resetting bearer [ 148.293826][T14436] netlink: 'syz.3.3107': attribute type 27 has an invalid length. [ 148.294170][T14439] tipc: Disabling bearer [ 148.317537][T14445] loop0: detected capacity change from 0 to 128 [ 148.352637][T14447] loop0: detected capacity change from 0 to 512 [ 148.356247][T14438] netlink: 'syz.2.3108': attribute type 27 has an invalid length. [ 148.379644][T14447] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.385113][T14434] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.402352][T14434] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 148.467782][T14457] loop4: detected capacity change from 0 to 128 [ 148.478811][T14457] ext4 filesystem being mounted at /60/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 148.484393][T14443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.498314][T14443] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 148.633873][T14458] loop0: detected capacity change from 0 to 512 [ 148.648910][T14458] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 148.670102][T14458] EXT4-fs (loop0): 1 truncate cleaned up [ 148.678379][T14475] loop2: detected capacity change from 0 to 128 [ 148.688800][T14458] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 148.688800][T14458] program syz.0.3115 not setting count and/or reply_len properly [ 148.742444][T14488] netlink: 'syz.4.3125': attribute type 27 has an invalid length. [ 148.772338][T14492] loop0: detected capacity change from 0 to 512 [ 148.789274][T14490] netlink: 'syz.1.3123': attribute type 27 has an invalid length. [ 148.797254][T14494] loop2: detected capacity change from 0 to 512 [ 148.810068][T14492] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.812896][T14495] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.829929][T14495] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 148.877529][T14483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.892253][T14494] ext4 filesystem being mounted at /67/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.921981][T14483] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 148.922476][T14494] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3127: bg 0: block 64: padding at end of block bitmap is not set [ 149.027683][T14510] __nla_validate_parse: 12 callbacks suppressed [ 149.027764][T14510] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3131'. [ 149.068325][T14467] chnl_net:caif_netlink_parms(): no params data found [ 149.128780][T14521] loop4: detected capacity change from 0 to 512 [ 149.137370][T14467] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.144495][T14467] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.153428][T14521] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 149.178402][T14521] EXT4-fs (loop4): 1 truncate cleaned up [ 149.184323][T14467] bridge_slave_0: entered allmulticast mode [ 149.191084][T14467] bridge_slave_0: entered promiscuous mode [ 149.212149][T14467] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.219274][T14467] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.234696][T14467] bridge_slave_1: entered allmulticast mode [ 149.242777][T14467] bridge_slave_1: entered promiscuous mode [ 149.270368][T14467] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 149.286230][T14467] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 149.311874][T14467] team0: Port device team_slave_0 added [ 149.318543][T14467] team0: Port device team_slave_1 added [ 149.338299][T14467] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 149.345344][T14467] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.371370][T14467] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 149.382691][T14467] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 149.389666][T14467] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.415704][T14467] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 149.429151][T14524] loop4: detected capacity change from 0 to 512 [ 149.436003][T14524] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 149.450436][T14524] EXT4-fs (loop4): 1 truncate cleaned up [ 149.459154][T14524] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 149.459154][T14524] program syz.4.3135 not setting count and/or reply_len properly [ 149.492387][T14467] hsr_slave_0: entered promiscuous mode [ 149.498376][T14467] hsr_slave_1: entered promiscuous mode [ 149.504302][T14467] debugfs: 'hsr0' already exists in 'hsr' [ 149.510046][T14467] Cannot create hsr debugfs directory [ 149.741744][T14541] netlink: 'syz.4.3140': attribute type 27 has an invalid length. [ 149.769474][T14541] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.777998][T14541] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 149.831402][T14546] loop0: detected capacity change from 0 to 128 [ 149.880106][T14550] vhci_hcd: invalid port number 96 [ 149.885238][T14550] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 149.892524][T14556] loop1: detected capacity change from 0 to 512 [ 149.911965][T14556] ext4 filesystem being mounted at /585/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 149.944497][T14565] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3150'. [ 149.975397][ T47] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 2 [ 149.985566][T14572] netlink: 44 bytes leftover after parsing attributes in process `+}[@'. [ 150.026418][T14572] loop1: detected capacity change from 0 to 8192 [ 150.033197][T14572] vfat: Unknown parameter '‡±¿í§¾XfÙ…C ê' [ 150.037008][T14575] loop0: detected capacity change from 0 to 512 [ 150.070500][T14575] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 150.081442][T14579] loop1: detected capacity change from 0 to 128 [ 150.107315][T14567] netlink: 'syz.2.3151': attribute type 27 has an invalid length. [ 150.121410][T14575] EXT4-fs (loop0): 1 truncate cleaned up [ 150.134634][T14552] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 150.134634][T14552] program syz.0.3145 not setting count and/or reply_len properly [ 150.175357][T14573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.184118][T14573] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 150.316263][T14596] loop0: detected capacity change from 0 to 512 [ 150.333011][T14596] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.372474][T14600] team0 (unregistering): Port device team_slave_0 removed [ 150.381522][T14600] team0 (unregistering): Port device team_slave_1 removed [ 150.482171][ T1568] bridge_slave_1: left allmulticast mode [ 150.487817][ T1568] bridge_slave_1: left promiscuous mode [ 150.493639][ T1568] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.503189][ T1568] bridge_slave_0: left allmulticast mode [ 150.508844][ T1568] bridge_slave_0: left promiscuous mode [ 150.514486][ T1568] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.612843][ T1568] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 150.622624][ T1568] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 150.633651][ T1568] bond0 (unregistering): Released all slaves [ 150.656487][T14467] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 150.665458][T14467] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 150.674367][T14467] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 150.683222][T14467] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 150.713426][ T1568] tipc: Left network mode [ 150.720898][ T1568] hsr_slave_0: left promiscuous mode [ 150.726395][ T1568] hsr_slave_1: left promiscuous mode [ 150.732024][ T1568] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.739524][ T1568] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.746985][ T1568] batman_adv: batadv0: Removing interface: macvlan0 [ 150.823624][T14467] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.834974][T14467] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.844396][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.851461][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.862003][ T3688] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.869164][ T3688] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.928975][T14467] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.001191][T14608] netlink: 'syz.4.3164': attribute type 27 has an invalid length. [ 151.021701][T14623] loop1: detected capacity change from 0 to 512 [ 151.037133][T14623] ext4 filesystem being mounted at /592/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 151.048658][T14467] veth0_vlan: entered promiscuous mode [ 151.051600][T14623] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3166: bg 0: block 64: padding at end of block bitmap is not set [ 151.091045][T14608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.100416][T14608] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 151.134636][T14467] veth1_vlan: entered promiscuous mode [ 151.159167][T14467] veth0_macvtap: entered promiscuous mode [ 151.168030][T14467] veth1_macvtap: entered promiscuous mode [ 151.175382][T14632] loop2: detected capacity change from 0 to 128 [ 151.186290][T14467] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 151.200162][T14467] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 151.202317][T14637] loop4: detected capacity change from 0 to 512 [ 151.209260][T14632] ext4 filesystem being mounted at /75/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 151.225931][ T3695] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.235503][ T3695] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.247725][T14627] loop1: detected capacity change from 0 to 512 [ 151.255193][T14627] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 151.267735][T14637] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 151.283742][ T3695] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.287316][T14637] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3171: bg 0: block 64: padding at end of block bitmap is not set [ 151.307303][T14627] EXT4-fs (loop1): 1 truncate cleaned up [ 151.307664][ T3695] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.324427][T14627] sg_write: data in/out 11329/120 bytes for SCSI command 0x0-- guessing data in; [ 151.324427][T14627] program syz.1.3167 not setting count and/or reply_len properly [ 151.355059][T14647] loop3: detected capacity change from 0 to 128 [ 151.358523][T14646] loop4: detected capacity change from 0 to 512 [ 151.369249][T14647] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 151.381703][T14646] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 151.385893][T14651] loop2: detected capacity change from 0 to 512 [ 151.396175][T14646] EXT4-fs (loop4): orphan cleanup on readonly fs [ 151.407665][T14646] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.3173: corrupted inode contents [ 151.432903][T14651] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 151.443635][T14654] loop1: detected capacity change from 0 to 128 [ 151.451790][T14646] EXT4-fs (loop4): Remounting filesystem read-only [ 151.458878][T14646] EXT4-fs (loop4): 1 truncate cleaned up [ 151.464904][ T3695] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 151.475465][ T3695] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 151.487405][ T3695] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 151.538972][T14667] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3180'. [ 151.554416][T14670] loop3: detected capacity change from 0 to 128 [ 151.567670][T14670] ext4 filesystem being mounted at /3/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 151.585815][T14675] loop2: detected capacity change from 0 to 512 [ 151.603127][T14675] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 151.614928][T14670] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 151.620893][T14675] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3183: bg 0: block 64: padding at end of block bitmap is not set [ 151.654475][T14680] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3184'. [ 151.664392][T14680] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3184'. [ 151.676711][T14680] loop0: detected capacity change from 0 to 512 [ 151.688824][T14682] netlink: 44 bytes leftover after parsing attributes in process `+}[@'. [ 151.698975][T14680] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 151.761897][T14689] loop3: detected capacity change from 0 to 128 [ 151.768405][T14682] loop2: detected capacity change from 0 to 8192 [ 151.775321][T14682] vfat: Unknown parameter '‡±¿í§¾XfÙ…C ê' [ 151.825816][T14689] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 151.900155][T14702] loop2: detected capacity change from 0 to 512 [ 151.929766][T14704] loop0: detected capacity change from 0 to 512 [ 151.950400][T14702] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 151.958619][T14702] EXT4-fs (loop2): orphan cleanup on readonly fs [ 151.968352][T14702] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.3193: corrupted inode contents [ 151.981388][T14702] EXT4-fs (loop2): Remounting filesystem read-only [ 151.988166][T14702] EXT4-fs (loop2): 1 truncate cleaned up [ 151.993965][ T1568] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 152.004491][ T1568] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 152.016417][ T1568] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 152.044489][T14704] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.076368][T14710] loop2: detected capacity change from 0 to 512 [ 152.095478][T14712] team0 (unregistering): Port device team_slave_0 removed [ 152.104708][T14712] team0 (unregistering): Port device team_slave_1 removed [ 152.112256][T14714] loop0: detected capacity change from 0 to 128 [ 152.129417][T14710] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.141160][T14714] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 152.154206][T14710] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3196: bg 0: block 64: padding at end of block bitmap is not set [ 152.201245][T14719] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3198'. [ 152.203364][T14714] vhci_hcd: default hub control req: 0310 v0006 i0003 l0 [ 152.211034][T14719] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3198'. [ 152.231149][T14719] loop2: detected capacity change from 0 to 512 [ 152.251610][T14719] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.287847][T14723] netlink: 44 bytes leftover after parsing attributes in process `+}[@'. [ 152.334295][T14239] ================================================================== [ 152.338485][T14723] loop2: detected capacity change from 0 to 8192 [ 152.342389][T14239] BUG: KCSAN: data-race in __lru_add_drain_all / folio_add_lru [ 152.342425][T14239] [ 152.358536][T14239] read-write to 0xffff888237c25ea8 of 1 bytes by task 14723 on cpu 0: [ 152.366665][T14239] folio_add_lru+0xa5/0x1f0 [ 152.371160][T14239] shmem_get_folio_gfp+0x7ab/0xd60 [ 152.376268][T14239] shmem_write_begin+0xa8/0x190 [ 152.381108][T14239] generic_perform_write+0x184/0x490 [ 152.386389][T14239] shmem_file_write_iter+0xc5/0xf0 [ 152.391491][T14239] vfs_write+0x52a/0x960 [ 152.395722][T14239] ksys_write+0xda/0x1a0 [ 152.399954][T14239] __x64_sys_write+0x40/0x50 [ 152.404534][T14239] x64_sys_call+0x27fe/0x2ff0 [ 152.409197][T14239] do_syscall_64+0xd2/0x200 [ 152.413694][T14239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.419575][T14239] [ 152.421884][T14239] read to 0xffff888237c25ea8 of 1 bytes by task 14239 on cpu 1: [ 152.429495][T14239] __lru_add_drain_all+0x12b/0x3f0 [ 152.434592][T14239] lru_add_drain_all+0x10/0x20 [ 152.439344][T14239] invalidate_bdev+0x47/0x70 [ 152.443918][T14239] ext4_put_super+0x624/0x7d0 [ 152.448578][T14239] generic_shutdown_super+0xe3/0x210 [ 152.453859][T14239] kill_block_super+0x2a/0x70 [ 152.458525][T14239] ext4_kill_sb+0x42/0x80 [ 152.462843][T14239] deactivate_locked_super+0x72/0x1c0 [ 152.468211][T14239] deactivate_super+0x97/0xa0 [ 152.472880][T14239] cleanup_mnt+0x269/0x2e0 [ 152.477285][T14239] __cleanup_mnt+0x19/0x20 [ 152.481688][T14239] task_work_run+0x12e/0x1a0 [ 152.486261][T14239] exit_to_user_mode_loop+0xe4/0x100 [ 152.491531][T14239] do_syscall_64+0x1d6/0x200 [ 152.496110][T14239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.502072][T14239] [ 152.504374][T14239] value changed: 0x18 -> 0x1d [ 152.509023][T14239] [ 152.511333][T14239] Reported by Kernel Concurrency Sanitizer on: [ 152.517470][T14239] CPU: 1 UID: 0 PID: 14239 Comm: syz-executor Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(voluntary) [ 152.530125][T14239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 152.540175][T14239] ================================================================== [ 152.560961][T14723] vfat: Unknown parameter '‡±¿í§¾XfÙ…C ê' [ 152.586579][ T29] kauditd_printk_skb: 333 callbacks suppressed [ 152.586592][ T29] audit: type=1326 audit(1755579876.767:11168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.0.3200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1181f9ebe9 code=0x7ffc0000 [ 152.616953][ T29] audit: type=1326 audit(1755579876.767:11169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.0.3200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f1181f9ebe9 code=0x7ffc0000 [ 152.616986][ T29] audit: type=1326 audit(1755579876.767:11170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.0.3200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1181f9ebe9 code=0x7ffc0000 [ 152.617059][ T29] audit: type=1326 audit(1755579876.767:11171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.0.3200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f1181f9ebe9 code=0x7ffc0000 [ 152.617081][ T29] audit: type=1326 audit(1755579876.767:11172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.0.3200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1181f9ebe9 code=0x7ffc0000 [ 152.617370][ T29] audit: type=1326 audit(1755579876.767:11173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.0.3200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f1181f9ebe9 code=0x7ffc0000 [ 152.724192][T14725] netlink: 'syz.0.3200': attribute type 27 has an invalid length. [ 152.735264][ T29] audit: type=1326 audit(1755579876.767:11174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.0.3200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000 [ 152.766950][ T29] audit: type=1326 audit(1755579876.767:11175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.0.3200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1181f9ebe9 code=0x7ffc0000 [ 152.790509][ T29] audit: type=1326 audit(1755579876.767:11176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.0.3200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f1181f9ebe9 code=0x7ffc0000 [ 152.813962][ T29] audit: type=1326 audit(1755579876.767:11177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.0.3200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1181f9ebe9 code=0x7ffc0000 [ 152.853982][T14725] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.861215][T14725] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.898590][T14725] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 152.908086][T14725] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 152.952574][T14726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.963691][T14726] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 152.979188][ T51] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.989036][ T51] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.998243][ T51] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.007736][ T3695] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0