last executing test programs: 3.439536665s ago: executing program 3 (id=567): ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000380)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x8f5a}}, './file0\x00'}) syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x818010, &(0x7f0000000300)={[{@minixdf}, {@grpjquota}]}, 0x3, 0x740, &(0x7f0000001300)="$eJzs3U1rXNUbAPDn3mb+k7b52wgivoBULCqWTppYKV3ZruymWCi4bUMyDTGT3piZqZ2hi3blVkRREEE/gRv3ims/gF9BwZcSF3U1cuetbTqTDm2Sgc7vB3fmPPfO5DknE84DOZc5AUyso/lDGvFiRFxMIo50zycRUWi3piLOdl63defmUn4k0Wpd+itpvyaP47735A5HxK2IeCEifi5EHE8fzlttNNcWK5XyZjeeq61vzFUbzROr64sr5ZXytTOnTi2cOv3OmTO7N9a33v/g+VKvk/O//ZDE2ZjphvePYzd10hXyX+ED3tuLZGOUjLsDPJapiDjQeT4Y7fbUuLsEAOyxVjGiBQBMmET9B4AJ0/s/QG9tb6/WwYb541xETA/KP9VdM5tur0Me2koeWJlIImJ2PzvKU+nW7Yi4Mnv04b+/5KE1267vz4/4s0/uWi/ZKz/l88/ZQfNP2p9/YsD8M927d+IJDZ//7uU/MGT+uzhijvMv17Oh+W9HvJRMDcif9PMnQ/JfGTH/j3eX/x12rfVdxOvb68+BeOCOgmTH+0Pmrq5Wyic7j4NzHK3f/HCn8R8aWP+S9j0sO41/Y8Txz3z26i+3dsj/5ms7f/5JxJ/numv1PXlN/HTE/J8U3v1i2LU8/3Jv/N8cu+/Koz//b0fMf/qVj5ojvhQAAAAAAAAAAAAAAAAAAAAAAAAAAACeCmlEzESSlvrtNC2VOnt4PxeH0kpWrR2/mtWvLUd7r+zZKKS9r1o+0omTPJ7vfh9/L15ot7f68dsR8WxEfF482I5LS1lledyDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICuw9v2//+n2Nn/HwB4yk2PuwMAwL5T/wFg8qj/ADB51H8AmDzqPwBMHvUfACbPY9T/4l70AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICJcfHChfxobd25uZTHy9cb9bXs+onlcnWttF5fKi1lmxullSxbqZRLS9n69vcn2+JKlm0sLET9xlytXK3NVRvNy+tZ/Vrt8ur64kr5crmwbyMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNHNtI8kLUVE2m6naakU8f+ImI1CcnW1Uj4ZEc9ExK/FQjGP58fdaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYZdVGc22xUilvamhoaPQb456ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYP/d2/R73D0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHFKf08iIj/eOHJsZvvV/yV3i+3niPj460tf3lis1Tbn8/N/98/XvuqeXxhH/wGAR+nV6V4dBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBBqo3m2mKlUt6sNpKIuNvq6JzpX3qyxrjHCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7vkvAAD//+YzzVI=") 2.211978957s ago: executing program 3 (id=576): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x4) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r2) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000100100000100000014e200000000"], 0x28}, 0x0) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), 0xffffffffffffffff) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000140000e5b7030000000700008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r8 = eventfd2(0x0, 0x0) read$eventfd(r8, &(0x7f0000000040), 0x8) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r10, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) r12 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/net\x00') sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010c25bd7000ffdbdf251400000008001d00", @ANYRES32=r12, @ANYBLOB="08000300", @ANYRES32=r11], 0x24}, 0x1, 0x0, 0x0, 0x20040801}, 0x20000004) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r2, 0x0, 0x40) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00'}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r2, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000007c0), 0xffffffffffffffff) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000800)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x40) 1.719564948s ago: executing program 0 (id=585): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b000000"], 0x50) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SG_GET_COMMAND_Q(r1, 0x2270, &(0x7f0000000040)) 1.693658709s ago: executing program 1 (id=586): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000140)={0x0, 0x7530}, 0x10) connect$llc(r2, &(0x7f0000000000)={0x1a, 0x1, 0x8, 0x0, 0x0, 0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) 1.615963182s ago: executing program 0 (id=588): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_read_part_table(0x5c2, &(0x7f0000000000)="$eJzs2z1oU2sYB/AnavCil+vi5GQdnFwURzOoJFFRCNEu4qCgiBi4EEGIECjoYDO0NEPp2KUUsvRjapqhw6Wlhc6ldOil0KHTpV0KXZpL6Xv39vYDhN8PDg/v+/7Pec4znPEEv7QL8U+3281ERPfy8e/ubeULT2+WHpZfRUTmTUT0/PXH1MFJJiX+e+qttF5P67HRK53+nSfZ1trL3dtv5xsX0nlfuq6Ot3tPPBxnbiK3cO37j2pxoJb7tFqsb/5cWX4xuZ0vt583mlPPso/fp9xiqpdS/RK1+Baf411UohIfonpK/UdaG3f3bxRbMx8f7BU6g3P3Uq50wjmP2v9rz9DrZv3Rnenrw/drs0vlrYuHucr/+LoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADh/E7mFa99/VIsDtdyn1WJ98+fK8ovJ7Xy5/bzRnHqWffw+5RZTvZTql6jFt/gc76ISlfgQ1VPqP9LauLt/o9ia+fhgr9AZnLuXcqUTznnU/l97hl4364/uTF8fvl+bXSpvXTzMVS6f0QsAAAAAAAAAAAAAAAAAAABAROQLT2+WHpZfRWTiTUT8+fvczMF+N/3vnkm5W6mup/2x0Sud/p0n2dbay93bb+cbf6f9vt8i+iLi6ni799yH4dj+DQAA///B85Xf") 1.372328982s ago: executing program 0 (id=590): unshare(0x4020400) syz_io_uring_setup(0x2439, &(0x7f0000000100)={0x0, 0x1064, 0x20, 0x7, 0x40222}, 0x0, 0x0) 1.298084386s ago: executing program 3 (id=591): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x10) fsopen(0x0, 0x1) 1.229049789s ago: executing program 0 (id=592): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10) 1.136097553s ago: executing program 3 (id=593): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000280)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f0000000580)={0x7, 0x8, 0xfa00, {r3, 0x7ff}}, 0x10) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 1.106236904s ago: executing program 2 (id=594): bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) socket$tipc(0x1e, 0x5, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18) unshare(0x22020400) syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x2151, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x8739, 0xac, &(0x7f0000000640)=""/172, 0x41000, 0x38, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x6, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0x209, 0x9b, 0x7f}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000180)=[{0x1, 0x4, 0xc, 0xc}, {0x4, 0x4, 0x8, 0x8}], 0x10, 0x2}, 0x94) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_SCRNMAP(r2, 0x4b41, &(0x7f0000000200)) ioctl$PIO_UNIMAPCLR(r2, 0x4b68, &(0x7f0000000100)={0x8, 0x39, 0x7}) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000001940)={&(0x7f0000000140)=@newtaction={0x48, 0x30, 0x1, 0x0, 0x0, {}, [{0x34, 0x1, [@m_vlan={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x48}}, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r4 = socket$kcm(0xa, 0x2, 0x0) sendmsg$sock(r4, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 1.095920534s ago: executing program 0 (id=595): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x20081e, &(0x7f0000000140), 0x1, 0x4ef, &(0x7f00000003c0)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W") lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) 1.067448015s ago: executing program 3 (id=596): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000540), 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x10, 0xc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) sendfile(r5, r5, 0x0, 0xe3aa6ea) 964.32113ms ago: executing program 1 (id=597): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$iso9660(&(0x7f0000000540), &(0x7f00000001c0)='./file1\x00', 0x14004, &(0x7f00000005c0)=ANY=[@ANYRES32=0x0], 0x4, 0x70a, &(0x7f00000232c0)="$eJzs3V+P21gZBvDnJJkkk0JVAapWVbdzOmWlqRhSJ7NNFRUkjHOSMSRxZHtgRkJaFTqDRs0UaItEc9PODX+k5Qtwtzdc8CFW4oKr/RZwBdIKhIR2BUJGPraTTOJkJm3a2aXPb7Qb5/j18etjr896xj4GERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERQVgNw6gItO3uzq6czWq4Tif5ksXU/Ki2FdyMJm7OW+dKuF5AhP+gWMRbUfFbXxmFXA7/tY6r0berKIYfRQwuXL5098u5TLL8nIRfBBat8PHTwYN7/f7+ozPEZrFw9ecJmTMEtVTX9hy7Y7aUtD1H1ms149Z205NNu628Pc9XHWm5KuM7rtywbspKvb4lVXnP2em2GmZbJYV3vl41jJr8TiHa0QDKnrVtt9t2t6VjwtlhzB35/g+iAGV2pDw47O9vjeXzLK2Nw6BKSvKZ8eAwqHra5laNarVSqVYrtdv123cMIzdVYISEMYSpiKUftHSeMvHxusAiyzt5E72kjNX4j/FnAbRRRBc72IVM/bHQgAsHnRnzY0n//84tNXe94/1/0suvjGZfge7/r0Xfrs3q/2fkIiH1AmlzxIzyxX5WdEYSj/EUAzzAPfTRxz4eLaFuCbn20jXkjbgll5LPzJ8WFLqw4cGBjQ5MtPBFyLhEoo4aajDwHrbRhAeJJmy0oeBhDx58qPCIyoeZKpjw4cCFxAYs3IREBXXUsQUJhTL24GAHXbTQgIlPgiA4wKFu9604n+cpW40kqDJjIwrIJcfdPqpztnZW///DZ9HScf9vsP9/U0XHQSH6+GheDNFnQBBf/y9o7dVkQ0RERERERESvgtC/fRf6r/JvAwjQtNvKOBFTOLfsiIiIiIiIiGgZBIICrkJEd+XjbYjp638iIiIiIiIi+nwT+hk7AaCkb+oXo8elzvJLgOxrSJGIiIiIiIiIXpJ+8v9aHgj0Xf5rEAtd/xMRERERERHR58Cvx8bYz2XjMXaD5M/6GQBrfymID/9egLsijnu7XxVHZjjHPIpjpu4A8JtXxMV4oF79kQegv1nqqojXJoF/Jb99CH18kD7W//MgIoRwJxLIZ8crmJGACNdcy8Xf8D6uR4tcj8eZvz/IQM+JRhQuNe22KltO+24Fpnkx46td/+cPD38BuMPtPDjs75d/9JP+fZ3LcVh0fBRW+uxEOpn0xhjl8kSPt6CfuUgb3XgVzWSVv+l2SkKv10i2PwvzKDO+onk7oLYKRFv5S6xH+2w9iGJLg+GI+wJY04M/VMp6l53YendFjLKoTG552o6YseVFncWNKObGxo3oI2mTsJ6MKH4tC1TLk/sgTHQsi+p4Fqe3hfjHRPvPzwKiGLbFVpjFH8OKJtri+x9GC2/1dpPhMc6SxdRRQER0Xg5GvZAexHxqjP2ke0hOamfvd5AD4rPcjN59tJYg7j+S3v3J74Koh8oCufhvE+lrSfoVhGf0DaHryUcDuueupJzRjfKnQRCYF4sYP6P/NwiSDTIW6N2OgyCYPKP/YfQOpDjtqSz+HQTB3YruSX470at+EC7wwcz1eu1qFkUU8OTop/gkmb3/4/2H1epWzXjXMG5XsaL/VyH+yIJ9DxERTTn9HTs6IjMnQryL61Ed1+//7Z1o6kSP96X4lgLtFtDHfWwmrxBYS6+1hAN885/RbQib0VUrsF6KPksDefnS3fCqdhh7KHL6DS+bM6/qdGcZxerbG6rD2OS9Q5NXgKPYrVe8F4iIiF6v9Rn9MHCi/8fJ/r94ov/fxEYUsXEl9bq7NHZL4WZydTy8pB9cOE6NrZye/LeW3BhERERvCOV+LEr+r4Tr2r33KvV6xfS3lXQd67vStRstJe2ur1xr2+y2lOy5ju9YTlv2XBTsVeVJb6fXc1xfNh1X9hzP3tVvfpfxq9891TG7vm15vbYyPSUtp+ubli8btmfJ3s6327a3rVy9sNdTlt20LdO3na70nB3XUmUpPaXGAu2G6vp20w4nu7Ln2h3T3ZPfc9o7HSUbyrNcu+c7UYXJuuxu03E7utoygoVfdEhERPT/6PHTwYN7/f7+o8mJ1fDSPCo5xoyY6Yl8SoUcI4iIiOgzZtRdL7BQ8RUmREREREREREREREREREREREREREREREREU05/pG/BiZW0hwWBYcnPLsYleI7RI4ZT9Qi8bD6fun/SA/u9yOKZYYkAcIalkkciBg8+mhO8OixJmn885niRDHEJeOH2+esXgAu6BFFJbokHwPTzo0s/xtImvnEQteisGD0zdVZhuC9yy//PIZx4+PvpWSJs+SAIgvmLF062Yf7sx3MOwKP8nF2wesrx87rPRET0uv0vAAD//ySOL9Y=") r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x123401, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x63, 0xffffffffffffffff, {0x4}}, './file1\x00'}) 847.064455ms ago: executing program 1 (id=598): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb", @ANYBLOB="0000000000000000b70300000000000085000002"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000bc0)='kfree\x00', r0, 0x0, 0xfffffffffffffff4}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket(0x8000000010, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r3}, 0x10) write(r2, &(0x7f00000002c0)="fc0000001c000704ab5b2509b86803000aab087a0400000001481193210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) 781.255248ms ago: executing program 2 (id=599): r0 = socket$inet6(0xa, 0x80002, 0x88) ppoll(&(0x7f0000000d40)=[{r0, 0x8000}], 0x20000000000000e0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0) 732.083489ms ago: executing program 0 (id=600): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x4) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r2) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000100100000100000014e200000000"], 0x28}, 0x0) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), 0xffffffffffffffff) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000140000e5b7030000000700008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r8 = eventfd2(0x0, 0x0) read$eventfd(r8, &(0x7f0000000040), 0x8) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r10, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) r12 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/net\x00') sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010c25bd7000ffdbdf251400000008001d00", @ANYRES32=r12, @ANYBLOB="08000300", @ANYRES32=r11], 0x24}, 0x1, 0x0, 0x0, 0x20040801}, 0x20000004) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r2, 0x0, 0x40) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00'}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r2, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000007c0), 0xffffffffffffffff) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000800)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x40) 712.08496ms ago: executing program 1 (id=601): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000040000000900000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000f9ffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)=0x0) timer_delete(r2) 641.362703ms ago: executing program 1 (id=602): r0 = gettid() r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) rt_sigqueueinfo(r0, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff}) 548.218927ms ago: executing program 2 (id=603): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10) 509.235679ms ago: executing program 2 (id=604): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0a000000040000"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000280)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f0000000580)={0x7, 0x8, 0xfa00, {r3, 0x7ff}}, 0x10) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 322.758637ms ago: executing program 2 (id=605): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000002c0)=@generic={0x0, r0}, 0x18) 148.210754ms ago: executing program 2 (id=606): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='kmem_cache_free\x00', r0, 0x0, 0x6}, 0x18) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000480)=@ccm_128={{0x304}, "794d63e80c0164a6", "35cf3e2c384b547c810772410a076670", "454f7b98", "fc562e29899b57cc"}, 0x28) write$binfmt_script(r1, &(0x7f0000000640)={'#! ', './file0'}, 0xb) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000) close_range(r2, 0xffffffffffffffff, 0x0) 67.489867ms ago: executing program 3 (id=607): socket$inet6_tcp(0xa, 0x1, 0x0) sched_setscheduler(0x0, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, 0x0, 0x4800) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) unshare(0x22020400) r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x20000000000000a7, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000ffffff7f000000000600000018330000ffffffff00000000000000008520000003000000186b0000040000000000000000800000b7080000000000007b8af8ff00000000b70800000c0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000005470600040000001861000007000000000000000600000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000002000850000000c0000f557000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x18, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) unshare(0x2060280) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000240)=ANY=[], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) 0s ago: executing program 1 (id=608): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000e02800850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r0}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000200), &(0x7f0000000280)='%pS \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00'}, 0x10) socket$packet(0x11, 0xa, 0x300) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r3, &(0x7f0000000300)={0x11, 0x0, r4, 0x1, 0x8, 0x6, @remote}, 0x14) syz_emit_ethernet(0xb6, &(0x7f0000000340)=ANY=[], 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.85' (ED25519) to the list of known hosts. [ 55.817963][ T5772] cgroup: Unknown subsys name 'net' [ 55.949557][ T5772] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 57.313353][ T5772] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 59.582214][ T5785] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.598083][ T5785] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 59.614283][ T5785] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.618902][ T5794] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 59.628956][ T5785] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.654704][ T5794] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 59.656052][ T5799] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 59.671072][ T5799] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 59.672995][ T5794] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 59.678536][ T5785] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.688939][ T5800] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 59.694163][ T5785] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 59.700420][ T5794] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 59.706482][ T5799] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 59.721661][ T5799] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 59.722080][ T5794] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 59.730029][ T5799] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.736421][ T5794] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 59.744313][ T5799] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 59.757292][ T5799] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 59.767578][ T5799] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 59.775027][ T5799] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 59.782388][ T5799] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 59.783388][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 60.135536][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 60.269490][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 60.364950][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.372087][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.379853][ T5783] bridge_slave_0: entered allmulticast mode [ 60.387373][ T5783] bridge_slave_0: entered promiscuous mode [ 60.398864][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.406073][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.413572][ T5783] bridge_slave_1: entered allmulticast mode [ 60.420532][ T5783] bridge_slave_1: entered promiscuous mode [ 60.427745][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 60.453546][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 60.464196][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.471393][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.478705][ T5782] bridge_slave_0: entered allmulticast mode [ 60.486302][ T5782] bridge_slave_0: entered promiscuous mode [ 60.527892][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.535751][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.543747][ T5782] bridge_slave_1: entered allmulticast mode [ 60.550436][ T5782] bridge_slave_1: entered promiscuous mode [ 60.608078][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.620367][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.644221][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.683825][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.706956][ T5783] team0: Port device team_slave_0 added [ 60.715764][ T5783] team0: Port device team_slave_1 added [ 60.782028][ T5782] team0: Port device team_slave_0 added [ 60.799363][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.806862][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.814141][ T5787] bridge_slave_0: entered allmulticast mode [ 60.820880][ T5787] bridge_slave_0: entered promiscuous mode [ 60.828502][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.835922][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.843576][ T5790] bridge_slave_0: entered allmulticast mode [ 60.850189][ T5790] bridge_slave_0: entered promiscuous mode [ 60.858566][ T5782] team0: Port device team_slave_1 added [ 60.873861][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.880812][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.906755][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.918527][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.926121][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.933406][ T5787] bridge_slave_1: entered allmulticast mode [ 60.940285][ T5787] bridge_slave_1: entered promiscuous mode [ 60.947012][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.954184][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.961326][ T5790] bridge_slave_1: entered allmulticast mode [ 60.969167][ T5790] bridge_slave_1: entered promiscuous mode [ 60.987310][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.994310][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.020414][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.048706][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.055878][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.081857][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.095178][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.102146][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.128596][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.189528][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.201057][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.214051][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.243716][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.291169][ T5783] hsr_slave_0: entered promiscuous mode [ 61.297475][ T5783] hsr_slave_1: entered promiscuous mode [ 61.329932][ T5782] hsr_slave_0: entered promiscuous mode [ 61.336562][ T5782] hsr_slave_1: entered promiscuous mode [ 61.343151][ T5782] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.350969][ T5782] Cannot create hsr debugfs directory [ 61.371916][ T5787] team0: Port device team_slave_0 added [ 61.381119][ T5790] team0: Port device team_slave_0 added [ 61.390058][ T5790] team0: Port device team_slave_1 added [ 61.418034][ T5787] team0: Port device team_slave_1 added [ 61.492268][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.499384][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.525570][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.542561][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.549603][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.576510][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.592422][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.599471][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.626154][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.638336][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.645611][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.671616][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.760016][ T5790] hsr_slave_0: entered promiscuous mode [ 61.766425][ T5790] hsr_slave_1: entered promiscuous mode [ 61.772367][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.780127][ T5790] Cannot create hsr debugfs directory [ 61.823683][ T5795] Bluetooth: hci3: command tx timeout [ 61.825431][ T5791] Bluetooth: hci1: command tx timeout [ 61.829418][ T51] Bluetooth: hci2: command tx timeout [ 61.840915][ T5799] Bluetooth: hci0: command tx timeout [ 61.878359][ T5787] hsr_slave_0: entered promiscuous mode [ 61.885526][ T5787] hsr_slave_1: entered promiscuous mode [ 61.891528][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.899394][ T5787] Cannot create hsr debugfs directory [ 62.075979][ T5782] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 62.087931][ T5782] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 62.115008][ T5782] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 62.124475][ T5782] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 62.193758][ T5783] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 62.209303][ T5783] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 62.218557][ T5783] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 62.238418][ T5783] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 62.321328][ T5790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.338135][ T5790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.350083][ T5790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.360164][ T5790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.445740][ T5787] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 62.456384][ T5787] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 62.465537][ T5787] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 62.502097][ T5787] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 62.563587][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.581278][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.624730][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.639956][ T3490] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.647278][ T3490] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.661283][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.670293][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.686410][ T3490] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.693543][ T3490] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.724091][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.731196][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.749376][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.756522][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.774643][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.812417][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.819588][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.842509][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.849672][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.935155][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.991752][ T5790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.045239][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.097302][ T3530] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.104503][ T3530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.126835][ T3530] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.134347][ T3530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.219875][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.398958][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.412025][ T5783] veth0_vlan: entered promiscuous mode [ 63.438654][ T5783] veth1_vlan: entered promiscuous mode [ 63.478082][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.543617][ T5783] veth0_macvtap: entered promiscuous mode [ 63.577980][ T5783] veth1_macvtap: entered promiscuous mode [ 63.587178][ T5790] veth0_vlan: entered promiscuous mode [ 63.609866][ T5790] veth1_vlan: entered promiscuous mode [ 63.648147][ T5782] veth0_vlan: entered promiscuous mode [ 63.661232][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.684060][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.696734][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.707608][ T5782] veth1_vlan: entered promiscuous mode [ 63.722349][ T5783] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.732113][ T5783] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.741674][ T5783] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.751552][ T5783] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.775339][ T5790] veth0_macvtap: entered promiscuous mode [ 63.788880][ T5790] veth1_macvtap: entered promiscuous mode [ 63.868194][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.879038][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.890950][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.902846][ T5799] Bluetooth: hci0: command tx timeout [ 63.904301][ T51] Bluetooth: hci3: command tx timeout [ 63.913375][ T5799] Bluetooth: hci2: command tx timeout [ 63.913974][ T5791] Bluetooth: hci1: command tx timeout [ 63.924658][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.937469][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.948693][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.980835][ T3555] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.989194][ T5790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.989268][ T5790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.989291][ T5790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.989315][ T5790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.000530][ T3555] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.052104][ T5787] veth0_vlan: entered promiscuous mode [ 64.071000][ T3490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.084165][ T3490] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.102004][ T5787] veth1_vlan: entered promiscuous mode [ 64.123561][ T5782] veth0_macvtap: entered promiscuous mode [ 64.146642][ T5782] veth1_macvtap: entered promiscuous mode [ 64.210377][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.230186][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.255672][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.267896][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.286211][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.301158][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.316346][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.329557][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.342356][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.356115][ T5874] syz.1.2[5874]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 64.358248][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.369799][ T5874] loop1: detected capacity change from 0 to 128 [ 64.417214][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.433848][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.451855][ T5782] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.464726][ T5782] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.475156][ T5782] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.486911][ T5782] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.504376][ T5787] veth0_macvtap: entered promiscuous mode [ 64.541710][ T5787] veth1_macvtap: entered promiscuous mode [ 64.567301][ T3530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.582590][ T3530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.666917][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.682508][ T5874] syz.1.2: attempt to access beyond end of device [ 64.682508][ T5874] loop1: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 64.696146][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.706971][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.717719][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.727824][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.738721][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.752339][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.811760][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.828601][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.839438][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.857139][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.866813][ T5873] syz.1.2: attempt to access beyond end of device [ 64.866813][ T5873] loop1: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 64.881756][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.892932][ T5873] syz.1.2: attempt to access beyond end of device [ 64.892932][ T5873] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 64.906118][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.916616][ T5873] syz.1.2: attempt to access beyond end of device [ 64.916616][ T5873] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 64.924264][ T5876] loop0: detected capacity change from 0 to 1024 [ 64.931202][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.944273][ T5873] syz.1.2: attempt to access beyond end of device [ 64.944273][ T5873] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 64.948897][ T5876] EXT4-fs: Ignoring removed orlov option [ 64.980816][ T5787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.984659][ T5873] syz.1.2: attempt to access beyond end of device [ 64.984659][ T5873] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 64.993539][ T5787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.007226][ T5873] syz.1.2: attempt to access beyond end of device [ 65.007226][ T5873] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 65.012426][ T5787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.033802][ T5787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.053923][ T5873] syz.1.2: attempt to access beyond end of device [ 65.053923][ T5873] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 65.067565][ T3490] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.073274][ T5873] syz.1.2: attempt to access beyond end of device [ 65.073274][ T5873] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 65.088928][ T5873] syz.1.2: attempt to access beyond end of device [ 65.088928][ T5873] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 65.093980][ T5876] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 65.128317][ T3490] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.278360][ T5876] loop9: detected capacity change from 0 to 7 [ 65.308749][ T3530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.336095][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 65.345424][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 65.362977][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 65.372176][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 65.381539][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 65.390732][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 65.400872][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 65.402962][ T3530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.410033][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 65.426356][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 65.435578][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 65.444716][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 65.453871][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 65.462582][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 65.471772][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 65.479668][ T5793] ldm_validate_partition_table(): Disk read failed. [ 65.491706][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 65.500912][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 65.511443][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 65.520620][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 65.531599][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 65.540782][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 65.559299][ T5793] Dev loop9: unable to read RDB block 0 [ 65.571274][ T5793] loop9: unable to read partition table [ 65.583896][ T5793] loop9: partition table beyond EOD, truncated [ 65.610181][ T5876] ldm_validate_partition_table(): Disk read failed. [ 65.635499][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.645834][ T5876] Dev loop9: unable to read RDB block 0 [ 65.651685][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.664474][ T5876] loop9: unable to read partition table [ 65.670890][ T5876] loop9: partition table beyond EOD, truncated [ 65.693571][ T5876] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 65.693571][ T5876] ) failed (rc=-5) [ 65.739148][ T5883] loop1: detected capacity change from 0 to 8192 [ 65.771011][ T3555] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.787584][ T3555] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.798913][ T5883] ======================================================= [ 65.798913][ T5883] WARNING: The mand mount option has been deprecated and [ 65.798913][ T5883] and is ignored by this kernel. Remove the mand [ 65.798913][ T5883] option from the mount to silence this warning. [ 65.798913][ T5883] ======================================================= [ 65.910138][ T27] audit: type=1326 audit(1764736099.347:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5884 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 65.962392][ T5885] loop3: detected capacity change from 0 to 512 [ 65.988636][ T5791] Bluetooth: hci2: command tx timeout [ 65.993205][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.994174][ T51] Bluetooth: hci0: command tx timeout [ 66.003089][ T5799] Bluetooth: hci1: command tx timeout [ 66.008396][ T5791] Bluetooth: hci3: command tx timeout [ 66.025349][ T27] audit: type=1326 audit(1764736099.347:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5884 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 66.092824][ T27] audit: type=1800 audit(1764736099.347:4): pid=5883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.6" name="file2" dev="loop1" ino=1048593 res=0 errno=0 [ 66.120082][ T27] audit: type=1326 audit(1764736099.387:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5884 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 66.168057][ T27] audit: type=1326 audit(1764736099.387:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5884 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f47b818f783 code=0x7ffc0000 [ 66.229774][ T5885] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 66.282909][ T5885] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.310922][ T27] audit: type=1326 audit(1764736099.387:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5884 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f47b818e1ff code=0x7ffc0000 [ 66.344652][ T5890] netlink: 'syz.2.3': attribute type 13 has an invalid length. [ 66.416050][ T27] audit: type=1326 audit(1764736099.387:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5884 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f47b818f7d7 code=0x7ffc0000 [ 66.478671][ T27] audit: type=1326 audit(1764736099.397:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5884 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f47b818df90 code=0x7ffc0000 [ 66.533939][ T27] audit: type=1326 audit(1764736099.397:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5884 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f47b818f34b code=0x7ffc0000 [ 66.568872][ T27] audit: type=1326 audit(1764736099.457:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5884 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f47b818e3aa code=0x7ffc0000 [ 66.613540][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.989811][ T5902] loop0: detected capacity change from 0 to 512 [ 67.034703][ T5902] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 67.078608][ T5902] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 67.138963][ T5902] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4031: comm syz.0.11: Allocating blocks 41-42 which overlap fs metadata [ 67.155538][ T5890] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.160379][ T5902] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4031: comm syz.0.11: Allocating blocks 41-42 which overlap fs metadata [ 67.163878][ T5890] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.182331][ T5902] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.11: Failed to acquire dquot type 1 [ 67.202689][ T5902] EXT4-fs error (device loop0): mb_free_blocks:1938: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 67.220942][ T5902] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #12: comm syz.0.11: corrupted inode contents [ 67.237868][ T5902] EXT4-fs error (device loop0): ext4_dirty_inode:6120: inode #12: comm syz.0.11: mark_inode_dirty error [ 67.250039][ T5902] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #12: comm syz.0.11: corrupted inode contents [ 67.265946][ T5902] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #12: comm syz.0.11: mark_inode_dirty error [ 67.280931][ T5902] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #12: comm syz.0.11: corrupted inode contents [ 67.297351][ T5902] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem [ 67.324806][ T5902] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #12: comm syz.0.11: corrupted inode contents [ 67.357325][ T5902] EXT4-fs error (device loop0): ext4_truncate:4294: inode #12: comm syz.0.11: mark_inode_dirty error [ 67.388285][ T5902] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem [ 67.417654][ T5902] EXT4-fs (loop0): 1 truncate cleaned up [ 67.425829][ T5902] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 67.599269][ T5902] mmap: syz.0.11 (5902) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 67.718015][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.860120][ T5915] loop0: detected capacity change from 0 to 1024 [ 67.894056][ T5915] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 67.916815][ T5890] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 67.942478][ T5915] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 68.007162][ T5915] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: comm syz.0.14: lblock 0 mapped to illegal pblock 0 (length 1) [ 68.009530][ T5890] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 68.062145][ T5915] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 68.077666][ T51] Bluetooth: hci1: command tx timeout [ 68.083600][ T51] Bluetooth: hci2: command tx timeout [ 68.089354][ T5791] Bluetooth: hci0: command tx timeout [ 68.089379][ T5799] Bluetooth: hci3: command tx timeout [ 68.095916][ T5915] EXT4-fs (loop0): This should not happen!! Data will be lost [ 68.095916][ T5915] [ 68.222111][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 68.666451][ T5890] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.679910][ T5890] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.695731][ T5890] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.705358][ T5890] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.748355][ T5926] loop3: detected capacity change from 0 to 2048 [ 68.797711][ T5926] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.810537][ T5926] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 68.855670][ T5926] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.17: bg 0: block 345: padding at end of block bitmap is not set [ 68.875157][ T5926] EXT4-fs (loop3): Remounting filesystem read-only [ 68.904775][ T5926] EXT4-fs warning (device loop3): ext4_xattr_inode_lookup_create:1619: inode #18: comm syz.3.17: cleanup dec ref error -117 [ 69.011777][ T5921] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.219157][ T5935] loop1: detected capacity change from 0 to 128 [ 69.339133][ T5921] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.352485][ T5937] netlink: 'syz.1.20': attribute type 12 has an invalid length. [ 69.437860][ T5921] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.591981][ T5921] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.657641][ T5944] loop1: detected capacity change from 0 to 512 [ 69.682585][ T5944] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 69.696537][ T5944] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 69.738155][ T5944] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.23: Allocating blocks 41-42 which overlap fs metadata [ 69.754569][ T5890] syz.2.3 (5890) used greatest stack depth: 19760 bytes left [ 69.777794][ T5921] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.791345][ T5944] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.23: Allocating blocks 41-42 which overlap fs metadata [ 69.818431][ T5921] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.838135][ T5944] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.23: Failed to acquire dquot type 1 [ 69.857820][ T5944] EXT4-fs error (device loop1): mb_free_blocks:1938: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 69.879421][ T5921] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.888907][ T5944] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #12: comm syz.1.23: corrupted inode contents [ 69.898829][ T5921] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.915013][ T5949] loop2: detected capacity change from 0 to 128 [ 69.921878][ T5944] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #12: comm syz.1.23: mark_inode_dirty error [ 69.958602][ T5944] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #12: comm syz.1.23: corrupted inode contents [ 70.020887][ T5944] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #12: comm syz.1.23: mark_inode_dirty error [ 70.042941][ T5944] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #12: comm syz.1.23: corrupted inode contents [ 70.072147][ T5944] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem [ 70.090621][ T5944] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #12: comm syz.1.23: corrupted inode contents [ 70.105086][ T5944] EXT4-fs error (device loop1): ext4_truncate:4294: inode #12: comm syz.1.23: mark_inode_dirty error [ 70.133147][ T5944] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem [ 70.153075][ T5944] EXT4-fs (loop1): 1 truncate cleaned up [ 70.159948][ T5944] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.318738][ T5955] bio_check_eod: 1892 callbacks suppressed [ 70.318753][ T5955] syz.2.24: attempt to access beyond end of device [ 70.318753][ T5955] loop2: rw=2049, sector=145, nr_sectors = 768 limit=128 [ 70.345038][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.500708][ T5948] syz.2.24: attempt to access beyond end of device [ 70.500708][ T5948] loop2: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 70.517203][ T5948] syz.2.24: attempt to access beyond end of device [ 70.517203][ T5948] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 70.530793][ T5948] syz.2.24: attempt to access beyond end of device [ 70.530793][ T5948] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 70.551546][ T5948] syz.2.24: attempt to access beyond end of device [ 70.551546][ T5948] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 70.569084][ T5948] syz.2.24: attempt to access beyond end of device [ 70.569084][ T5948] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 70.582628][ T5948] syz.2.24: attempt to access beyond end of device [ 70.582628][ T5948] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 70.601938][ T5948] syz.2.24: attempt to access beyond end of device [ 70.601938][ T5948] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 70.615449][ T5948] syz.2.24: attempt to access beyond end of device [ 70.615449][ T5948] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 70.630469][ T5948] syz.2.24: attempt to access beyond end of device [ 70.630469][ T5948] loop2: rw=0, sector=145, nr_sectors = 8 limit=128 [ 70.967187][ T27] kauditd_printk_skb: 107 callbacks suppressed [ 70.967199][ T27] audit: type=1326 audit(1764736104.407:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5958 comm="syz.1.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b7b8f749 code=0x7ffc0000 [ 71.022923][ T5795] Bluetooth: hci4: command 0x1003 tx timeout [ 71.029711][ T5799] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 71.037830][ T5959] loop1: detected capacity change from 0 to 512 [ 71.049695][ T27] audit: type=1326 audit(1764736104.457:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5958 comm="syz.1.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f47b7b8f749 code=0x7ffc0000 [ 71.086945][ T27] audit: type=1326 audit(1764736104.457:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5958 comm="syz.1.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f47b7b8f783 code=0x7ffc0000 [ 71.128610][ T5963] loop2: detected capacity change from 0 to 128 [ 71.194745][ T5959] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.216854][ T27] audit: type=1326 audit(1764736104.457:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5958 comm="syz.1.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f47b7b8e1ff code=0x7ffc0000 [ 71.242193][ T5959] ext4 filesystem being mounted at /10/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.255330][ T27] audit: type=1326 audit(1764736104.457:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5958 comm="syz.1.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f47b7b8f7d7 code=0x7ffc0000 [ 71.331277][ T27] audit: type=1326 audit(1764736104.457:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5958 comm="syz.1.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f47b7b8df90 code=0x7ffc0000 [ 71.378353][ T27] audit: type=1326 audit(1764736104.457:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5958 comm="syz.1.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f47b7b8f34b code=0x7ffc0000 [ 71.381868][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.411370][ T27] audit: type=1326 audit(1764736104.537:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5958 comm="syz.1.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f47b7b8e3aa code=0x7ffc0000 [ 71.447554][ T27] audit: type=1326 audit(1764736104.537:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5958 comm="syz.1.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f47b7b8e3aa code=0x7ffc0000 [ 71.474228][ T27] audit: type=1326 audit(1764736104.537:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5958 comm="syz.1.36" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f47b7b8de97 code=0x7ffc0000 [ 71.484814][ T5971] loop2: detected capacity change from 0 to 1024 [ 71.523841][ T5971] EXT4-fs: Ignoring removed orlov option [ 71.540646][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.547468][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.572253][ T5971] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.611345][ T5971] loop9: detected capacity change from 0 to 7 [ 71.619219][ C1] blk_print_req_error: 23 callbacks suppressed [ 71.619236][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 71.634668][ C1] buffer_io_error: 1915 callbacks suppressed [ 71.634681][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.650708][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 71.659924][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.676099][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 71.685323][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.694760][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.704143][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 71.713378][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.721432][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 71.730667][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.743781][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 71.753006][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.782767][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 71.791954][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.799938][ T5792] ldm_validate_partition_table(): Disk read failed. [ 71.808424][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 71.817622][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.826778][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 71.836015][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.845192][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 71.854423][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 71.862529][ T5792] Dev loop9: unable to read RDB block 0 [ 71.873629][ T5976] netlink: 'syz.1.33': attribute type 13 has an invalid length. [ 71.874680][ T5978] loop0: detected capacity change from 0 to 128 [ 71.894530][ T5792] loop9: unable to read partition table [ 71.905600][ T5792] loop9: partition table beyond EOD, truncated [ 71.923277][ T5971] ldm_validate_partition_table(): Disk read failed. [ 71.933659][ T5971] Dev loop9: unable to read RDB block 0 [ 71.958122][ T5971] loop9: unable to read partition table [ 71.975329][ T5971] loop9: partition table beyond EOD, truncated [ 71.989235][ T5971] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 71.989235][ T5971] ) failed (rc=-5) [ 72.193070][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.459117][ T5984] loop3: detected capacity change from 0 to 8192 [ 72.471614][ T5976] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.479555][ T5976] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.143940][ T5976] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 73.193652][ T5976] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 73.571172][ T5976] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.581403][ T5976] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.590854][ T5976] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.600052][ T5976] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.721889][ T5985] netlink: 'syz.0.44': attribute type 12 has an invalid length. [ 74.381388][ T6004] loop0: detected capacity change from 0 to 2048 [ 74.463879][ T6004] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.553389][ T6004] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 74.668907][ T6004] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.42: bg 0: block 345: padding at end of block bitmap is not set [ 74.707889][ T6004] EXT4-fs (loop0): Remounting filesystem read-only [ 74.722899][ T6004] EXT4-fs warning (device loop0): ext4_xattr_inode_lookup_create:1619: inode #18: comm syz.0.42: cleanup dec ref error -117 [ 74.772620][ T6018] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.814016][ T59] Bluetooth: hci4: Frame reassembly failed (-84) [ 74.906182][ T6018] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.025762][ T6018] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.140612][ T6018] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.170696][ T6027] syzkaller1: entered promiscuous mode [ 75.176508][ T6027] syzkaller1: entered allmulticast mode [ 75.272799][ T6018] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.295144][ T6018] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.309971][ T6018] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.325802][ T6018] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.458781][ T6032] netlink: 'syz.3.54': attribute type 13 has an invalid length. [ 75.550750][ T6037] loop1: detected capacity change from 0 to 128 [ 75.700270][ T6032] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.708490][ T6032] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.152041][ T6032] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.227390][ T6032] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.435748][ T6032] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.447488][ T6032] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.456490][ T6032] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.465375][ T6032] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.873054][ T5799] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 76.876624][ T5795] Bluetooth: hci4: command 0x1003 tx timeout [ 77.479162][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.678500][ T6097] loop3: detected capacity change from 0 to 512 [ 78.723576][ T5793] udevd[5793]: failed to send result of seq 10863 to main daemon: Connection refused [ 78.766324][ T6097] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 78.780816][ T6097] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 78.830800][ T6097] EXT4-fs (loop3): 1 truncate cleaned up [ 78.850695][ T6097] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.914006][ T6097] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.480066][ T6111] netlink: 'syz.0.76': attribute type 13 has an invalid length. [ 79.744634][ T6126] loop3: detected capacity change from 0 to 1024 [ 79.751828][ T6126] EXT4-fs: inline encryption not supported [ 79.867847][ T6126] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.617816][ T6111] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.625587][ T6111] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.647756][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.834691][ T6145] loop3: detected capacity change from 0 to 128 [ 81.364400][ T6111] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 81.402980][ T6111] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 81.815088][ T28] cfg80211: failed to load regulatory.db [ 81.849216][ T6111] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.858132][ T6111] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.866816][ T6111] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.875386][ T6111] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.802827][ T6182] netlink: 'syz.0.95': attribute type 12 has an invalid length. [ 82.897317][ T6184] loop0: detected capacity change from 0 to 1024 [ 82.910202][ T6184] EXT4-fs: Mount option(s) incompatible with ext2 [ 83.389306][ T27] kauditd_printk_skb: 11 callbacks suppressed [ 83.389319][ T27] audit: type=1326 audit(1764736116.827:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 83.457151][ T27] audit: type=1326 audit(1764736116.857:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 83.556558][ T27] audit: type=1326 audit(1764736116.857:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 83.617488][ T27] audit: type=1326 audit(1764736116.857:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 83.644935][ T27] audit: type=1326 audit(1764736116.857:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 83.690106][ T27] audit: type=1326 audit(1764736116.857:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 83.717558][ T27] audit: type=1326 audit(1764736116.857:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 83.761794][ T27] audit: type=1326 audit(1764736116.857:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 83.797136][ T27] audit: type=1326 audit(1764736116.857:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 83.827573][ T6201] loop2: detected capacity change from 0 to 2048 [ 83.833372][ T27] audit: type=1326 audit(1764736116.857:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 83.905841][ T6201] loop2: p1 < > p4 [ 83.916646][ T6201] loop2: p4 size 8388608 extends beyond EOD, truncated [ 84.277822][ T6221] netlink: 28 bytes leftover after parsing attributes in process `syz.2.111'. [ 84.455081][ T6227] loop2: detected capacity change from 0 to 1024 [ 84.495070][ T6227] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=802c018, mo2=0002] [ 84.535966][ T6227] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.495130][ T6234] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 88: padding at end of block bitmap is not set [ 85.615317][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.932784][ T6268] loop1: detected capacity change from 0 to 1024 [ 85.986854][ T6268] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.087531][ T6268] EXT4-fs error (device loop1): ext4_read_inline_dir:1573: inode #12: block 7: comm syz.1.130: path /43/file1/file0: bad entry in directory: inode out of bounds - offset=24, inode=150994957, rec_len=16, size=80 fake=0 [ 86.102688][ T6283] loop3: detected capacity change from 0 to 512 [ 86.126194][ T6281] bridge_slave_0: left allmulticast mode [ 86.132061][ T6281] bridge_slave_0: left promiscuous mode [ 86.132201][ T6283] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 86.139877][ T6281] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.164878][ T6281] bridge_slave_1: left allmulticast mode [ 86.165798][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.171270][ T6283] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.136: invalid indirect mapped block 8 (level 2) [ 86.193507][ T6281] bridge_slave_1: left promiscuous mode [ 86.199367][ T6281] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.213792][ T6281] bond0: (slave bond_slave_0): Releasing backup interface [ 86.225761][ T6283] EXT4-fs (loop3): Remounting filesystem read-only [ 86.238252][ T6281] bond0: (slave bond_slave_1): Releasing backup interface [ 86.245991][ T6283] EXT4-fs (loop3): 1 truncate cleaned up [ 86.258727][ T6283] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.259780][ T6281] team0: Port device team_slave_0 removed [ 86.280228][ T6281] team0: Port device team_slave_1 removed [ 86.290981][ T6281] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 86.299706][ T6281] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 86.310267][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.415610][ T6293] netlink: 'syz.0.139': attribute type 13 has an invalid length. [ 88.101292][ T6330] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 88.955986][ T27] kauditd_printk_skb: 38 callbacks suppressed [ 88.956000][ T27] audit: type=1326 audit(1764736122.397:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.0.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 89.009806][ T27] audit: type=1326 audit(1764736122.427:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.0.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 89.035182][ T27] audit: type=1326 audit(1764736122.447:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.0.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 89.081563][ T6369] loop3: detected capacity change from 0 to 512 [ 89.092562][ T27] audit: type=1326 audit(1764736122.447:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.0.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 89.115389][ T27] audit: type=1326 audit(1764736122.457:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.0.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=120 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 89.139543][ T27] audit: type=1326 audit(1764736122.457:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.0.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 89.164126][ T27] audit: type=1326 audit(1764736122.457:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.0.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 89.200144][ T6369] EXT4-fs warning (device loop3): ext4_xattr_inode_get:563: inode #11: comm syz.3.171: EA inode hash validation failed [ 89.223999][ T6369] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 89.238620][ T6369] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #15: comm syz.3.171: corrupted inode contents [ 89.262847][ T6369] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #15: comm syz.3.171: mark_inode_dirty error [ 89.289514][ T6377] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 89.296361][ T6377] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 89.311906][ T6369] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #15: comm syz.3.171: corrupted inode contents [ 89.316718][ T6377] vhci_hcd vhci_hcd.0: Device attached [ 89.337939][ T6369] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3017: inode #15: comm syz.3.171: mark_inode_dirty error [ 89.361887][ T6378] vhci_hcd: connection closed [ 89.364870][ T3530] vhci_hcd: stop threads [ 89.386782][ T3530] vhci_hcd: release socket [ 89.391270][ T3530] vhci_hcd: disconnect device [ 89.392450][ T6369] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3020: inode #15: comm syz.3.171: mark inode dirty (error -117) [ 89.414475][ T6369] EXT4-fs warning (device loop3): ext4_evict_inode:272: xattr delete (err -117) [ 89.430158][ T6369] EXT4-fs (loop3): 1 orphan inode deleted [ 89.438186][ T6369] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.439040][ T6385] loop2: detected capacity change from 0 to 164 [ 89.468245][ T6385] ISOFS: unable to read i-node block [ 89.480121][ T6385] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 89.537551][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.598500][ T27] audit: type=1326 audit(1764736123.027:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6393 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 89.653770][ T27] audit: type=1326 audit(1764736123.027:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6393 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 89.703052][ T27] audit: type=1326 audit(1764736123.057:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6393 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 89.809214][ T6405] loop3: detected capacity change from 0 to 128 [ 90.098657][ T6421] xt_CT: You must specify a L4 protocol and not use inversions on it [ 90.235863][ T6429] loop1: detected capacity change from 0 to 128 [ 90.258518][ T6429] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 90.276082][ T6429] ext4 filesystem being mounted at /60/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 90.443790][ T5783] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 90.481413][ T6444] netlink: 'syz.3.204': attribute type 16 has an invalid length. [ 90.490162][ T6444] netlink: 156 bytes leftover after parsing attributes in process `syz.3.204'. [ 90.597507][ T6450] veth2: entered promiscuous mode [ 90.610185][ T6450] veth2: entered allmulticast mode [ 90.626402][ T6448] netlink: 'syz.1.203': attribute type 7 has an invalid length. [ 90.768444][ T6459] team0: entered promiscuous mode [ 90.773617][ T6459] team_slave_0: entered promiscuous mode [ 90.787289][ T6459] team_slave_1: entered promiscuous mode [ 90.933347][ T6461] loop3: detected capacity change from 0 to 8192 [ 90.975307][ T6461] bio_check_eod: 9277 callbacks suppressed [ 90.975323][ T6461] syz.3.209: attempt to access beyond end of device [ 90.975323][ T6461] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 90.995404][ T6461] buffer_io_error: 8676 callbacks suppressed [ 90.995418][ T6461] Buffer I/O error on dev loop3, logical block 57847, async page read [ 91.014053][ T6461] syz.3.209: attempt to access beyond end of device [ 91.014053][ T6461] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 91.042922][ T6461] Buffer I/O error on dev loop3, logical block 57847, async page read [ 91.052067][ T6461] syz.3.209: attempt to access beyond end of device [ 91.052067][ T6461] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 91.070724][ T6461] Buffer I/O error on dev loop3, logical block 57847, async page read [ 91.079953][ T6461] syz.3.209: attempt to access beyond end of device [ 91.079953][ T6461] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 91.120553][ T6461] Buffer I/O error on dev loop3, logical block 57847, async page read [ 91.133156][ T6461] syz.3.209: attempt to access beyond end of device [ 91.133156][ T6461] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 91.163143][ T6461] Buffer I/O error on dev loop3, logical block 57847, async page read [ 91.176367][ T6476] ip6t_srh: unknown srh match flags 4000 [ 91.183644][ T6461] syz.3.209: attempt to access beyond end of device [ 91.183644][ T6461] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 91.197726][ T6461] Buffer I/O error on dev loop3, logical block 57847, async page read [ 91.207095][ T6461] syz.3.209: attempt to access beyond end of device [ 91.207095][ T6461] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 91.225774][ T6461] Buffer I/O error on dev loop3, logical block 57847, async page read [ 91.234569][ T6461] syz.3.209: attempt to access beyond end of device [ 91.234569][ T6461] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 91.256646][ T6461] Buffer I/O error on dev loop3, logical block 57847, async page read [ 91.293165][ T6461] syz.3.209: attempt to access beyond end of device [ 91.293165][ T6461] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 91.321786][ T6461] Buffer I/O error on dev loop3, logical block 57847, async page read [ 91.339262][ T6461] syz.3.209: attempt to access beyond end of device [ 91.339262][ T6461] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 91.353694][ T6461] Buffer I/O error on dev loop3, logical block 57847, async page read [ 91.442340][ T6488] loop1: detected capacity change from 0 to 512 [ 91.476807][ T6488] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.225: inode has both inline data and extents flags [ 91.510773][ T6488] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.225: couldn't read orphan inode 15 (err -117) [ 91.564416][ T6488] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.593511][ T6495] loop0: detected capacity change from 0 to 164 [ 91.617207][ T6495] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 91.621074][ T6488] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters [ 91.726748][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.763500][ T6500] loop0: detected capacity change from 0 to 512 [ 91.975077][ T6509] loop1: detected capacity change from 0 to 1024 [ 92.013971][ T6509] EXT4-fs: Ignoring removed orlov option [ 92.052851][ T6509] EXT4-fs: Ignoring removed mblk_io_submit option [ 92.086808][ T6517] netlink: 'syz.0.238': attribute type 1 has an invalid length. [ 92.113514][ T6509] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a814e018, mo2=0002] [ 92.115776][ T6517] 8021q: adding VLAN 0 to HW filter on device bond1 [ 92.121723][ T6509] System zones: [ 92.146879][ T6520] loop3: detected capacity change from 0 to 1024 [ 92.154065][ T6509] 0-1 [ 92.158700][ T6520] EXT4-fs: Ignoring removed orlov option [ 92.158831][ T6509] , 3-12 [ 92.198593][ T6520] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.209420][ T6509] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.322055][ T6530] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2249: inode #15: comm syz.3.239: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 92.375268][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.400977][ T6533] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2249: inode #15: comm syz.3.239: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 92.567270][ T6540] loop2: detected capacity change from 0 to 764 [ 92.587294][ T6540] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 92.637364][ T6540] Symlink component flag not implemented [ 92.663845][ T6540] Symlink component flag not implemented (7) [ 92.987355][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.113126][ T6548] netlink: 120 bytes leftover after parsing attributes in process `syz.0.250'. [ 93.240592][ T6562] netlink: 48 bytes leftover after parsing attributes in process `syz.2.257'. [ 94.466304][ T27] kauditd_printk_skb: 66 callbacks suppressed [ 94.466316][ T27] audit: type=1326 audit(1764736127.907:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6597 comm="syz.1.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b7b8f749 code=0x7ffc0000 [ 94.684973][ T27] audit: type=1326 audit(1764736127.907:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6597 comm="syz.1.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b7b8f749 code=0x7ffc0000 [ 95.003101][ T27] audit: type=1326 audit(1764736127.907:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6597 comm="syz.1.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f47b7b8f749 code=0x7ffc0000 [ 95.050960][ T27] audit: type=1326 audit(1764736127.907:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6597 comm="syz.1.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b7b8f749 code=0x7ffc0000 [ 95.219622][ T27] audit: type=1326 audit(1764736128.657:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6606 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 95.277435][ T6607] loop0: detected capacity change from 0 to 2048 [ 95.284390][ T27] audit: type=1326 audit(1764736128.687:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6606 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 95.309990][ T27] audit: type=1326 audit(1764736128.687:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6606 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 95.332876][ T27] audit: type=1326 audit(1764736128.687:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6606 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 95.362551][ T27] audit: type=1326 audit(1764736128.687:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6606 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 95.390251][ T6607] loop0: p1 < > p4 [ 95.396124][ T6607] loop0: p4 size 8388608 extends beyond EOD, truncated [ 95.418485][ T27] audit: type=1326 audit(1764736128.687:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6606 comm="syz.0.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436158f749 code=0x7ffc0000 [ 95.612302][ T6625] netlink: 'syz.3.286': attribute type 12 has an invalid length. [ 95.644724][ T6629] loop2: detected capacity change from 0 to 512 [ 95.714944][ T6629] EXT4-fs error (device loop2): ext4_xattr_inode_iget:444: inode #11: comm syz.2.287: iget: bad extra_isize 90 (inode size 256) [ 95.732306][ T6629] EXT4-fs (loop2): Remounting filesystem read-only [ 95.781314][ T6629] EXT4-fs warning (device loop2): ext4_evict_inode:255: couldn't mark inode dirty (err -5) [ 95.832928][ T6629] EXT4-fs (loop2): 1 orphan inode deleted [ 95.840085][ T6629] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.684294][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.109792][ T6657] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 97.585876][ T6664] loop1: detected capacity change from 0 to 512 [ 97.635610][ T6664] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 97.714272][ T6664] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 97.775381][ T6664] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm wg1: bg 0: block 248: padding at end of block bitmap is not set [ 97.858094][ T6664] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm wg1: Failed to acquire dquot type 1 [ 97.943691][ T6664] EXT4-fs (loop1): 1 truncate cleaned up [ 97.954725][ T6671] loop0: detected capacity change from 0 to 128 [ 97.967858][ T6664] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 98.083108][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 98.165681][ T6671] bio_check_eod: 2104 callbacks suppressed [ 98.165699][ T6671] syz.0.298: attempt to access beyond end of device [ 98.165699][ T6671] loop0: rw=2049, sector=169, nr_sectors = 872 limit=128 [ 98.225504][ T6683] loop1: detected capacity change from 0 to 128 [ 99.561952][ T6710] loop2: detected capacity change from 0 to 128 [ 99.577614][ T6712] syz.0.309 uses obsolete (PF_INET,SOCK_PACKET) [ 100.979731][ T6754] loop2: detected capacity change from 0 to 128 [ 101.138378][ T6761] netlink: 8 bytes leftover after parsing attributes in process `syz.3.327'. [ 101.315859][ T6761] syz.3.327 (6761) used greatest stack depth: 17672 bytes left [ 101.395384][ T27] kauditd_printk_skb: 91 callbacks suppressed [ 101.395397][ T27] audit: type=1326 audit(1764736134.837:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6770 comm="syz.3.332" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f47b818f749 code=0x0 [ 101.749593][ T6780] netlink: 'syz.3.332': attribute type 3 has an invalid length. [ 102.140002][ T6780] netlink: 8 bytes leftover after parsing attributes in process `syz.3.332'. [ 102.258808][ T6785] loop1: detected capacity change from 0 to 128 [ 102.277445][ T6780] loop3: detected capacity change from 0 to 512 [ 102.289017][ T6780] EXT4-fs: Ignoring removed nobh option [ 102.382013][ T6780] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #3: comm syz.3.332: corrupted inode contents [ 102.439906][ T6780] EXT4-fs (loop3): Remounting filesystem read-only [ 102.462835][ T6780] Quota error (device loop3): write_blk: dquota write failed [ 102.470674][ T6780] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 102.483047][ T6780] EXT4-fs (loop3): 1 truncate cleaned up [ 102.511659][ T6780] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.549774][ T6780] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.756772][ T6042] IPVS: starting estimator thread 0... [ 102.769367][ T27] audit: type=1326 audit(1764736136.207:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="wg1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 102.802810][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.808392][ T6812] loop2: detected capacity change from 0 to 512 [ 102.822747][ T27] audit: type=1326 audit(1764736136.207:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 102.847000][ T27] audit: type=1326 audit(1764736136.207:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 102.869872][ T27] audit: type=1326 audit(1764736136.207:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="wg1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 102.897327][ T6813] IPVS: using max 23 ests per chain, 55200 per kthread [ 102.916875][ T27] audit: type=1326 audit(1764736136.207:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="wg1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 102.952753][ T27] audit: type=1326 audit(1764736136.207:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 103.002880][ T27] audit: type=1326 audit(1764736136.207:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6810 comm="syz.2.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 103.112188][ T6823] smc: net device bond0 applied user defined pnetid SYZ0 [ 103.126057][ T6823] netlink: 12 bytes leftover after parsing attributes in process `syz.3.350'. [ 103.188323][ T6823] netlink: 12 bytes leftover after parsing attributes in process `syz.3.350'. [ 103.219502][ T6830] netlink: 12 bytes leftover after parsing attributes in process `syz.3.350'. [ 103.304235][ T6830] netlink: 12 bytes leftover after parsing attributes in process `syz.3.350'. [ 103.325471][ T6837] netlink: 'syz.2.353': attribute type 12 has an invalid length. [ 103.434283][ T6823] netlink: 12 bytes leftover after parsing attributes in process `syz.3.350'. [ 103.498304][ T6830] netlink: 12 bytes leftover after parsing attributes in process `syz.3.350'. [ 103.680188][ T6855] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 103.686762][ T6855] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 103.698143][ T6855] vhci_hcd vhci_hcd.0: Device attached [ 103.709522][ T6856] vhci_hcd: connection closed [ 103.715808][ T59] vhci_hcd: stop threads [ 103.748341][ T59] vhci_hcd: release socket [ 103.761761][ T59] vhci_hcd: disconnect device [ 103.803994][ T6865] bridge_slave_0: left allmulticast mode [ 103.809684][ T6865] bridge_slave_0: left promiscuous mode [ 103.816514][ T6865] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.825959][ T6865] bridge_slave_1: left allmulticast mode [ 103.831686][ T6865] bridge_slave_1: left promiscuous mode [ 103.837847][ T6865] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.848513][ T6865] bond0: (slave bond_slave_0): Releasing backup interface [ 103.857875][ T6865] bond0: (slave bond_slave_1): Releasing backup interface [ 103.871352][ T6865] team0: Port device team_slave_0 removed [ 103.886128][ T6865] team0: Port device team_slave_1 removed [ 103.896382][ T6865] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.917408][ T6865] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 104.100752][ T6868] netlink: 'syz.2.362': attribute type 12 has an invalid length. [ 104.429781][ T6879] loop2: detected capacity change from 0 to 512 [ 104.449120][ T6879] EXT4-fs (loop2): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 104.488991][ T6879] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #15: comm syz.2.368: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 104.511819][ T6879] EXT4-fs warning (device loop2): ext4_resize_begin:84: There are errors in the filesystem, so online resizing is not allowed [ 104.604013][ T5787] EXT4-fs (loop2): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 105.074578][ T6906] netlink: 96 bytes leftover after parsing attributes in process `syz.2.377'. [ 105.101748][ T6907] loop3: detected capacity change from 0 to 128 [ 105.383859][ T6921] netlink: 'syz.2.383': attribute type 12 has an invalid length. [ 105.786170][ T6936] loop2: detected capacity change from 0 to 128 [ 105.915315][ T6943] netlink: 'syz.3.392': attribute type 12 has an invalid length. [ 106.153672][ T6955] loop0: detected capacity change from 0 to 164 [ 106.202818][ T6955] process 'syz.0.395' launched '/dev/fd/3' with NULL argv: empty string added [ 106.239009][ T6955] syz.0.395: attempt to access beyond end of device [ 106.239009][ T6955] loop0: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 106.256442][ T6955] syz.0.395: attempt to access beyond end of device [ 106.256442][ T6955] loop0: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 106.432450][ T6969] loop0: detected capacity change from 0 to 128 [ 106.472025][ T27] kauditd_printk_skb: 134 callbacks suppressed [ 106.472038][ T27] audit: type=1326 audit(1764736139.907:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6970 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 106.501969][ T27] audit: type=1326 audit(1764736139.907:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6970 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 106.542786][ T27] audit: type=1326 audit(1764736139.907:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6970 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 106.572035][ T27] audit: type=1326 audit(1764736139.907:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6970 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 106.595546][ T27] audit: type=1326 audit(1764736139.907:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6970 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 106.619075][ T27] audit: type=1326 audit(1764736139.907:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6970 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 106.646946][ T27] audit: type=1326 audit(1764736139.967:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6970 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 106.667139][ T6973] netlink: 'syz.0.402': attribute type 12 has an invalid length. [ 106.675259][ T27] audit: type=1326 audit(1764736139.967:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6970 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 106.699795][ T27] audit: type=1326 audit(1764736139.977:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6970 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 106.723110][ T27] audit: type=1326 audit(1764736139.977:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6970 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b818f749 code=0x7ffc0000 [ 106.921327][ T6988] loop2: detected capacity change from 0 to 128 [ 106.979356][ T6992] loop1: detected capacity change from 0 to 1024 [ 106.993462][ T6992] EXT4-fs: Ignoring removed mblk_io_submit option [ 107.000052][ T6992] EXT4-fs: inline encryption not supported [ 107.012569][ T6992] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 107.067893][ T6992] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.411: bad orphan inode 11 [ 107.096838][ T6992] EXT4-fs (loop1): Remounting filesystem read-only [ 107.112787][ T6992] ext4_test_bit(bit=10, block=4) = 1 [ 107.114410][ T7002] netlink: 'syz.2.413': attribute type 12 has an invalid length. [ 107.118204][ T6992] is_bad_inode(inode)=0 [ 107.130247][ T6992] NEXT_ORPHAN(inode)=3254779904 [ 107.135462][ T6992] max_ino=32 [ 107.140335][ T6992] i_nlink=0 [ 107.147822][ T6992] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.264018][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.475656][ T7020] loop3: detected capacity change from 0 to 128 [ 107.686171][ T7031] netlink: 'syz.3.425': attribute type 12 has an invalid length. [ 108.058031][ T7044] loop3: detected capacity change from 0 to 512 [ 108.084625][ T7044] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 108.107670][ T7044] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.430: invalid indirect mapped block 1024 (level 0) [ 108.136973][ T7044] EXT4-fs (loop3): Remounting filesystem read-only [ 108.171126][ T7044] EXT4-fs (loop3): 1 orphan inode deleted [ 108.192935][ T7044] EXT4-fs (loop3): 1 truncate cleaned up [ 108.199822][ T7044] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.324469][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.324792][ T7050] loop0: detected capacity change from 0 to 128 [ 108.583062][ T7057] netlink: 'syz.0.436': attribute type 12 has an invalid length. [ 108.892277][ T7012] syz.1.418: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 108.922229][ T7012] CPU: 1 PID: 7012 Comm: syz.1.418 Not tainted syzkaller #0 [ 108.929576][ T7012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 108.939673][ T7012] Call Trace: [ 108.942979][ T7012] [ 108.945943][ T7012] dump_stack_lvl+0x16c/0x230 [ 108.950664][ T7012] ? show_regs_print_info+0x20/0x20 [ 108.955897][ T7012] ? load_image+0x3b0/0x3b0 [ 108.960427][ T7012] ? __rcu_read_unlock+0x7c/0xd0 [ 108.965392][ T7012] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 108.971834][ T7012] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 108.978369][ T7012] warn_alloc+0x210/0x300 [ 108.982715][ T7012] ? zone_watermark_ok_safe+0x230/0x230 [ 108.988266][ T7012] ? _raw_spin_unlock+0x28/0x40 [ 108.993120][ T7012] __vmalloc_node_range+0x662/0x1320 [ 108.998423][ T7012] ? free_vm_area+0x50/0x50 [ 109.002921][ T7012] ? _raw_spin_unlock+0x28/0x40 [ 109.007767][ T7012] ? __kasan_kmalloc+0x8f/0xa0 [ 109.012526][ T7012] __vmalloc_node_range+0x568/0x1320 [ 109.017809][ T7012] ? hash_netiface_create+0x361/0xff0 [ 109.023182][ T7012] ? __asan_memset+0x22/0x40 [ 109.027787][ T7012] ? free_vm_area+0x50/0x50 [ 109.032286][ T7012] ? kvmalloc_node+0x70/0x180 [ 109.036958][ T7012] ? rcu_is_watching+0x15/0xb0 [ 109.041716][ T7012] ? kvmalloc_node+0x70/0x180 [ 109.046390][ T7012] ? trace_kmalloc+0x1f/0xa0 [ 109.051008][ T7012] kvmalloc_node+0x13f/0x180 [ 109.055723][ T7012] ? hash_netiface_create+0x361/0xff0 [ 109.061210][ T7012] hash_netiface_create+0x361/0xff0 [ 109.066422][ T7012] ? __lock_acquire+0x7c80/0x7c80 [ 109.071448][ T7012] ? __nla_parse+0x40/0x50 [ 109.075864][ T7012] ? hash_netport6_gc+0x570/0x570 [ 109.080883][ T7012] ip_set_create+0xa87/0x18e0 [ 109.085559][ T7012] ? ip_set_create+0x4b2/0x18e0 [ 109.090419][ T7012] ? ip_set_protocol+0x5d0/0x5d0 [ 109.095352][ T7012] ? trace_contention_end+0x39/0xe0 [ 109.100570][ T7012] nfnetlink_rcv_msg+0xb49/0x1130 [ 109.105592][ T7012] ? nfnetlink_rcv_msg+0x20e/0x1130 [ 109.110796][ T7012] ? nfnetlink_unbind+0x160/0x160 [ 109.115834][ T7012] ? load_balance+0x4174/0x54d0 [ 109.120687][ T7012] netlink_rcv_skb+0x216/0x480 [ 109.125450][ T7012] ? nfnetlink_unbind+0x160/0x160 [ 109.130470][ T7012] ? netlink_ack+0x1110/0x1110 [ 109.135239][ T7012] ? apparmor_capable+0x137/0x1a0 [ 109.140256][ T7012] ? bpf_lsm_capable+0x9/0x10 [ 109.144927][ T7012] ? security_capable+0x89/0xb0 [ 109.149782][ T7012] nfnetlink_rcv+0x274/0x2180 [ 109.154456][ T7012] ? mark_lock+0x94/0x320 [ 109.158780][ T7012] ? mark_lock+0x94/0x320 [ 109.163102][ T7012] ? __lock_acquire+0x1260/0x7c80 [ 109.168123][ T7012] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 109.173667][ T7012] ? kmalloc_reserve+0x95/0x240 [ 109.178520][ T7012] ? verify_lock_unused+0x140/0x140 [ 109.183718][ T7012] ? __netlink_lookup+0xbe/0x810 [ 109.188667][ T7012] ? netlink_deliver_tap+0x2e/0x1b0 [ 109.193865][ T7012] ? __lock_acquire+0x7c80/0x7c80 [ 109.198880][ T7012] ? net_generic+0x1e/0x240 [ 109.203379][ T7012] ? netlink_deliver_tap+0x2e/0x1b0 [ 109.208578][ T7012] netlink_unicast+0x751/0x8d0 [ 109.213344][ T7012] netlink_sendmsg+0x8c1/0xbe0 [ 109.218123][ T7012] ? netlink_getsockopt+0x580/0x580 [ 109.223325][ T7012] ? aa_sock_msg_perm+0x94/0x150 [ 109.228261][ T7012] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 109.233539][ T7012] ? security_socket_sendmsg+0x80/0xa0 [ 109.239002][ T7012] ? netlink_getsockopt+0x580/0x580 [ 109.244202][ T7012] ____sys_sendmsg+0x5bf/0x950 [ 109.248995][ T7012] ? __asan_memset+0x22/0x40 [ 109.253599][ T7012] ? __sys_sendmsg_sock+0x30/0x30 [ 109.258636][ T7012] ? __import_iovec+0x5f2/0x860 [ 109.263495][ T7012] ? import_iovec+0x73/0xa0 [ 109.267997][ T7012] ___sys_sendmsg+0x220/0x290 [ 109.272679][ T7012] ? __sys_sendmsg+0x270/0x270 [ 109.277476][ T7012] __se_sys_sendmsg+0x1a5/0x270 [ 109.282326][ T7012] ? __x64_sys_sendmsg+0x80/0x80 [ 109.287354][ T7012] ? lockdep_hardirqs_on+0x98/0x150 [ 109.292542][ T7012] do_syscall_64+0x55/0xb0 [ 109.296951][ T7012] ? clear_bhb_loop+0x40/0x90 [ 109.301620][ T7012] ? clear_bhb_loop+0x40/0x90 [ 109.306291][ T7012] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 109.312179][ T7012] RIP: 0033:0x7f47b7b8f749 [ 109.316595][ T7012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.336195][ T7012] RSP: 002b:00007f47b8b1b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.344607][ T7012] RAX: ffffffffffffffda RBX: 00007f47b7de5fa0 RCX: 00007f47b7b8f749 [ 109.352567][ T7012] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000004 [ 109.360530][ T7012] RBP: 00007f47b7c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 109.368489][ T7012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.376448][ T7012] R13: 00007f47b7de6038 R14: 00007f47b7de5fa0 R15: 00007ffd9749df98 [ 109.384423][ T7012] [ 109.417668][ T7012] Mem-Info: [ 109.420837][ T7012] active_anon:11708 inactive_anon:1 isolated_anon:0 [ 109.420837][ T7012] active_file:1228 inactive_file:39891 isolated_file:0 [ 109.420837][ T7012] unevictable:768 dirty:99 writeback:0 [ 109.420837][ T7012] slab_reclaimable:11274 slab_unreclaimable:154244 [ 109.420837][ T7012] mapped:29773 shmem:8636 pagetables:552 [ 109.420837][ T7012] sec_pagetables:0 bounce:0 [ 109.420837][ T7012] kernel_misc_reclaimable:0 [ 109.420837][ T7012] free:1260344 free_pcp:9060 free_cma:0 [ 109.474092][ T7012] Node 0 active_anon:46832kB inactive_anon:4kB active_file:4912kB inactive_file:159360kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119092kB dirty:392kB writeback:0kB shmem:33008kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12076kB pagetables:2208kB sec_pagetables:0kB all_unreclaimable? no [ 109.572385][ T7012] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 109.652434][ T7012] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 109.676153][ T7083] loop0: detected capacity change from 0 to 128 [ 109.735164][ T7012] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 109.746299][ T7012] Node 0 DMA32 free:1143548kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:46984kB inactive_anon:4kB active_file:4912kB inactive_file:158028kB unevictable:1536kB writepending:392kB present:3129332kB managed:2589596kB mlocked:0kB bounce:0kB free_pcp:6312kB local_pcp:4328kB free_cma:0kB [ 109.817441][ T7012] lowmem_reserve[]: 0 0 1 1 1 [ 109.822227][ T7012] Node 0 Normal free:4kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1332kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 109.862974][ T7012] lowmem_reserve[]: 0 0 0 0 0 [ 109.888190][ T7012] Node 1 Normal free:3880956kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:30592kB local_pcp:16704kB free_cma:0kB [ 109.918556][ T7012] lowmem_reserve[]: 0 0 0 0 0 [ 109.924397][ T7012] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 109.939689][ T7012] Node 0 DMA32: 1*4kB (U) 1*8kB (M) 1*16kB (E) 2*32kB (ME) 1*64kB (E) 1*128kB (U) 3*256kB (UME) 1*512kB (M) 1*1024kB (M) 1*2048kB (E) 278*4096kB (UM) = 1143324kB [ 109.958541][ T7012] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 109.975723][ T7012] Node 1 Normal: 255*4kB (UME) 66*8kB (UME) 37*16kB (UME) 63*32kB (UME) 19*64kB (UME) 4*128kB (UE) 1*256kB (E) 2*512kB (UM) 1*1024kB (E) 1*2048kB (E) 945*4096kB (M) = 3880956kB [ 109.994111][ T7012] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 110.004120][ T7012] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 110.015174][ T7012] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 110.025130][ T7012] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 110.048252][ T7012] 49754 total pagecache pages [ 110.053385][ T7012] 1 pages in swap cache [ 110.057554][ T7012] Free swap = 124728kB [ 110.061801][ T7012] Total swap = 124996kB [ 110.066757][ T7012] 2097051 pages RAM [ 110.070577][ T7012] 0 pages HighMem/MovableOnly [ 110.075773][ T7012] 416138 pages reserved [ 110.080035][ T7012] 0 pages cma reserved [ 110.457364][ T7103] netlink: 4 bytes leftover after parsing attributes in process `syz.2.453'. [ 110.487319][ T7103] netlink: 32 bytes leftover after parsing attributes in process `wޣ'. [ 111.942374][ T7135] netlink: 4 bytes leftover after parsing attributes in process `syz.2.464'. [ 112.103688][ T7138] netlink: 4 bytes leftover after parsing attributes in process `syz.3.462'. [ 112.149157][ T7135] syz.2.464[7135] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 112.149857][ T7135] syz.2.464[7135] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 112.299801][ T7139] netlink: 4 bytes leftover after parsing attributes in process `syz.2.464'. [ 112.742192][ T7143] bridge0: port 1(batadv1) entered blocking state [ 112.760294][ T7143] bridge0: port 1(batadv1) entered disabled state [ 112.767894][ T7143] batadv1: entered allmulticast mode [ 112.779392][ T7143] batadv1: entered promiscuous mode [ 112.944382][ T7151] loop0: detected capacity change from 0 to 512 [ 112.965578][ T7151] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 113.002459][ T7151] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 113.025488][ T7151] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.468: bg 0: block 248: padding at end of block bitmap is not set [ 113.074025][ T7151] __quota_error: 1 callbacks suppressed [ 113.074040][ T7151] Quota error (device loop0): write_blk: dquota write failed [ 113.111149][ T7151] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 113.151885][ T7151] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.468: Failed to acquire dquot type 1 [ 113.180455][ T7151] EXT4-fs (loop0): 1 truncate cleaned up [ 113.198219][ T7151] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 113.245876][ T79] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 113.255971][ T79] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 113.571169][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 113.580487][ T27] audit: type=1326 audit(1764736146.987:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.2.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 113.603345][ T27] audit: type=1326 audit(1764736146.987:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.2.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 113.628214][ T27] audit: type=1326 audit(1764736146.987:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.2.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 113.656505][ T27] audit: type=1326 audit(1764736146.987:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.2.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 113.708439][ T27] audit: type=1326 audit(1764736146.987:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.2.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 113.778218][ T27] audit: type=1326 audit(1764736146.987:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.2.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 113.853955][ T27] audit: type=1326 audit(1764736146.987:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.2.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 113.943485][ T27] audit: type=1326 audit(1764736146.987:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7164 comm="syz.2.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 114.161251][ T7187] syzkaller0: entered promiscuous mode [ 114.172867][ T7187] syzkaller0: entered allmulticast mode [ 114.195849][ T7187] netlink: 824 bytes leftover after parsing attributes in process `syz.3.480'. [ 114.413919][ T7196] loop2: detected capacity change from 0 to 2048 [ 114.444910][ T7196] loop2: p1 < > p4 [ 114.456809][ T7196] loop2: p4 size 8388608 extends beyond EOD, truncated [ 114.939767][ T7222] netlink: 'syz.0.493': attribute type 1 has an invalid length. [ 114.991931][ T7222] bond2: (slave bridge1): making interface the new active one [ 115.000962][ T7222] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 115.334479][ T7244] loop0: detected capacity change from 0 to 128 [ 115.341810][ T7244] EXT4-fs: Ignoring removed nobh option [ 115.374566][ T7244] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 115.405499][ T7244] ext4 filesystem being mounted at /136/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.509816][ T5790] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 115.718921][ T7266] netlink: 40 bytes leftover after parsing attributes in process `syz.1.511'. [ 116.168309][ T7292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.520'. [ 116.199234][ T7295] capability: warning: `syz.2.521' uses deprecated v2 capabilities in a way that may be insecure [ 116.332350][ T7299] loop1: detected capacity change from 0 to 512 [ 116.363005][ T7299] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 116.381082][ T7299] ext4 filesystem being mounted at /124/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.407810][ T7299] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 116.414358][ T7299] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 116.428913][ T7299] vhci_hcd vhci_hcd.0: Device attached [ 116.534004][ T7310] netlink: 14 bytes leftover after parsing attributes in process `syz.1.524'. [ 116.624036][ T5987] vhci_hcd: vhci_device speed not set [ 116.703405][ T5987] usb 35-1: new high-speed USB device number 2 using vhci_hcd [ 117.132072][ T7303] vhci_hcd: connection reset by peer [ 117.149101][ T79] vhci_hcd: stop threads [ 117.172915][ T79] vhci_hcd: release socket [ 117.180777][ T79] vhci_hcd: disconnect device [ 117.527993][ T7346] loop0: detected capacity change from 0 to 1024 [ 117.545272][ T7346] EXT4-fs: Ignoring removed orlov option [ 117.575332][ T7346] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.636529][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.721351][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 117.962477][ T7366] loop0: detected capacity change from 0 to 512 [ 117.970869][ T7366] EXT4-fs: Ignoring removed oldalloc option [ 117.987628][ T7366] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.546: inode has both inline data and extents flags [ 117.990002][ T7368] netlink: 'syz.1.547': attribute type 12 has an invalid length. [ 118.006521][ T7366] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.546: couldn't read orphan inode 15 (err -117) [ 118.024211][ T7366] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.046138][ T7366] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #2: block 13: comm syz.0.546: lblock 0 mapped to illegal pblock 13 (length 1) [ 118.062256][ T7366] EXT4-fs warning (device loop0): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz.0.546: error -117 reading directory block [ 118.074760][ T7372] loop1: detected capacity change from 0 to 512 [ 118.090550][ T7372] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 118.103255][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.112992][ T7372] EXT4-fs (loop1): 1 truncate cleaned up [ 118.120378][ T7372] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.186128][ T7375] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 118.225562][ T7375] loop0: detected capacity change from 0 to 1024 [ 118.261786][ T7375] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=802c018, mo2=0002] [ 118.271715][ T7375] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.275298][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.371690][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.409932][ T7385] netlink: 36 bytes leftover after parsing attributes in process `syz.1.551'. [ 118.472143][ T7387] random: crng reseeded on system resumption [ 118.534219][ T7391] netlink: 'syz.1.556': attribute type 12 has an invalid length. [ 118.873593][ T7406] syz.2.560[7406] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.873710][ T7406] syz.2.560[7406] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.197248][ T7423] netlink: 'syz.0.566': attribute type 12 has an invalid length. [ 120.049482][ T27] kauditd_printk_skb: 75 callbacks suppressed [ 120.049495][ T27] audit: type=1326 audit(1764736153.487:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7429 comm="syz.2.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 120.078050][ T27] audit: type=1326 audit(1764736153.487:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7429 comm="syz.2.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 120.100314][ T27] audit: type=1326 audit(1764736153.487:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7429 comm="syz.2.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 120.125215][ T27] audit: type=1326 audit(1764736153.487:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7429 comm="syz.2.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 120.131294][ T7434] loop3: detected capacity change from 0 to 2048 [ 120.156624][ T7434] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 not in group (block 150994948)! [ 120.160984][ T27] audit: type=1326 audit(1764736153.497:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7429 comm="syz.2.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 120.190877][ T27] audit: type=1326 audit(1764736153.497:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7429 comm="syz.2.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 120.198179][ T7434] EXT4-fs (loop3): group descriptors corrupted! [ 120.213260][ T27] audit: type=1326 audit(1764736153.497:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7429 comm="syz.2.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 120.242542][ T27] audit: type=1326 audit(1764736153.497:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7429 comm="syz.2.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 120.267051][ T7437] loop1: detected capacity change from 0 to 512 [ 120.276903][ T27] audit: type=1326 audit(1764736153.497:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7429 comm="syz.2.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 120.300515][ T27] audit: type=1326 audit(1764736153.497:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7429 comm="syz.2.569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb475b8f749 code=0x7ffc0000 [ 120.361674][ T7437] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.399964][ T7437] ext4 filesystem being mounted at /132/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 120.909929][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.932153][ T7471] loop2: detected capacity change from 0 to 512 [ 120.947368][ T7471] journal_path: Lookup failure for './bus' [ 120.964951][ T7471] EXT4-fs: error: could not find journal device path [ 121.225012][ T7484] loop0: detected capacity change from 0 to 2048 [ 121.720374][ T7499] loop0: detected capacity change from 0 to 512 [ 121.743450][ T7500] loop3: detected capacity change from 0 to 2048 [ 121.767161][ T7500] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.804419][ T7499] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.819395][ T7505] loop1: detected capacity change from 0 to 164 [ 121.825776][ T5987] vhci_hcd: vhci_device speed not set [ 121.829030][ T7499] ext4 filesystem being mounted at /161/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 121.845378][ T7505] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 121.850366][ T7505] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 121.863274][ T7505] Symlink component flag not implemented [ 121.868923][ T7505] Symlink component flag not implemented [ 121.974348][ T7510] netlink: 'syz.1.598': attribute type 12 has an invalid length. [ 121.982290][ T5790] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.675766][ T59] [ 122.678132][ T59] ====================================================== [ 122.685147][ T59] WARNING: possible circular locking dependency detected [ 122.692173][ T59] syzkaller #0 Not tainted [ 122.696588][ T59] ------------------------------------------------------ [ 122.703607][ T59] kworker/u4:4/59 is trying to acquire lock: [ 122.709586][ T59] ffff88805afca8c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_destroy_inline_data+0x28/0xe0 [ 122.719355][ T59] [ 122.719355][ T59] but task is already holding lock: [ 122.726731][ T59] ffff88805d050bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x170/0x2f0 [ 122.736759][ T59] [ 122.736759][ T59] which lock already depends on the new lock. [ 122.736759][ T59] [ 122.747169][ T59] [ 122.747169][ T59] the existing dependency chain (in reverse order) is: [ 122.756177][ T59] [ 122.756177][ T59] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 122.764608][ T59] percpu_down_read+0x44/0x1a0 [ 122.769889][ T59] ext4_writepages+0x170/0x2f0 [ 122.775168][ T59] do_writepages+0x3a2/0x600 [ 122.780270][ T59] __writeback_single_inode+0x153/0xee0 [ 122.786321][ T59] writeback_single_inode+0x211/0x720 [ 122.792195][ T59] write_inode_now+0x161/0x1e0 [ 122.797462][ T59] iput+0x5b2/0x920 [ 122.801774][ T59] ext4_xattr_block_set+0x273a/0x32a0 [ 122.807650][ T59] ext4_expand_extra_isize_ea+0x10ea/0x19e0 [ 122.814047][ T59] __ext4_expand_extra_isize+0x306/0x400 [ 122.820184][ T59] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 122.826154][ T59] ext4_evict_inode+0x7ed/0xea0 [ 122.831507][ T59] evict+0x486/0x870 [ 122.835902][ T59] ext4_orphan_cleanup+0xbd4/0x1400 [ 122.841610][ T59] ext4_fill_super+0x5de4/0x66c0 [ 122.847046][ T59] get_tree_bdev+0x3e4/0x510 [ 122.852141][ T59] vfs_get_tree+0x8c/0x280 [ 122.857059][ T59] do_new_mount+0x24b/0xa40 [ 122.862099][ T59] __se_sys_mount+0x2da/0x3c0 [ 122.867276][ T59] do_syscall_64+0x55/0xb0 [ 122.872195][ T59] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 122.878592][ T59] [ 122.878592][ T59] -> #0 (&ei->xattr_sem){++++}-{3:3}: [ 122.886389][ T59] __lock_acquire+0x2ddb/0x7c80 [ 122.891740][ T59] lock_acquire+0x197/0x410 [ 122.896744][ T59] down_write+0x97/0x1f0 [ 122.901487][ T59] ext4_destroy_inline_data+0x28/0xe0 [ 122.907359][ T59] ext4_do_writepages+0x4c2/0x38d0 [ 122.912972][ T59] ext4_writepages+0x1a8/0x2f0 [ 122.918250][ T59] do_writepages+0x3a2/0x600 [ 122.923342][ T59] __writeback_single_inode+0x153/0xee0 [ 122.929394][ T59] writeback_sb_inodes+0x77c/0xef0 [ 122.935010][ T59] wb_writeback+0x450/0xba0 [ 122.940021][ T59] wb_workfn+0x3ff/0xe20 [ 122.944767][ T59] process_scheduled_works+0xa45/0x15b0 [ 122.950815][ T59] worker_thread+0xa55/0xfc0 [ 122.955907][ T59] kthread+0x2fa/0x390 [ 122.960476][ T59] ret_from_fork+0x48/0x80 [ 122.965396][ T59] ret_from_fork_asm+0x11/0x20 [ 122.970663][ T59] [ 122.970663][ T59] other info that might help us debug this: [ 122.970663][ T59] [ 122.980869][ T59] Possible unsafe locking scenario: [ 122.980869][ T59] [ 122.988299][ T59] CPU0 CPU1 [ 122.993726][ T59] ---- ---- [ 122.999083][ T59] rlock(&sbi->s_writepages_rwsem); [ 123.004360][ T59] lock(&ei->xattr_sem); [ 123.011201][ T59] lock(&sbi->s_writepages_rwsem); [ 123.018906][ T59] lock(&ei->xattr_sem); [ 123.023229][ T59] [ 123.023229][ T59] *** DEADLOCK *** [ 123.023229][ T59] [ 123.031350][ T59] 3 locks held by kworker/u4:4/59: [ 123.036438][ T59] #0: ffff88801a27e938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 123.047649][ T59] #1: ffffc900015a7d00 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 123.060067][ T59] #2: ffff88805d050bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x170/0x2f0 [ 123.070490][ T59] [ 123.070490][ T59] stack backtrace: [ 123.076375][ T59] CPU: 0 PID: 59 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 123.083725][ T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 123.093762][ T59] Workqueue: writeback wb_workfn (flush-7:3) [ 123.099740][ T59] Call Trace: [ 123.103005][ T59] [ 123.105925][ T59] dump_stack_lvl+0x16c/0x230 [ 123.110589][ T59] ? load_image+0x3b0/0x3b0 [ 123.115073][ T59] ? show_regs_print_info+0x20/0x20 [ 123.120259][ T59] ? print_circular_bug+0x12b/0x1a0 [ 123.125442][ T59] check_noncircular+0x2bd/0x3c0 [ 123.130365][ T59] ? print_deadlock_bug+0x5d0/0x5d0 [ 123.135556][ T59] ? lockdep_lock+0xe0/0x220 [ 123.140138][ T59] ? _find_first_zero_bit+0xd3/0x100 [ 123.145413][ T59] __lock_acquire+0x2ddb/0x7c80 [ 123.150257][ T59] ? verify_lock_unused+0x140/0x140 [ 123.155442][ T59] ? worker_thread+0xa55/0xfc0 [ 123.160192][ T59] ? stack_trace_save+0xe0/0xe0 [ 123.165030][ T59] ? verify_lock_unused+0x140/0x140 [ 123.170218][ T59] lock_acquire+0x197/0x410 [ 123.174708][ T59] ? ext4_destroy_inline_data+0x28/0xe0 [ 123.180239][ T59] ? __might_sleep+0xe0/0xe0 [ 123.184828][ T59] ? read_lock_is_recursive+0x20/0x20 [ 123.190184][ T59] ? mark_lock+0x94/0x320 [ 123.194498][ T59] ? __might_sleep+0xe0/0xe0 [ 123.199069][ T59] ? register_lock_class+0xb5/0x890 [ 123.204250][ T59] down_write+0x97/0x1f0 [ 123.208475][ T59] ? ext4_destroy_inline_data+0x28/0xe0 [ 123.214003][ T59] ? down_read_killable+0x340/0x340 [ 123.219180][ T59] ? ext4_journal_check_start+0x178/0x250 [ 123.224883][ T59] ext4_destroy_inline_data+0x28/0xe0 [ 123.230237][ T59] ext4_do_writepages+0x4c2/0x38d0 [ 123.235331][ T59] ? verify_lock_unused+0x140/0x140 [ 123.240518][ T59] ? verify_lock_unused+0x140/0x140 [ 123.245698][ T59] ? __lock_acquire+0x1334/0x7c80 [ 123.250711][ T59] ? ext4_normal_submit_inode_data_buffers+0x1b0/0x1b0 [ 123.257546][ T59] ? rcu_read_lock_any_held+0xb4/0x120 [ 123.263001][ T59] ? verify_lock_unused+0x140/0x140 [ 123.268189][ T59] ext4_writepages+0x1a8/0x2f0 [ 123.272942][ T59] ? ext4_read_folio+0x2f0/0x2f0 [ 123.277883][ T59] ? __rwlock_init+0x150/0x150 [ 123.282643][ T59] ? do_raw_spin_unlock+0x121/0x230 [ 123.287833][ T59] ? ext4_read_folio+0x2f0/0x2f0 [ 123.292757][ T59] do_writepages+0x3a2/0x600 [ 123.297342][ T59] ? folio_clear_dirty_for_io+0xc30/0xc30 [ 123.303051][ T59] ? writeback_sb_inodes+0x47f/0xef0 [ 123.308329][ T59] ? __lock_acquire+0x7c80/0x7c80 [ 123.313343][ T59] ? do_raw_spin_lock+0x121/0x2c0 [ 123.318362][ T59] __writeback_single_inode+0x153/0xee0 [ 123.323898][ T59] writeback_sb_inodes+0x77c/0xef0 [ 123.328999][ T59] ? move_expired_inodes+0x319/0x720 [ 123.334279][ T59] ? queue_io+0x560/0x560 [ 123.338606][ T59] ? rcu_is_watching+0x15/0xb0 [ 123.343358][ T59] wb_writeback+0x450/0xba0 [ 123.347852][ T59] ? queue_io+0x341/0x560 [ 123.352167][ T59] ? percpu_ref_tryget+0x250/0x250 [ 123.357263][ T59] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 123.363229][ T59] ? _raw_spin_unlock_irq+0x23/0x50 [ 123.368414][ T59] wb_workfn+0x3ff/0xe20 [ 123.372651][ T59] ? inode_wait_for_writeback+0x200/0x200 [ 123.378363][ T59] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 123.384324][ T59] ? read_lock_is_recursive+0x20/0x20 [ 123.389683][ T59] ? _raw_spin_unlock_irq+0x23/0x50 [ 123.394863][ T59] ? process_scheduled_works+0x957/0x15b0 [ 123.400569][ T59] ? process_scheduled_works+0x957/0x15b0 [ 123.406272][ T59] process_scheduled_works+0xa45/0x15b0 [ 123.411809][ T59] ? assign_work+0x400/0x400 [ 123.416383][ T59] ? assign_work+0x39e/0x400 [ 123.420958][ T59] worker_thread+0xa55/0xfc0 [ 123.425533][ T59] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 123.431410][ T59] ? _raw_spin_unlock+0x40/0x40 [ 123.436243][ T59] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 123.442123][ T59] kthread+0x2fa/0x390 [ 123.446179][ T59] ? pr_cont_work+0x560/0x560 [ 123.450837][ T59] ? kthread_blkcg+0xd0/0xd0 [ 123.455408][ T59] ret_from_fork+0x48/0x80 [ 123.459811][ T59] ? kthread_blkcg+0xd0/0xd0 [ 123.464382][ T59] ret_from_fork_asm+0x11/0x20 [ 123.469142][ T59] [ 123.498590][ T59] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 123.522785][ T59] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 814 with error 28 [ 123.545792][ T59] EXT4-fs (loop3): This should not happen!! Data will be lost [ 123.545792][ T59] [ 123.572353][ T59] EXT4-fs (loop3): Total free blocks count 0 [ 123.582404][ T59] EXT4-fs (loop3): Free/Dirty block details [ 123.594378][ T59] EXT4-fs (loop3): free_blocks=2415919504 [ 123.600120][ T59] EXT4-fs (loop3): dirty_blocks=832 [ 123.609823][ T59] EXT4-fs (loop3): Block reservation details [ 123.616434][ T59] EXT4-fs (loop3): i_reserved_data_blocks=52 [ 123.649169][ T59] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28