last executing test programs: 1m0.028080388s ago: executing program 0 (id=1101): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x20002) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000040)={0x53, 0x7, 0x6, 0x0, @buffer={0x2, 0x4f, &(0x7f00000000c0)=""/79}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) 59.863820014s ago: executing program 0 (id=1104): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}}, {0x14, 0x2, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) 59.602272301s ago: executing program 0 (id=1108): r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) pwrite64(r0, 0x0, 0x0, 0xffff) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r0, 0x5760, 0x2) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRESOCT=0x0, @ANYRES32, @ANYRESHEX, @ANYBLOB], 0x48) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000280)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@nombcache}]}, 0x21, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) pwrite64(r2, &(0x7f0000000140)="f6", 0xffffff07, 0x8000c61) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0) 58.955514437s ago: executing program 0 (id=1115): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 58.668046757s ago: executing program 0 (id=1120): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x14, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r2, 0x0) 58.331534491s ago: executing program 0 (id=1125): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000) 58.028776552s ago: executing program 32 (id=1125): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000) 4.01901216s ago: executing program 4 (id=1623): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000400), 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") symlink(&(0x7f0000000580)='./file0\x00', &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4, 0x0) rename(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 3.72901027s ago: executing program 1 (id=1630): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x48, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_SKBMARK={0xc}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4010}, 0x80) 3.677923845s ago: executing program 1 (id=1631): prctl$PR_SET_NAME(0xf, &(0x7f0000000980)='\xff\x00\x00\x00\x00\x00\x000`\x14\x99\x06\xc0\x7fs\x00\t\x14\x17\xc3\xf5\xc9\v\x85\xe7\x00\x00\x18\x88\x06\x94\x98\xa9\xe7\x1c\x8a\x89\xdc\xcc\xf7L\xbd%\xc3!\x0e\x91S\xb2~8\"\xe2\xed\xbf\x12\x1a\\6p\'p\xef\x1a\n\x99\x12\xe8\'\x1c\x97M\xa5N\xd9\xbeV&\x1c2K?\x95\xd9\"\xbe\x050+\xca\xea\'\xe9)\xfe\xeb\x9c\xb5\xa0F`\xe4D\x10F\x831\xec\\v\xf0\xab_M\b\x03\xc3\n\x89\x01E`\xd35Q2\xecZz\xdc\x065p\x1c\x8f\x9b\x99IGXO\x00\x00\v\xed\xb0\xc5\xd4\xc7,\x1a\xb3}CMOO\x8a\xa8kh\x7f\x05c\xfc\xebb\xc8\xa2\xa9\xbf\xb3\x9b\xafE\xbd\xc5\xdc\xde\xbe_') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x3}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48) 3.567473307s ago: executing program 4 (id=1632): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x0, 0x0}) fsync(r0) syz_emit_ethernet(0x82, &(0x7f0000000580)=ANY=[@ANYBLOB="cf599d3baed500000000000086dd60f20000004c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa00060008"], 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa88000001"], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)=[{{&(0x7f0000000080)={0xa, 0x0, 0x66f, @remote, 0x1}, 0x1c, 0x0}}], 0x1, 0x4000010) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)=@o_path={&(0x7f0000000100)='./file0\x00', 0x0, 0x10}, 0x18) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000340)="08000000010000", 0x7) 3.355375968s ago: executing program 4 (id=1635): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x80001, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x810) sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, 0x0, {}, {0xb, 0xb}, {0x2, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x808, 0x205, 0x1, 0xc}, 0xb, 0x0, 0x5, 0x5, 0x9, 0x2, 0x9, 0xd, 0x1, 0x1, {0xffff1c72, 0x3, 0x1000, 0xfd, 0xfffffffe, 0x7583}}}}]}, 0x78}}, 0x8000) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r7, &(0x7f0000000700)="f83cac0259c8e3f2bada30fbc99b5400040000ea07566e96573c7f95a5125ca220428d3c404d329f", 0x28, 0xc080, &(0x7f00000001c0)={0x11, 0x86dd, r6, 0x1, 0xd8, 0x6, @multicast}, 0x14) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f00000001c0), &(0x7f0000000200)}, 0x20) r8 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r8, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/69, 0x328000, 0x1000, 0x800, 0x3}, 0x20) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x9, 0x2) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r9}, 0x10) geteuid() bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYRESOCT=r0], &(0x7f0000000380)='GPL\x00', 0x0, 0xc9, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x1000, 0xfffffffc}, 0x10}, 0x94) io_cancel(0x0, 0x0, 0x0) 3.247219439s ago: executing program 1 (id=1638): syz_open_procfs(0x0, &(0x7f0000000ec0)='net/vlan/config\x00') 3.162668698s ago: executing program 2 (id=1639): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x48, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_SKBMARK={0xc}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4010}, 0x80) 3.034905491s ago: executing program 3 (id=1640): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'hsr0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendto$packet(r2, &(0x7f0000000040)="dbe104b35716e67da422221d32", 0xd, 0x20000814, &(0x7f0000000100)={0x11, 0x7, r3, 0x1, 0x5, 0x6, @local}, 0x14) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0xc, 0xd}, {0xfff3, 0x8}, {0xb}}}, 0x24}}, 0x20040000) 3.033991471s ago: executing program 2 (id=1641): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18) setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000b80)=[{0x6, 0x0, 0xfd}]}, 0x10) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) 2.973415987s ago: executing program 1 (id=1642): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000200)={[&(0x7f0000000080)='\x00', &(0x7f0000000180)='\x00', &(0x7f00000001c0)='GPL\x00']}, &(0x7f0000000540)) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, 0x0, 0x0) io_setup(0x0, &(0x7f0000000380)=0x0) r4 = eventfd2(0x0, 0x80000) r5 = syz_io_uring_setup(0x10eb, &(0x7f0000000700)={0x0, 0x8b51, 0x8000, 0x2, 0x39c}, &(0x7f0000000500), &(0x7f0000000780)) r6 = eventfd2(0x6, 0x80000) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r7}, 0x10) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) r9 = dup(r8) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000000306090100008000000004000200000a0500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x4) io_submit(r3, 0x4, &(0x7f0000000940)=[&(0x7f00000003c0)={0x0, 0x0, 0x0, 0x6, 0x6, r2, &(0x7f0000000580)="79ef22b8d2517a469f90ec44dac00128bbf4aad0bd765ae4b7193474ce97ab6c18e5580b54e20edfaeb641d78c93af0861d69dc62431a08f4666d70fec244fefea01e507363577d83852542a4fe5f69af810876dbcb2032e8b04a4274a38b77f9be48b69395beb5ebb2030545333b4d57161367a40367f6981411472d35560151e1bd7c1214888de54794877b3ff0c70fee0159e14bb2437e62c8032f1d962e45067c236bba73c4b63d44968a8ae8ad1f5d1107b8933d5da84abf3e5c636e9066b0aca69a71ed0e4b77e09f4c1ec65", 0xcf, 0x99, 0x0, 0x2}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x6, 0x9df, r1, &(0x7f0000000680)="d0fd3c3f7094eb6f19bbf925959e9d658c9e6892aa58efaba6bc9e61be9c4656aa88a542d510ad0faf627814963b730b4fdb7c687290cb8bef8898b42ba092b56a280a7f55b28a40c3efffb8de73b42440678f92ba73fa8623cd", 0x5a, 0x2, 0x0, 0x0, r4}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x5, 0x3, r5, &(0x7f0000001300)="616ed927c3dabac2c944c8b463f93192bee60a6040ef716fc79f8a6374f1f0cbe6e67210ad42a4fa5c24ceca7f40bb62bc80b7b2f1a91a2ef143c2da164fd5ed73f66f9bcec6c187b4da1a9005edb97a990422860be2b3b269d0a5e0ecdd8bd4288fc1460e89f0758c98466b77ba4cbe899465fcff365b18013b1156c171207c90b2c9690a8fd29e2674aae678b2048949f5358d063f42dcae86c18e19fcd64e27bc4e405dda57d1e9b97d173f1a918b3a0f8d086a933eb9a5432bad07c260502185101559049e6df6078d89c3fa08f89c9aa597b06c9398ad22960abb6716f8391f179d4c85ad9dc8705bdb0c1d097d0689c97dee7b91a651856382ce6e7ac4c67194aaabab6e7845cf201c9783e84e7fe9dc96d9c70846c76d6c13ed1b78cc774a5043bb2b4d2d90f8f4dd9629c6612c1c60b2472dab263c7097a11fe055d97e9342d8fa7a876fa739bb76d922c0d3ce89948457f2fea8b3340c0c6967d20ae15c3ade2d482d1686b3384e8e76af80a5390b4a7ae46474217f7e0da260c0b8c854fe0c1acf1a13960a30d243272a172e58560245e54016126d20d81b347e7537e320ecbe9a8bfd55560b5cfc9257a64c64fcbed5484a718ce3de13b5dc7f1e2aa3a137615a3fe47544a4e9494e190bd8c6c7e52606134ecf6e1b23c5360557d4180217277cf8822045d7c2aa4e1d8120439e6d50d7c6708dc7293a4ec1414ae5951b84f1e901b5743e185c12a4a0dd1c09791e02781089c2f4d119fcd52cd8225824ed45ba5bf668039227bdcd6f3fd8bfb5c711aa3e7cb1df7261ddb359b26485da3bb5a8185979d21bb62df9a6e166f109756e3a6d016574ec48c32f912242a7b0585e11b5c8ec7ce970069bf991f1ebbc7acd9fb7f5b61017ad3f7f419566174ab98c1edfc099f049fe4e5dc37d388006efb535fe0b5658e5462218149e0d9df425c9066df4f02dfd25c6d5ae18795a692ccf724df5cdfb36f83a88667f360dab0a48c5bed60ad34e56cd029b09b2909fa06dbc724120879a665a6acaa9bea230d175f8a439c3795594d6cac04f4c09a608576a59a609e1d3f1be809d443d6f84fc47a8a9af2a0ade6954e04d7b59739d85172fa2a7f99fec201e73f5c2622c1fd223a1e507904f7e941304cec872c8efd45ad8520818ff0d4d8ed4c6a85ff05d024dbf4707ed0dba7e7ee7315f3b2e02c9b7464f69dedc54e925a8bd6c53fa9cb420dcb3b2d1859184ccac7e110b1e3e8a2067587c355890d68c7f6871dc412f78a61bcc48eeaaedadd605e06eb2c7ca92e638441b31309269dea33741117b5901693da5a64512cebe69e3ebe227a2224b18c8ae2129fc39678d99df8f75b4389774fc88d3a80649c56eea080cb8415825efac3ae05588e1f0b68eba645db19cba7087cf084c505add8d8581f90215a475b7b50eb7a7e35271c8543ff8326df665a3e267aefc143ed0831527e9a9392d594492193692081d9445d4fe771ffaabfee0571418eb9e89356e387ece892a1246d936efb475ac7344cb195ca2e175df1651525a734ef0c2b89cac55e7ecfd5dadd9132fd4ce17470940bf3117f557b2f4b2b9fcc3a7f738678ec586da76cd189e2c316576a7a29f8d59f884a0692f0b83457b5dc07fc7804da4fbbe403191094022e5987d27600bcb6130b844f48d03803aff91bdee4ce7c06284859d331af0c73cd73f0a1b315a92edfb052e8ad8fa805dcd909b9e136c3f02872ad07b312f06362cf13fe4bfb48844b0806f2403fae543ce6dd3d19f862f4d7a0cf3e464a052f06e93266031977df5a2248f97f63a6e7b25aaffe4a4091946776db9529c99c5d7f0d735a9330c7958ea955df75444761f03682309e05eeb96e1ddb108be9b19bb5299359f8604e39f39e23c70b9fc873e7e70b22ecb40490f8b68a9ac877e3681aaf8635421e1803939f0935770faa55683c359dfad809be98d3b8b8a93ddca245560f563931757da8388e80795a03c401138f6c52636b29228c1f7695904665c978476c08d150f226ba41e318e9357ff69ec858ae2df8ab39290f473f756bac68968709a42360c6820f1d998cfce11a3f08a108facb5273e6b0c104cc9621be7b54ac6f42eeaf9be6af80712aaa9d6210274dfead26d8a8e251f3337ef95e11d88ea9e04640865d385bb1d6e3e650a909515d8382eef0060e1844b31b94152362a46d4fb1e0c97b22606e26e8a330ec260c47f3bf2f97b6360f74e9f4f7a34225ae4beabebd1157a50453b62a4790ba18b5ae585f96392692132e452142eb33d4d351896813c099e4f849b16a2ec2219e859f57893f2659660239acd84ca3e376fb95662fc41c66fe8055a863592bd22386d4c93ecc98690595111121adb79722fc6aea2386b02cceecaa26c487055b8b60ad3678245b2bb7853901c8f3c6d6b2f3eba9dd2eb1f49e4a9854b25eb0973c34d1067d3aac4d2eefa67a6b06efa43086632b22e390f20c30c763f584ca7974575c98d747c8ff47dab29981cebcbbbb97f9c40f69eceba466913c03a6fcfe0af46d8ebeb246aea5922ef375f05a1e1cf9f300a93c1ddfb650f0f242c399e20c6c6e5e7685d0e1eddf782149e90693ab39fa93fef7b3e2ce3d01b519a34bd038f2db65d321b1f8f86432a9f03f7697a34b1ba161d7659348db0c9db8c82aad9e84c1abca09a83800b08d637b068c313f11e0329840c4a4f2cbe1aee12fbea42a093c337c0e8d7a74d990d19214e4d0fbb6d0cd298d069bf7396c1ca0ea11af7e3e1f579e3827a8d3597772aeb7ff100b01a5ff548037eecac0caa01163492f02e891d681d6dd5ad8570341828f00f5ed4b8b0a47f2b85485ad702fd46ecae0c7cfe2b58e9e1cc37e1ba75cf44bea93f1cbb3557a3849efa989bddb82c73eb35a73f0a7e1f8051614a3add0b16f53659491fe01b21f78d8bdb32babf0570a8916cdf2fdcbfbbff4908755cd8864720546a8dba13d2611c7917e4092dbe74b26caf938a7cac7a09634c17070ae67b5145ed2e311a6597efa44ba3b168050e87ff8f0deae9061dd63bb8d9e1831ddfb9d520bc4838c9374ca987ee77616bbe2a24d77159f6220070ab477a5e6969461d44275e3fae08d66227ed89fcb2932defd869a0f306362a3a8af157e8d6f9c2df682dfc7776b6ed20c912d0ae1a160d99da5aa692f3e7ad9adf0f46d92fcb556c02a985eb1aaae3ddbdb3dff66aaae61248cc204c9d6e05bcde996bea1cd9c05fded32aa164c4ebadba028327be4099765f4aef22b79c553f174e29b76cf599de1b7462dcdc693fca360bd08603f62069f9a65a87b4c6e6c97b8543d96b2d00b4b1f79e925d16cfdbc2567eb5b4252edf65c9341b2e8f61569924417c2518892f6bec4bd4801a7a3550cd60d7417ab65c008cc61a1d3ecf8148c63bda106ea6f0579ebf177eaae3193c4bc8fd0dbcbcff809b05a4b096d75629a0090315f1d4f9dec481b04971602d547b62ccf89d2649ad71ddbb71ca2765e96b172800aafda7248a24b7107c905ec73bbb337559a39cc7b447b91710396d2cd2e8085f82da208af85dcf17ff32fdc69d2935eb2ab6970c966cbcab03818b2b57c1f917b8f8f5ceb5d8f3e46dd8c42f755b36f9bef4b843bfc8a484e63f79e25279ad123e319a277aaae46bbb1b42eb23f92acea088890da492caf94a3fec4fa63fe9aef3067e3db157fe07e04b2e235387402058dc0c30b023f77c3fe207bc7dcc4ef972ce6efb21ff8bbeb32e5cee3501f9a99903bfd7abf6c9f3006cdc808baa6bee37b010a5206ce23b14cc5a5d7b81fae08117375c37cd9cd739aa2d21b2a7a08455dd10690d55197612b3506d0daa36c18aa441a9724efd5cc47bc3796b826db273ef6c37dca3f72009b9ccb18c1c802e0e31fc3631740ebd2e53cb17a11c3e50541379bc84fd80824f5ce3f41b4a49731eadfef8fb5254f11870de4440fb939e3148fabe6ad51bc58166a978b453738c44a8d05f6ea9de290ea763b6875d322fbc9d5ce53f373e5a7206098bb30193c420d70cf5cd0d9dcb1855fa5132fc28f6230d8a33928fac75dd28fc9f2f9ca99394064e4a5efdf46d0d9c2ac78f3da419e1b8bae05b5187bb68ed9d0a40a48b8e93e92eb9ea44b72814f245ab18ed6eee42771e343988d33332caa2e75011ad620ea0a9b6ffa821a922dd47e0a055ed28e036c82ffac92bb2a6156c83a0675cc5b33443da9d2884a8d8684c75ae8acf4f4bba102df446ce18d7f9cb91d942c4e869d0f0f8fdf6c036f08b0192ec672defd4ff899bf649f3b9a0478f17df9f2afa0c539314c128ad1759a58684fe1e603b48188bc279ac9cc55245c45aa70cf431c57bf66c9b2647e5ece74f1490dd541e89eccd5a8425b95bb96c6f9e71bad38cd35865112df84f4e94df33db74bc60169e406204529d249dfe161b987b68e852acbb1a20a04f3bb0f66853546128b4628c8ad4042351e26145d1cc9f23c537620e99fb7aa800d66dfbe1d0f083edb7c9c02e10a863cfb0724356de69a442bb0f76cc85c3c604821e721f1949273ac0a1688dde5b0efeb002f450019b68e1754505ed667852f2466b95add1ea4fee61ce93223065d928e737d735578277a83469530b91bb24be3ace84b37a573b4431fb9879761165e032d5024be97c14e747af060c5bc06992202d63ce6941be7f2480d81dbda16ada9fc0caaa12942e35dfeadf89c1fe117708604116be2fdd15bf672032b2d20f9346509eb899db31100b62508623ffcf92e2e7ae858310bbaf0a279f4c14e90eae7a9fab78d44e26bd2f7ec39d395e57a78f3c0ddc5b5c940e061a9ba77985f6bb14bd16a0e007a7d5b5f90b5cea43ad027bf009a88853fd55f5f3006a7e3bb2e75b4874046d84f117b1d7a1cc23deb5019ac8c73ea71165cc39de1c0100185373795f466fbf48e5d0ce55a8b6d73d59026cbd9f1e1890d90cfb56fdc0cdc2cad9adae5832b7118fda7df5b7c1db1ba99150fb2a1ce06f6fe59677e0723fcb43f7f16c99279bcb68e9a63f9c423076ba878954b34a2b89d2011027e5cf3c568a9545c642d05109a91a45d7b51bf75ac9ef8378291720c11ffe842aa4efb7b545df8fe05a0ca79772a1fd2938112bb0c9d0c936dca04b86435fffdf62d9211948c34c832f3e9c63b0e5aa177b3261d612bcc5d44431fcd36c86f978964f60b30af36de181d2360269883fcb95911315ab3da101a565b571e4fcf33fe5d8b76e68675d345c7846f90ed0e1c84c657bab340235ef28a8dfe140522e501804d1767bda9f98dfe2d622794e1fe6993622a0678e2370c899c320719a335adf7dbbfb8e3b64b18f6bbe3b56106f09f0f93b75c2a047a89029223bff46a43d23c86a3fea59039452088684b22bf50d43663505d0c516648bb270c205298b0fcc7b9d3f746a897ea4b4e5946b474715144c478e48d000da7413baa1f70be9d8fae580d083b1265bad809997695367d73536abdb737fae1493d464e3dca39d96a3ae239091fba5cc82c51d606e8a0e06ecbd998aac68f0af51987f5be3d466823438d4ccb1b17c907f57c52a084b70d802574e712a1353aef84001131829f060fe486423a9f18e40ba3e41e781f05f43c508d787014b4f0cb9e08901a919f88115614f895aafa1e167fcf6069f70d0f2ee5162281d0a17ac753a3f6b317f68ba8d13bc185c7b4c3911a8a16bf526933eb6cac068fd092b6e5917bfbb914b046f736e35ee5c1de8bcadfead1453b11e450a46a620418422cbd2fa1aec50ec0a110f447e887949255cd44afb5693d37e", 0x1000, 0x2e2, 0x0, 0x3, r6}, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x6, 0x0, r2, &(0x7f0000000800)="d365eb473b2f9fcccc83e33ad9d424dd181a505916ae4fef617eb1f4d52813231ff12f3280a3a2297528ac1b9e2c939ebb352aa5a79f18e5298c7615c8b90d9350baf3adbb9fd874b51652287129f82df372286be105c5844681cfc11ce7211f4a4dcf7e4a564439e7543073b3763861451f84e61264cf638c98e867424f046d1b8aec997fab3da8f4704bfe4ca0296756fe7cf19fc6198567e86678176e3829d05b3e88e6a011cd8c731350d5ef1a69f0920d10648ce0ed668202374adcbc22fae01d02aea91d933a70d2a44832e4e5179cbaedf6986a6df0c62d5eb1819f4632a692b7945bf89ccf106f8e3e1157", 0xef, 0x6}]) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f0000000980)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r10, 0x0, 0x401}, 0x11) r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r11, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r12 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r13, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7fff}}]}, 0x38}}, 0x0) r14 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r14, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {0x1, 0x3}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) 2.933072191s ago: executing program 2 (id=1643): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x5c, 0x10, 0xffffff1f, 0x70bd2c, 0x0, {0x0, 0x6, 0x0, 0x0, 0xffffff81}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x30, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5, 0x5, 0x1}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0xf27}, @IFLA_GTP_RESTART_COUNT={0x5, 0x6, 0x3}, @IFLA_GTP_LOCAL6={0x14, 0x8, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}]}}}]}, 0x5c}}, 0x8000) 847.457583ms ago: executing program 2 (id=1644): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000000000)="aa", 0xffe0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c) 798.633078ms ago: executing program 3 (id=1645): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xb0c9fa2cdd4cf720}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000340)={[{@errors_remount}, {@nodioread_nolock}]}, 0x1, 0x521, &(0x7f0000000980)="$eJzs3U9vI2cZAPBnJvEmu5tiFxAqlSgVLcoWWDtpaBshBOUCp0pAuS8hcaIodhzFTtlEFaTiGyAkkDhx4oLEB0CqeuADoEqV4II4IEAgBLtwQAJ2kO0xu3HsJKtN7G38+0nv+pnxzDzvO16/nn+ZCWBiPRsRr0bEVES8EBHFfHyalzjslvZ0d++8udouSWTZ639LIsnH9ZbVXsZ0RFzPZ5uNiK9/JeJbSV/ST0U09w+2Vmq16m4+qtKq71Sa+wc3N+srG9WN6vbS0uLLy68sv7S8kOUeqZ2lXvDTL3/h7c98+/e3/nLjO+1qff4jUYi+dpynbtMLnXXR015HuxeRbAx6n3lh3BUBAOBM2tv4H4yIT3S2/4sx1dma6zM1jpoBAAAA5yX74lz8J4nIAAAAgEsrjYi5SNJyfi3AXKTplfzYwIfjWlprNFufXm/sba+134soRSFd36xVF/JrhUtRSNrDi/k1tr3hF/uGlyLiyYj4QfFqZ7i82qitjfnYBwAAAEyK6337//8spp34dAP+TgAAAAB4fJWGDgAAAACXhV1+AAAAuPz69//fHlM9AAAAgAvx1ddea5es9/zrtTf297Yab9xcqza3yvW91fJqY3envNFobHTu2Vc/bXm1RmPns7G9d7vSqjZbleb+wa16Y2+7dWvzyCOwAQAAgBF68uPv/CaJiMPPXe2UyO8DCHDEH8ddAeA8TY27AsDYuIs3TK7CuCsAjF1yyvsu3gEAgPe/+Y8eP//fe/6/YwNwubnWBwAmj/P/MLkKrgCEiZZGxAe64czRsfcNPf//q7NmybKId4sPjnF8EQAARmuuU5K0nG/xz0WalssRT0SkpSgk65u16kK+f/DrYmGmPbzYmTM59ZphAAAAAAAAAAAAAAAAAAAAAAAAAKAry5LIAAAAgEstIv1z0rmbf8R88fm5/uMDV5J/FeNP+cCPX//h7ZVWa3exPf7vnWd5XYmI1o/y8S/OjPz4BQAAAEys5HDoW9399Px1caS1AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAC3L3z5mqvjDLvX78UEaVB+adjtvM6G4WIuPaPJKYfmC+JiKlzyH/4VkQ8NSh/EveyLCvltejPn0bE1QvOX+qsmuH5r59Dfphk77T7n1cHff/SeLbzOvj7N52XRzW8/0vzzE91+rlB/d8Tx5ZWH5jj6fd+Xhma/62Ip6cH9z+9/jcZkv+5Y0v7d5Zlx3N88xsHB8PyZz+JmB/4+5McyVVp1Xcqzf2Dm5v1lY3qRnV7aWnx5eVXll9aXqisb9aq+b8Dc3z/Y7+4d1L7rw3I/7vfdvvfk9r//LCF9vnve7fvfKgbFgblv/HcwN/f2RiSP81/+z6Zx+3353vxYTd+0DM/e/eZk9q/NmT9n/b53zhj+1/42vf+cMZJAYARaO4fbK3UatXdE4LZM0xzJJiJiDNPPL7gl7OPRTUeMsi+2/3kRpQ0uaglp0f+k/RaNfbVeyTIRpZrKh6TJv8/GGu3BAAAXID7G/0PPet5nP4GAAAAAAAAAAAAAAAAAAAAznj/v0cN+nMejqepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn+l8AAAD//z9d3kI=") 780.5012ms ago: executing program 4 (id=1646): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) r3 = openat$cgroup_subtree(r2, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5) write$cgroup_subtree(r3, &(0x7f0000000140)={[{0x2b, 'cpu'}]}, 0x5) 699.371999ms ago: executing program 2 (id=1647): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x3f) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000200)={0x0, @local, @local}, &(0x7f0000000040)=0xc) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x43, r2}) r3 = socket(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0) ioctl(0xffffffffffffffff, 0x8916, &(0x7f0000000000)) ioctl(r3, 0x8936, &(0x7f0000000000)) 660.069323ms ago: executing program 1 (id=1648): r0 = socket$inet6(0x10, 0x3, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x58, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYRES8=r2, @ANYRESOCT=r3, @ANYRES32, @ANYRES64=r5, @ANYRESHEX=r4, @ANYRES32=r4], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r6}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r3}, &(0x7f0000000400), &(0x7f0000000680)}, 0x20) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r7}, 0x10) sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0) 615.881937ms ago: executing program 4 (id=1649): r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r2, 0x0, 0x5) 543.501704ms ago: executing program 3 (id=1650): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x48, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_SKBMARK={0xc}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4010}, 0x80) 402.847358ms ago: executing program 4 (id=1651): r0 = dup(0xffffffffffffffff) execveat(r0, 0x0, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x9c00, 0x0, 0x3) sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, 0x0, 0x4000000) syz_mount_image$msdos(&(0x7f00000008c0), &(0x7f0000000d80)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x708d2, &(0x7f0000002500)=ANY=[@ANYRESOCT, @ANYRES64, @ANYBLOB="786439ca607bcdfab594bc419ecb49f731a79e5f9d35367f642fa2650b4a148051962661775176439368735ca6f0dbd37ba5b0e21ad458933028ac5987e1cac6021df4361a718610424f9207461191fb0cae3fcd30dfc5c2ec7b0943424803052a42876e1b7e96041fbddc46d7c15d3d437dd9c4f4ee7560461ba399d89bd9b77457c92e0d2840fa79cb06f0c214a2fc1e933ea3efd2871372e220b75b8aa4f07b0d2dcc8bc072c1adacf036612ccf773058fcf2b2af05f33ec034007669189d1a317a4af74c04fd2e0ed740c816298151", @ANYRES8], 0xc, 0x0, &(0x7f0000000000)) renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 394.701119ms ago: executing program 1 (id=1652): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[], 0x50) r1 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x8, 0x3, 0x2c8, 0x158, 0x11, 0x148, 0x158, 0x0, 0x230, 0x2a8, 0x2a8, 0x230, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x110, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x10, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x4, 0x18}}}, @common=@unspec=@limit={{0x48}, {0x5, 0x5, 0x4, 0x3, 0x9, 0x3, 0xfffffffffffffff8}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @multicast1, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x12, 0x9, 0x5, 0x1, 'netbios-ns\x00', 'syz0\x00', {0x4a7}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328) creat(&(0x7f00000002c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1b, 0xc, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000018000000000000000000000000000000ef6fbae3b2235785882fb66baa2619a3db344c19183232f751c0266f7e7d5f7d76c384a8806d284916e6b1063c6bcf21855b9d60c5046ece356a88d802e3ef04fcf51ad81b174b25b6d11e1807f8b2b91c17a55244c27750188ac3ace0f4d857291f703c8336877175d621fe9d2da67b89727148a890c472e204f77d2c61666e72af5e24676d494ac9564c4419de964b66005c307be371bd5b2864b02d6e425d1e6d4cb2d356b86e5e9c99841cc51d131843d4cef1e3878f29e1d7d6e59500"/224, @ANYBLOB="7c00ef162a64d318e3cdbb2be740ec315f0a81c7fbf6567b13a65b626a3a87a8b3dc42ab8cfdde9a859e1de179abda9c37dd3bc3586dcae4c33e150ec3ee3aed070c72391be939cadc9e4f4712de4dfc2b4101b10ebdb72a1b93c79266bc21b7e320cf7a8090fc8e513c78d165141847543b5b5a7574a5cec3", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095", @ANYRES8=r4, @ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r0}, 0xfffffffffffffcbf) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r6 = socket(0x10, 0x80003, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000feffff18110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10) write(r6, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85) close_range(r6, r6, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='setgroups\x00') pipe2(&(0x7f0000000380), 0x800) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r9}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3df57690bc6afd4cecd167709475a9f4012838f05a7a740f8597e8ee5612cd9861572e6fc4c32fd8cfec1062e667d666aa92670391081b44802f129145e347f83fbfe6e999f0bf75d8641b433d250d6b8d9f963431c01aef332abab208ad8a0e800e8e4ea376bca799ad7d3f431c32db28ba00a262c8b9c8711198e29bc12ea8a5831a42ba8c34edde7854b8ba2b8776a48ae20c5e537d15ed49c0f082bbea0e86df7b1f1b", @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB=',\x00']) 392.78661ms ago: executing program 3 (id=1653): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) 267.485272ms ago: executing program 2 (id=1654): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000007c0)={[{@nodioread_nolock}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x3}}]}, 0x1, 0x46f, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==") 174.515172ms ago: executing program 3 (id=1655): syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000280), 0x1, 0x1fd, &(0x7f00000002c0)="$eJzs3D1rU18cB/Dzb/vvQ6QPk6CLB110uWh9BUFaEANKbUQdlFuaakhMSm7ARBw6O/k6iqObIL6Bvgu3IkinTkbapI9WXWyj5POBcL7hS+AcQsLvBnI3H759UVnJkpW0GYbGYxgKYS1shzCzk3r+661Du3k0HLYWrj1Nt97cf/T4Tr5QmFuIcT6/eHM2xjh16ePL1+8uf2qee/B+6sNY2Jh5svl19vPG+Y0Lm98Wn5ezWM5ird6MaVyq15vpUrUUl8tZJYnxXrWUZqVYrmWlxpF+pVpfXW3HtLY8mVttlLIsprV2rJTasVmPzUY7ps/Sci0mSRInc4HfKa4vLKT5fu+C09Vo5NPhEMLED01xvS8bAgD6yvw/yMz/g2Bn/s/1Pr9Hmf8BAAAAAAAAAAAAAOBfsN3pTHc6nem9de8xFkIYDyHsPe/3Pjkd3v/BduiPe+MhfFlrFVvF7trt528X5q7HXTMHr9pqtYrD+/2Nbh+P9v+HXK+fPbEfDVevdPud7tbdwrF+Iiyf/vEBAABgICRx34nX90nys76bDv0+cOz6fSRcHDmzYwAAAAC/kLVfVdJqtdQQBEHYD/3+ZgIAAP60g6G/3zsBAAAAAAAAAAAAAAAAAACAwXUWtxPr9xkBAAAAAAAAAAAAAAAAAAAAAADgb/E9AAD//xRs0OA=") r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) 0s ago: executing program 3 (id=1656): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a38000000030a030000000000000000000a0000090c00024000000000000000010900030073790400000000000900010073797a310000000014000000110001"], 0x60}, 0x1, 0x0, 0x0, 0x4000850}, 0x490) kernel console output (not intermixed with test programs): 348][ T8105] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 183.107182][ T8107] loop2: detected capacity change from 0 to 512 [ 183.113737][ T8105] EXT4-fs (loop1): orphan cleanup on readonly fs [ 183.122267][ T8105] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #16: comm syz.1.862: invalid indirect mapped block 4294967295 (level 0) [ 183.152749][ T8105] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #16: comm syz.1.862: invalid indirect mapped block 4294967295 (level 1) [ 183.194439][ T8105] EXT4-fs (loop1): 1 orphan inode deleted [ 183.200259][ T8105] EXT4-fs (loop1): 1 truncate cleaned up [ 183.250143][ T8105] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 183.292915][ T8107] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.861: couldn't read orphan inode 26 (err -116) [ 183.316473][ T8107] EXT4-fs (loop2): Remounting filesystem read-only [ 183.345817][ T8107] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.499638][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.506073][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.684461][ T8124] netlink: 'syz.3.871': attribute type 3 has an invalid length. [ 183.706628][ T8122] loop2: detected capacity change from 0 to 512 [ 183.737107][ T8122] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 183.788306][ T8122] EXT4-fs (loop2): 1 orphan inode deleted [ 183.800946][ T8122] EXT4-fs (loop2): 1 truncate cleaned up [ 183.808008][ T8122] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.896313][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.926805][ T8133] netlink: 12 bytes leftover after parsing attributes in process `syz.1.873'. [ 184.058700][ T8136] gretap1: entered promiscuous mode [ 184.068420][ T8138] loop3: detected capacity change from 0 to 128 [ 184.097553][ T8138] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 184.198483][ T5766] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 184.359447][ T8151] loop1: detected capacity change from 0 to 512 [ 184.408732][ T8151] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.512180][ T8151] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #2: comm syz.1.881: corrupted inode contents [ 184.592262][ T8151] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #2: comm syz.1.881: mark_inode_dirty error [ 184.625996][ T8151] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #2: comm syz.1.881: corrupted inode contents [ 184.707765][ T8160] loop2: detected capacity change from 0 to 512 [ 184.725740][ T8160] EXT4-fs: Ignoring removed orlov option [ 184.750859][ T8160] EXT4-fs: Ignoring removed mblk_io_submit option [ 184.761956][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.780944][ T8160] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 184.841581][ T8160] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.884: attempt to clear invalid blocks 2 len 1 [ 184.899957][ T8160] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 184.922654][ T8160] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.884: invalid indirect mapped block 1819239214 (level 0) [ 184.942785][ T8160] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.884: invalid indirect mapped block 1819239214 (level 1) [ 184.981609][ T8160] EXT4-fs (loop2): 1 truncate cleaned up [ 185.001928][ T8160] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 185.015807][ T8165] loop0: detected capacity change from 0 to 1024 [ 185.073316][ T8165] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 185.090779][ T8160] xt_hashlimit: max too large, truncated to 1048576 [ 185.211539][ T8171] loop1: detected capacity change from 0 to 1764 [ 185.265742][ T8171] ISOFS: unable to read i-node block [ 185.316007][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.448576][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.636129][ T8179] atomic_op ffff88807e563998 conn xmit_atomic 0000000000000000 [ 185.829234][ T8189] loop0: detected capacity change from 0 to 512 [ 185.886449][ T8189] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 185.944033][ T8197] netlink: 4 bytes leftover after parsing attributes in process `syz.1.899'. [ 186.024808][ T27] kauditd_printk_skb: 194 callbacks suppressed [ 186.024823][ T27] audit: type=1800 audit(185.987:2760): pid=8199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.896" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 186.736813][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.119764][ T8232] netlink: 8 bytes leftover after parsing attributes in process `syz.2.915'. [ 187.165148][ T8232] netlink: 'syz.2.915': attribute type 5 has an invalid length. [ 187.211015][ T8232] netlink: 12 bytes leftover after parsing attributes in process `syz.2.915'. [ 187.251548][ T27] audit: type=1326 audit(187.207:2761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff32658f749 code=0x7ffc0000 [ 187.287697][ T8232] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 187.296040][ T8232] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 187.304312][ T8232] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 187.312583][ T8232] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 187.336970][ T27] audit: type=1326 audit(187.207:2762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff32658f749 code=0x7ffc0000 [ 187.381340][ T27] audit: type=1326 audit(187.237:2763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff32658f749 code=0x7ffc0000 [ 187.441967][ T27] audit: type=1326 audit(187.237:2764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff32658f749 code=0x7ffc0000 [ 187.491544][ T27] audit: type=1326 audit(187.237:2765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff32658f749 code=0x7ffc0000 [ 187.589629][ T27] audit: type=1326 audit(187.237:2766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff32658f749 code=0x7ffc0000 [ 187.634359][ T27] audit: type=1326 audit(187.237:2767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff32658f749 code=0x7ffc0000 [ 187.696449][ T27] audit: type=1326 audit(187.237:2768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff32658f749 code=0x7ffc0000 [ 187.747749][ T8244] loop9: detected capacity change from 0 to 7 [ 187.754859][ T27] audit: type=1326 audit(187.237:2769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8235 comm="syz.0.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff32658f749 code=0x7ffc0000 [ 187.800935][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.810168][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.835171][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.844491][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.860628][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.869830][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.879724][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.888978][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.897447][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.906707][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.916237][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.925482][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.937711][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.946989][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.954917][ T8244] ldm_validate_partition_table(): Disk read failed. [ 187.966172][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.975372][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 187.984606][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.993821][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.005533][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 188.014718][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.036847][ T8244] Dev loop9: unable to read RDB block 0 [ 188.050292][ T8244] loop9: unable to read partition table [ 188.056719][ T8244] loop9: partition table beyond EOD, truncated [ 188.077109][ T8244] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 188.077109][ T8244] ) failed (rc=-5) [ 188.336896][ T8257] program syz.2.925 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 188.418223][ T8259] loop0: detected capacity change from 0 to 512 [ 188.428917][ T8259] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 188.634719][ T8259] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #16: comm syz.0.928: invalid indirect mapped block 4294967295 (level 0) [ 188.678044][ T8259] EXT4-fs (loop0): Remounting filesystem read-only [ 188.698998][ T8259] EXT4-fs (loop0): 1 orphan inode deleted [ 188.723797][ T8259] EXT4-fs (loop0): 1 truncate cleaned up [ 188.772227][ T8259] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.859837][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.082309][ T8274] loop3: detected capacity change from 0 to 2048 [ 189.170157][ T8274] Alternate GPT is invalid, using primary GPT. [ 189.178429][ T8276] loop1: detected capacity change from 0 to 128 [ 189.184955][ T8274] loop3: p1 p2 p3 [ 189.189479][ T8274] loop3: partition table partially beyond EOD, truncated [ 189.278797][ T5136] Alternate GPT is invalid, using primary GPT. [ 189.303001][ T5136] loop3: p1 p2 p3 [ 189.312837][ T5136] loop3: partition table partially beyond EOD, truncated [ 189.473577][ T5780] udevd[5780]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 189.486392][ T5784] udevd[5784]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 189.514377][ T7150] udevd[7150]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 189.535339][ T8282] xt_hashlimit: Unknown mode mask C4, kernel too old? [ 189.596776][ T5784] udevd[5784]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 189.616052][ T7151] udevd[7151]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 189.636474][ T5780] udevd[5780]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 189.704357][ T8284] loop1: detected capacity change from 0 to 1024 [ 189.741836][ T8284] EXT4-fs: Ignoring removed nomblk_io_submit option [ 189.748509][ T8284] ext3: Unknown parameter 'uid>00000000000000000000' [ 190.962688][ T8299] loop2: detected capacity change from 0 to 4096 [ 190.982942][ T8301] mmap: syz.3.946 (8301) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 191.014381][ T8299] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.218850][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.300698][ T6031] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 191.312282][ T27] kauditd_printk_skb: 89 callbacks suppressed [ 191.312296][ T27] audit: type=1326 audit(191.277:2859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8312 comm="syz.2.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 191.348199][ T27] audit: type=1326 audit(191.307:2860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8312 comm="syz.2.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 191.378036][ T27] audit: type=1326 audit(191.307:2861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8312 comm="syz.2.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 191.474606][ T27] audit: type=1326 audit(191.307:2862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8312 comm="syz.2.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 191.503696][ T27] audit: type=1326 audit(191.307:2863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8312 comm="syz.2.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 191.538341][ T27] audit: type=1326 audit(191.307:2864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8312 comm="syz.2.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 191.564522][ T27] audit: type=1326 audit(191.307:2865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8312 comm="syz.2.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 191.593017][ T6031] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 191.602691][ T6031] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.625806][ T6031] usb 4-1: Product: syz [ 191.630022][ T6031] usb 4-1: Manufacturer: syz [ 191.636705][ T27] audit: type=1326 audit(191.307:2866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8312 comm="syz.2.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 191.658788][ T6031] usb 4-1: SerialNumber: syz [ 191.668582][ T27] audit: type=1326 audit(191.307:2867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8312 comm="syz.2.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 191.696836][ T27] audit: type=1326 audit(191.307:2868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8312 comm="syz.2.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 192.159294][ T8315] loop2: detected capacity change from 0 to 1024 [ 192.167769][ T8319] tipc: Resetting bearer [ 192.182811][ T8319] tipc: Resetting bearer [ 192.213662][ T8315] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.953: Failed to acquire dquot type 0 [ 192.230271][ T7211] lo speed is unknown, defaulting to 1000 [ 192.247240][ T8315] EXT4-fs (loop2): 1 truncate cleaned up [ 192.271193][ T8315] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.315567][ T8327] netlink: 8 bytes leftover after parsing attributes in process `gtp'. [ 192.607627][ T8333] netlink: 48 bytes leftover after parsing attributes in process `syz.0.959'. [ 192.627938][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.814211][ T8342] IPVS: sync thread started: state = BACKUP, mcast_ifn = macvlan0, syncid = 0, id = 0 [ 192.815807][ T8340] IPVS: stopping backup sync thread 8342 ... [ 193.022680][ T8347] netlink: 32 bytes leftover after parsing attributes in process `syz.2.966'. [ 193.164900][ T8350] loop0: detected capacity change from 0 to 512 [ 193.207426][ T8352] loop2: detected capacity change from 0 to 512 [ 193.219161][ T8350] EXT4-fs (loop0): too many log groups per flexible block group [ 193.227923][ T8352] ext4: Unknown parameter 'smackfshat' [ 193.240873][ T8350] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 193.247877][ T8350] EXT4-fs (loop0): mount failed [ 194.054886][ T6031] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 194.071797][ T6031] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 194.087051][ T6031] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 194.098801][ T6031] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 194.122071][ T6031] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 194.149294][ T6031] lan78xx: probe of 4-1:1.0 failed with error -71 [ 194.190419][ T6031] usb 4-1: USB disconnect, device number 6 [ 194.239082][ T8380] lo speed is unknown, defaulting to 1000 [ 194.343502][ T8379] netlink: 28 bytes leftover after parsing attributes in process `syz.1.980'. [ 194.374185][ T8379] netem: change failed [ 195.320694][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.327548][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.507420][ T8389] netlink: 12 bytes leftover after parsing attributes in process `syz.0.982'. [ 195.805709][ T8400] loop2: detected capacity change from 0 to 512 [ 195.898300][ T8400] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.149433][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.278316][ T8416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.993'. [ 196.319276][ T8416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.993'. [ 196.351097][ T8416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.993'. [ 196.384190][ T8416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.993'. [ 197.009255][ T8441] loop0: detected capacity change from 0 to 512 [ 197.039120][ T8441] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 197.108145][ T8443] loop1: detected capacity change from 0 to 512 [ 197.118953][ T8441] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 197.194305][ T8443] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 197.327298][ T8443] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.1001: Allocating blocks 41-42 which overlap fs metadata [ 197.374792][ T8443] __quota_error: 257 callbacks suppressed [ 197.374807][ T8443] Quota error (device loop1): write_blk: dquota write failed [ 197.389580][ T8443] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5 [ 197.402223][ T8443] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.1001: Allocating blocks 41-42 which overlap fs metadata [ 197.419484][ T8443] Quota error (device loop1): write_blk: dquota write failed [ 197.443097][ T8443] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 197.453327][ T8443] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1001: Failed to acquire dquot type 1 [ 197.470685][ T8443] EXT4-fs error (device loop1): mb_free_blocks:1938: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 197.495958][ T8443] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #12: comm syz.1.1001: corrupted inode contents [ 197.544964][ T8443] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #12: comm syz.1.1001: mark_inode_dirty error [ 197.582395][ T8443] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #12: comm syz.1.1001: corrupted inode contents [ 197.608210][ T8443] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #12: comm syz.1.1001: mark_inode_dirty error [ 197.643047][ T8443] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #12: comm syz.1.1001: corrupted inode contents [ 197.668606][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.672862][ T8443] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem [ 197.693901][ T8443] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #12: comm syz.1.1001: corrupted inode contents [ 197.719208][ T8461] loop3: detected capacity change from 0 to 4096 [ 197.743000][ T8461] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 197.767866][ T8443] EXT4-fs error (device loop1): ext4_truncate:4294: inode #12: comm syz.1.1001: mark_inode_dirty error [ 197.789887][ T8461] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 197.806751][ T8443] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem [ 197.818752][ T8443] EXT4-fs (loop1): 1 truncate cleaned up [ 197.826075][ T8443] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 197.849159][ T8443] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.938825][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 197.955113][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 197.981355][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 197.988797][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.023264][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.036727][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.061389][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.096920][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.115992][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.142462][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.149897][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.160483][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.178788][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.201774][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.214179][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.234205][ T8472] syz.2.1014[8472] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 198.234332][ T8472] syz.2.1014[8472] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 198.245860][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.305649][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.321138][ T27] audit: type=1326 audit(198.277:3124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8471 comm="syz.2.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 198.340753][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.349161][ T8474] loop3: detected capacity change from 0 to 2048 [ 198.350324][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.371882][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.379443][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.390381][ T27] audit: type=1326 audit(198.327:3125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8471 comm="syz.2.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 198.417117][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.425428][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.433263][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.442360][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.449951][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.459834][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.470922][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.479484][ T27] audit: type=1326 audit(198.327:3126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8471 comm="syz.2.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 198.481162][ T8474] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 198.529492][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.537537][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.554007][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.565755][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.572807][ T27] audit: type=1326 audit(198.327:3127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8471 comm="syz.2.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 198.591577][ T7211] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 198.636563][ T27] audit: type=1326 audit(198.597:3128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8473 comm="syz.3.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 198.656968][ T7211] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [sy] on syz0 [ 198.678430][ T8474] bridge_slave_0: left allmulticast mode [ 198.690674][ T8474] bridge_slave_0: left promiscuous mode [ 198.696944][ T8474] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.705446][ T27] audit: type=1326 audit(198.627:3129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8473 comm="syz.3.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 198.736089][ T8474] bridge_slave_1: left allmulticast mode [ 198.743832][ T8474] bridge_slave_1: left promiscuous mode [ 198.749692][ T8474] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.839761][ T8474] bond0: (slave bond_slave_0): Releasing backup interface [ 198.858411][ T8484] fido_id[8484]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 198.873134][ T8474] bond0: (slave bond_slave_1): Releasing backup interface [ 198.897402][ T8474] team0: Port device team_slave_0 removed [ 198.910491][ T8474] team0: Port device team_slave_1 removed [ 198.922014][ T8474] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 198.931361][ T8474] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 198.941131][ T8485] netlink: 'syz.3.1013': attribute type 10 has an invalid length. [ 198.954435][ T8485] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1013'. [ 198.973444][ T8485] batman_adv: batadv0: Adding interface: virt_wifi0 [ 198.980305][ T8485] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 199.007849][ T8485] batman_adv: batadv0: Interface activated: virt_wifi0 [ 199.064354][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.238767][ T8493] loop3: detected capacity change from 0 to 512 [ 199.250700][ T8493] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 199.282395][ T8493] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.442254][ T8499] gtp0: entered promiscuous mode [ 199.447689][ T8499] gtp0: entered allmulticast mode [ 199.575574][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.615225][ T8503] syz.1.1022[8503] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 199.615412][ T8503] syz.1.1022[8503] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 199.630397][ T8503] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 200.048508][ T8512] pimreg: entered allmulticast mode [ 200.064689][ T8512] pimreg: left allmulticast mode [ 200.474216][ T8529] xt_hashlimit: max too large, truncated to 1048576 [ 200.481857][ T8529] xt_CT: You must specify a L4 protocol and not use inversions on it [ 200.509614][ T8530] loop2: detected capacity change from 0 to 512 [ 200.550395][ T8530] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 200.634301][ T8530] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.780164][ T8536] loop0: detected capacity change from 0 to 1024 [ 200.798021][ T8538] loop1: detected capacity change from 0 to 1024 [ 200.837140][ T8538] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.864787][ T8536] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.990357][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.031886][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.091923][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.876000][ T8569] sg_write: data in/out 49276/1 bytes for SCSI command 0x1c-- guessing data in; [ 201.876000][ T8569] program syz.1.1048 not setting count and/or reply_len properly [ 202.015575][ T8572] loop1: detected capacity change from 0 to 512 [ 202.033246][ T8572] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 202.087249][ T8572] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.199783][ T8577] loop2: detected capacity change from 0 to 512 [ 202.207229][ T8577] EXT4-fs: Ignoring removed oldalloc option [ 202.276532][ T8577] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.900826][ T8586] lo speed is unknown, defaulting to 1000 [ 203.344249][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.449132][ T8589] loop0: detected capacity change from 0 to 2048 [ 203.461129][ T27] kauditd_printk_skb: 15 callbacks suppressed [ 203.461142][ T27] audit: type=1326 audit(203.417:3145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8590 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 203.477398][ T8589] EXT4-fs: Ignoring removed mblk_io_submit option [ 203.539989][ T27] audit: type=1326 audit(203.417:3146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8590 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 203.574079][ T27] audit: type=1326 audit(203.417:3147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8590 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 203.605495][ T27] audit: type=1326 audit(203.417:3148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8590 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 203.635743][ T27] audit: type=1326 audit(203.457:3149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8590 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 203.646484][ T8589] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.659892][ T27] audit: type=1326 audit(203.457:3150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8590 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 203.691521][ T27] audit: type=1326 audit(203.457:3151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8590 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 203.713360][ T27] audit: type=1326 audit(203.457:3152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8590 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 203.735198][ T27] audit: type=1326 audit(203.457:3153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8590 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 203.757586][ T27] audit: type=1326 audit(203.457:3154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8590 comm="syz.3.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 204.051921][ T8603] loop1: detected capacity change from 0 to 1024 [ 204.073016][ T8603] EXT4-fs: Ignoring removed nobh option [ 204.078715][ T8603] EXT4-fs: inline encryption not supported [ 204.093182][ T8603] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 204.128343][ T8603] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 204.176209][ T6028] Process accounting resumed [ 204.196645][ T8603] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.1059: Allocating blocks 385-513 which overlap fs metadata [ 204.237884][ T8603] EXT4-fs (loop1): pa ffff88805d311658: logic 16, phys. 129, len 24 [ 204.246071][ T8603] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 8 [ 204.508594][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.531786][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.736506][ T8619] loop1: detected capacity change from 0 to 256 [ 204.916058][ T8621] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 205.006024][ T8621] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 205.049663][ T8624] loop3: detected capacity change from 0 to 1024 [ 205.074423][ T8624] EXT4-fs error (device loop3): ext4_orphan_get:1425: comm syz.3.1067: bad orphan inode 134217728 [ 205.097324][ T8624] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.147951][ T8621] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 205.247781][ T8621] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 205.319325][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.198516][ T8621] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 206.243989][ T8621] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 206.263344][ T8621] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 206.284966][ T8621] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 206.368701][ T8642] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1071'. [ 206.446710][ T8589] warn_alloc: 1 callbacks suppressed [ 206.446724][ T8589] syz.0.1054: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 206.514040][ T8589] CPU: 0 PID: 8589 Comm: syz.0.1054 Not tainted syzkaller #0 [ 206.521478][ T8589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 206.531573][ T8589] Call Trace: [ 206.534883][ T8589] [ 206.537859][ T8589] dump_stack_lvl+0x16c/0x230 [ 206.542623][ T8589] ? show_regs_print_info+0x20/0x20 [ 206.547894][ T8589] ? load_image+0x3b0/0x3b0 [ 206.552462][ T8589] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 206.558932][ T8589] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 206.565499][ T8589] warn_alloc+0x210/0x300 [ 206.569896][ T8589] ? zone_watermark_ok_safe+0x230/0x230 [ 206.575506][ T8589] ? _raw_spin_unlock+0x28/0x40 [ 206.580424][ T8589] __vmalloc_node_range+0x662/0x1320 [ 206.585784][ T8589] ? free_vm_area+0x50/0x50 [ 206.590328][ T8589] ? _raw_spin_unlock+0x28/0x40 [ 206.595265][ T8589] ? __kasan_kmalloc+0x8f/0xa0 [ 206.600083][ T8589] __vmalloc_node_range+0x568/0x1320 [ 206.605418][ T8589] ? hash_netiface_create+0x361/0xff0 [ 206.610845][ T8589] ? __asan_memset+0x22/0x40 [ 206.615530][ T8589] ? free_vm_area+0x50/0x50 [ 206.620058][ T8589] ? kvmalloc_node+0x70/0x180 [ 206.624756][ T8589] ? rcu_is_watching+0x15/0xb0 [ 206.629536][ T8589] ? kvmalloc_node+0x70/0x180 [ 206.634232][ T8589] ? trace_kmalloc+0x1f/0xa0 [ 206.638842][ T8589] kvmalloc_node+0x13f/0x180 [ 206.643454][ T8589] ? hash_netiface_create+0x361/0xff0 [ 206.648852][ T8589] hash_netiface_create+0x361/0xff0 [ 206.654072][ T8589] ? __lock_acquire+0x7c80/0x7c80 [ 206.659123][ T8589] ? __nla_parse+0x40/0x50 [ 206.663573][ T8589] ? hash_netport6_gc+0x570/0x570 [ 206.668621][ T8589] ip_set_create+0xa87/0x18e0 [ 206.673321][ T8589] ? ip_set_create+0x4b2/0x18e0 [ 206.678220][ T8589] ? ip_set_protocol+0x5d0/0x5d0 [ 206.683198][ T8589] ? trace_contention_end+0x39/0xe0 [ 206.688445][ T8589] nfnetlink_rcv_msg+0xb49/0x1130 [ 206.693495][ T8589] ? nfnetlink_rcv_msg+0x20e/0x1130 [ 206.698732][ T8589] ? nfnetlink_unbind+0x160/0x160 [ 206.703806][ T8589] ? load_balance+0x4174/0x54d0 [ 206.708685][ T8589] netlink_rcv_skb+0x216/0x480 [ 206.713464][ T8589] ? nfnetlink_unbind+0x160/0x160 [ 206.718510][ T8589] ? netlink_ack+0x1110/0x1110 [ 206.723295][ T8589] ? apparmor_capable+0x137/0x1a0 [ 206.728345][ T8589] ? bpf_lsm_capable+0x9/0x10 [ 206.733051][ T8589] ? security_capable+0x89/0xb0 [ 206.737932][ T8589] nfnetlink_rcv+0x274/0x2180 [ 206.742672][ T8589] ? mark_lock+0x94/0x320 [ 206.747051][ T8589] ? mark_lock+0x94/0x320 [ 206.751415][ T8589] ? __lock_acquire+0x1260/0x7c80 [ 206.756485][ T8589] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 206.762075][ T8589] ? kmalloc_reserve+0x95/0x240 [ 206.766983][ T8589] ? verify_lock_unused+0x140/0x140 [ 206.772231][ T8589] ? __netlink_lookup+0xbe/0x810 [ 206.777205][ T8589] ? netlink_deliver_tap+0x2e/0x1b0 [ 206.782434][ T8589] ? __lock_acquire+0x7c80/0x7c80 [ 206.787479][ T8589] ? net_generic+0x1e/0x240 [ 206.792013][ T8589] ? netlink_deliver_tap+0x2e/0x1b0 [ 206.797230][ T8589] netlink_unicast+0x751/0x8d0 [ 206.802029][ T8589] netlink_sendmsg+0x8c1/0xbe0 [ 206.806812][ T8589] ? netlink_getsockopt+0x580/0x580 [ 206.812024][ T8589] ? aa_sock_msg_perm+0x94/0x150 [ 206.816980][ T8589] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 206.822297][ T8589] ? security_socket_sendmsg+0x80/0xa0 [ 206.827774][ T8589] ? netlink_getsockopt+0x580/0x580 [ 206.833004][ T8589] ____sys_sendmsg+0x5bf/0x950 [ 206.837803][ T8589] ? __asan_memset+0x22/0x40 [ 206.842438][ T8589] ? __sys_sendmsg_sock+0x30/0x30 [ 206.847479][ T8589] ? __import_iovec+0x5f2/0x860 [ 206.852365][ T8589] ? import_iovec+0x73/0xa0 [ 206.856904][ T8589] ___sys_sendmsg+0x220/0x290 [ 206.861638][ T8589] ? __sys_sendmsg+0x270/0x270 [ 206.866462][ T8589] __se_sys_sendmsg+0x1a5/0x270 [ 206.871340][ T8589] ? __x64_sys_sendmsg+0x80/0x80 [ 206.876309][ T8589] ? lockdep_hardirqs_on+0x98/0x150 [ 206.881535][ T8589] do_syscall_64+0x55/0xb0 [ 206.885970][ T8589] ? clear_bhb_loop+0x40/0x90 [ 206.890668][ T8589] ? clear_bhb_loop+0x40/0x90 [ 206.895371][ T8589] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 206.901302][ T8589] RIP: 0033:0x7ff32658f749 [ 206.905759][ T8589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.925388][ T8589] RSP: 002b:00007ff3273b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 206.933817][ T8589] RAX: ffffffffffffffda RBX: 00007ff3267e5fa0 RCX: 00007ff32658f749 [ 206.941799][ T8589] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000008 [ 206.949795][ T8589] RBP: 00007ff326613f91 R08: 0000000000000000 R09: 0000000000000000 [ 206.957786][ T8589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 206.965776][ T8589] R13: 00007ff3267e6038 R14: 00007ff3267e5fa0 R15: 00007ffe30870938 [ 206.973778][ T8589] [ 206.997297][ T8575] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 207.034945][ T8575] EXT4-fs (loop0): Remounting filesystem read-only [ 207.043723][ T8589] Mem-Info: [ 207.046993][ T8589] active_anon:23317 inactive_anon:0 isolated_anon:0 [ 207.046993][ T8589] active_file:12723 inactive_file:39973 isolated_file:0 [ 207.046993][ T8589] unevictable:768 dirty:11 writeback:0 [ 207.046993][ T8589] slab_reclaimable:10303 slab_unreclaimable:135475 [ 207.046993][ T8589] mapped:27565 shmem:18924 pagetables:612 [ 207.046993][ T8589] sec_pagetables:0 bounce:0 [ 207.046993][ T8589] kernel_misc_reclaimable:0 [ 207.046993][ T8589] free:1254936 free_pcp:10687 free_cma:0 [ 207.160684][ T8589] Node 0 active_anon:93220kB inactive_anon:0kB active_file:50892kB inactive_file:159688kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:110264kB dirty:48kB writeback:0kB shmem:74164kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12112kB pagetables:2380kB sec_pagetables:0kB all_unreclaimable? no [ 207.212598][ T8652] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1077'. [ 207.237897][ T8652] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1077'. [ 207.252470][ T8589] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 207.287247][ T8654] loop2: detected capacity change from 0 to 512 [ 207.320644][ T8589] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 207.355716][ T8654] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 207.374129][ T8589] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 207.380089][ T8589] Node 0 DMA32 free:1115696kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:93768kB inactive_anon:0kB active_file:50892kB inactive_file:158384kB unevictable:1536kB writepending:48kB present:3129332kB managed:2589640kB mlocked:0kB bounce:0kB free_pcp:19252kB local_pcp:13472kB free_cma:0kB [ 207.430642][ T8654] EXT4-fs (loop2): orphan cleanup on readonly fs [ 207.440978][ T8589] lowmem_reserve[]: 0 0 1 1 1 [ 207.443236][ T8654] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4031: comm syz.2.1076: Allocating blocks 41-42 which overlap fs metadata [ 207.445767][ T8589] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1304kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 207.503055][ T8654] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4031: comm syz.2.1076: Allocating blocks 41-42 which overlap fs metadata [ 207.526217][ T8589] lowmem_reserve[]: 0 0 0 0 0 [ 207.538637][ T8589] Node 1 Normal free:3887928kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:25024kB local_pcp:18016kB free_cma:0kB [ 207.569254][ T8654] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1076: Failed to acquire dquot type 1 [ 207.580658][ T8589] lowmem_reserve[]: 0 0 0 0 0 [ 207.585713][ T8589] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 207.599112][ T8654] EXT4-fs error (device loop2): mb_free_blocks:1938: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 207.618805][ T8589] Node 0 DMA32: 2*4kB (UE) 1*8kB (M) 1*16kB (M) 1*32kB (U) 6*64kB (UME) 19*128kB (ME) 16*256kB (UM) 3*512kB (ME) 37*1024kB (UME) 30*2048kB (UME) 246*4096kB (UM) = 1115456kB [ 207.628500][ T8654] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #12: comm syz.2.1076: corrupted inode contents [ 207.654909][ T8589] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 207.698261][ T8654] EXT4-fs error (device loop2): ext4_dirty_inode:6120: inode #12: comm syz.2.1076: mark_inode_dirty error [ 207.718534][ T8589] Node 1 Normal: 282*4kB (UME) 60*8kB (UME) 51*16kB (UME) 72*32kB (UME) 13*64kB (UE) 5*128kB (UME) 1*256kB (E) 1*512kB (M) 0*1024kB 1*2048kB (E) 947*4096kB (UM) = 3887928kB [ 207.737031][ T8654] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #12: comm syz.2.1076: corrupted inode contents [ 207.747265][ T8589] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 207.773464][ T8654] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #12: comm syz.2.1076: mark_inode_dirty error [ 207.773611][ T8589] Node 0 hugepages_total=4 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 207.796606][ T8589] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 207.806597][ T8589] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 207.816489][ T8589] 71665 total pagecache pages [ 207.821471][ T8654] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #12: comm syz.2.1076: corrupted inode contents [ 207.843258][ T8589] 0 pages in swap cache [ 207.847645][ T8589] Free swap = 124692kB [ 207.852251][ T8589] Total swap = 124996kB [ 207.856466][ T8589] 2097051 pages RAM [ 207.860461][ T8589] 0 pages HighMem/MovableOnly [ 207.865218][ T8589] 416127 pages reserved [ 207.869405][ T8589] 0 pages cma reserved [ 207.884848][ T8654] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem [ 207.915445][ T8654] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #12: comm syz.2.1076: corrupted inode contents [ 207.942863][ T8654] EXT4-fs error (device loop2): ext4_truncate:4294: inode #12: comm syz.2.1076: mark_inode_dirty error [ 207.957855][ T8654] EXT4-fs error (device loop2) in ext4_process_orphan:343: Corrupt filesystem [ 207.981095][ T8654] EXT4-fs (loop2): 1 truncate cleaned up [ 207.988315][ T8654] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 208.014352][ T8654] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.067392][ T8652] team0 (unregistering): Port device team_slave_0 removed [ 208.114470][ T8652] team0 (unregistering): Port device team_slave_1 removed [ 208.185801][ T8658] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1078'. [ 208.218295][ T8658] vlan2: entered promiscuous mode [ 208.236647][ T8658] gretap0: entered promiscuous mode [ 208.959950][ T8667] loop2: detected capacity change from 0 to 512 [ 209.049492][ T8667] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.080170][ T8667] EXT4-fs error (device loop2): ext4_xattr_block_get:600: inode #15: comm syz.2.1082: corrupted xattr block 33: invalid checksum [ 209.114730][ T27] kauditd_printk_skb: 107 callbacks suppressed [ 209.114745][ T27] audit: type=1800 audit(209.077:3258): pid=8667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1082" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 209.224243][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.918878][ T8688] loop3: detected capacity change from 0 to 128 [ 210.114302][ T8688] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 210.233118][ T5766] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 210.450029][ T8691] loop3: detected capacity change from 0 to 1024 [ 210.482137][ T8691] EXT4-fs: Ignoring removed nobh option [ 210.487786][ T8691] EXT4-fs: inline encryption not supported [ 210.582296][ T8691] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 210.654437][ T8691] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.756279][ T8691] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4031: comm syz.3.1090: Allocating blocks 385-513 which overlap fs metadata [ 210.851385][ T8698] EXT4-fs (loop3): pa ffff88801fe5f910: logic 16, phys. 129, len 24 [ 210.859453][ T8698] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 8 [ 210.939255][ T8702] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1094'. [ 211.026562][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.170302][ T8707] loop3: detected capacity change from 0 to 512 [ 211.198175][ T8704] ALSA: seq fatal error: cannot create timer (-19) [ 211.216339][ T8707] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 211.254468][ T8707] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e118, mo2=0002] [ 211.267756][ T8707] EXT4-fs (loop3): orphan cleanup on readonly fs [ 211.304383][ T8707] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 211.337023][ T8707] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 211.388537][ T8707] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 211.405212][ T8707] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.1096: bg 0: block 40: padding at end of block bitmap is not set [ 211.440348][ T8707] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6637: Corrupt filesystem [ 211.459998][ T8707] EXT4-fs (loop3): 1 truncate cleaned up [ 211.483189][ T8707] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 211.803258][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.851290][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.052549][ T8715] cgroup: noprefix used incorrectly [ 212.090691][ T8719] netlink: 'syz.3.1098': attribute type 13 has an invalid length. [ 212.284591][ T8725] tipc: New replicast peer: 172.30.0.1 [ 212.305581][ T8729] loop3: detected capacity change from 0 to 1024 [ 212.321458][ T8725] tipc: Enabled bearer , priority 10 [ 212.335075][ T8729] EXT4-fs: Ignoring removed bh option [ 212.358026][ T8729] EXT4-fs: inline encryption not supported [ 212.372548][ T8729] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 212.424969][ T27] audit: type=1326 audit(212.387:3259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8731 comm="syz.1.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 212.475885][ T8729] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #3: block 1: comm syz.3.1106: lblock 1 mapped to illegal pblock 1 (length 1) [ 212.491686][ T27] audit: type=1326 audit(212.417:3260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8731 comm="syz.1.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 212.513944][ T27] audit: type=1326 audit(212.437:3261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8731 comm="syz.1.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 212.535952][ T27] audit: type=1326 audit(212.437:3262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8731 comm="syz.1.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 212.548838][ T8729] EXT4-fs (loop3): Remounting filesystem read-only [ 212.570880][ T27] audit: type=1326 audit(212.437:3263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8731 comm="syz.1.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 212.593704][ T8729] Quota error (device loop3): write_blk: dquota write failed [ 212.601573][ T27] audit: type=1326 audit(212.437:3264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8731 comm="syz.1.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 212.630668][ T8729] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 212.641886][ T8729] EXT4-fs (loop3): 1 orphan inode deleted [ 212.649002][ T8729] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 212.673611][ T8736] loop0: detected capacity change from 0 to 512 [ 212.686176][ T8736] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 212.736233][ T8736] EXT4-fs (loop0): 1 truncate cleaned up [ 212.750116][ T8736] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 212.886600][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.053676][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.260286][ T8755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1117'. [ 213.293776][ T8755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1117'. [ 213.315000][ T8755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1117'. [ 213.337491][ T8755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1117'. [ 213.599880][ T8760] lo speed is unknown, defaulting to 1000 [ 214.343996][ T8781] loop2: detected capacity change from 0 to 512 [ 214.423708][ T59] tipc: Disabling bearer [ 214.451121][ T59] tipc: Left network mode [ 214.460389][ T8781] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 214.512026][ T27] kauditd_printk_skb: 17 callbacks suppressed [ 214.512040][ T27] audit: type=1326 audit(214.477:3282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 214.624178][ T27] audit: type=1326 audit(214.497:3283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 214.651418][ T27] audit: type=1326 audit(214.517:3284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 214.673787][ T27] audit: type=1326 audit(214.517:3285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 214.696150][ T27] audit: type=1326 audit(214.517:3286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 214.729132][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.766468][ T27] audit: type=1326 audit(214.517:3287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 214.796611][ T8789] program syz.3.1132 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 214.836662][ T27] audit: type=1326 audit(214.517:3288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 214.959712][ T27] audit: type=1326 audit(214.517:3289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 215.030781][ T27] audit: type=1326 audit(214.517:3290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 215.120264][ T27] audit: type=1326 audit(214.517:3291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 215.203981][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 215.218841][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 215.235303][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 215.251492][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 215.259264][ T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 215.266855][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 215.463082][ T8812] netlink: 'syz.3.1138': attribute type 3 has an invalid length. [ 215.643899][ T8805] lo speed is unknown, defaulting to 1000 [ 215.875523][ T8822] netlink: 332 bytes leftover after parsing attributes in process `syz.3.1141'. [ 216.119981][ T8829] loop2: detected capacity change from 0 to 512 [ 216.142381][ T8829] ext4: Unknown parameter 'uid>00000000000000000000' [ 216.308754][ T8834] netlink: 'syz.2.1143': attribute type 4 has an invalid length. [ 216.335458][ T8834] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1143'. [ 216.356821][ T8837] random: crng reseeded on system resumption [ 216.369164][ T8834] .`: renamed from bond0 [ 216.705717][ T8805] chnl_net:caif_netlink_parms(): no params data found [ 216.791344][ T59] hsr_slave_0: left promiscuous mode [ 216.807144][ T59] hsr_slave_1: left promiscuous mode [ 216.825194][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 216.844451][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 216.853133][ T59] bridge_slave_1: left allmulticast mode [ 216.859095][ T59] bridge_slave_1: left promiscuous mode [ 216.898258][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.916824][ T59] bridge_slave_0: left allmulticast mode [ 216.929883][ T59] bridge_slave_0: left promiscuous mode [ 216.947976][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.013785][ T8853] loop1: detected capacity change from 0 to 2048 [ 217.049872][ T8853] loop1: p1 < > p4 [ 217.071917][ T8853] loop1: p4 size 8388608 extends beyond EOD, truncated [ 217.342647][ T51] Bluetooth: hci1: command tx timeout [ 217.527660][ T5780] udevd[5780]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 217.546508][ T7151] udevd[7151]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 217.939723][ T59] team0 (unregistering): Port device team_slave_1 removed [ 217.987305][ T59] team0 (unregistering): Port device team_slave_0 removed [ 218.037391][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 218.125624][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 218.884785][ T8893] (null): rxe_set_mtu: Set mtu to 1024 [ 219.002594][ T59] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 219.012286][ T59] bond0 (unregistering): Released all slaves [ 219.355304][ T8805] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.377924][ T8805] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.415931][ T8805] bridge_slave_0: entered allmulticast mode [ 219.427823][ T51] Bluetooth: hci1: command tx timeout [ 219.446117][ T8805] bridge_slave_0: entered promiscuous mode [ 219.455575][ T8805] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.463472][ T8805] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.471654][ T8805] bridge_slave_1: entered allmulticast mode [ 219.479075][ T8805] bridge_slave_1: entered promiscuous mode [ 219.605306][ T8910] loop1: detected capacity change from 0 to 1024 [ 219.636674][ T8910] EXT4-fs: Ignoring removed oldalloc option [ 219.662001][ T8805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.679148][ T8910] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 219.708997][ T8805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.779307][ T8910] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 219.939714][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.970233][ T8893] infiniband !yz!: set down [ 219.982828][ T8805] team0: Port device team_slave_0 added [ 220.012702][ T8893] infiniband !yz!: added team_slave_0 [ 220.015711][ T8805] team0: Port device team_slave_1 added [ 220.034294][ T8893] !yz!: rxe_create_cq: returned err = -12 [ 220.040442][ T8893] infiniband !yz!: Couldn't create ib_mad CQ [ 220.105048][ T8893] infiniband !yz!: Couldn't open port 1 [ 220.199452][ T8805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 220.218642][ T8893] RDS/IB: !yz!: added [ 220.227232][ T8805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.228632][ T8927] program syz.3.1172 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 220.271391][ T8893] smc: adding ib device !yz! with port count 1 [ 220.291129][ T8893] smc: ib device !yz! port 1 has pnetid [ 220.302490][ T8805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 220.342243][ T8805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 220.367587][ T8805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.408566][ T8805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 220.603643][ T8805] hsr_slave_0: entered promiscuous mode [ 220.624310][ T8805] hsr_slave_1: entered promiscuous mode [ 220.637798][ T8805] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 220.652271][ T8805] Cannot create hsr debugfs directory [ 220.757380][ T27] kauditd_printk_skb: 223 callbacks suppressed [ 220.757396][ T27] audit: type=1326 audit(220.717:3515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.1.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 220.832211][ T27] audit: type=1326 audit(220.767:3516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.1.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 220.853977][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.887262][ T27] audit: type=1326 audit(220.767:3517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.1.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 220.914657][ T27] audit: type=1326 audit(220.767:3518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.1.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 220.956057][ T27] audit: type=1326 audit(220.767:3519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.1.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 220.995818][ T27] audit: type=1326 audit(220.767:3520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.1.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 221.018070][ T27] audit: type=1326 audit(220.767:3521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.1.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 221.040374][ T27] audit: type=1326 audit(220.767:3522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.1.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 221.065690][ T8943] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1177'. [ 221.090154][ T27] audit: type=1326 audit(220.767:3523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.1.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 221.117662][ T27] audit: type=1326 audit(220.767:3524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8940 comm="syz.1.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421118f749 code=0x7ffc0000 [ 221.139406][ C0] vkms_vblank_simulate: vblank timer overrun [ 221.239951][ T8945] loop3: detected capacity change from 0 to 512 [ 221.278380][ T8945] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 221.292599][ T8945] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01c, mo2=0002] [ 221.301372][ T8945] EXT4-fs (loop3): orphan cleanup on readonly fs [ 221.332388][ T8945] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #13: comm syz.3.1178: iget: bad i_size value: 12154761577498 [ 221.354800][ T8945] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.1178: couldn't read orphan inode 13 (err -117) [ 221.462909][ T8945] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 221.511490][ T51] Bluetooth: hci1: command tx timeout [ 221.624581][ T8805] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 221.642397][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.686812][ T8805] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 221.752600][ T8805] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 221.785321][ T8805] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 221.832000][ T8956] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1180'. [ 222.029033][ T8805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.074377][ T8805] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.099844][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.107087][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.147260][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.154486][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.792165][ T8805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.066288][ T8996] syzkaller0: entered promiscuous mode [ 223.084880][ T8996] syzkaller0: entered allmulticast mode [ 223.583845][ T51] Bluetooth: hci1: command tx timeout [ 226.110687][ T9026] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1196'. [ 226.331525][ T8805] veth0_vlan: entered promiscuous mode [ 226.338238][ T9033] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1197'. [ 226.401618][ T8805] veth1_vlan: entered promiscuous mode [ 226.485943][ T8805] veth0_macvtap: entered promiscuous mode [ 226.515027][ T8805] veth1_macvtap: entered promiscuous mode [ 226.564422][ T8805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 226.580292][ T8805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.604405][ T8805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 226.631856][ T8805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 226.665555][ T8805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.685156][ T8805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 226.714197][ T8805] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.732179][ T9047] syz.3.1202[9047] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 226.732298][ T9047] syz.3.1202[9047] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 226.750784][ T8805] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.815748][ T8805] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.840857][ T8805] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.041827][ T9061] syz.3.1206[9061] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 227.041960][ T9061] syz.3.1206[9061] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 227.201997][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.209974][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.336504][ T2105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.381376][ T2105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.067788][ T9095] syz.1.1217[9095] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 228.067932][ T9095] syz.1.1217[9095] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 228.136378][ T9097] loop3: detected capacity change from 0 to 512 [ 228.180949][ T9095] loop1: detected capacity change from 0 to 512 [ 228.216028][ T9095] __quota_error: 320 callbacks suppressed [ 228.216045][ T9095] Quota error (device loop1): v2_read_file_info: Free block number 1 out of range (1, 6). [ 228.245611][ T9097] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.318873][ T9095] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 228.376744][ T9095] EXT4-fs (loop1): mount failed [ 228.390607][ T27] audit: type=1326 audit(228.347:3845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9096 comm="syz.3.1218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 228.473263][ T27] audit: type=1326 audit(228.377:3846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9096 comm="syz.3.1218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 228.516169][ T27] audit: type=1326 audit(228.377:3847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9096 comm="syz.3.1218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 228.544197][ T27] audit: type=1326 audit(228.387:3848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9096 comm="syz.3.1218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 228.568184][ T27] audit: type=1326 audit(228.387:3849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9096 comm="syz.3.1218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 228.591988][ T27] audit: type=1326 audit(228.387:3850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9096 comm="syz.3.1218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 228.617671][ T27] audit: type=1326 audit(228.387:3851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9096 comm="syz.3.1218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 228.641202][ T27] audit: type=1326 audit(228.387:3852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9096 comm="syz.3.1218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 228.680621][ T27] audit: type=1326 audit(228.387:3853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9096 comm="syz.3.1218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 228.881810][ T9120] loop1: detected capacity change from 0 to 164 [ 228.901753][ T9120] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 228.963180][ T9120] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 229.013215][ T9120] Symlink component flag not implemented [ 229.039672][ T9120] Symlink component flag not implemented [ 229.053471][ T9120] Symlink component flag not implemented (7) [ 229.079204][ T9120] Symlink component flag not implemented (116) [ 229.142812][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.678814][ T9137] 8021q: adding VLAN 0 to HW filter on device .` [ 229.725917][ T9137] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.738403][ T9137] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 229.761526][ T9145] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1228'. [ 229.780061][ T9145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.799093][ T9145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 230.046987][ T9161] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1236'. [ 230.623775][ T9184] loop1: detected capacity change from 0 to 512 [ 230.631621][ T9184] EXT4-fs: Ignoring removed bh option [ 230.651204][ T9184] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 230.705981][ T9184] EXT4-fs (loop1): 1 truncate cleaned up [ 230.754608][ T9193] syz.2.1245[9193] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 230.754745][ T9193] syz.2.1245[9193] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 230.775269][ T9184] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.985293][ T9196] loop3: detected capacity change from 0 to 1024 [ 230.998634][ T9196] EXT4-fs: Ignoring removed oldalloc option [ 231.031528][ T9196] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 231.217024][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.277029][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.447071][ T9203] loop3: detected capacity change from 0 to 128 [ 231.486831][ T9205] loop1: detected capacity change from 0 to 1024 [ 231.513441][ T9205] EXT4-fs: inline encryption not supported [ 231.534844][ T9205] EXT4-fs: Ignoring removed mblk_io_submit option [ 231.566606][ T9205] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 231.625126][ T9205] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 231.786560][ T9214] loop4: detected capacity change from 0 to 128 [ 231.848511][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.959825][ T9214] syz.4.1250: attempt to access beyond end of device [ 231.959825][ T9214] loop4: rw=2049, sector=138, nr_sectors = 64 limit=128 [ 232.100359][ T9223] loop2: detected capacity change from 0 to 512 [ 232.156227][ T9223] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 232.203021][ T9223] EXT4-fs (loop2): mount failed [ 232.279153][ T9231] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1255'. [ 232.649374][ T9245] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1261'. [ 232.660325][ T9247] syz_tun: entered allmulticast mode [ 232.675136][ T9245] IPVS: Error connecting to the multicast addr [ 232.958327][ T9258] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1266'. [ 233.153187][ T9263] xt_hashlimit: max too large, truncated to 1048576 [ 233.234071][ T9268] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1270'. [ 233.288690][ T9263] xt_CT: No such helper "netbios-ns" [ 233.313801][ T9270] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1270'. [ 233.648834][ T9281] loop2: detected capacity change from 0 to 512 [ 233.689283][ T9281] EXT4-fs: Ignoring removed nobh option [ 233.732482][ T9281] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 233.758233][ T9281] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.1275: invalid indirect mapped block 256 (level 1) [ 233.794258][ T9281] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.1275: invalid indirect mapped block 2683928664 (level 1) [ 233.871748][ T9281] EXT4-fs (loop2): 1 truncate cleaned up [ 233.885066][ T9281] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 233.900190][ T9289] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1277'. [ 233.995474][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.096840][ T27] kauditd_printk_skb: 282 callbacks suppressed [ 234.096855][ T27] audit: type=1326 audit(234.057:4135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9296 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 234.158135][ T27] audit: type=1326 audit(234.087:4136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9296 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 234.210708][ T27] audit: type=1326 audit(234.087:4137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9296 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 234.242524][ T9298] loop3: detected capacity change from 0 to 128 [ 234.283022][ T9301] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1284'. [ 234.299407][ T27] audit: type=1326 audit(234.087:4138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9296 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 234.325514][ T9303] syzkaller0: entered allmulticast mode [ 234.337605][ T27] audit: type=1326 audit(234.087:4139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9296 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 234.414710][ T27] audit: type=1326 audit(234.087:4140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9296 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 234.418759][ T9298] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 234.448914][ T27] audit: type=1326 audit(234.087:4141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9296 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 234.453901][ T9303] syzkaller0 (unregistering): left allmulticast mode [ 234.472034][ T27] audit: type=1326 audit(234.087:4142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9296 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 234.535823][ T27] audit: type=1326 audit(234.087:4143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9296 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 234.576333][ T27] audit: type=1326 audit(234.087:4144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9296 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 234.599827][ T9308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1280'. [ 234.613207][ T9308] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1280'. [ 234.631706][ T9312] loop2: detected capacity change from 0 to 512 [ 234.694924][ T9312] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 234.764211][ T5766] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 234.954290][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.987028][ T6020] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 235.041734][ T6020] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 235.102875][ T9324] loop4: detected capacity change from 0 to 512 [ 235.147594][ T9324] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 235.206497][ T9324] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.331232][ T9334] xt_CT: No such helper "pptp" [ 235.376331][ T9337] loop1: detected capacity change from 0 to 512 [ 235.451462][ T9337] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.515743][ T9343] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1297'. [ 235.537948][ T8805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.654271][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.817141][ T9351] : entered promiscuous mode [ 235.953131][ T9353] loop1: detected capacity change from 0 to 1024 [ 235.960492][ T9353] EXT4-fs: Ignoring removed orlov option [ 236.017354][ T9353] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 236.304872][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.366132][ T9363] loop4: detected capacity change from 0 to 1024 [ 236.528086][ T9368] loop1: detected capacity change from 0 to 2048 [ 236.582480][ T9368] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 236.667707][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.737554][ T9373] loop3: detected capacity change from 0 to 512 [ 236.815441][ T9373] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 237.049070][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.368545][ T9381] __nla_validate_parse: 2 callbacks suppressed [ 237.368561][ T9381] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1313'. [ 237.407606][ T9381] loop1: detected capacity change from 0 to 512 [ 237.456548][ T5780] blk_print_req_error: 9 callbacks suppressed [ 237.456563][ T5780] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 237.672824][ T9405] loop3: detected capacity change from 0 to 512 [ 237.713684][ T9405] EXT4-fs (loop3): Cannot use DAX on a filesystem that may contain inline data [ 237.929378][ T9417] loop4: detected capacity change from 0 to 512 [ 238.052864][ T9417] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 238.176137][ T8805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.246465][ T9429] tipc: Resetting bearer [ 238.364112][ T9435] siw: device registration error -23 [ 238.369977][ T9429] tipc: Disabling bearer [ 238.391939][ T9435] netlink: 12 bytes leftover after parsing attributes in process `wޣ'. [ 238.685905][ T9447] Falling back ldisc for ptm0. [ 238.718564][ T9449] loop2: detected capacity change from 0 to 1024 [ 238.734644][ T9449] EXT4-fs: inline encryption not supported [ 238.757890][ T9449] EXT4-fs: Ignoring removed oldalloc option [ 238.772457][ T9449] EXT4-fs: Ignoring removed orlov option [ 238.829705][ T9449] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 238.944513][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.106066][ T9463] loop2: detected capacity change from 0 to 512 [ 239.171658][ T9463] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.194423][ T9436] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 239.336879][ T9471] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 239.343486][ T9471] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 239.359173][ T9471] vhci_hcd vhci_hcd.0: Device attached [ 239.365711][ T9472] vhci_hcd: connection closed [ 239.367591][ T12] vhci_hcd: stop threads [ 239.380724][ T12] vhci_hcd: release socket [ 239.390099][ T12] vhci_hcd: disconnect device [ 239.405140][ T9475] loop3: detected capacity change from 0 to 256 [ 239.443609][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.557120][ T9482] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1346'. [ 239.580764][ T27] kauditd_printk_skb: 97 callbacks suppressed [ 239.580779][ T27] audit: type=1326 audit(239.537:4242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9479 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 239.628346][ T27] audit: type=1326 audit(239.537:4243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9479 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 239.652732][ T27] audit: type=1326 audit(239.537:4244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9479 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 239.676220][ T27] audit: type=1326 audit(239.537:4245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9479 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 239.759224][ T27] audit: type=1326 audit(239.537:4246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9479 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 239.789535][ T27] audit: type=1326 audit(239.537:4247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9479 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 239.822891][ T27] audit: type=1326 audit(239.537:4248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9479 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 239.860411][ T9485] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1349'. [ 239.870146][ T9486] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1350'. [ 240.021989][ T27] audit: type=1326 audit(239.987:4249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9487 comm="syz.3.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 240.090732][ T27] audit: type=1326 audit(240.007:4250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9487 comm="syz.3.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 240.114967][ T9491] loop2: detected capacity change from 0 to 512 [ 240.160658][ T27] audit: type=1326 audit(240.017:4251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9487 comm="syz.3.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 240.225914][ T9491] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 240.382962][ T9502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1345'. [ 240.449993][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.872002][ T9520] (null): rxe_set_mtu: Set mtu to 1024 [ 240.892314][ T9520] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 241.066105][ T9524] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 241.324761][ T9533] sch_tbf: burst 22 is lower than device lo mtu (65550) ! [ 242.131863][ T9560] loop3: detected capacity change from 0 to 512 [ 242.193002][ T9560] EXT4-fs (loop3): Test dummy encryption mode enabled [ 242.496011][ T9565] lo speed is unknown, defaulting to 1000 [ 242.941195][ T9560] EXT4-fs error (device loop3): ext4_xattr_inode_iget:449: comm syz.3.1382: error while reading EA inode 32 err=-116 [ 242.954480][ T9502] syz.1.1345 (9502) used greatest stack depth: 17960 bytes left [ 243.019086][ T9560] EXT4-fs (loop3): Remounting filesystem read-only [ 243.063442][ T9560] EXT4-fs (loop3): 1 orphan inode deleted [ 243.104994][ T9560] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 243.235421][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.808667][ T9587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1388'. [ 244.008928][ T9592] loop1: detected capacity change from 0 to 1024 [ 244.017226][ T9596] sd 0:0:1:0: device reset [ 244.036898][ T9592] EXT4-fs: Ignoring removed bh option [ 244.073992][ T9592] EXT4-fs: Ignoring removed nomblk_io_submit option [ 244.124373][ T9592] ext4: Unknown parameter 'smackfsroot' [ 244.453707][ T9610] lo speed is unknown, defaulting to 1000 [ 244.696320][ T27] kauditd_printk_skb: 76 callbacks suppressed [ 244.696335][ T27] audit: type=1326 audit(244.657:4328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9616 comm="syz.2.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 244.789751][ T9617] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1396'. [ 244.845493][ T27] audit: type=1326 audit(244.687:4329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9616 comm="syz.2.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 244.931345][ T27] audit: type=1326 audit(244.697:4330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9616 comm="syz.2.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 244.954142][ T27] audit: type=1326 audit(244.697:4331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9616 comm="syz.2.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 244.976614][ T27] audit: type=1326 audit(244.697:4332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9616 comm="syz.2.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 244.998935][ T27] audit: type=1326 audit(244.697:4333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9616 comm="syz.2.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 245.052002][ T27] audit: type=1326 audit(244.697:4334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9616 comm="syz.2.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 245.088134][ T27] audit: type=1326 audit(244.697:4335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9616 comm="syz.2.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 245.116101][ T27] audit: type=1326 audit(244.697:4336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9616 comm="syz.2.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 245.263352][ T27] audit: type=1326 audit(244.697:4337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9616 comm="syz.2.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 245.335222][ T9631] loop4: detected capacity change from 0 to 512 [ 245.364256][ T9631] EXT4-fs: Ignoring removed nomblk_io_submit option [ 245.440161][ T9631] EXT4-fs error (device loop4): ext4_validate_block_bitmap:430: comm syz.4.1401: bg 0: block 5: invalid block bitmap [ 245.461994][ T9631] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6637: Corrupt filesystem [ 245.512866][ T9631] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1401: invalid indirect mapped block 3 (level 2) [ 245.594563][ T9631] EXT4-fs (loop4): 2 truncates cleaned up [ 245.605463][ T9645] loop2: detected capacity change from 0 to 128 [ 245.633127][ T9631] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 245.921651][ T8805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.295622][ T9675] loop4: detected capacity change from 0 to 128 [ 246.370012][ T9678] loop3: detected capacity change from 0 to 512 [ 246.404727][ T9678] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 246.495767][ T9678] EXT4-fs error (device loop3): ext4_orphan_get:1425: comm syz.3.1414: bad orphan inode 11 [ 246.588856][ T9678] ext4_test_bit(bit=10, block=4) = 1 [ 246.607733][ T9678] is_bad_inode(inode)=0 [ 246.644135][ T9678] NEXT_ORPHAN(inode)=2080374784 [ 246.659961][ T9678] max_ino=32 [ 246.679892][ T9678] i_nlink=0 [ 246.707766][ T9678] EXT4-fs (loop3): 1 truncate cleaned up [ 246.755896][ T9678] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 246.952824][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.024632][ T9690] netdevsim netdevsim4: Direct firmware load for failed with error -2 [ 247.070279][ T9690] netdevsim netdevsim4: Falling back to sysfs fallback for: [ 247.337433][ T9701] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1420'. [ 247.413089][ T9706] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1422'. [ 247.478454][ T9706] vlan1: entered promiscuous mode [ 247.496511][ T9706] syz_tun: entered promiscuous mode [ 247.771751][ T9722] loop2: detected capacity change from 0 to 164 [ 248.533634][ T9750] loop4: detected capacity change from 0 to 1024 [ 248.590391][ T9750] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 248.728739][ T9750] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2802: inode #13: comm syz.4.1436: corrupted in-inode xattr: bad magic number in in-inode xattr [ 248.749582][ T9746] loop2: detected capacity change from 0 to 512 [ 248.783523][ T9746] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 248.825409][ T9746] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 248.849085][ T8805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.854064][ T9746] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.1435: Corrupt directory, running e2fsck is recommended [ 248.894767][ T9746] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 248.915205][ T9746] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2249: inode #15: comm syz.2.1435: corrupted in-inode xattr: e_name out of bounds [ 248.935407][ T9746] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.1435: couldn't read orphan inode 15 (err -117) [ 248.949356][ T9746] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 248.975725][ T9746] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 248.991461][ T9746] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 249.004684][ T9746] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.1435: Corrupt directory, running e2fsck is recommended [ 249.041532][ T9757] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 249.059814][ T9765] macsec0: entered promiscuous mode [ 249.066363][ T9765] macsec1: entered promiscuous mode [ 249.082135][ T9757] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 249.093505][ T9765] macsec1: entered allmulticast mode [ 249.100013][ T9765] macsec0: entered allmulticast mode [ 249.105921][ T9757] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.1435: Corrupt directory, running e2fsck is recommended [ 249.135132][ T9765] veth1_macvtap: entered allmulticast mode [ 249.154436][ T9746] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 249.178204][ T9765] macsec0: left allmulticast mode [ 249.183752][ T9765] veth1_macvtap: left allmulticast mode [ 249.201206][ T9746] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 249.228346][ T9746] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.1435: Corrupt directory, running e2fsck is recommended [ 249.305463][ T9757] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 249.341530][ T9775] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1441'. [ 249.368760][ T9775] netem: change failed [ 249.445294][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.684418][ T9789] loop3: detected capacity change from 0 to 512 [ 249.738401][ T9789] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 249.788448][ T9782] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.825665][ T9789] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 249.867961][ T27] kauditd_printk_skb: 55 callbacks suppressed [ 249.867976][ T27] audit: type=1800 audit(249.827:4393): pid=9789 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1446" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 249.921170][ T9795] netlink: 'syz.2.1447': attribute type 6 has an invalid length. [ 249.955689][ T9795] netlink: 'syz.2.1447': attribute type 7 has an invalid length. [ 249.973794][ T9795] netlink: 'syz.2.1447': attribute type 8 has an invalid length. [ 250.022657][ T9795] netlink: 'syz.2.1447': attribute type 15 has an invalid length. [ 250.045290][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.104979][ T9782] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.275336][ T27] audit: type=1326 audit(250.237:4394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9805 comm="syz.2.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 250.342422][ T27] audit: type=1326 audit(250.267:4395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9805 comm="syz.2.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 250.422523][ T27] audit: type=1326 audit(250.267:4396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9805 comm="syz.2.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 250.474272][ T9782] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.491704][ T9811] loop4: detected capacity change from 0 to 2048 [ 250.509268][ T27] audit: type=1326 audit(250.267:4397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9805 comm="syz.2.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 250.582870][ T27] audit: type=1326 audit(250.267:4398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9805 comm="syz.2.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 250.643173][ T27] audit: type=1326 audit(250.277:4399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9805 comm="syz.2.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 250.659295][ T9811] EXT4-fs (loop4): unsupported inode size: 84 [ 250.693289][ T9782] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.695262][ T9811] EXT4-fs (loop4): blocksize: 4096 [ 250.703946][ T27] audit: type=1326 audit(250.277:4400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9805 comm="syz.2.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 250.745290][ T27] audit: type=1326 audit(250.277:4401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9805 comm="syz.2.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 250.769026][ T27] audit: type=1326 audit(250.277:4402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9805 comm="syz.2.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 250.838230][ T9817] lo speed is unknown, defaulting to 1000 [ 250.997585][ T9829] netlink: 'syz.4.1455': attribute type 1 has an invalid length. [ 251.094562][ T9782] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.107054][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1456'. [ 251.170095][ T9782] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.221008][ T9782] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.229673][ T9834] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1457'. [ 251.244408][ T9834] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1457'. [ 251.254305][ T9834] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1457'. [ 251.276902][ T9834] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1457'. [ 251.314970][ T9836] loop4: detected capacity change from 0 to 512 [ 251.324682][ T9834] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1457'. [ 251.363932][ T9782] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.342935][ T9871] loop1: detected capacity change from 0 to 128 [ 252.679325][ T9878] loop2: detected capacity change from 0 to 512 [ 252.746039][ T9878] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 252.865947][ T9878] EXT4-fs (loop2): 1 orphan inode deleted [ 252.883279][ T9878] EXT4-fs (loop2): 1 truncate cleaned up [ 252.891135][ T9878] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.643137][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.059844][ T9907] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1475'. [ 254.287825][ T9912] loop2: detected capacity change from 0 to 1024 [ 254.384522][ T9912] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 254.495808][ T9912] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1477'. [ 254.747205][ T9928] loop1: detected capacity change from 0 to 1024 [ 254.769460][ T9928] EXT4-fs: Ignoring removed orlov option [ 254.824014][ T9928] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 254.896164][ T27] kauditd_printk_skb: 84 callbacks suppressed [ 254.896180][ T27] audit: type=1800 audit(254.857:4487): pid=9928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1481" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 254.928610][ T27] audit: type=1804 audit(254.887:4488): pid=9937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1481" name="/newroot/399/bus/bus" dev="loop1" ino=18 res=1 errno=0 [ 255.082163][ T9938] xt_CT: You must specify a L4 protocol and not use inversions on it [ 255.527072][ T9912] gretap1: left promiscuous mode [ 255.552698][ T9912] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.561815][ T9912] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.570618][ T9912] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.578999][ T9912] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.593456][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.683877][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 255.695204][ T9922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.707014][ T9922] 8021q: adding VLAN 0 to HW filter on device team0 [ 255.751204][ T9922] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 255.866042][ T27] audit: type=1326 audit(255.807:4489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.2.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 255.905341][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.912201][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.954038][ T27] audit: type=1326 audit(255.807:4490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.2.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 255.998695][ T27] audit: type=1326 audit(255.807:4491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.2.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 256.040051][ T9954] sctp: [Deprecated]: syz.2.1488 (pid 9954) Use of int in max_burst socket option deprecated. [ 256.040051][ T9954] Use struct sctp_assoc_value instead [ 256.041454][ T27] audit: type=1326 audit(255.807:4492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.2.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 256.086611][ T27] audit: type=1326 audit(255.807:4493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.2.1485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 256.115396][ T27] audit: type=1326 audit(255.947:4494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9950 comm="syz.3.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 256.163846][ T27] audit: type=1326 audit(255.947:4495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9950 comm="syz.3.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 256.206117][ T27] audit: type=1326 audit(255.947:4496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9950 comm="syz.3.1487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 256.308854][ T9958] loop3: detected capacity change from 0 to 512 [ 256.331837][ T9958] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 256.359372][ T9958] EXT4-fs (loop3): 1 truncate cleaned up [ 256.374157][ T9958] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 256.447487][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.510608][ T9963] loop4: detected capacity change from 0 to 512 [ 256.518976][ T9963] EXT4-fs: Ignoring removed nomblk_io_submit option [ 256.532634][ T9963] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 256.555645][ T9963] EXT4-fs (loop4): 1 truncate cleaned up [ 256.564542][ T9963] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 256.684910][ T8805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.724357][ T9968] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1494'. [ 256.734176][ T9968] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1494'. [ 256.743280][ T9968] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1494'. [ 256.758988][ T9968] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1494'. [ 256.768345][ T9968] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1494'. [ 256.982822][ T9977] loop2: detected capacity change from 0 to 512 [ 256.996264][ T9977] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 257.115758][ T9977] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 257.317585][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.105717][ T9994] lo speed is unknown, defaulting to 1000 [ 258.830322][T10016] netlink: 192 bytes leftover after parsing attributes in process `syz.1.1513'. [ 259.015618][T10022] loop1: detected capacity change from 0 to 512 [ 259.050166][T10022] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 259.100445][T10026] loop2: detected capacity change from 0 to 1024 [ 259.109676][T10026] EXT4-fs: Ignoring removed orlov option [ 259.128749][T10022] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 259.158409][T10026] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 259.336578][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.735582][T10040] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1520'. [ 260.039152][T10049] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1526'. [ 260.048618][T10049] netlink: 212 bytes leftover after parsing attributes in process `syz.1.1526'. [ 260.057231][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.059926][T10049] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1526'. [ 260.276045][T10057] lo speed is unknown, defaulting to 1000 [ 260.351580][ T27] kauditd_printk_skb: 98 callbacks suppressed [ 260.351593][ T27] audit: type=1326 audit(260.317:4595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10054 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 260.418376][ T27] audit: type=1326 audit(260.317:4596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10054 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 260.441781][ T27] audit: type=1326 audit(260.347:4597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10054 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 260.464558][ T27] audit: type=1326 audit(260.347:4598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10054 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 260.523920][ T27] audit: type=1326 audit(260.347:4599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10054 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 260.594960][ T27] audit: type=1326 audit(260.357:4600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10054 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 260.644511][ T27] audit: type=1326 audit(260.357:4601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10054 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 260.720669][ T27] audit: type=1326 audit(260.357:4602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10054 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 260.770757][ T27] audit: type=1326 audit(260.367:4603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10054 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 260.820627][ T27] audit: type=1326 audit(260.367:4604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10054 comm="syz.2.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 261.409760][T10084] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1538'. [ 261.433943][T10084] vlan1: entered promiscuous mode [ 261.496057][T10086] loop4: detected capacity change from 0 to 512 [ 261.505188][T10086] ext4: Unknown parameter 'rootcontext' [ 262.313465][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 262.320429][ T5781] Bluetooth: hci4: command 0x1003 tx timeout [ 262.707747][T10114] loop4: detected capacity change from 0 to 512 [ 262.781153][T10114] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 262.789436][T10114] EXT4-fs (loop4): orphan cleanup on readonly fs [ 262.902716][T10114] EXT4-fs error (device loop4): ext4_do_update_inode:5244: inode #16: comm syz.4.1553: corrupted inode contents [ 262.937310][T10114] EXT4-fs (loop4): Remounting filesystem read-only [ 262.961338][T10114] EXT4-fs (loop4): 1 truncate cleaned up [ 262.976284][T10127] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1558'. [ 262.992499][ T12] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 263.009538][ T12] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 263.029801][ T12] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 263.082900][T10114] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-0000002a0000 ro without journal. Quota mode: writeback. [ 263.189247][ T8805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-0000002a0000. [ 263.491266][T10133] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 263.575725][T10133] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 263.620455][T10140] loop4: detected capacity change from 0 to 512 [ 263.648283][T10140] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 263.696835][T10140] netlink: 176 bytes leftover after parsing attributes in process `syz.4.1564'. [ 263.707269][T10133] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 263.865045][T10133] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0 [ 263.978606][T10133] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 20001 - 0 [ 264.000242][T10133] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 20001 - 0 [ 264.026045][T10133] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 20001 - 0 [ 264.055277][T10133] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 20001 - 0 [ 264.294274][T10158] lo speed is unknown, defaulting to 1000 [ 264.394498][T10163] loop3: detected capacity change from 0 to 128 [ 264.582304][T10165] lo speed is unknown, defaulting to 1000 [ 264.857354][T10169] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1576'. [ 264.885317][T10169] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1576'. [ 264.906398][T10169] bridge1: entered promiscuous mode [ 264.913066][T10169] bridge1: entered allmulticast mode [ 264.935267][T10171] IPVS: Error connecting to the multicast addr [ 265.542115][T10194] loop1: detected capacity change from 0 to 512 [ 265.663679][T10194] EXT4-fs (loop1): 1 orphan inode deleted [ 265.680844][ T11] __quota_error: 559 callbacks suppressed [ 265.680857][ T11] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 265.765097][ T11] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u4:0: Failed to release dquot type 1 [ 265.798400][T10194] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 265.866783][ T27] audit: type=1326 audit(265.824:5158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10207 comm="syz.3.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 265.945745][ T27] audit: type=1326 audit(265.854:5159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10207 comm="syz.3.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 265.980747][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 265.988024][ T5772] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 266.066602][ T27] audit: type=1326 audit(265.864:5160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10207 comm="syz.3.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 266.114181][ T27] audit: type=1326 audit(265.864:5161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10207 comm="syz.3.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 266.116951][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.136550][ T27] audit: type=1326 audit(265.864:5162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10207 comm="syz.3.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0483d8f749 code=0x7ffc0000 [ 266.170559][ T27] audit: type=1326 audit(265.984:5163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10210 comm="syz.4.1595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 266.229379][ T27] audit: type=1326 audit(265.984:5164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10210 comm="syz.4.1595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 266.296742][ T27] audit: type=1326 audit(265.984:5165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10210 comm="syz.4.1595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 266.309411][T10216] (null): rxe_set_mtu: Set mtu to 1024 [ 266.336210][T10216] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 266.680696][T10229] futex_wake_op: syz.2.1604 tries to shift op by -3; fix this program [ 266.710481][ T27] audit: type=1326 audit(266.664:5166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10227 comm="syz.2.1604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa83678f749 code=0x7ffc0000 [ 266.842378][T10229] netlink: 'syz.2.1604': attribute type 1 has an invalid length. [ 266.907186][T10238] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1607'. [ 266.958716][T10229] 8021q: adding VLAN 0 to HW filter on device bond0 [ 267.017897][T10236] loop1: detected capacity change from 0 to 4096 [ 267.065308][T10236] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 267.106845][T10236] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 267.162652][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.226971][T10250] loop2: detected capacity change from 0 to 512 [ 267.257627][T10250] EXT4-fs warning (device loop2): ext4_xattr_inode_get:563: inode #11: comm syz.2.1612: EA inode hash validation failed [ 267.303604][T10250] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #15: comm syz.2.1612: corrupted inode contents [ 267.322797][T10250] EXT4-fs error (device loop2): ext4_dirty_inode:6120: inode #15: comm syz.2.1612: mark_inode_dirty error [ 267.334677][T10250] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #15: comm syz.2.1612: corrupted inode contents [ 267.348704][T10250] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3017: inode #15: comm syz.2.1612: mark_inode_dirty error [ 267.363415][T10250] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3020: inode #15: comm syz.2.1612: mark inode dirty (error -117) [ 267.383759][T10250] EXT4-fs warning (device loop2): ext4_evict_inode:272: xattr delete (err -117) [ 267.394489][T10250] EXT4-fs (loop2): 1 orphan inode deleted [ 267.424077][T10250] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 267.562400][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 268.087210][T10277] loop4: detected capacity change from 0 to 128 [ 268.157149][T10277] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 268.389056][ T8805] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 268.559067][T10294] Bluetooth: MGMT ver 1.22 [ 268.956339][T10300] syzkaller0: entered promiscuous mode [ 268.963792][T10300] syzkaller0: entered allmulticast mode [ 270.978111][T10312] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1640'. [ 270.980820][ T27] kauditd_printk_skb: 551 callbacks suppressed [ 270.980848][ T27] audit: type=1326 audit(270.934:5718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10299 comm="syz.4.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 271.015528][T10312] hsr_slave_0: left promiscuous mode [ 271.015575][ T27] audit: type=1326 audit(270.934:5719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10299 comm="syz.4.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 271.043662][T10312] hsr_slave_1: left promiscuous mode [ 271.070137][T10318] gtp0: entered promiscuous mode [ 271.075587][T10318] gtp0: entered allmulticast mode [ 271.171154][ T27] audit: type=1326 audit(271.124:5720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10299 comm="syz.4.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fcbc678f749 code=0x7ffc0000 [ 271.487371][T10336] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1648'. [ 271.718869][T10347] xt_hashlimit: max too large, truncated to 1048576 [ 271.730260][T10347] xt_CT: You must specify a L4 protocol and not use inversions on it [ 271.793087][T10345] loop4: detected capacity change from 0 to 2048 [ 271.876134][T10347] 9pnet_fd: Insufficient options for proto=fd [ 271.895623][T10345] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 271.936972][T10355] loop2: detected capacity change from 0 to 512 [ 272.012360][T10355] [ 272.014749][T10355] ====================================================== [ 272.021786][T10355] WARNING: possible circular locking dependency detected [ 272.028871][T10355] syzkaller #0 Not tainted [ 272.033312][T10355] ------------------------------------------------------ [ 272.040349][T10355] syz.2.1654/10355 is trying to acquire lock: [ 272.046439][T10355] ffff88814a4e0bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x170/0x2f0 [ 272.056491][T10355] [ 272.056491][T10355] but task is already holding lock: [ 272.063876][T10355] ffff88807770c6c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3dc/0x6e0 [ 272.073743][T10355] [ 272.073743][T10355] which lock already depends on the new lock. [ 272.073743][T10355] [ 272.084177][T10355] [ 272.084177][T10355] the existing dependency chain (in reverse order) is: [ 272.093220][T10355] [ 272.093220][T10355] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 272.100817][T10355] down_write+0x97/0x1f0 [ 272.105616][T10355] ext4_inline_data_truncate+0x199/0xb40 [ 272.111802][T10355] ext4_truncate+0x3a3/0x1060 [ 272.117042][T10355] ext4_evict_inode+0x8af/0xea0 [ 272.122455][T10355] evict+0x486/0x870 [ 272.126904][T10355] ext4_orphan_cleanup+0xbd4/0x1400 [ 272.132683][T10355] ext4_fill_super+0x5de4/0x66c0 [ 272.138185][T10355] get_tree_bdev+0x3e4/0x510 [ 272.143382][T10355] vfs_get_tree+0x8c/0x280 [ 272.148359][T10355] do_new_mount+0x24b/0xa40 [ 272.153430][T10355] __se_sys_mount+0x2da/0x3c0 [ 272.158654][T10355] do_syscall_64+0x55/0xb0 [ 272.163610][T10355] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 272.170053][T10355] [ 272.170053][T10355] -> #1 (sb_internal){.+.+}-{0:0}: [ 272.177427][T10355] percpu_down_read+0x44/0x1a0 [ 272.182759][T10355] ext4_evict_inode+0x2b9/0xea0 [ 272.188162][T10355] evict+0x486/0x870 [ 272.192640][T10355] ext4_ext_migrate+0xcfb/0xff0 [ 272.198047][T10355] ext4_ioctl+0x1c4b/0x3820 [ 272.203117][T10355] __se_sys_ioctl+0xfd/0x170 [ 272.208257][T10355] do_syscall_64+0x55/0xb0 [ 272.213226][T10355] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 272.219681][T10355] [ 272.219681][T10355] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 272.228166][T10355] __lock_acquire+0x2ddb/0x7c80 [ 272.233680][T10355] lock_acquire+0x197/0x410 [ 272.238732][T10355] percpu_down_read+0x44/0x1a0 [ 272.244062][T10355] ext4_writepages+0x170/0x2f0 [ 272.249475][T10355] do_writepages+0x3a2/0x600 [ 272.254624][T10355] __writeback_single_inode+0x153/0xee0 [ 272.260726][T10355] writeback_single_inode+0x211/0x720 [ 272.266651][T10355] write_inode_now+0x161/0x1e0 [ 272.271989][T10355] iput+0x5b2/0x920 [ 272.276317][T10355] ext4_xattr_block_set+0x273a/0x32a0 [ 272.282224][T10355] ext4_expand_extra_isize_ea+0x10ea/0x19e0 [ 272.288660][T10355] __ext4_expand_extra_isize+0x306/0x400 [ 272.294813][T10355] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 272.300981][T10355] ext4_evict_inode+0x7ed/0xea0 [ 272.306382][T10355] evict+0x486/0x870 [ 272.310809][T10355] ext4_orphan_cleanup+0xbd4/0x1400 [ 272.316560][T10355] ext4_fill_super+0x5de4/0x66c0 [ 272.322029][T10355] get_tree_bdev+0x3e4/0x510 [ 272.327164][T10355] vfs_get_tree+0x8c/0x280 [ 272.332102][T10355] do_new_mount+0x24b/0xa40 [ 272.337122][T10355] __se_sys_mount+0x2da/0x3c0 [ 272.342349][T10355] do_syscall_64+0x55/0xb0 [ 272.347317][T10355] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 272.353757][T10355] [ 272.353757][T10355] other info that might help us debug this: [ 272.353757][T10355] [ 272.363979][T10355] Chain exists of: [ 272.363979][T10355] &sbi->s_writepages_rwsem --> sb_internal --> &ei->xattr_sem [ 272.363979][T10355] [ 272.377368][T10355] Possible unsafe locking scenario: [ 272.377368][T10355] [ 272.384835][T10355] CPU0 CPU1 [ 272.390199][T10355] ---- ---- [ 272.395574][T10355] lock(&ei->xattr_sem); [ 272.399902][T10355] lock(sb_internal); [ 272.406484][T10355] lock(&ei->xattr_sem); [ 272.413350][T10355] rlock(&sbi->s_writepages_rwsem); [ 272.418634][T10355] [ 272.418634][T10355] *** DEADLOCK *** [ 272.418634][T10355] [ 272.426784][T10355] 3 locks held by syz.2.1654/10355: [ 272.431989][T10355] #0: ffff88814a75a0e0 (&type->s_umount_key#31){++++}-{3:3}, at: get_tree_bdev+0x344/0x510 [ 272.442124][T10355] #1: ffff88814a75a608 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x2b9/0xea0 [ 272.451575][T10355] #2: ffff88807770c6c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3dc/0x6e0 [ 272.461875][T10355] [ 272.461875][T10355] stack backtrace: [ 272.467773][T10355] CPU: 1 PID: 10355 Comm: syz.2.1654 Not tainted syzkaller #0 [ 272.475233][T10355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 272.485309][T10355] Call Trace: [ 272.488584][T10355] [ 272.491541][T10355] dump_stack_lvl+0x16c/0x230 [ 272.496233][T10355] ? load_image+0x3b0/0x3b0 [ 272.500752][T10355] ? show_regs_print_info+0x20/0x20 [ 272.505977][T10355] ? print_circular_bug+0x12b/0x1a0 [ 272.511183][T10355] check_noncircular+0x2bd/0x3c0 [ 272.516130][T10355] ? look_up_lock_class+0x75/0x140 [ 272.521249][T10355] ? print_deadlock_bug+0x5d0/0x5d0 [ 272.526465][T10355] ? lockdep_lock+0xe0/0x220 [ 272.531055][T10355] ? _find_first_zero_bit+0xd3/0x100 [ 272.536351][T10355] __lock_acquire+0x2ddb/0x7c80 [ 272.541237][T10355] ? mark_lock+0x94/0x320 [ 272.545603][T10355] ? verify_lock_unused+0x140/0x140 [ 272.550842][T10355] ? __lock_acquire+0x1334/0x7c80 [ 272.555885][T10355] ? verify_lock_unused+0x140/0x140 [ 272.561102][T10355] lock_acquire+0x197/0x410 [ 272.565627][T10355] ? ext4_writepages+0x170/0x2f0 [ 272.570588][T10355] ? __might_sleep+0xe0/0xe0 [ 272.575201][T10355] ? mark_lock+0x94/0x320 [ 272.579553][T10355] ? read_lock_is_recursive+0x20/0x20 [ 272.584923][T10355] ? __lock_acquire+0x1334/0x7c80 [ 272.589965][T10355] percpu_down_read+0x44/0x1a0 [ 272.594746][T10355] ? ext4_writepages+0x170/0x2f0 [ 272.599682][T10355] ext4_writepages+0x170/0x2f0 [ 272.604449][T10355] ? ext4_read_folio+0x2f0/0x2f0 [ 272.609398][T10355] ? __rwlock_init+0x150/0x150 [ 272.614164][T10355] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 272.620075][T10355] ? do_raw_spin_unlock+0x121/0x230 [ 272.625310][T10355] ? ext4_read_folio+0x2f0/0x2f0 [ 272.630250][T10355] do_writepages+0x3a2/0x600 [ 272.634863][T10355] ? folio_clear_dirty_for_io+0xc30/0xc30 [ 272.640619][T10355] ? writeback_single_inode+0x206/0x720 [ 272.646189][T10355] ? __lock_acquire+0x7c80/0x7c80 [ 272.651227][T10355] ? do_raw_spin_lock+0x121/0x2c0 [ 272.656391][T10355] ? get_tree_bdev+0x3e4/0x510 [ 272.661163][T10355] __writeback_single_inode+0x153/0xee0 [ 272.666736][T10355] writeback_single_inode+0x211/0x720 [ 272.672111][T10355] ? write_inode_now+0x1e0/0x1e0 [ 272.677069][T10355] write_inode_now+0x161/0x1e0 [ 272.681862][T10355] ? bdi_split_work_to_wbs+0x890/0x890 [ 272.687481][T10355] ? do_raw_spin_unlock+0x121/0x230 [ 272.692694][T10355] iput+0x5b2/0x920 [ 272.696525][T10355] ext4_xattr_block_set+0x273a/0x32a0 [ 272.701915][T10355] ? __might_sleep+0xe0/0xe0 [ 272.706546][T10355] ? xattr_find_entry+0x12b/0x2f0 [ 272.711579][T10355] ? ext4_xattr_block_find+0x350/0x350 [ 272.717069][T10355] ? ext4_xattr_block_find+0x2d4/0x350 [ 272.722557][T10355] ext4_expand_extra_isize_ea+0x10ea/0x19e0 [ 272.728488][T10355] __ext4_expand_extra_isize+0x306/0x400 [ 272.734125][T10355] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 272.739677][T10355] ext4_evict_inode+0x7ed/0xea0 [ 272.744528][T10355] ? _raw_spin_unlock+0x28/0x40 [ 272.749382][T10355] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 272.755281][T10355] ? do_raw_spin_unlock+0x121/0x230 [ 272.760478][T10355] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 272.766424][T10355] evict+0x486/0x870 [ 272.770365][T10355] ? __lock_acquire+0x7c80/0x7c80 [ 272.775395][T10355] ? proc_nr_inodes+0x230/0x230 [ 272.780248][T10355] ? do_raw_spin_unlock+0x121/0x230 [ 272.785458][T10355] ? _raw_spin_unlock+0x28/0x40 [ 272.790344][T10355] ? iput+0x70a/0x920 [ 272.794345][T10355] ext4_orphan_cleanup+0xbd4/0x1400 [ 272.799556][T10355] ? ext4_orphan_del+0xba0/0xba0 [ 272.804587][T10355] ? ext4_register_li_request+0x183/0x940 [ 272.810311][T10355] ? errseq_check_and_advance+0x66/0x120 [ 272.815979][T10355] ext4_fill_super+0x5de4/0x66c0 [ 272.820959][T10355] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 272.827221][T10355] ? __might_sleep+0xe0/0xe0 [ 272.831829][T10355] ? read_lock_is_recursive+0x20/0x20 [ 272.837211][T10355] ? snprintf+0xdb/0x120 [ 272.841484][T10355] ? vscnprintf+0x80/0x80 [ 272.845852][T10355] ? down_write+0x162/0x1f0 [ 272.850387][T10355] ? down_read_killable+0x340/0x340 [ 272.855598][T10355] ? setup_bdev_super+0x56b/0x660 [ 272.860634][T10355] get_tree_bdev+0x3e4/0x510 [ 272.865247][T10355] ? vfs_parse_fs_string+0x160/0x160 [ 272.870561][T10355] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 272.876823][T10355] ? setup_bdev_super+0x660/0x660 [ 272.881860][T10355] ? apparmor_capable+0x137/0x1a0 [ 272.886902][T10355] ? bpf_lsm_capable+0x9/0x10 [ 272.891626][T10355] ? security_capable+0x89/0xb0 [ 272.896484][T10355] vfs_get_tree+0x8c/0x280 [ 272.900915][T10355] do_new_mount+0x24b/0xa40 [ 272.905435][T10355] __se_sys_mount+0x2da/0x3c0 [ 272.910113][T10355] ? __x64_sys_mount+0xc0/0xc0 [ 272.914871][T10355] ? lockdep_hardirqs_on+0x98/0x150 [ 272.920070][T10355] ? __x64_sys_mount+0x20/0xc0 [ 272.924836][T10355] do_syscall_64+0x55/0xb0 [ 272.929249][T10355] ? clear_bhb_loop+0x40/0x90 [ 272.933939][T10355] ? clear_bhb_loop+0x40/0x90 [ 272.938634][T10355] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 272.944548][T10355] RIP: 0033:0x7fa836790eea [ 272.948966][T10355] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.968574][T10355] RSP: 002b:00007fa83767ce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 272.976992][T10355] RAX: ffffffffffffffda RBX: 00007fa83767cef0 RCX: 00007fa836790eea [ 272.984993][T10355] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fa83767ceb0 [ 272.992977][T10355] RBP: 0000200000000180 R08: 00007fa83767cef0 R09: 0000000000800700 [ 273.000966][T10355] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 273.008948][T10355] R13: 00007fa83767ceb0 R14: 000000000000046f R15: 000000000000002c [ 273.016922][T10355] [ 273.035949][ T8805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.045386][T10355] ------------[ cut here ]------------ [ 273.050935][T10355] EA inode 11 i_nlink=2 [ 273.072512][T10355] WARNING: CPU: 0 PID: 10355 at fs/ext4/xattr.c:1075 ext4_xattr_inode_update_ref+0x4fb/0x550 [ 273.087164][T10355] Modules linked in: [ 273.091306][T10355] CPU: 0 PID: 10355 Comm: syz.2.1654 Not tainted syzkaller #0 [ 273.098799][T10355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 273.109022][T10355] RIP: 0010:ext4_xattr_inode_update_ref+0x4fb/0x550 [ 273.115671][T10355] Code: 8d 7e 50 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 06 2c 9a ff 49 8b 37 48 c7 c7 a0 c6 be 8a 89 da e8 35 3a 0d ff <0f> 0b 4c 8b 74 24 08 4c 8b 7c 24 10 e9 b9 fe ff ff e8 7f a3 24 08 [ 273.135562][T10355] RSP: 0018:ffffc900033471c0 EFLAGS: 00010246 [ 273.141749][T10355] RAX: 210d6862a1967300 RBX: 0000000000000002 RCX: 0000000000080000 [ 273.149760][T10355] RDX: ffffc9000d37b000 RSI: 000000000007ffff RDI: 0000000000080000 [ 273.158169][T10355] RBP: ffffc900033472b8 R08: ffffc90003346dc7 R09: 1ffff92000668db8 [ 273.166594][T10355] R10: dffffc0000000000 R11: fffff52000668db9 R12: dffffc0000000000 [ 273.175200][T10355] R13: ffff88805d14aca8 R14: ffff88805d14aab0 R15: ffff88805d14ab00 [ 273.183692][T10355] FS: 00007fa83767d6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 273.193031][T10355] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 273.199640][T10355] CR2: 0000000000000000 CR3: 0000000030282000 CR4: 00000000003506f0 [ 273.208092][T10355] Call Trace: [ 273.211834][T10355] [ 273.215162][T10355] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 273.221218][T10355] ? ext4_xattr_inode_iget+0x3df/0x600 [ 273.226721][T10355] ext4_xattr_set_entry+0xcda/0x1e90 [ 273.232417][T10355] ext4_xattr_ibody_set+0x254/0x6a0 [ 273.237672][T10355] ext4_expand_extra_isize_ea+0x113a/0x19e0 [ 273.243983][T10355] __ext4_expand_extra_isize+0x306/0x400 [ 273.249662][T10355] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 273.255498][T10355] ext4_evict_inode+0x7ed/0xea0 [ 273.260387][T10355] ? _raw_spin_unlock+0x28/0x40 [ 273.265631][T10355] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 273.271628][T10355] ? do_raw_spin_unlock+0x121/0x230 [ 273.277105][T10355] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 273.283122][T10355] evict+0x486/0x870 [ 273.287066][T10355] ? __lock_acquire+0x7c80/0x7c80 [ 273.292162][T10355] ? proc_nr_inodes+0x230/0x230 [ 273.297066][T10355] ? do_raw_spin_unlock+0x121/0x230 [ 273.302360][T10355] ? _raw_spin_unlock+0x28/0x40 [ 273.307256][T10355] ? iput+0x70a/0x920 [ 273.311324][T10355] ext4_orphan_cleanup+0xbd4/0x1400 [ 273.316595][T10355] ? ext4_orphan_del+0xba0/0xba0 [ 273.321645][T10355] ? ext4_register_li_request+0x183/0x940 [ 273.327422][T10355] ? errseq_check_and_advance+0x66/0x120 [ 273.333129][T10355] ext4_fill_super+0x5de4/0x66c0 [ 273.338139][T10355] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 273.344490][T10355] ? __might_sleep+0xe0/0xe0 [ 273.349119][T10355] ? read_lock_is_recursive+0x20/0x20 [ 273.354571][T10355] ? snprintf+0xdb/0x120 [ 273.358860][T10355] ? vscnprintf+0x80/0x80 [ 273.363274][T10355] ? down_write+0x162/0x1f0 [ 273.367816][T10355] ? down_read_killable+0x340/0x340 [ 273.373127][T10355] ? setup_bdev_super+0x56b/0x660 [ 273.378199][T10355] get_tree_bdev+0x3e4/0x510 [ 273.383066][T10355] ? vfs_parse_fs_string+0x160/0x160 [ 273.388386][T10355] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 273.394745][T10355] ? setup_bdev_super+0x660/0x660 [ 273.399808][T10355] ? apparmor_capable+0x137/0x1a0 [ 273.404908][T10355] ? bpf_lsm_capable+0x9/0x10 [ 273.409635][T10355] ? security_capable+0x89/0xb0 [ 273.414600][T10355] vfs_get_tree+0x8c/0x280 [ 273.419066][T10355] do_new_mount+0x24b/0xa40 [ 273.423644][T10355] __se_sys_mount+0x2da/0x3c0 [ 273.428371][T10355] ? __x64_sys_mount+0xc0/0xc0 [ 273.433220][T10355] ? lockdep_hardirqs_on+0x98/0x150 [ 273.433243][T10355] ? __x64_sys_mount+0x20/0xc0 [ 273.433261][T10355] do_syscall_64+0x55/0xb0 [ 273.433277][T10355] ? clear_bhb_loop+0x40/0x90 [ 273.433298][T10355] ? clear_bhb_loop+0x40/0x90 [ 273.433327][T10355] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 273.433348][T10355] RIP: 0033:0x7fa836790eea [ 273.433362][T10355] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.433376][T10355] RSP: 002b:00007fa83767ce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 273.433395][T10355] RAX: ffffffffffffffda RBX: 00007fa83767cef0 RCX: 00007fa836790eea [ 273.433408][T10355] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fa83767ceb0 [ 273.433420][T10355] RBP: 0000200000000180 R08: 00007fa83767cef0 R09: 0000000000800700 [ 273.433432][T10355] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 273.433442][T10355] R13: 00007fa83767ceb0 R14: 000000000000046f R15: 000000000000002c [ 273.433461][T10355] [ 273.433469][T10355] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 273.433478][T10355] CPU: 0 PID: 10355 Comm: syz.2.1654 Not tainted syzkaller #0 [ 273.433494][T10355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 273.433502][T10355] Call Trace: [ 273.433508][T10355] [ 273.433514][T10355] dump_stack_lvl+0x16c/0x230 [ 273.433541][T10355] ? show_regs_print_info+0x20/0x20 [ 273.433579][T10355] ? load_image+0x3b0/0x3b0 [ 273.433606][T10355] panic+0x2c0/0x710 [ 273.433629][T10355] ? bpf_jit_dump+0xd0/0xd0 [ 273.433656][T10355] __warn+0x2e0/0x470 [ 273.433674][T10355] ? ext4_xattr_inode_update_ref+0x4fb/0x550 [ 273.433699][T10355] ? ext4_xattr_inode_update_ref+0x4fb/0x550 [ 273.433722][T10355] report_bug+0x2be/0x4f0 [ 273.433739][T10355] ? ext4_xattr_inode_update_ref+0x4fb/0x550 [ 273.433762][T10355] ? ext4_xattr_inode_update_ref+0x4fb/0x550 [ 273.433785][T10355] ? ext4_xattr_inode_update_ref+0x4fd/0x550 [ 273.433808][T10355] handle_bug+0xcf/0x120 [ 273.433823][T10355] exc_invalid_op+0x1a/0x50 [ 273.433839][T10355] asm_exc_invalid_op+0x1a/0x20 [ 273.433856][T10355] RIP: 0010:ext4_xattr_inode_update_ref+0x4fb/0x550 [ 273.433881][T10355] Code: 8d 7e 50 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 06 2c 9a ff 49 8b 37 48 c7 c7 a0 c6 be 8a 89 da e8 35 3a 0d ff <0f> 0b 4c 8b 74 24 08 4c 8b 7c 24 10 e9 b9 fe ff ff e8 7f a3 24 08 [ 273.433894][T10355] RSP: 0018:ffffc900033471c0 EFLAGS: 00010246 [ 273.433907][T10355] RAX: 210d6862a1967300 RBX: 0000000000000002 RCX: 0000000000080000 [ 273.433918][T10355] RDX: ffffc9000d37b000 RSI: 000000000007ffff RDI: 0000000000080000 [ 273.433929][T10355] RBP: ffffc900033472b8 R08: ffffc90003346dc7 R09: 1ffff92000668db8 [ 273.433942][T10355] R10: dffffc0000000000 R11: fffff52000668db9 R12: dffffc0000000000 [ 273.433953][T10355] R13: ffff88805d14aca8 R14: ffff88805d14aab0 R15: ffff88805d14ab00 [ 273.433977][T10355] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 273.434002][T10355] ? ext4_xattr_inode_iget+0x3df/0x600 [ 273.434028][T10355] ext4_xattr_set_entry+0xcda/0x1e90 [ 273.434060][T10355] ext4_xattr_ibody_set+0x254/0x6a0 [ 273.434087][T10355] ext4_expand_extra_isize_ea+0x113a/0x19e0 [ 273.434124][T10355] __ext4_expand_extra_isize+0x306/0x400 [ 273.434153][T10355] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 273.434179][T10355] ext4_evict_inode+0x7ed/0xea0 [ 273.434199][T10355] ? _raw_spin_unlock+0x28/0x40 [ 273.434222][T10355] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 273.434245][T10355] ? do_raw_spin_unlock+0x121/0x230 [ 273.434267][T10355] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 273.434288][T10355] evict+0x486/0x870 [ 273.434305][T10355] ? __lock_acquire+0x7c80/0x7c80 [ 273.434326][T10355] ? proc_nr_inodes+0x230/0x230 [ 273.434343][T10355] ? do_raw_spin_unlock+0x121/0x230 [ 273.434365][T10355] ? _raw_spin_unlock+0x28/0x40 [ 273.434383][T10355] ? iput+0x70a/0x920 [ 273.434400][T10355] ext4_orphan_cleanup+0xbd4/0x1400 [ 273.434430][T10355] ? ext4_orphan_del+0xba0/0xba0 [ 273.434456][T10355] ? ext4_register_li_request+0x183/0x940 [ 273.434481][T10355] ? errseq_check_and_advance+0x66/0x120 [ 273.434502][T10355] ext4_fill_super+0x5de4/0x66c0 [ 273.434531][T10355] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 273.434550][T10355] ? __might_sleep+0xe0/0xe0 [ 273.434574][T10355] ? read_lock_is_recursive+0x20/0x20 [ 273.434591][T10355] ? snprintf+0xdb/0x120 [ 273.434613][T10355] ? vscnprintf+0x80/0x80 [ 273.434635][T10355] ? down_write+0x162/0x1f0 [ 273.434650][T10355] ? down_read_killable+0x340/0x340 [ 273.434667][T10355] ? setup_bdev_super+0x56b/0x660 [ 273.434684][T10355] get_tree_bdev+0x3e4/0x510 [ 273.434699][T10355] ? vfs_parse_fs_string+0x160/0x160 [ 273.434719][T10355] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 273.434738][T10355] ? setup_bdev_super+0x660/0x660 [ 273.434752][T10355] ? apparmor_capable+0x137/0x1a0 [ 273.434768][T10355] ? bpf_lsm_capable+0x9/0x10 [ 273.434791][T10355] ? security_capable+0x89/0xb0 [ 273.434813][T10355] vfs_get_tree+0x8c/0x280 [ 273.434829][T10355] do_new_mount+0x24b/0xa40 [ 273.434848][T10355] __se_sys_mount+0x2da/0x3c0 [ 273.434865][T10355] ? __x64_sys_mount+0xc0/0xc0 [ 273.434881][T10355] ? lockdep_hardirqs_on+0x98/0x150 [ 273.434899][T10355] ? __x64_sys_mount+0x20/0xc0 [ 273.434915][T10355] do_syscall_64+0x55/0xb0 [ 273.434928][T10355] ? clear_bhb_loop+0x40/0x90 [ 273.434946][T10355] ? clear_bhb_loop+0x40/0x90 [ 273.434965][T10355] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 273.434983][T10355] RIP: 0033:0x7fa836790eea [ 273.434995][T10355] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.435007][T10355] RSP: 002b:00007fa83767ce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 273.435022][T10355] RAX: ffffffffffffffda RBX: 00007fa83767cef0 RCX: 00007fa836790eea [ 273.435033][T10355] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fa83767ceb0 [ 273.435045][T10355] RBP: 0000200000000180 R08: 00007fa83767cef0 R09: 0000000000800700 [ 273.435055][T10355] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 273.435065][T10355] R13: 00007fa83767ceb0 R14: 000000000000046f R15: 000000000000002c [ 273.435083][T10355] [ 273.435645][T10355] Kernel Offset: disabled