last executing test programs: 3m11.802557903s ago: executing program 0 (id=204): openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3477, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7535}}]}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) lgetxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x2, 0x842) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe2$9p(0x0, 0x80000) write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x298) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) sendto$packet(r3, &(0x7f0000000180)="0b03feff4f00020002004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14) 3m10.971333264s ago: executing program 0 (id=207): socket(0x2c, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) setrlimit(0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_ALLOW_SUSPEND(r4, 0x5522) ioctl$USBDEVFS_SETINTERFACE(r4, 0x80045510, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 3m8.721450466s ago: executing program 0 (id=214): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1008413, &(0x7f0000000000)={[{@noblock_validity}, {@barrier}]}, 0x0, 0x517, &(0x7f00000000c0)="$eJzs3c9vG1kdAPDvOHG2adJNFjjASuwu7KK0gtrJRrsb9VCKhOBUCSj3EhIniuLEVey0TVTRVPwBSAgBEie4cEHiD0BClbhwREiV4AwCBELQwgEk6CDb4zR17CS0rp0mn480nffDM9/33M543sx0JoBT60o2PU7T9EJETGTluWz6ZD2zE/FWRDx6eGehPiWRptf+lkSSlbXWlTa8EmPNRRor+MoXI76e7I9b3dpenS+XSxtZvlhbu1Gsbm1fXFmbXy4tl9ZnZ2fen/tg7r256efp3tJYljgXEZc//6fvfuvHX7j888/c+v31v5z/RtJs8932fvx/hg+sbX6f+TjTtsjGswU7lob3JkaPtsy97J8IAAD9VT8u/VB2nH8hJmLokONZAAAA4OWTfnY8/pO0rt3tM9KlHAAAAHiJ5CJiPJJcIbvfdzxyuUIhGvfwfiTO5sqVau3TS5XN9cV6XcRk5HNLK+XSdHZv62Tkk3p+ppF+kn+3LT8bEa9FxHcmRhv5wkKlvDjokx8AAABwSoy1jf//OdEc/wMAAAAnzOSgGwAAAAC8cMb/AAAAcPIZ/wMAAMCJ9qWrV+tT2nr/9eLNrc3Vys2Li6XqamFtc6GwUNm4UViuVJYbz+xbO3Blu68OXN+8XayVqrVidWv7+lplc712feXpV2ADAAAA/fPam/d/m0TEzqXRGL002igb2VP/7+w9AQNrIPDC7J6yiySbj+z/0O9ebc7/2KdGAX0xNOgGAAMzPOgGAAOTH3QDgIFLDqnvevPOr7L5J3rbHgAAoPemPvbk+v9O2/X/3IFL7hxcDRx7NmI4vVz/h9Orcf2/wy1/HTlYgBMl7wgATr3nvv5/KP+HCAAABm28MSW5QnZ6bzxyuUIh4lzjtQD5ZGmlXJqOiFcj4jcT+Vfq+ZnGksmhYwYAAAAAAAAAAAAAAAAAAAAAAAAAoClNk0gBAACAEy0i9+fkF81n+U9NvDPefn5gJPnXRGSvCL31g2vfuz1fq23M1Mv/vlte+35W/u4gzmAAAAAA7Vrj9NY4HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB66dHDOwutqZ9x//q5iJjsFH84zjTmZyIfEWf/kcTwnuWSiBjqQfydexHx0U7xk3qzdkN2ij/64uPHZPYtdIo/1oP4cJrdr+9/rnTa/nLxVmPeefsbjngq/6y67/9id/831GX7P3fEGK8/+Gmxa/x7Ea8Pd97/tOInXeK/fcT4X/vq9na3uvSHEVMdf3+Sp2IVa2s3itWt7Ysra/PLpeXS+uzszPtzH8y9NzddXFopl7I/O8b49sd/9vig/p/tEn/ykP6/c8T+//fB7YcfbibzneKff7tD/F/+KPvE/vi57LfvU1m6Xj/VSu8003u98ZNfv3FQ/xe79P+wv//zR+z/hS9/8w9H/CgA0AfVre3V+XK5tHFiE/VR+jFohsQxTNzdX/VmdF0qSQ5eYZqmaX2beo6GJd2j9yeR7JYMes8EAAD02pOj/0G3BAAAAAAAAAAAAAAAAAAAAE6vfjxXrD3mzm4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuJ/AQAA//8fp+fv") close(0xffffffffffffffff) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) bind$unix(r2, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) 3m6.809261444s ago: executing program 0 (id=217): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r4}, 0x18) socket$packet(0x11, 0x2, 0x300) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000407000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800028008000200080000003e"], 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x0) 3m6.679905386s ago: executing program 0 (id=219): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000001100)='./file1\x00', 0x0, &(0x7f0000000200), 0x45, 0x7b6, &(0x7f0000001140)="$eJzs3c9rG1ceAPDvyPLPZNdeWNjNngwLu4EQeZ31JruwsF72sBQaCLSnHpoYWTGpZStYcoiNaRNKoZdCW3prLzn356X02h+HXtr/oySkrROa0kNxGf2wZVtyrMSWkubzgYne07zRe995ozcvmrEUwBNrPP0nE3EsIl5PIkbrzycR0V9NZSOma+Xura/l0yWJjY1nvkuqZe6ur+WjaZvUkXrmjxHx+SsRJzK76y2vrM7PFIuFpXp+orJweaK8snry0sLMXGGusHh6cmrq1Jl/nDn9UOENN2d++Hr16K03/v/XD6Z/evkPH772RRLTcbS+rjmOgzIe4/V90p/uwm3+d9CV9czHL+6jUNMRkD3MxtChtGP66r1yLEajb6/+Ge5mywCAw/JSRGy009d2DQDwWEtq5///9LodAEC3ND4HuLu+lm8svf1Eortu/zcihobqudr1zVo6W79mN1S9DjpyN9l2ZSSJiLEDqH88It755Pn30iUO6TokQCvXrkfEhbHx3eN/suuehU79rfXTc82Z8R0rjX/QPZ+m859/tpr/ZTbnP9Fi/jPY4r37IO7//s/cPIBq2krnf/9uurftXlP8dWN99dxvqnO+/uTipWIhHdt+GxHHo38wzU/uUcfxOz/fabeuef73/ZsvvJvWnz5ulcjczA5u32Z2pjLzMDE3u3094k/ZVvGn4/9gtf+TNvPfc/X0wH3qeOpfr77dbl0afxpvY9kd/+HauBHxl5b9n2yWSfa8P3GiejhMNA6KFj6ajpF29Y9nt/o/XdL6G/8X6Ia0/0f2jn8sab5fs7zvl968W+yrG6OftSvUfPy3jr/18T+QPFtNN469qzOVytJkxEDy9O7nT21t28g3yqfxH/9z6/d/Y/xrcfw/l77+hX3uiOytb99/8PgPVxr/bEf933Eihu7N97Wrf3/9P7Vtm/2Mf/tt4IPuNwAAAAAAAAAAAAAAAAAAAAAAAADoRCYijkaSyW2mM5lcrvYb3r+PkUyxVK6cuFhaXpyN6m9lj0V/pvFVl6NN34c6Wf8+/Eb+1I783yPidxHx1uBwNZ/Ll4qzvQ4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqOtPn9/9Q3gzsK9/WihQDAoRhyYgeAJ02Szfa6CQBAtw11VHr40NoBAHRPZ+d/AODXwPkfAJ489zn/7/wzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjUubNn02Xjx/W1fJqfvbKyPF+6cnK2UJ7PLSznc/nS0uXcXKk0Vyzk8qWFti90rfZQLJUuT8Xi8tWJSqFcmSivrJ5fKC0vVs5fWpiZK5wv9HctMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYv/LK6vxMsVhYkuhJYv7LWj88Ku2R6CwR12r996i05+ASMbA1Sgz3ZnACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAz8EgAA//99gB7t") ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f0000000140)=0x81) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000002380)={0x48, 0x0, &(0x7f0000001300)=[@register_looper, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000001380)='r'}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000007c0)={0x44, 0x0, &(0x7f0000000b40)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000000780)}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) ioctl$int_in(0xffffffffffffffff, 0xa831, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(0x0, 0x100, 0x8) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x0, 0xe}}}, 0x24}}, 0x20004010) r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r6, 0x7ff, 0x1) getdents64(r6, 0x0, 0x0) 3m5.026280889s ago: executing program 0 (id=224): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, 0x0, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r2) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x221, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xb, 0xffff}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) recvmmsg(r5, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000f80)=""/4096, 0x1000}, {&(0x7f00000008c0)=""/243, 0xf3}], 0x2}, 0x3}], 0x1, 0x0, 0x0) 2m49.826649356s ago: executing program 32 (id=224): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, 0x0, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r2) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x221, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xb, 0xffff}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) recvmmsg(r5, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000f80)=""/4096, 0x1000}, {&(0x7f00000008c0)=""/243, 0xf3}], 0x2}, 0x3}], 0x1, 0x0, 0x0) 21.500032724s ago: executing program 2 (id=654): setreuid(0x0, 0xee00) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x18002) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) listen(0xffffffffffffffff, 0x0) r7 = socket$netlink(0x10, 0x3, 0x8000000004) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r7) writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) 20.521744617s ago: executing program 2 (id=656): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x0, 0x0, 0x7}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000300)=0x2) 17.143883706s ago: executing program 2 (id=661): bpf$MAP_CREATE(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) getpid() r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000200)=0x7ffffffc) close(r0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000100)='cpuset.sched_load_balance\x00', 0x2, 0x0) sendfile(r2, r2, 0x0, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54008cb07b783a3221f8000000000000020000002800048024000180090001006d6574610000000014000280080003400000001708000240000000020900010073797a30000000000900020073"], 0x7c}}, 0x4041) sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="0e012a20e8edbbe81350596f86adb51da6242692eb97a2e4b8525f9502379ed66095509e0a2573a9925fa55259eb245fe7ae5edd5e37732690dec166b7000000000000005ea114ea9d06c49d015a0c365b38c4635f69aca12204d12672111e", @ANYRES32, @ANYBLOB="ab7545ed20103f08110017ea9589588a785c362e9b406766d762ed1dd7a73fb4f41940b3e8d98f1d7a7e5ec5e362cbcd9d395a4120ed232f278943181b97a34a3c6fb1c20888476ccad1e4e06f608fdf78de0f0c58ec0ede7e71a9f46064cfa24c7ee2c2d8a5d257fe8bde64963b6ba65306373ad2ce3915a572bc57c32e5628ce47c636b59b17efde68ad9de928a853505a37", @ANYRES16=r0, @ANYBLOB="0c001a8048", @ANYRESHEX=r0], 0x2c}}, 0x841) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40000, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xda32}) close(r3) socket$netlink(0x10, 0x3, 0x0) preadv(r4, &(0x7f0000001300)=[{&(0x7f0000000180)=""/129, 0x81}], 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write(0xffffffffffffffff, &(0x7f0000000240)="aefc00001a0025f01d85bc04fef7681d020b49ff708800008003280008021000ac0a1410bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone(0x17041100, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) recvmmsg(r6, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x20, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) 17.142975556s ago: executing program 4 (id=663): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00'}) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0x2041, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=r1, @ANYBLOB="ffffffff0000000000630200000000269d0371b361fdd0ba4fb94ed0ae9b5de2afec4c339c2164a0f1b165263d85609a7b6089a629ba8f5e7a3b53d589767a220d1726c52ae47d2c3aac1deb33e1", @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="01000000000000000100"/28], 0x50) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r6}, &(0x7f0000000040), &(0x7f0000000180)=r7}, 0x20) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x2000000}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r8}, 0x10) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, &(0x7f0000000280)='\x00') bpf$MAP_CREATE(0x300000000000000, 0x0, 0x0) setreuid(0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x14, r10, 0x9c3fa077fa966179, 0x70bd26, 0x0, {{0x7e}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x4040805}, 0x4000054) 16.290954288s ago: executing program 2 (id=665): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000080000000a00000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) socket$inet6(0xa, 0x800000000000002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) pipe2(0x0, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x6, 0x200008, 0x5, 0x20000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r2], 0x4c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000010000108000000000000000002000000", @ANYRES32=0x0, @ANYBLOB="b40200000000000008001b"], 0x28}}, 0x0) 14.73204685s ago: executing program 4 (id=666): setreuid(0x0, 0xee00) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x18002) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) listen(0xffffffffffffffff, 0x0) r7 = socket$netlink(0x10, 0x3, 0x8000000004) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r7) writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) 14.206638958s ago: executing program 4 (id=669): socketpair(0x1d, 0x800, 0xc6f, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000200)={'hsr0\x00', &(0x7f0000000180)=@ethtool_perm_addr={0x20, 0x21, "e138236870aedf7e264c25d53d215ba55ca0cdda3d08d527c2e73d083502cae704"}}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x25c, &(0x7f0000000440)=@framed={{0x18, 0x2}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x15, 0xffff7c5b, 0x2, 0x6, 0x40, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x2, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) write$binfmt_elf64(r5, &(0x7f0000000180)=ANY=[], 0x78) sendfile(r4, r5, &(0x7f00000001c0), 0x8) fcntl$addseals(r5, 0x409, 0x8) fallocate(r5, 0x3, 0x7, 0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYRESDEC=r2, @ANYRES8], 0x0, 0xfffffac6, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80042, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) close(r1) 12.64414496s ago: executing program 3 (id=671): bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000280)={0x2, &(0x7f0000000040)=[{0xe306, 0x6, 0x1, 0x9}, {0x9, 0x6, 0xf8, 0xd04}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) stat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000100)={{0x3, 0x1, 0x7f, 0x1, 0x401}}) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000001c0)={0x4800}, 0x10) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000001, 0x5, 0xfffffffffffffffe, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11.837141701s ago: executing program 3 (id=673): socket(0x2c, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) setrlimit(0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_ALLOW_SUSPEND(r4, 0x5522) ioctl$USBDEVFS_SETINTERFACE(r4, 0x80045510, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 10.622573429s ago: executing program 3 (id=675): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_open_dev$usbfs(&(0x7f00000001c0), 0x800000001fe, 0x181002) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getpeername$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000000c0)=0x14) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', r5, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') r8 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1) sendfile(r8, r7, 0x0, 0x80000000) 9.581607444s ago: executing program 2 (id=677): r0 = socket$nl_generic(0x10, 0x3, 0x10) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) truncate(&(0x7f0000000240)='./file0\x00', 0x206b12) sched_setscheduler(0x0, 0x2, 0x0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x2, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) clock_nanosleep(0x7, 0x0, 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r4 = add_key$user(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)='5', 0x1, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x1e, r4, 0xfffffffffffffffb, 0xffffffffffffffff, 0x1) r5 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_udp_int(r5, 0x11, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000140), 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x1, 0x7, 0x2261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 9.495908955s ago: executing program 3 (id=678): clock_gettime(0x4, &(0x7f0000000040)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1600000000000000040000000100000000000000", @ANYRES32=0x1, @ANYBLOB="000000000000000000000000f707a915e12b6adc", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x2, 0xffffffff}]}, 0x10) close(r2) futex(&(0x7f0000000000)=0x1, 0x2, 0x0, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0), 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1e0800"/20, @ANYRES32=0x1, @ANYBLOB='\t\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000500000003000000ffffffffffffff7f0000000000000000"], 0x50) syz_read_part_table(0x5df, &(0x7f0000000000)="$eJzs3DGIE1kYB/CXIBEFETs7gykichAh3UkEDXGQgAnBQ4s70c4t0qyVRYxgQCzMNhE5Gy0UYQ1aaCUiCCImFkIqUXavuN1l2eJY2CawLHMEZrvjYG/JHQe/Hzx4b97/zcfHMOVM4H8tHf6I4zgVQoj37vz0T/OVs+ey9dONCyGkwi8hhN/zs79OdlJJYvuuR5P1YrIuvt3TvDcf3en2Dhx+nd38nE72byVjZfjw8q6bY+qOXT/+/sh4dOhNNTwenBqc3N+8dK2fL7f7X+qvzjzNPtt+7oUp1X9Z+njwdmc26t4ozXyNWkvRanpjPTr/4FEhM9du5NdOJLkrU6rf3LqYef7kQ7mzvK/4qVqr9V58v59rVd51bo6GuW/ju1eT3MI/eLsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPj3Hbt+/P2R8ejQm2p4PDg1OLm/eelaP19u97/UX515mn12NMkVplT/Zenjwdud2ah7ozTzNWotRavpjfXo/INHhcxcu5FfO5HkrvzV4TiO27us39y6mHn+5EO5s7yv+Klaq/VefL+fa1XedW6Ohrlv47tXk9zC3l0WAgAAAAAAAAAAAAAAAAAAgL9ROXsuWz/duDCZ/xxC+GHmx7nJPE6+d08lue3/ACxOrqdDKL7d07w3H93p9g4cfp3d/Pxbkr+VjJXhw8v/QTvs0J8BAAD//9odjZ8=") r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000604"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r3, 0x58, &(0x7f0000003fc0)}, 0xe) socket$inet_udplite(0x2, 0x2, 0x88) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) setresuid(0xee00, 0xee01, 0x0) setuid(0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000400)='ns\x00') readlinkat(r4, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000440)=""/163, 0xa3) r5 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r5, &(0x7f0000000600)=@name={0x1e, 0x2, 0x3, {{0x1, 0x4}, 0x3}}, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 9.495643075s ago: executing program 4 (id=679): setreuid(0x0, 0xee00) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x18002) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) listen(r5, 0x0) r7 = socket$netlink(0x10, 0x3, 0x8000000004) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r7) writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) 6.544712817s ago: executing program 4 (id=681): socketpair$unix(0x1, 0x2, 0x0, 0x0) unshare(0x22020600) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) prlimit64(0x0, 0x7, &(0x7f00000000c0), 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r0, r2}, 0x10) 6.407744399s ago: executing program 5 (id=682): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x2, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x40200, 0x111) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x2000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) link(&(0x7f0000000080)='./file1\x00', &(0x7f0000000240)='./file2/file0\x00') fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x7}) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x80000000}) openat(r1, &(0x7f0000000080)='./file1\x00', 0x0, 0x20) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x46, &(0x7f0000000000)={0x0, 0x0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xb0}, [@ldst={0x6, 0x3}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) 6.264080861s ago: executing program 2 (id=683): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x0, 0x0, 0x148, 0x0, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x7}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xf, [0x10, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'wg0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ffffffff850000002d00000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='kfree\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r2, r4, 0x1, 0x0, @void}, 0x10) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r5, 0x3) syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x38, &(0x7f0000000580)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x4}, {"c516"}}}}}}, 0x0) 5.384953384s ago: executing program 3 (id=684): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) sendmsg$inet(r6, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp={0x44, 0x4, 0x73}, @noop]}}}], 0x40}, 0x0) read$char_usb(r6, &(0x7f0000000080)=""/139, 0xfdef) 5.383913613s ago: executing program 1 (id=685): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x1, @empty}}, 0x0, 0x0, 0x3fb, 0x0, 0x32, 0xfffffffd}, 0x9c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250601f2800c000200070000000000000014000100ff02000000000000000000000000000150bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd712e655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c028d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f000000000000000000000000000000000400e900000027b6b3df522de89b24266dfb53c4a68757a5ec1242b1f87f245186eb790765c9fcb461cb7c0c354ce05062c0e0f261c2203d500f62fc8764d231e84dd9a9378363dcbc134ec6e7e25a217d88c70750957f9a7aeb83a6ea00d96512853a466c97747acccc0e1c2931754158"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r1, 0x0, 0x800) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={0x0, r3}, 0x18) syz_emit_ethernet(0x2e, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaac6d2b9ee31aaaaaabbbbbbbbbbbb81000000080045fc001c000000000033907800"/46], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x6, 0x0, 0x0) openat$ttyprintk(0xffffff9c, &(0x7f0000000000), 0x20000, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$vimc0(0xffffff9c, &(0x7f0000000340), 0x2, 0x0) connect$phonet_pipe(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x3) r5 = socket$nl_generic(0x11, 0x3, 0x10) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r6, 0x0) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) 5.319989164s ago: executing program 4 (id=686): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) setgid(0xffffffffffffffff) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x1, 0x0, &(0x7f0000000080)={0x3, 0xf, 0x0, 0x0, 0x7995}, 0x8, 0x0, 0x0, 0x48000000, 0x4, 0x40000000, 0x0}) 4.270045549s ago: executing program 5 (id=687): syz_emit_ethernet(0x6e, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0) mkdir(&(0x7f0000000200)='./file0\x00', 0x0) r0 = open(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioprio_get$uid(0x3, 0xee01) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="595300000000000000086b00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900020000007200000010001d80b1fb3209b565a49a3e3f4289c00c000080050007000000000036953b336de429f93408d39a2deb550d59ddb948b8fe82b4631a9f443e1a4f09cf1cf30dc40f7f88d2ab2ce4d11ba23f89fcf1cbc46a93863875321bea636597bdfae3aa58116101e6cfa9427d6e2ed4769ae3835fab70b14a361d1babcf09356a407636a5db6ce0a089cba64308677da4"], 0x38}, 0x1, 0x0, 0x0, 0x2402a0d1}, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000880)='xprtrdma_post_linv_err\x00', r6, 0x0, 0xffffffffffffffff}, 0x18) unlinkat(r0, &(0x7f0000000100)='./file0\x00', 0x200) 3.577203079s ago: executing program 1 (id=688): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 2.792031021s ago: executing program 5 (id=689): socket$inet6(0xa, 0x3, 0x8000000003c) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3f}, 0x5}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x952f, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 2.345908377s ago: executing program 5 (id=690): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0xfffffffffffffe16, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) pipe(0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) sendto$packet(r0, &(0x7f0000000240)="1f772c23ac637ecf0c298e5feb447a", 0xf, 0x0, &(0x7f0000000440)={0x11, 0x5, r3, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14) 1.696165776s ago: executing program 1 (id=691): setreuid(0x0, 0xee00) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x18002) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) listen(r5, 0x0) r7 = socket$netlink(0x10, 0x3, 0x8000000004) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r7) writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) 1.552698738s ago: executing program 5 (id=692): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000800000000", @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000400), &(0x7f0000000280)=r1}, 0x1e) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x19, 0x4, 0x4, 0x20001, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x21, 0x0, @void, @value, @void, @value}, 0x1d) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={r2, 0x0, 0x0}, 0x20) 1.490864189s ago: executing program 1 (id=693): r0 = socket$nl_generic(0x10, 0x3, 0x10) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) truncate(&(0x7f0000000240)='./file0\x00', 0x206b12) sched_setscheduler(0x0, 0x2, 0x0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x2, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) clock_nanosleep(0x7, 0x0, 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r4 = add_key$user(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)='5', 0x1, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x1e, r4, 0xfffffffffffffffb, 0xffffffffffffffff, 0x1) r5 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_udp_int(r5, 0x11, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000140), 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x1, 0x7, 0x2261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 1.41604317s ago: executing program 3 (id=694): bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040), &(0x7f0000001340), 0x2931b90f}, 0x38) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast1, @in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0xa0}, {@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}, 0x0, 0x33}, @in6=@empty, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff1, 0x3}, {0x0, 0x0, 0x0, 0xfffffffffffffffe}}, 0x0, 0x1a0b1}}, 0xf8}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = dup2(r1, 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r2}, 0x18) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x8002, &(0x7f0000000580)={[{@resgid}, {@auto_da_alloc}, {@data_err_ignore}]}, 0x3, 0x4cd, &(0x7f0000000c80)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=") r3 = open(&(0x7f0000000340)='./file1\x00', 0x185102, 0x1) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r6 = dup(r5) write$FUSE_DIRENTPLUS(r6, &(0x7f0000002c00)=ANY=[@ANYBLOB="b0"], 0xb0) getresuid(&(0x7f0000000800), &(0x7f00000003c0), &(0x7f0000000340)) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000ff01000000000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x28011, r3, 0x3202000000) sendfile(r3, r3, &(0x7f00000000c0)=0x3, 0x14000) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e24, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7ff}, 0x1c) readlinkat(0xffffffffffffffff, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000440)=""/163, 0xa3) 617.399771ms ago: executing program 5 (id=695): socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000340)={[{@nodioread_nolock}, {@min_batch_time}, {@barrier_val={'barrier', 0x3d, 0x40}}, {@nodelalloc}]}, 0x5, 0x795, &(0x7f0000000cc0)="$eJzs3c9rXNUeAPDvnSRNk/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTsmgRwY2g4kLQTdf+qDu3/tjqf+FCWqqmxYoLidyZO+20mUmTNjOj5vOBmznn3js553vP/XHunMtMAHvWRPonF3EoIt5NIsay+UlEDNVTgxEnGuvdXl8rplMSGxuv/pzU17m1vlaMlvekDmSZ/0fEN29FHM415g+3lFtdWZ0vlMulpSw/VVs4P1VdWT1ybqEwV5orLR6bnpk5evyZ48d2L9Zfv189eP29l578/MTvb/7v6jvfJnEiDmbLWuPYLRMxkW2ToXQT3uPF3S6sz5J+V4CHkh6aA42jPA7FWAzUUx2M9LJmAEC3bAAAe1CiDwAAe0zzc4Bb62vF5tTfTyR668YLEbG/EX9zfLOxZDAbs9tfHwcdvZXcMzKSRMT4LpQ/EREff/n6p+kUWTu0G0szvgbstkuXI+LM+MTm83+y6ZmFnXpqq4UbjadBJu6bvdeuP9BPX6X9n2fb9f9yd/o/0ab/M9zm2H0YDz7+c9d2oZiO0v7f8y3Ptt1uiT8zPpDl/lXv8w0lZ8+VS+m57d8RMRlDw2l+ur5q+17a5M0/bnYqv7X/98v7b3ySlp++3l0jd21w+N73zA7XCo8ad9ONyxGPDbaLP7nT/kmH/u+pbZbx8nNvf9RpWRp/Gm9z2hx/d21ciXiibfvfbctky+cTp+q7w1Rzp2jjix8+HO1Ufmv7p1NafvNeoBfS9h/dOv7xpPV5zerOy/juytjXnZY9OP42+3+hVtiXvFZP78vmXSzUakvTEfuSVzbPP3r3vc18c/00/snH2x//jWLb7//pPeGZbcY/eP2nzx4+/u5K45/dUfvvPHH19vxAp/K31/4z9dRkNidt/wfFtd0KPsq2AwAAAAAAAAAAAAAAAAAAAAAAAIDtykXEwUhy+TvpXC6fb/yG939jNFeuVGuHz1aWF2ej/lvZ4zGUa37V5VjL96FOZ9+H38wfvS//dET8JyI+GB6p5/PFSnm238EDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOZAh9//T/043O/aAQBds7/fFQAAes71HwD2np1d/0e6Vg8AoHfc/wPA3rPt6/+Z7tYDAOgd9/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02amTJ9Np47f1tWKan72wsjxfuXBktlSdzy8sF/PFytL5/FylMlcu5YuVhY7/6FLjpVypnJ+JxeWLU7VStTZVXVk9vVBZXqydPrdQmCudLg31LDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2L7qyup8oVwuLUlsmRhJE4PZRvsL1KffiUEb4R+eaD1LjPTn5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwN/BnAAAA//+9uipa") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) 394.312365ms ago: executing program 1 (id=696): socketpair$unix(0x1, 0x2, 0x0, 0x0) unshare(0x22020600) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) prlimit64(0x0, 0x7, &(0x7f00000000c0), 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r0, r2}, 0x10) 0s ago: executing program 1 (id=697): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) uname(&(0x7f00000000c0)=""/235) kernel console output (not intermixed with test programs): dy [ 82.575848][ T33] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.583106][ T33] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.598448][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 82.609395][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 82.675231][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.689512][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.704878][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.715924][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.724646][ T33] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.731839][ T33] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.749017][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.762767][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.773396][ T33] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.780640][ T33] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.790732][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.800007][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 82.810846][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 82.821496][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 82.831750][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.841270][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.851217][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.862312][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 82.871373][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.910383][ T4260] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.926205][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 82.944868][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.955712][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 82.992135][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 83.002028][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 83.012657][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 83.021756][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 83.031972][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 83.041239][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 83.056503][ T4253] device veth0_vlan entered promiscuous mode [ 83.093792][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 83.102615][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 83.118638][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 83.130812][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.140230][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 83.148612][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 83.162442][ T4253] device veth1_vlan entered promiscuous mode [ 83.176141][ T4252] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.198576][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 83.221124][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 83.229876][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 83.238112][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 83.247234][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.255769][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 83.263232][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 83.272642][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 83.282030][ T4304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 83.304172][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 83.313839][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 83.323512][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 83.350014][ T4254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.373010][ T4253] device veth0_macvtap entered promiscuous mode [ 83.388582][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 83.402522][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 83.414229][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 83.448083][ T4253] device veth1_macvtap entered promiscuous mode [ 83.492329][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 83.519858][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 83.581098][ T4252] device veth0_vlan entered promiscuous mode [ 83.603294][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 83.614782][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 83.633785][ T4254] device veth0_vlan entered promiscuous mode [ 83.650333][ T4253] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.663743][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 83.677597][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 83.688508][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 83.697454][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 83.707098][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 83.716331][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 83.725748][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 83.733257][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 83.741167][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 83.749691][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 83.758444][ T4252] device veth1_vlan entered promiscuous mode [ 83.772082][ T4254] device veth1_vlan entered promiscuous mode [ 83.781587][ T4260] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.793187][ T4253] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.802020][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 83.811807][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 83.836360][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 83.855649][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 83.880968][ T4253] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.900984][ T4253] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.925579][ T4266] Bluetooth: hci4: command 0x040f tx timeout [ 83.925589][ T4270] Bluetooth: hci0: command 0x040f tx timeout [ 83.935624][ T4253] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.961570][ T4253] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.005346][ T4265] Bluetooth: hci1: command 0x040f tx timeout [ 84.005404][ T4266] Bluetooth: hci2: command 0x040f tx timeout [ 84.011389][ T4265] Bluetooth: hci3: command 0x040f tx timeout [ 84.047301][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 84.071341][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 84.081112][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 84.100152][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 84.113219][ T4252] device veth0_macvtap entered promiscuous mode [ 84.137939][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 84.154221][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 84.164270][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 84.181992][ T4252] device veth1_macvtap entered promiscuous mode [ 84.208556][ T4254] device veth0_macvtap entered promiscuous mode [ 84.229150][ T4254] device veth1_macvtap entered promiscuous mode [ 84.296237][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 84.307880][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 84.324629][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 84.334121][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.342192][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.351504][ T4252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.362360][ T4252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.374026][ T4252] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.391189][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 84.402997][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.423723][ T4263] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.450257][ T4252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.462001][ T4252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.479665][ T4252] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.492093][ T4252] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.501337][ T4252] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.510511][ T4252] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.519659][ T4252] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.544693][ T4254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.557968][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.563690][ T4254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.577633][ T4254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.588464][ T4254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.603704][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.622578][ T4254] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.633936][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 84.647014][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.656654][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 84.664806][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 84.673979][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.714970][ T4254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.728077][ T4254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.737994][ T4254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.748498][ T4254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.759871][ T4254] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.785705][ T4254] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.794456][ T4254] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.803355][ T4254] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.813743][ T4254] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.829991][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 84.841080][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.877765][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 84.888718][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 84.900357][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 84.909717][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 84.931133][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.940118][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.958971][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 84.969336][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 84.978533][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 84.988096][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 84.998024][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.037410][ T4263] device veth0_vlan entered promiscuous mode [ 85.077312][ T4260] device veth0_vlan entered promiscuous mode [ 85.081923][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.091854][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 85.101083][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.107610][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.118472][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 85.163464][ T4260] device veth1_vlan entered promiscuous mode [ 85.179209][ T4263] device veth1_vlan entered promiscuous mode [ 85.188993][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 85.198213][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 85.212271][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.221781][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 85.287771][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.308676][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 85.317167][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.333766][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 85.343460][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 85.382374][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 85.396846][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 85.410278][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 85.420438][ T66] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 85.437528][ T4260] device veth0_macvtap entered promiscuous mode [ 85.457893][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.483068][ T4263] device veth0_macvtap entered promiscuous mode [ 85.489629][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.507339][ T4260] device veth1_macvtap entered promiscuous mode [ 85.531563][ T4263] device veth1_macvtap entered promiscuous mode [ 85.544606][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 85.560081][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 85.571652][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 85.585138][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 85.593521][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 85.623097][ T4260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.693411][ T4260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.721695][ T4260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.738001][ T4260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.765771][ T4260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.786769][ T4260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.821744][ T4260] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.872846][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.894275][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.915299][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.937965][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.970722][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.989270][ T4343] loop1: detected capacity change from 0 to 40427 [ 86.002939][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.015148][ T4265] Bluetooth: hci4: command 0x0419 tx timeout [ 86.040209][ T4343] F2FS-fs (loop1): invalid crc value [ 86.046487][ T4345] loop2: detected capacity change from 0 to 40427 [ 86.054010][ T4345] ======================================================= [ 86.054010][ T4345] WARNING: The mand mount option has been deprecated and [ 86.054010][ T4345] and is ignored by this kernel. Remove the mand [ 86.054010][ T4345] option from the mount to silence this warning. [ 86.054010][ T4345] ======================================================= [ 86.065214][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.105483][ T4265] Bluetooth: hci2: command 0x0419 tx timeout [ 86.112272][ T4265] Bluetooth: hci1: command 0x0419 tx timeout [ 86.124084][ T4345] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 86.125035][ T4266] Bluetooth: hci0: command 0x0419 tx timeout [ 86.132226][ T4345] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 86.138205][ T4265] Bluetooth: hci3: command 0x0419 tx timeout [ 86.157387][ T4345] F2FS-fs (loop2): invalid crc value [ 86.169445][ T4343] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 86.192014][ T4345] F2FS-fs (loop2): Found nat_bits in checkpoint [ 86.229603][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.245652][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.260943][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.275738][ T4263] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.283254][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.297520][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 86.306998][ T4345] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 86.314292][ T4345] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 86.337469][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 86.351117][ T4343] F2FS-fs (loop1): Start checkpoint disabled! [ 86.370547][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 86.385190][ T4343] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 86.399243][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 86.425722][ T4260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.471826][ T4260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.505378][ T4260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.545248][ T4260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.589948][ T4260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.635356][ T4260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.648862][ T1169] cfg80211: failed to load regulatory.db [ 86.658352][ T4260] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.714569][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.469718][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.515159][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.562463][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.572453][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.583500][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.593561][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.604075][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.618183][ T4263] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.622180][ T4330] kworker/u4:7: attempt to access beyond end of device [ 87.622180][ T4330] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 87.652173][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 87.666858][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 87.696736][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 87.709863][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 87.746464][ T4263] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.820230][ T4263] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.843724][ T4263] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.880054][ T4263] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.918820][ T4260] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.938171][ T4260] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.973106][ T4260] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.998000][ T4358] loop2: detected capacity change from 0 to 1024 [ 88.014706][ T4260] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.177434][ T4358] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 88.295949][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.335776][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.351675][ T4367] loop1: detected capacity change from 0 to 256 [ 88.354535][ T4358] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 88.417666][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 88.446546][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.554056][ T4358] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 1 with error 28 [ 88.587928][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.604191][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.613300][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.625349][ T4358] EXT4-fs (loop2): This should not happen!! Data will be lost [ 88.625349][ T4358] [ 88.637629][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 88.664748][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 88.672704][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.687255][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.692662][ T4358] EXT4-fs (loop2): Total free blocks count 0 [ 88.742976][ T4358] EXT4-fs (loop2): Free/Dirty block details [ 88.769592][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 88.777885][ T4358] EXT4-fs (loop2): free_blocks=68451041280 [ 88.831068][ T4358] EXT4-fs (loop2): dirty_blocks=32 [ 88.876329][ T4358] EXT4-fs (loop2): Block reservation details [ 88.902737][ T4358] EXT4-fs (loop2): i_reserved_data_blocks=2 [ 89.244692][ T4372] overlayfs: failed to resolve './file0': -2 [ 89.263818][ T4312] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 89.577791][ T4377] tmpfs: Unknown parameter 'rootcontext' [ 89.621997][ T4377] Cannot find add_set index 0 as target [ 90.338622][ T4382] loop1: detected capacity change from 0 to 256 [ 90.424098][ T4382] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 92.928136][ T4403] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 94.465314][ T4427] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 94.479151][ T4421] loop2: detected capacity change from 0 to 512 [ 94.498322][ T4427] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 94.516029][ T4421] ext4: Unknown parameter 'smackfsroot' [ 94.815007][ T4431] loop4: detected capacity change from 0 to 512 [ 94.840675][ T4431] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 94.854561][ T4431] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 94.904799][ T4431] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 94.922688][ T4431] EXT4-fs (loop4): 1 truncate cleaned up [ 94.928541][ T4431] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 95.052376][ T4399] loop0: detected capacity change from 0 to 40427 [ 95.095029][ T4399] F2FS-fs (loop0): invalid crc value [ 95.147099][ T4399] F2FS-fs (loop0): Found nat_bits in checkpoint [ 95.424091][ T4399] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 95.509051][ T4443] netlink: 'syz.1.25': attribute type 12 has an invalid length. [ 95.624978][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 97.042934][ T4454] ipt_CLUSTERIP: Please specify destination IP [ 97.115388][ T4458] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 98.350354][ T4473] loop1: detected capacity change from 0 to 512 [ 98.618073][ T4473] EXT4-fs error (device loop1): ext4_do_update_inode:5253: inode #3: comm syz.1.35: corrupted inode contents [ 98.634007][ T4473] EXT4-fs error (device loop1): ext4_dirty_inode:6118: inode #3: comm syz.1.35: mark_inode_dirty error [ 98.663508][ T4473] EXT4-fs error (device loop1): ext4_do_update_inode:5253: inode #3: comm syz.1.35: corrupted inode contents [ 98.677197][ T4473] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #3: comm syz.1.35: mark_inode_dirty error [ 98.697065][ T4473] Quota error (device loop1): write_blk: dquota write failed [ 98.705785][ T4473] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 98.716090][ T4473] EXT4-fs error (device loop1): ext4_acquire_dquot:6802: comm syz.1.35: Failed to acquire dquot type 0 [ 98.762923][ T4473] EXT4-fs (loop1): 1 orphan inode deleted [ 98.769111][ T4473] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 98.791046][ T4473] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.021282][ T4444] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 99.583711][ T4444] EXT4-fs error (device loop1): ext4_release_dquot:6838: comm kworker/u4:10: Failed to release dquot type 1 [ 99.675084][ C1] sched: RT throttling activated [ 100.111220][ T4482] loop4: detected capacity change from 0 to 512 [ 100.119984][ T4482] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 100.204867][ T4482] EXT4-fs (loop4): 1 truncate cleaned up [ 100.210763][ T4482] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 100.752580][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 100.795845][ T4253] EXT4-fs (loop1): unmounting filesystem. [ 101.316614][ T4497] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.554055][ T4497] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 102.340141][ T4497] bond0: (slave gre0): Error -95 calling set_mac_address [ 102.502426][ T4508] netlink: 'syz.1.40': attribute type 12 has an invalid length. [ 102.685354][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.516783][ T4541] loop1: detected capacity change from 0 to 512 [ 104.622171][ T4541] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 104.861967][ T4541] EXT4-fs (loop1): 1 truncate cleaned up [ 104.867951][ T4541] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 105.106779][ T4253] EXT4-fs (loop1): unmounting filesystem. [ 105.223386][ T4549] loop2: detected capacity change from 0 to 256 [ 105.303341][ T4552] device wireguard0 entered promiscuous mode [ 105.925935][ T4561] netlink: 'syz.1.54': attribute type 12 has an invalid length. [ 106.904439][ T4570] loop2: detected capacity change from 0 to 512 [ 106.977667][ T4570] EXT4-fs: inline encryption not supported [ 106.983573][ T4570] EXT4-fs: Ignoring removed bh option [ 107.089225][ T4570] EXT4-fs: Mount option(s) incompatible with ext3 [ 108.003091][ T4580] loop1: detected capacity change from 0 to 1024 [ 108.077867][ T4580] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 108.234699][ T4580] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 108.265316][ T4580] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.846126][ T4595] loop0: detected capacity change from 0 to 512 [ 108.983107][ T4595] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 109.081522][ T4595] EXT4-fs (loop0): 1 truncate cleaned up [ 109.088039][ T4595] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 109.624474][ T4253] EXT4-fs (loop1): unmounting filesystem. [ 110.527024][ T4610] loop2: detected capacity change from 0 to 512 [ 110.628676][ T4254] EXT4-fs (loop0): unmounting filesystem. [ 110.705815][ T4610] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.66: inode #1: comm syz.2.66: iget: illegal inode # [ 110.731004][ T4610] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.66: error while reading EA inode 1 err=-117 [ 110.747485][ T4610] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.66: inode #1: comm syz.2.66: iget: illegal inode # [ 110.764085][ T4610] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.66: error while reading EA inode 1 err=-117 [ 110.781061][ T4610] EXT4-fs (loop2): 1 orphan inode deleted [ 110.787096][ T4610] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 113.114000][ T4617] loop3: detected capacity change from 0 to 512 [ 113.355163][ T4617] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 113.557662][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 113.563870][ T4617] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=8001e119, mo2=0000] [ 113.644553][ T4617] Quota error (device loop3): v2_read_file_info: Free block number 1 out of range (1, 6). [ 113.700908][ T4617] EXT4-fs warning (device loop3): ext4_enable_quotas:7054: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 113.794012][ T4617] EXT4-fs (loop3): mount failed [ 114.797652][ T4643] overlayfs: statfs failed on './file0' [ 115.103681][ T4652] loop2: detected capacity change from 0 to 512 [ 116.077516][ T27] audit: type=1326 audit(1748571247.025:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4663 comm="syz.3.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 116.178564][ T27] audit: type=1326 audit(1748571247.045:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4663 comm="syz.3.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 116.288515][ T4652] EXT4-fs (loop2): Test dummy encryption mode enabled [ 116.316317][ T27] audit: type=1326 audit(1748571247.045:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4663 comm="syz.3.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 116.339891][ T27] audit: type=1326 audit(1748571247.045:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4663 comm="syz.3.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 116.374007][ T27] audit: type=1326 audit(1748571247.045:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4663 comm="syz.3.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 116.460518][ T4678] loop0: detected capacity change from 0 to 512 [ 116.474451][ T4678] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 116.519363][ T4678] EXT4-fs (loop0): 1 truncate cleaned up [ 116.525283][ T4678] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 116.615877][ T4652] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.75: inode #1: comm syz.2.75: iget: illegal inode # [ 117.015990][ T4652] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.75: error while reading EA inode 1 err=-117 [ 118.016764][ T4652] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.75: inode #1: comm syz.2.75: iget: illegal inode # [ 118.105315][ T4652] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.75: error while reading EA inode 1 err=-117 [ 118.420094][ T4652] EXT4-fs (loop2): 1 orphan inode deleted [ 118.445478][ T4652] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 120.710393][ T27] audit: type=1326 audit(1748571250.815:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4687 comm="syz.1.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 121.458616][ T4695] loop3: detected capacity change from 0 to 512 [ 121.648613][ T4695] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 121.701949][ T27] audit: type=1326 audit(1748571250.815:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4687 comm="syz.1.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 121.717236][ T4695] EXT4-fs (loop3): orphan cleanup on readonly fs [ 121.724496][ T27] audit: type=1326 audit(1748571250.815:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4687 comm="syz.1.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 121.734405][ T4695] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.83: bg 0: block 248: padding at end of block bitmap is not set [ 121.915624][ T27] audit: type=1326 audit(1748571250.815:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4687 comm="syz.1.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 121.947692][ T4695] Quota error (device loop3): write_blk: dquota write failed [ 121.956057][ T4695] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 121.966320][ T4695] EXT4-fs error (device loop3): ext4_acquire_dquot:6802: comm syz.3.83: Failed to acquire dquot type 1 [ 122.025534][ T4695] EXT4-fs (loop3): 1 truncate cleaned up [ 122.034851][ T4695] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 122.309751][ T27] audit: type=1326 audit(1748571250.815:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4687 comm="syz.1.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 122.729008][ T4254] EXT4-fs (loop0): unmounting filesystem. [ 122.787256][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 122.999997][ T27] audit: type=1326 audit(1748571250.815:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4687 comm="syz.1.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 123.707747][ T27] audit: type=1326 audit(1748571250.815:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4687 comm="syz.1.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 124.150189][ T4263] EXT4-fs (loop3): unmounting filesystem. [ 124.263350][ T27] audit: type=1326 audit(1748571250.815:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4687 comm="syz.1.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 124.324352][ T4705] loop0: detected capacity change from 0 to 256 [ 124.443614][ T4705] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 126.362943][ T4731] netlink: 'syz.4.92': attribute type 12 has an invalid length. [ 127.150421][ T4733] loop0: detected capacity change from 0 to 512 [ 127.413502][ T4733] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 127.459096][ T4733] ext4 filesystem being mounted at /11/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 128.405206][ T4733] EXT4-fs error (device loop0): ext4_get_verity_descriptor_location:337: inode #15: comm syz.0.95: verity file corrupted; can't find descriptor [ 128.454421][ T4733] fs-verity (loop0, inode 15): Error -117 getting verity descriptor size [ 128.672740][ T4254] EXT4-fs (loop0): unmounting filesystem. [ 130.591782][ T4786] syz.1.106[4786] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 130.592309][ T4786] syz.1.106[4786] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 130.643022][ T4786] loop1: detected capacity change from 0 to 128 [ 130.870817][ T4786] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 130.883519][ T4786] ext4 filesystem being mounted at /27/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 132.675123][ T4302] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 133.329140][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.335870][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.396609][ T4253] EXT4-fs (loop1): unmounting filesystem. [ 133.475610][ T4302] usb 4-1: Using ep0 maxpacket: 8 [ 133.597062][ T4302] usb 4-1: device descriptor read/all, error -71 [ 135.222888][ T4817] loop1: detected capacity change from 0 to 1024 [ 135.572206][ T4817] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 135.875488][ T4253] EXT4-fs (loop1): unmounting filesystem. [ 136.257832][ T4829] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 136.267756][ T4829] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 136.275339][ T4829] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 136.303221][ T4838] loop3: detected capacity change from 0 to 256 [ 138.263773][ T4846] loop1: detected capacity change from 0 to 256 [ 141.207763][ T4864] loop0: detected capacity change from 0 to 256 [ 141.716696][ T14] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 141.955432][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 141.975088][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 141.985087][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 141.995086][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 142.005086][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 142.015085][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 142.025087][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 142.035087][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 142.045087][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 142.098930][ T14] usb 4-1: Using ep0 maxpacket: 8 [ 142.132396][ T14] usb 4-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config [ 142.156170][ T14] usb 4-1: config 32 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 142.172192][ T14] usb 4-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 142.181754][ T14] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.642502][ T14] hub 4-1:32.0: bad descriptor, ignoring hub [ 143.649115][ T14] hub: probe of 4-1:32.0 failed with error -5 [ 143.986368][ T14] usb 4-1: USB disconnect, device number 4 [ 145.567568][ T4888] loop3: detected capacity change from 0 to 512 [ 145.603732][ T4888] ext4: Unknown parameter 'noacl' [ 146.921559][ T4894] loop2: detected capacity change from 0 to 128 [ 150.209820][ T4911] loop4: detected capacity change from 0 to 128 [ 150.459630][ T4911] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 150.459973][ T4913] loop2: detected capacity change from 0 to 128 [ 150.485212][ T4911] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.528653][ T4913] EXT4-fs (loop2): Test dummy encryption mode enabled [ 150.647983][ T4913] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 150.777524][ T4913] ext4 filesystem being mounted at /30/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 150.841450][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 150.970517][ T4931] loop3: detected capacity change from 0 to 512 [ 151.015420][ T4931] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 151.024938][ T4931] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 151.041111][ T4931] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 151.052196][ T4931] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 151.060759][ T4931] System zones: 0-2, 18-18, 34-34 [ 151.073554][ T4931] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 151.096083][ T4931] EXT4-fs (loop3): 1 truncate cleaned up [ 151.101855][ T4931] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 151.116414][ T27] audit: type=1326 audit(1748571282.065:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4923 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 151.119003][ T4931] EXT4-fs error (device loop3): ext4_find_dest_de:2115: inode #2: block 3: comm syz.3.149: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 151.170234][ T27] audit: type=1326 audit(1748571282.065:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4923 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 151.223179][ T27] audit: type=1326 audit(1748571282.065:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4923 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 151.313099][ T27] audit: type=1326 audit(1748571282.105:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4923 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 151.438951][ T27] audit: type=1326 audit(1748571282.105:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4923 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 151.511230][ T27] audit: type=1326 audit(1748571282.115:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4923 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 151.592971][ T27] audit: type=1326 audit(1748571282.115:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4923 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 151.716957][ T4263] EXT4-fs (loop3): unmounting filesystem. [ 151.858185][ T27] audit: type=1326 audit(1748571282.115:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4923 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 153.049388][ T4913] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 153.139470][ T4955] netlink: 'syz.1.158': attribute type 16 has an invalid length. [ 153.152594][ T4955] netlink: 'syz.1.158': attribute type 17 has an invalid length. [ 153.168330][ T4955] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 153.180563][ T4955] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 153.264425][ T4955] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 153.350407][ T4913] fscrypt (loop2): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 154.278919][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 154.729652][ T4979] loop3: detected capacity change from 0 to 512 [ 155.711709][ T4350] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 157.716544][ T27] audit: type=1326 audit(1748571288.635:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4997 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 158.129221][ T27] audit: type=1326 audit(1748571288.655:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4997 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 158.250792][ T27] audit: type=1326 audit(1748571288.755:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4997 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 158.304496][ T27] audit: type=1326 audit(1748571288.815:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4997 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 158.447471][ T27] audit: type=1326 audit(1748571288.815:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4997 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 159.049906][ T27] audit: type=1326 audit(1748571288.835:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4997 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 159.285467][ T27] audit: type=1326 audit(1748571288.855:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4997 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 159.335179][ T27] audit: type=1326 audit(1748571288.875:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4997 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 159.462422][ T27] audit: type=1326 audit(1748571288.885:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4997 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 159.549228][ T27] audit: type=1326 audit(1748571288.895:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4997 comm="syz.1.168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 160.090968][ T3584] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 160.738936][ T3584] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 160.752675][ T3584] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.764491][ T3584] usb 2-1: Product: syz [ 160.769041][ T3584] usb 2-1: Manufacturer: syz [ 160.773876][ T3584] usb 2-1: SerialNumber: syz [ 160.914041][ T5036] mmap: syz.3.180 (5036) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 162.410028][ T3584] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 162.416998][ T3584] cdc_ncm 2-1:1.0: dwNtbInMaxSize=4 is too small. Using 2048 [ 162.430134][ T3584] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 162.446284][ T3584] cdc_ncm 2-1:1.0: setting tx_max = 184 [ 162.941573][ T5045] loop3: detected capacity change from 0 to 40427 [ 162.971110][ T5045] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 162.988954][ T5045] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 163.032312][ T5045] F2FS-fs (loop3): invalid crc value [ 163.055426][ T5045] F2FS-fs (loop3): Found nat_bits in checkpoint [ 163.142884][ T5045] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 163.155186][ T5045] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 163.665506][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 163.665572][ T27] audit: type=1326 audit(1748571294.545:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5044 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 163.928715][ T27] audit: type=1326 audit(1748571294.545:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5044 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 163.990026][ T27] audit: type=1326 audit(1748571294.545:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5044 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 164.018152][ T27] audit: type=1326 audit(1748571294.545:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5044 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 164.022587][ T5054] loop1: detected capacity change from 0 to 2048 [ 164.056406][ T27] audit: type=1326 audit(1748571294.545:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5044 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 164.103975][ T27] audit: type=1326 audit(1748571294.545:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5044 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 164.127598][ T27] audit: type=1326 audit(1748571294.545:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5044 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 164.150169][ T27] audit: type=1326 audit(1748571294.545:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5044 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 164.208866][ T5054] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 164.234542][ T5054] EXT4-fs error (device loop1): ext4_find_extent:936: inode #2: comm syz.1.184: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 164.309786][ T4253] EXT4-fs (loop1): unmounting filesystem. [ 164.778743][ T5059] netlink: 96 bytes leftover after parsing attributes in process `syz.1.185'. [ 164.787736][ T3584] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 164.830321][ T3584] usb 2-1: USB disconnect, device number 2 [ 164.864218][ T3584] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 165.196467][ T5068] device wg2 entered promiscuous mode [ 165.334725][ T5072] loop2: detected capacity change from 0 to 512 [ 165.508073][ T5072] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 166.388995][ T5072] EXT4-fs (loop2): orphan cleanup on readonly fs [ 166.411579][ T5072] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.189: bg 0: block 248: padding at end of block bitmap is not set [ 166.429157][ T5072] Quota error (device loop2): write_blk: dquota write failed [ 166.437049][ T5072] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 166.447238][ T5072] EXT4-fs error (device loop2): ext4_acquire_dquot:6802: comm syz.2.189: Failed to acquire dquot type 1 [ 166.472420][ T5072] EXT4-fs (loop2): 1 truncate cleaned up [ 166.488527][ T5072] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 166.844265][ T5079] loop4: detected capacity change from 0 to 1024 [ 166.919863][ T5079] EXT4-fs: Ignoring removed nobh option [ 166.975837][ T5079] EXT4-fs: Ignoring removed bh option [ 167.024866][ T5079] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 167.126073][ T5079] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 168.041367][ T5087] loop1: detected capacity change from 0 to 512 [ 168.108115][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 168.157627][ T5087] EXT4-fs (loop1): Test dummy encryption mode enabled [ 168.318757][ T5087] EXT4-fs error (device loop1): __ext4_iget:5076: inode #11: block 1: comm syz.1.193: invalid block [ 168.332793][ T5087] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.193: couldn't read orphan inode 11 (err -117) [ 168.347937][ T5087] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 168.933266][ T5090] loop2: detected capacity change from 0 to 4096 [ 169.017105][ T5090] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 169.068632][ T27] audit: type=1804 audit(1748571300.005:42): pid=5094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.192" name="/newroot/42/file1/file1" dev="fuse" ino=1 res=1 errno=0 [ 169.122983][ T5090] EXT4-fs (loop2): unmounting filesystem. [ 169.552227][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 170.775400][ T4350] I/O error, dev loop2, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 170.842976][ T4253] EXT4-fs (loop1): unmounting filesystem. [ 170.910017][ T5105] loop4: detected capacity change from 0 to 512 [ 170.942132][ T5105] EXT4-fs: Ignoring removed mblk_io_submit option [ 170.985364][ T5105] EXT4-fs: Ignoring removed mblk_io_submit option [ 170.998009][ T5102] loop3: detected capacity change from 0 to 4096 [ 171.032008][ T5105] EXT4-fs: Mount option(s) incompatible with ext2 [ 171.160793][ T5102] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 171.399126][ T27] audit: type=1800 audit(1748571302.345:43): pid=5102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.195" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 171.459529][ T27] audit: type=1326 audit(1748571302.385:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5096 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 171.524942][ T27] audit: type=1326 audit(1748571302.385:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5096 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 171.626486][ T27] audit: type=1326 audit(1748571302.385:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5096 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 171.682571][ T27] audit: type=1326 audit(1748571302.385:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5096 comm="syz.3.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 172.240551][ T5125] netlink: 4 bytes leftover after parsing attributes in process `syz.4.205'. [ 172.264998][ T4263] EXT4-fs (loop3): unmounting filesystem. [ 172.673326][ T5133] netlink: 8 bytes leftover after parsing attributes in process `syz.3.206'. [ 172.686314][ T5133] IPv6: sit1: Disabled Multicast RS [ 174.065610][ T5145] loop4: detected capacity change from 0 to 1024 [ 174.336255][ T5145] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 174.380615][ T5145] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 174.789477][ T5161] loop0: detected capacity change from 0 to 512 [ 174.843180][ T5161] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 174.885199][ T5161] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 174.925931][ T5161] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 175.001907][ T5161] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 175.033373][ T5161] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 175.074433][ T4410] EXT4-fs error (device loop4): ext4_map_blocks:745: inode #15: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 11) [ 175.110016][ T5161] EXT4-fs (loop0): orphan cleanup on readonly fs [ 175.119485][ T5161] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.214: bg 0: block 34: padding at end of block bitmap is not set [ 175.140399][ T5161] Quota error (device loop0): write_blk: dquota write failed [ 175.149999][ T5161] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 175.164894][ T5161] EXT4-fs error (device loop0): ext4_acquire_dquot:6802: comm syz.0.214: Failed to acquire dquot type 1 [ 175.185074][ T5161] EXT4-fs (loop0): 1 truncate cleaned up [ 175.191534][ T5161] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 175.305118][ T4410] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 11 with error 117 [ 175.362674][ T4410] EXT4-fs (loop4): This should not happen!! Data will be lost [ 175.362674][ T4410] [ 175.429912][ T4254] EXT4-fs (loop0): unmounting filesystem. [ 175.511073][ T5167] x_tables: ip_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 176.383693][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 176.722689][ T5174] loop4: detected capacity change from 0 to 256 [ 176.933038][ T5175] loop0: detected capacity change from 0 to 2048 [ 177.066544][ T5175] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 178.337390][ T4254] EXT4-fs (loop0): unmounting filesystem. [ 178.752547][ T5171] loop2: detected capacity change from 0 to 40427 [ 178.794952][ T5191] device syzkaller0 entered promiscuous mode [ 178.803765][ T5171] F2FS-fs (loop2): Unrecognized mount option "whint_mode=off" or missing value [ 179.234251][ T5206] loop2: detected capacity change from 0 to 256 [ 179.292073][ T5206] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 179.499623][ T27] audit: type=1326 audit(1748571310.445:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5209 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 179.532013][ T27] audit: type=1326 audit(1748571310.475:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5209 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 179.555825][ T27] audit: type=1326 audit(1748571310.475:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5209 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 179.595453][ T27] audit: type=1326 audit(1748571310.475:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5209 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 179.629757][ T27] audit: type=1326 audit(1748571310.475:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5209 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=225 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 180.323773][ T27] audit: type=1326 audit(1748571310.475:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5209 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 180.356411][ T27] audit: type=1326 audit(1748571310.505:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5209 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 180.918311][ T5224] syz.2.232[5224] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 180.922072][ T5224] syz.2.232[5224] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 180.981671][ T5224] loop2: detected capacity change from 0 to 128 [ 183.490076][ T5224] EXT4-fs: error -4 creating inode table initialization thread [ 183.498450][ T5224] EXT4-fs (loop2): mount failed [ 184.354988][ T5233] loop3: detected capacity change from 0 to 256 [ 184.468726][ T5233] FAT-fs (loop3): Directory bread(block 64) failed [ 184.487524][ T5233] FAT-fs (loop3): Directory bread(block 65) failed [ 184.494210][ T5233] FAT-fs (loop3): Directory bread(block 66) failed [ 184.530746][ T5233] FAT-fs (loop3): Directory bread(block 67) failed [ 184.545666][ T5233] FAT-fs (loop3): Directory bread(block 68) failed [ 184.562531][ T5233] FAT-fs (loop3): Directory bread(block 69) failed [ 184.572748][ T5233] FAT-fs (loop3): Directory bread(block 70) failed [ 184.590049][ T5233] FAT-fs (loop3): Directory bread(block 71) failed [ 184.605199][ T5233] FAT-fs (loop3): Directory bread(block 72) failed [ 184.622052][ T5233] FAT-fs (loop3): Directory bread(block 73) failed [ 185.103820][ T5231] loop1: detected capacity change from 0 to 40427 [ 185.138029][ T5231] F2FS-fs (loop1): Unrecognized mount option "disable_roll_fo " or missing value [ 193.202707][ T5208] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 193.218718][ T5208] bond0: (slave gre0): Error -95 calling set_mac_address [ 193.738338][ T5286] loop2: detected capacity change from 0 to 1024 [ 193.801155][ T5288] loop4: detected capacity change from 0 to 512 [ 193.835633][ T5286] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 193.869096][ T5288] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.252: casefold flag without casefold feature [ 193.885491][ T5288] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.252: couldn't read orphan inode 15 (err -117) [ 194.022365][ T5288] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 194.032941][ T5295] loop3: detected capacity change from 0 to 512 [ 194.185684][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.192180][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.092559][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 195.592758][ T5301] netlink: 24 bytes leftover after parsing attributes in process `syz.3.254'. [ 195.767725][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 195.878360][ T4265] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 195.887331][ T4265] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 195.895821][ T4265] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 195.904376][ T4265] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 195.912686][ T4265] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 195.920974][ T4265] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 196.009402][ T5308] device bridge1 entered promiscuous mode [ 196.163842][ T4410] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.312805][ T4410] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.433663][ T4410] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.617287][ T5310] loop4: detected capacity change from 0 to 40427 [ 196.638410][ T5310] F2FS-fs (loop4): invalid crc value [ 196.686406][ T5310] F2FS-fs (loop4): Found nat_bits in checkpoint [ 196.768068][ T4410] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.813986][ T5310] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 197.066531][ T5310] syz.4.257: attempt to access beyond end of device [ 197.066531][ T5310] loop4: rw=2049, sector=45096, nr_sectors = 64 limit=40427 [ 197.107665][ T5305] chnl_net:caif_netlink_parms(): no params data found [ 197.476278][ T4260] syz-executor: attempt to access beyond end of device [ 197.476278][ T4260] loop4: rw=2049, sector=45160, nr_sectors = 8 limit=40427 [ 198.057414][ T4265] Bluetooth: hci2: command 0x0409 tx timeout [ 198.712032][ T5305] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.747173][ T5305] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.774668][ T5305] device bridge_slave_0 entered promiscuous mode [ 198.887294][ T5305] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.935193][ T5305] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.980467][ T5305] device bridge_slave_1 entered promiscuous mode [ 199.229551][ T5347] syz.1.263[5347] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 199.229659][ T5347] syz.1.263[5347] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 199.297291][ T5305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.381271][ T5305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.704703][ T5349] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 200.561138][ T4267] Bluetooth: hci2: command 0x041b tx timeout [ 200.577416][ T5349] bond0: (slave gre0): Error -95 calling set_mac_address [ 200.675472][ T5359] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 200.682920][ T5359] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 200.695345][ T5359] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 200.847721][ T5362] loop1: detected capacity change from 0 to 256 [ 200.877494][ T5362] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 200.923841][ T5305] team0: Port device team_slave_0 added [ 200.949024][ T5362] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 201.016904][ T5305] team0: Port device team_slave_1 added [ 201.032430][ T5362] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 201.268606][ T27] audit: type=1326 audit(1748571332.215:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 201.317648][ T5305] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.329171][ T5305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.355092][ T27] audit: type=1326 audit(1748571332.215:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 201.355134][ T27] audit: type=1326 audit(1748571332.235:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 201.355170][ T27] audit: type=1326 audit(1748571332.235:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 201.355206][ T27] audit: type=1326 audit(1748571332.235:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 201.355241][ T27] audit: type=1326 audit(1748571332.235:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 201.428943][ T5305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.484168][ T4267] Bluetooth: hci0: command 0x0406 tx timeout [ 201.484195][ T4265] Bluetooth: hci4: command 0x0406 tx timeout [ 201.490248][ T4267] Bluetooth: hci1: command 0x0406 tx timeout [ 201.490281][ T4267] Bluetooth: hci3: command 0x0406 tx timeout [ 201.667477][ T5305] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.674662][ T5305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.765173][ T5305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.835442][ T27] audit: type=1326 audit(1748571332.235:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 202.030206][ T27] audit: type=1326 audit(1748571332.235:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 202.158415][ T27] audit: type=1326 audit(1748571332.235:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 202.245332][ T27] audit: type=1326 audit(1748571332.235:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f791f58d2d0 code=0x7ffc0000 [ 202.499399][ T5305] device hsr_slave_0 entered promiscuous mode [ 202.521057][ T5305] device hsr_slave_1 entered promiscuous mode [ 202.530848][ T5305] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 202.556492][ T5305] Cannot create hsr debugfs directory [ 202.645316][ T4266] Bluetooth: hci2: command 0x040f tx timeout [ 203.464392][ T5397] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 203.472426][ T5397] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 203.484975][ T5397] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 203.582727][ T5399] loop2: detected capacity change from 0 to 1024 [ 203.647905][ T5399] EXT4-fs: Ignoring removed orlov option [ 203.664078][ T5399] EXT4-fs: Ignoring removed i_version option [ 203.693719][ T5399] EXT4-fs (loop2): Test dummy encryption mode enabled [ 203.723092][ T5399] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 204.229524][ T4410] device hsr_slave_0 left promiscuous mode [ 204.317791][ T4410] device hsr_slave_1 left promiscuous mode [ 204.331369][ T4410] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 204.347291][ T4410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 204.386044][ T5399] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 204.463294][ T4410] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 204.481256][ T4410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 204.506095][ T4410] device bridge_slave_1 left promiscuous mode [ 204.518171][ T4410] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.586167][ T4410] device bridge_slave_0 left promiscuous mode [ 204.605343][ T4410] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.725329][ T4266] Bluetooth: hci2: command 0x0419 tx timeout [ 204.783683][ T4410] device veth1_macvtap left promiscuous mode [ 204.792874][ T4410] device veth0_macvtap left promiscuous mode [ 204.807162][ T4410] device veth1_vlan left promiscuous mode [ 204.820241][ T4410] device veth0_vlan left promiscuous mode [ 204.960597][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 205.805118][ T3584] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 206.015093][ T3584] usb 3-1: Using ep0 maxpacket: 32 [ 206.041585][ T3584] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 206.053596][ T3584] usb 3-1: config 0 has an invalid descriptor of length 150, skipping remainder of the config [ 206.064687][ T3584] usb 3-1: config 0 has no interface number 0 [ 206.071095][ T3584] usb 3-1: config 0 interface 184 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 206.084493][ T3584] usb 3-1: config 0 interface 184 has no altsetting 0 [ 206.093956][ T3584] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 206.135110][ T3584] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.273227][ T3584] usb 3-1: Product: syz [ 206.394722][ T3584] usb 3-1: Manufacturer: syz [ 206.459842][ T3584] usb 3-1: SerialNumber: syz [ 206.603953][ T3584] usb 3-1: config 0 descriptor?? [ 206.740616][ T3584] smsc75xx v1.0.0 [ 206.744323][ T3584] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 206.882776][ T3584] smsc75xx: probe of 3-1:0.184 failed with error -22 [ 207.773257][ T4410] team0 (unregistering): Port device team_slave_1 removed [ 207.942167][ T4410] team0 (unregistering): Port device team_slave_0 removed [ 208.185999][ T5517] syz.3.288[5517] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 208.186517][ T5517] syz.3.288[5517] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 208.248864][ T5517] loop3: detected capacity change from 0 to 256 [ 208.274573][ T5517] exfat: Deprecated parameter 'utf8' [ 208.403591][ T5517] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 208.691720][ T5517] process 'syz.3.288' launched './file0' with NULL argv: empty string added [ 209.185122][ T4410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 210.213593][ T4410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 211.371899][ T3584] usb 3-1: USB disconnect, device number 2 [ 212.952980][ T4410] bond0 (unregistering): Released all slaves [ 213.792675][ T5545] loop2: detected capacity change from 0 to 512 [ 213.840401][ T5547] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 213.859975][ T5547] bond0: (slave gre0): Error -95 calling set_mac_address [ 213.889929][ T5545] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.298: invalid indirect mapped block 256 (level 2) [ 213.909071][ T5545] EXT4-fs (loop2): 2 truncates cleaned up [ 213.914867][ T5545] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 213.917994][ T5305] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 214.137728][ T5305] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 214.137887][ T27] kauditd_printk_skb: 50 callbacks suppressed [ 214.137903][ T27] audit: type=1800 audit(1748571345.065:115): pid=5545 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.298" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 215.246793][ T5305] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 215.287479][ T5544] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.298: bg 0: block 5: invalid block bitmap [ 215.316007][ T5305] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 215.371873][ T5567] loop4: detected capacity change from 0 to 256 [ 217.223705][ T5561] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 209748176 > max in inode 15 [ 217.834889][ T5567] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001034b, chksum : 0x6322ccb6, utbl_chksum : 0xe619d30d) [ 217.855427][ T5561] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 209748180 > max in inode 15 [ 217.896877][ T5561] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 209748184 > max in inode 15 [ 217.959978][ T5561] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 209748188 > max in inode 15 [ 218.206184][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 218.215144][ T7] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 218.279117][ T5305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.342675][ T5486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 218.372530][ T5486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 218.406579][ T5305] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.407257][ T7] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 218.441463][ T7] usb 2-1: config 0 has no interface number 0 [ 218.458148][ T7] usb 2-1: config 0 interface 41 has no altsetting 0 [ 218.498234][ T7] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 218.508820][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.515671][ T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.538414][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.565101][ T7] usb 2-1: Product: syz [ 218.580622][ T7] usb 2-1: Manufacturer: syz [ 218.587126][ T4444] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.594299][ T4444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.610470][ T7] usb 2-1: SerialNumber: syz [ 218.640128][ T7] usb 2-1: config 0 descriptor?? [ 218.676704][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.699511][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.714656][ T4444] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.721866][ T4444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.824672][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.979930][ T5305] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 218.991359][ T5305] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 219.007163][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 219.040718][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 219.096578][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.117595][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.132420][ T5592] loop4: detected capacity change from 0 to 512 [ 219.166819][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.220900][ T5592] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #3: comm syz.4.310: corrupted inode contents [ 219.223800][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.285700][ T5592] EXT4-fs error (device loop4): ext4_dirty_inode:6118: inode #3: comm syz.4.310: mark_inode_dirty error [ 219.342097][ T5592] EXT4-fs error (device loop4): ext4_do_update_inode:5253: inode #3: comm syz.4.310: corrupted inode contents [ 219.347149][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 219.405658][ T5592] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #3: comm syz.4.310: mark_inode_dirty error [ 219.422887][ T5600] loop3: detected capacity change from 0 to 1024 [ 219.436670][ T5592] Quota error (device loop4): write_blk: dquota write failed [ 219.443853][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 219.444178][ T5592] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 219.481553][ T7] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 219.508792][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 219.520832][ T5592] EXT4-fs error (device loop4): ext4_acquire_dquot:6802: comm syz.4.310: Failed to acquire dquot type 0 [ 219.534788][ T5600] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 219.553547][ T5592] EXT4-fs (loop4): 1 orphan inode deleted [ 219.573053][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 219.580744][ T4411] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 219.580881][ T4411] EXT4-fs error (device loop4): ext4_release_dquot:6838: comm kworker/u4:9: Failed to release dquot type 1 [ 219.583787][ T5592] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 219.656294][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 219.684469][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 219.789463][ T5592] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 220.005871][ T3584] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 220.107480][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 220.107865][ T5486] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 220.107945][ T5486] EXT4-fs error (device loop4): ext4_release_dquot:6838: comm kworker/u4:23: Failed to release dquot type 1 [ 220.199319][ T3584] usb 3-1: New USB device found, idVendor=04dd, idProduct=9032, bcdDevice=fd.0b [ 220.199352][ T3584] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.201131][ T3584] usb 3-1: config 0 descriptor?? [ 220.203214][ T3584] usb 3-1: unsupported MDLM descriptors [ 220.239092][ T5615] loop4: detected capacity change from 0 to 256 [ 220.564236][ T4302] usb 3-1: USB disconnect, device number 3 [ 220.578504][ T7] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 221.426597][ T7] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to power up PHY: -71 [ 221.466049][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 221.484880][ T4444] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 221.535839][ T7] CoreChips: probe of 2-1:0.41 failed with error -71 [ 221.572427][ T5305] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.628697][ T7] usb 2-1: USB disconnect, device number 3 [ 221.725910][ T5627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 221.761116][ T5627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 221.824341][ T5627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 221.867021][ T5627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 221.900774][ T5627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 221.947307][ T5627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 221.981216][ T5627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 222.031974][ T5627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 222.068145][ T5627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 222.102618][ T5627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 222.133869][ T5627] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 222.153726][ T5627] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 222.170920][ T5627] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 222.816798][ T27] audit: type=1107 audit(1748571353.949:116): pid=5649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='eĢ' [ 222.867233][ T5652] loop4: detected capacity change from 0 to 256 [ 222.999711][ T27] audit: type=1326 audit(1748571354.131:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5655 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 223.100011][ T27] audit: type=1326 audit(1748571354.153:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5655 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 223.220775][ T27] audit: type=1326 audit(1748571354.153:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5655 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 223.321126][ T4263] EXT4-fs (loop3): unmounting filesystem. [ 223.355826][ T27] audit: type=1326 audit(1748571354.153:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5655 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 223.475988][ T27] audit: type=1326 audit(1748571354.164:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5655 comm="syz.1.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f791f58e969 code=0x7ffc0000 [ 223.520317][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 223.570205][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 223.652033][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 223.676702][ T5665] loop2: detected capacity change from 0 to 128 [ 223.680295][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 223.703802][ T5665] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 223.730090][ T5667] input: syz0 as /devices/virtual/input/input5 [ 223.744072][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 223.762577][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 223.776166][ T5665] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 223.827127][ T5305] device veth0_vlan entered promiscuous mode [ 223.883857][ T5305] device veth1_vlan entered promiscuous mode [ 224.004604][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 224.027262][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 224.080387][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 224.114069][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 224.154143][ T5305] device veth0_macvtap entered promiscuous mode [ 224.191530][ T5305] device veth1_macvtap entered promiscuous mode [ 224.698787][ T5305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.762278][ T5305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.790828][ T5305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.934083][ T5688] loop1: detected capacity change from 0 to 256 [ 224.946200][ T5305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.998913][ T5305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 225.049654][ T5305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.088794][ T5305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 225.119002][ T5305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.190678][ T5305] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 225.266032][ T5305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 225.280042][ T5305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.290474][ T5305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 225.301003][ T5305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.310881][ T5305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 225.948183][ T5305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.965582][ T5305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 225.982808][ T5305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.995950][ T5305] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 226.004225][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 226.038179][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 226.072800][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 226.114015][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 226.138712][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 226.174945][ T5488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 226.199416][ T5305] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.230865][ T5305] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.261994][ T5305] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.299814][ T5305] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.596854][ T5488] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.635635][ T5488] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.729527][ T5484] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 226.786359][ T5484] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.799686][ T5484] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.825137][ T5490] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 226.847868][ T5712] loop4: detected capacity change from 0 to 1024 [ 226.960294][ T5716] loop1: detected capacity change from 0 to 256 [ 227.142241][ T5716] overlayfs: filesystem on './file1' not supported [ 227.557715][ T5712] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 228.010406][ T5712] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 228.188837][ T5712] EXT4-fs error (device loop4): ext4_map_blocks:745: inode #15: block 3: comm syz.4.338: lblock 3 mapped to illegal pblock 3 (length 13) [ 228.373144][ T5712] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 228.477687][ T5712] EXT4-fs (loop4): This should not happen!! Data will be lost [ 228.477687][ T5712] [ 228.498674][ T5723] __nla_validate_parse: 65 callbacks suppressed [ 228.498693][ T5723] netlink: 12 bytes leftover after parsing attributes in process `syz.5.248'. [ 228.802752][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 229.122407][ T5728] loop4: detected capacity change from 0 to 512 [ 229.153249][ T5728] ext4: Unknown parameter 'noacl' [ 229.189887][ T4935] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 230.291754][ T5741] Cannot find add_set index 0 as target [ 231.631360][ T5757] loop3: detected capacity change from 0 to 128 [ 231.784921][ T5757] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 231.794691][ T5757] ext4 filesystem being mounted at /73/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 232.860511][ T5765] loop1: detected capacity change from 0 to 2048 [ 233.383943][ T5772] netlink: 'syz.4.349': attribute type 29 has an invalid length. [ 233.447211][ T5772] loop4: detected capacity change from 0 to 512 [ 233.459146][ T5772] EXT4-fs: Ignoring removed mblk_io_submit option [ 233.465796][ T5772] EXT4-fs: Invalid want_extra_isize 1025 [ 234.347028][ T4263] EXT4-fs (loop3): unmounting filesystem. [ 234.356441][ T5765] loop1: p1 < > p3 [ 234.382091][ T4350] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 234.440930][ T5765] loop1: p3 size 134217728 extends beyond EOD, truncated [ 234.593656][ T5765] kvm: emulating exchange as write [ 234.611218][ T3624] loop1: p1 < > p3 [ 234.622449][ T3624] loop1: p3 size 134217728 extends beyond EOD, truncated [ 234.826064][ T5783] loop3: detected capacity change from 0 to 16 [ 234.954363][ T5783] erofs: (device loop3): mounted with root inode @ nid 36. [ 236.361856][ T5810] Cannot find add_set index 0 as target [ 236.898275][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.906948][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.990758][ T5784] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 238.101284][ T5784] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 239.020269][ T5784] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.029717][ T5784] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.039079][ T5784] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.048659][ T5784] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.347445][ T5833] loop4: detected capacity change from 0 to 128 [ 240.656161][ T5837] netlink: 12 bytes leftover after parsing attributes in process `syz.2.365'. [ 241.377547][ T5862] loop5: detected capacity change from 0 to 256 [ 241.496918][ T5862] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 242.189307][ T27] kauditd_printk_skb: 13 callbacks suppressed [ 242.189323][ T27] audit: type=1326 audit(1748571374.720:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.2.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd13198e969 code=0x7ffc0000 [ 242.348236][ T27] audit: type=1326 audit(1748571374.720:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.2.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd13198e969 code=0x7ffc0000 [ 242.443844][ T5869] loop3: detected capacity change from 0 to 512 [ 242.499008][ T27] audit: type=1326 audit(1748571374.742:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.2.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd13198e969 code=0x7ffc0000 [ 242.686075][ T27] audit: type=1326 audit(1748571374.742:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.2.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7fd13198e969 code=0x7ffc0000 [ 242.882542][ T5869] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 243.745142][ T5869] ext4 filesystem being mounted at /77/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 243.803985][ T27] audit: type=1326 audit(1748571374.742:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.2.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd13198e969 code=0x7ffc0000 [ 244.020583][ T27] audit: type=1326 audit(1748571374.763:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.2.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd13198e969 code=0x7ffc0000 [ 244.083923][ T27] audit: type=1326 audit(1748571374.881:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5870 comm="syz.5.375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b5ef8e969 code=0x7ffc0000 [ 244.180196][ T5898] x_tables: ip_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 244.373774][ T27] audit: type=1326 audit(1748571374.946:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5870 comm="syz.5.375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b5ef8e969 code=0x7ffc0000 [ 244.671904][ T4300] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 244.695950][ T27] audit: type=1326 audit(1748571374.946:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5870 comm="syz.5.375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b5ef8e969 code=0x7ffc0000 [ 244.736380][ T27] audit: type=1326 audit(1748571374.946:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5870 comm="syz.5.375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b5ef8e969 code=0x7ffc0000 [ 245.388397][ T4300] usb 5-1: Using ep0 maxpacket: 16 [ 245.397701][ T4300] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 245.453507][ T4300] usb 5-1: config 0 has no interfaces? [ 245.512291][ T4300] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 245.559952][ T4300] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 245.621758][ T4300] usb 5-1: SerialNumber: syz [ 245.675722][ T4300] usb 5-1: config 0 descriptor?? [ 245.942047][ T4327] usb 5-1: USB disconnect, device number 2 [ 248.044842][ T5935] loop2: detected capacity change from 0 to 8192 [ 248.216195][ T5942] x_tables: ip_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 248.785897][ T27] kauditd_printk_skb: 15 callbacks suppressed [ 248.785921][ T27] audit: type=1800 audit(1748571381.802:160): pid=5935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.394" name="file2" dev="loop2" ino=1048646 res=0 errno=0 [ 248.980260][ T5935] syz.2.394 (5935) used greatest stack depth: 19728 bytes left [ 249.815484][ T5953] xt_TPROXY: Can be used only with -p tcp or -p udp [ 249.871972][ T5950] loop5: detected capacity change from 0 to 1024 [ 249.924862][ T5950] EXT4-fs: Ignoring removed bh option [ 249.972466][ T5950] ext3: Unknown parameter 'fowner<00000000000000000000' [ 250.601867][ T27] audit: type=1326 audit(1748571383.754:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f649df8e969 code=0x7ffc0000 [ 250.675573][ T27] audit: type=1326 audit(1748571383.754:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f649df8e969 code=0x7ffc0000 [ 250.721584][ T27] audit: type=1326 audit(1748571383.776:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f649df8e969 code=0x7ffc0000 [ 250.773256][ T27] audit: type=1326 audit(1748571383.776:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f649df8e969 code=0x7ffc0000 [ 250.846335][ T27] audit: type=1326 audit(1748571383.776:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5957 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f649df8e969 code=0x7ffc0000 [ 252.159071][ T4263] EXT4-fs (loop3): unmounting filesystem. [ 253.211033][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 253.217982][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 253.356296][ T5963] device pim6reg1 entered promiscuous mode [ 253.666859][ T5983] device syz_tun entered promiscuous mode [ 253.693400][ T5983] device macsec1 entered promiscuous mode [ 253.726823][ T5983] device syz_tun left promiscuous mode [ 254.203467][ T5999] netlink: 12 bytes leftover after parsing attributes in process `syz.4.408'. [ 255.274615][ T6012] loop5: detected capacity change from 0 to 128 [ 255.324781][ T6012] ext4: Unknown parameter 'smackfshat' [ 255.387929][ T4350] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 255.723740][ T6025] binfmt_misc: register: failed to install interpreter file ./file1 [ 256.151751][ T6035] loop4: detected capacity change from 0 to 1024 [ 256.183384][ T6037] pim6reg0: tun_chr_ioctl cmd 21731 [ 256.278481][ T6035] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 256.341467][ T6044] netlink: 'syz.2.417': attribute type 12 has an invalid length. [ 256.983458][ T6054] netlink: 'syz.1.428': attribute type 2 has an invalid length. [ 258.165347][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 260.497041][ T6088] loop3: detected capacity change from 0 to 256 [ 260.512395][ T6090] loop2: detected capacity change from 0 to 256 [ 260.545407][ T6091] loop5: detected capacity change from 0 to 512 [ 260.827535][ T6091] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 260.845653][ T6091] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 260.961817][ T6102] netlink: 'syz.4.442': attribute type 12 has an invalid length. [ 261.912076][ T5305] EXT4-fs (loop5): unmounting filesystem. [ 262.317132][ T6118] xt_hashlimit: size too large, truncated to 1048576 [ 264.821597][ T4300] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 265.094579][ T4300] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 265.269700][ T4300] usb 2-1: New USB device found, idVendor=056a, idProduct=0029, bcdDevice= 0.00 [ 265.327077][ T4300] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.369794][ T4300] usb 2-1: config 0 descriptor?? [ 266.410025][ T4300] wacom 0003:056A:0029.0001: item fetching failed at offset 4/5 [ 266.419456][ T4300] wacom 0003:056A:0029.0001: parse failed [ 266.425918][ T4300] wacom: probe of 0003:056A:0029.0001 failed with error -22 [ 268.230610][ T6144] loop4: detected capacity change from 0 to 2048 [ 268.263332][ T4302] usb 2-1: USB disconnect, device number 4 [ 268.333106][ T6144] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 268.520133][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 268.720719][ T6151] loop4: detected capacity change from 0 to 512 [ 268.779338][ T6151] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.456: inode #1: comm syz.4.456: iget: illegal inode # [ 268.819644][ T6151] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.456: error while reading EA inode 1 err=-117 [ 268.849192][ T6151] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.456: inode #1: comm syz.4.456: iget: illegal inode # [ 268.871103][ T6151] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.456: error while reading EA inode 1 err=-117 [ 268.892503][ T6151] EXT4-fs (loop4): 1 orphan inode deleted [ 268.900106][ T6151] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 269.061986][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 269.124850][ T6149] loop1: detected capacity change from 0 to 40427 [ 270.222901][ T6162] loop1: detected capacity change from 0 to 256 [ 272.989454][ T6183] Cannot find add_set index 0 as target [ 273.558932][ T6139] netlink: 'syz.2.453': attribute type 12 has an invalid length. [ 274.857724][ T6215] loop5: detected capacity change from 0 to 256 [ 275.012846][ T6215] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 275.167581][ T6215] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 275.250039][ T6215] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 275.952113][ T6236] netlink: 'syz.5.479': attribute type 12 has an invalid length. [ 275.978108][ T4327] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 276.248135][ T4327] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 276.378618][ T4327] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 276.567585][ T4327] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 276.625833][ T4327] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.696502][ T4327] usb 2-1: Product: syz [ 276.723324][ T4327] usb 2-1: Manufacturer: syz [ 276.751895][ T4327] usb 2-1: SerialNumber: syz [ 276.767327][ T6239] loop5: detected capacity change from 0 to 2048 [ 276.892449][ T6239] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 277.140135][ T4327] usb 2-1: 0:2 : does not exist [ 277.151842][ T4327] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 277.234491][ T4327] usb 2-1: USB disconnect, device number 5 [ 277.980157][ T5305] EXT4-fs (loop5): unmounting filesystem. [ 278.020987][ T4350] udevd[4350]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 279.343151][ T6274] loop4: detected capacity change from 0 to 256 [ 281.156525][ T6281] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 281.296371][ T6281] bond0: (slave gre0): Error -95 calling set_mac_address [ 282.184068][ T6290] loop4: detected capacity change from 0 to 512 [ 282.205714][ T6292] loop1: detected capacity change from 0 to 256 [ 282.275655][ T6292] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89b1f488, utbl_chksum : 0xe619d30d) [ 282.332532][ T6294] loop5: detected capacity change from 0 to 2048 [ 282.348099][ T6290] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated! [ 282.362535][ T6290] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota [ 282.372724][ T6290] EXT4-fs error (device loop4): ext4_acquire_dquot:6802: comm syz.4.491: Failed to acquire dquot type 0 [ 282.404645][ T6290] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.491: bg 0: block 64: padding at end of block bitmap is not set [ 282.505058][ T6294] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 282.531145][ T6290] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 282.768773][ T6290] EXT4-fs (loop4): 1 truncate cleaned up [ 282.784331][ T6290] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 282.854688][ T6290] ext4 filesystem being mounted at /115/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 283.006042][ T4243] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 283.254480][ T4243] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 283.387839][ T6290] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated! [ 283.398530][ T4243] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 283.454813][ T6290] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota [ 283.469006][ T4243] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 283.514401][ T6290] EXT4-fs error (device loop4): ext4_acquire_dquot:6802: comm syz.4.491: Failed to acquire dquot type 0 [ 283.538271][ T4243] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.592252][ T4243] usb 3-1: config 0 descriptor?? [ 283.640461][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 286.354820][ T4243] pyra 0003:1E7D:2CF6.0002: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0 [ 287.062473][ T6298] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 287.153800][ T6337] loop3: detected capacity change from 0 to 256 [ 287.347633][ T4243] pyra 0003:1E7D:2CF6.0002: couldn't init struct pyra_device [ 287.365668][ T6337] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 287.395857][ T4243] pyra 0003:1E7D:2CF6.0002: couldn't install mouse [ 287.435668][ T4243] pyra: probe of 0003:1E7D:2CF6.0002 failed with error -71 [ 289.458542][ T4243] usb 3-1: USB disconnect, device number 4 [ 289.513817][ T5305] EXT4-fs (loop5): unmounting filesystem. [ 290.115233][ T6362] loop3: detected capacity change from 0 to 512 [ 290.156480][ T6356] fido_id[6356]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 290.220150][ T6364] loop2: detected capacity change from 0 to 2048 [ 290.244924][ T6362] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 290.360064][ T6362] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec099, mo2=0002] [ 290.429272][ T6362] System zones: 1-12 [ 290.473435][ T6362] EXT4-fs (loop3): 1 truncate cleaned up [ 290.530835][ T6362] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 291.005597][ T6372] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 291.023587][ T6372] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 291.148541][ T3624] loop2: p1 < > p3 [ 291.703334][ T3624] loop2: p3 size 134217728 extends beyond EOD, truncated [ 291.786694][ T4263] EXT4-fs (loop3): unmounting filesystem. [ 291.949297][ T4350] udevd[4350]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 291.980851][ T4935] udevd[4935]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 294.423938][ T7] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 294.584683][ T6408] netlink: 12 bytes leftover after parsing attributes in process `syz.1.518'. [ 294.623743][ T7] usb 6-1: Using ep0 maxpacket: 16 [ 294.630448][ T6404] loop4: detected capacity change from 0 to 4096 [ 294.644368][ T7] usb 6-1: config 64 has an invalid descriptor of length 0, skipping remainder of the config [ 294.697883][ T7] usb 6-1: New USB device found, idVendor=9e88, idProduct=9e8f, bcdDevice=9b.e4 [ 294.777904][ T6404] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 294.805414][ T7] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.860202][ T7] usb 6-1: Product: syz [ 294.893138][ T7] usb 6-1: Manufacturer: syz [ 294.961814][ T7] usb 6-1: SerialNumber: syz [ 295.027114][ T7] usb 6-1: can't set config #64, error -71 [ 295.078053][ T7] usb 6-1: USB disconnect, device number 2 [ 295.218171][ T4260] EXT4-fs (loop4): unmounting filesystem. [ 295.510004][ T6425] netlink: 'syz.1.522': attribute type 27 has an invalid length. [ 295.658945][ T6439] loop5: detected capacity change from 0 to 2048 [ 295.772770][ T6439] loop5: p1 < > p3 [ 295.785377][ T6439] loop5: p3 size 134217728 extends beyond EOD, truncated [ 295.901516][ T6406] loop3: detected capacity change from 0 to 40427 [ 295.941041][ T6406] F2FS-fs (loop3): invalid crc value [ 296.007319][ T6406] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 296.569626][ T6425] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.578365][ T6425] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.629093][ T4265] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 297.636019][ T4266] Bluetooth: hci5: command 0x1003 tx timeout [ 299.484562][ T4243] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 299.553353][ T6425] device wg2 left promiscuous mode [ 299.670834][ T4243] usb 4-1: Using ep0 maxpacket: 8 [ 299.678714][ T4243] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 299.730775][ T4243] usb 4-1: config 179 has no interface number 0 [ 299.765214][ T4243] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 299.816401][ T4243] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 299.869564][ T4243] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 299.918716][ T4243] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 299.966286][ T4243] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 300.023082][ T4243] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 300.065241][ T4243] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.141553][ T6470] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 300.609673][ T6470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 300.623037][ T6470] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 300.806800][ T4243] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input6 [ 301.875876][ T6425] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 301.955615][ T6425] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 302.688127][ T4340] usb 4-1: USB disconnect, device number 5 [ 302.694046][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 302.694920][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 302.720932][ T4340] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 302.778354][ T6494] loop3: detected capacity change from 0 to 256 [ 302.787972][ T6492] loop2: detected capacity change from 0 to 2048 [ 302.944496][ T6492] loop2: p1 < > p3 [ 303.000793][ T6492] loop2: p3 size 134217728 extends beyond EOD, truncated [ 304.015481][ T6425] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.024547][ T6425] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.042438][ T6425] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.065129][ T6425] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.193862][ T6507] netlink: 88 bytes leftover after parsing attributes in process `syz.2.539'. [ 304.204936][ T6507] netlink: 48 bytes leftover after parsing attributes in process `syz.2.539'. [ 304.328891][ T6425] device wireguard0 left promiscuous mode [ 304.512711][ T6473] netlink: 12 bytes leftover after parsing attributes in process `syz.4.532'. [ 306.164810][ T6531] syz.2.544[6531] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 306.164922][ T6531] syz.2.544[6531] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 306.246204][ T6531] loop2: detected capacity change from 0 to 128 [ 307.460027][ T6531] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 307.470628][ T6531] ext4 filesystem being mounted at /110/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 307.887319][ T6540] loop3: detected capacity change from 0 to 256 [ 309.233273][ T6549] loop1: detected capacity change from 0 to 2048 [ 309.241861][ T4252] EXT4-fs (loop2): unmounting filesystem. [ 309.412041][ T6549] loop1: p1 < > p3 [ 309.439886][ T6549] loop1: p3 size 134217728 extends beyond EOD, truncated [ 309.471103][ T6554] overlayfs: statfs failed on './file0' [ 309.700399][ T3624] loop1: p1 < > p3 [ 310.441853][ T3624] loop1: p3 size 134217728 extends beyond EOD, truncated [ 310.660940][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 310.667442][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 310.983325][ T6572] netlink: 12 bytes leftover after parsing attributes in process `syz.3.556'. [ 311.534985][ T4935] udevd[4935]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 311.559750][ T4350] udevd[4350]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 311.880042][ T6592] loop2: detected capacity change from 0 to 256 [ 314.857020][ T6620] netlink: 12 bytes leftover after parsing attributes in process `syz.2.571'. [ 315.683256][ T6628] loop5: detected capacity change from 0 to 2048 [ 315.797035][ T6628] loop5: p1 < > p3 [ 315.803398][ T6628] loop5: p3 size 134217728 extends beyond EOD, truncated [ 316.836928][ T4935] udevd[4935]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 316.847890][ T4350] udevd[4350]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 316.944107][ T4935] udevd[4935]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 316.999932][ T4350] udevd[4350]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 317.431250][ T6652] loop3: detected capacity change from 0 to 256 [ 319.191469][ T6675] netlink: 2076 bytes leftover after parsing attributes in process `syz.5.582'. [ 320.189283][ T6685] loop3: detected capacity change from 0 to 2048 [ 321.034875][ T6685] loop3: p1 < > p3 [ 321.183507][ T6685] loop3: p3 size 134217728 extends beyond EOD, truncated [ 321.720117][ T27] audit: type=1107 audit(1748571460.053:166): pid=6705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 322.074627][ T6710] loop3: detected capacity change from 0 to 512 [ 322.404479][ T6710] EXT4-fs: Ignoring removed nobh option [ 322.440573][ T6716] loop4: detected capacity change from 0 to 256 [ 322.491899][ T6710] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 323.926392][ T4263] EXT4-fs (loop3): unmounting filesystem. [ 324.792283][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 325.195631][ T6760] loop5: detected capacity change from 0 to 256 [ 325.270288][ T6760] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 325.444928][ T6761] loop4: detected capacity change from 0 to 2048 [ 326.618289][ T6761] loop4: p1 < > p3 [ 326.634363][ T6761] loop4: p3 size 134217728 extends beyond EOD, truncated [ 327.615587][ T3624] loop4: p1 < > p3 [ 327.622342][ T3624] loop4: p3 size 134217728 extends beyond EOD, truncated [ 328.722036][ T6811] loop5: detected capacity change from 0 to 256 [ 329.540928][ T27] audit: type=1326 audit(1748571468.439:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6814 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 329.671779][ T6820] loop5: detected capacity change from 0 to 512 [ 329.717041][ T27] audit: type=1326 audit(1748571468.514:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6814 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 329.745059][ T27] audit: type=1326 audit(1748571468.514:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6814 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 329.768894][ T6820] ext4: Unknown parameter 'smackfsroot' [ 329.775194][ T27] audit: type=1326 audit(1748571468.525:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6814 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 329.856351][ T27] audit: type=1326 audit(1748571468.525:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6814 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 329.998731][ T4350] udevd[4350]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 330.058403][ T4935] udevd[4935]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 330.132148][ T6828] Cannot find add_set index 0 as target [ 331.650909][ T6847] loop1: detected capacity change from 0 to 512 [ 331.723965][ T6847] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 331.967397][ T6847] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2195: inode #15: comm syz.1.623: corrupted in-inode xattr [ 331.990450][ T6847] EXT4-fs (loop1): Remounting filesystem read-only [ 331.999223][ T6847] EXT4-fs (loop1): 1 truncate cleaned up [ 332.009295][ T6847] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 333.058534][ T4253] EXT4-fs (loop1): unmounting filesystem. [ 338.092317][ T6911] netlink: 4 bytes leftover after parsing attributes in process `syz.2.637'. [ 339.545504][ T6932] netlink: 12 bytes leftover after parsing attributes in process `syz.2.644'. [ 340.999901][ T6954] tipc: Started in network mode [ 341.005059][ T6954] tipc: Node identity ac14140f, cluster identity 4711 [ 341.057198][ T6954] tipc: New replicast peer: 255.255.255.255 [ 341.090805][ T6954] tipc: Enabled bearer , priority 10 [ 342.046700][ T14] tipc: Node number set to 2886997007 [ 344.882824][ T6991] netlink: 12 bytes leftover after parsing attributes in process `syz.1.660'. [ 347.704287][ T7014] syz.4.663 (7014) used greatest stack depth: 17408 bytes left [ 348.750536][ T7017] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 348.758507][ T7017] IPv6: NLM_F_CREATE should be set when creating new route [ 350.019678][ T7032] Cannot find add_set index 0 as target [ 350.670441][ T7018] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.677850][ T7018] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.877753][ T7047] loop1: detected capacity change from 0 to 512 [ 350.966115][ T7047] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.672: casefold flag without casefold feature [ 350.980594][ T7047] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.672: couldn't read orphan inode 15 (err -117) [ 350.993915][ T7047] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 351.964879][ T4253] EXT4-fs (loop1): unmounting filesystem. [ 352.413208][ T7018] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 352.544131][ T7018] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 352.661932][ T7018] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.677704][ T7018] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.694886][ T7018] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.724540][ T7018] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.814875][ T7018] device bridge1 left promiscuous mode [ 352.979066][ T7061] netlink: 12 bytes leftover after parsing attributes in process `syz.1.674'. [ 354.234699][ T7075] loop5: detected capacity change from 0 to 40427 [ 354.604327][ T7075] F2FS-fs (loop5): Found nat_bits in checkpoint [ 354.788788][ T7075] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 356.749921][ T7084] capability: warning: `syz.3.678' uses deprecated v2 capabilities in a way that may be insecure [ 356.804360][ T7083] loop3: detected capacity change from 0 to 2101 [ 356.843100][ T7084] tipc: Can't bind to reserved service type 1 [ 356.866118][ T27] audit: type=1326 audit(1748571497.762:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.3.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 356.884122][ T7088] loop1: detected capacity change from 0 to 256 [ 356.941858][ T27] audit: type=1326 audit(1748571497.848:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.3.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 356.978720][ T27] audit: type=1326 audit(1748571497.848:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.3.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 357.004760][ T27] audit: type=1326 audit(1748571497.848:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.3.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9426b8e969 code=0x7ffc0000 [ 357.041465][ T7083] Alternate GPT is invalid, using primary GPT. [ 357.081179][ T7083] loop3: p1 p2 p3 [ 358.008353][ T7094] ipt_CLUSTERIP: Please specify destination IP [ 359.817943][ T7115] netlink: 'syz.5.687': attribute type 29 has an invalid length. [ 361.635323][ T7124] netlink: 12 bytes leftover after parsing attributes in process `syz.5.690'. [ 362.341604][ T7133] loop3: detected capacity change from 0 to 512 [ 362.425396][ T7133] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.694: invalid indirect mapped block 256 (level 2) [ 362.558034][ T7133] EXT4-fs (loop3): 2 truncates cleaned up [ 362.563829][ T7133] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 362.820630][ T27] audit: type=1800 audit(1748571504.151:176): pid=7133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.694" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 362.912778][ T7139] loop5: detected capacity change from 0 to 2048 [ 362.984041][ T7139] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 363.191745][ T7132] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.694: bg 0: block 5: invalid block bitmap [ 363.273584][ T7133] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 209748188 > max in inode 15 [ 363.333895][ T7133] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 209748224 > max in inode 15 [ 363.367959][ T7133] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 209748228 > max in inode 15 [ 363.391543][ T7145] ------------[ cut here ]------------ [ 363.398167][ T7145] WARNING: CPU: 1 PID: 7145 at fs/ext4/inode.c:3466 ext4_iomap_begin+0x977/0xae0 [ 363.405434][ T7133] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 209748232 > max in inode 15 [ 363.407490][ T7145] Modules linked in: [ 363.421482][ T7145] CPU: 1 PID: 7145 Comm: syz.3.694 Not tainted 6.1.140-syzkaller #0 [ 363.429754][ T7145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 363.439915][ T7145] RIP: 0010:ext4_iomap_begin+0x977/0xae0 [ 363.445652][ T7145] Code: 3b 84 24 20 01 00 00 75 6d 44 89 f0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 83 9c 5d ff e9 73 ff ff ff e8 79 9c 5d ff <0f> 0b 41 be de ff ff ff 49 bf 00 00 00 00 00 fc ff df eb 85 89 d9 [ 363.465814][ T7145] RSP: 0018:ffffc900032373c0 EFLAGS: 00010287 [ 363.472074][ T7145] RAX: ffffffff82233a97 RBX: ffff8880554e67ca RCX: 0000000000080000 [ 363.480121][ T7145] RDX: ffffc9000f01b000 RSI: 000000000000357d RDI: 000000000000357e [ 363.488132][ T7145] RBP: ffffc90003237530 R08: dffffc0000000000 R09: ffffed100aa9cc95 [ 363.496182][ T7145] R10: ffffed100aa9cc95 R11: 1ffff1100aa9cc94 R12: 00000000000000d4 [ 363.504227][ T7145] R13: 1ffff1100aa9ccf9 R14: 000000000000000a R15: 0000000000000001 [ 363.512267][ T7145] FS: 00007f9427ac36c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 363.521267][ T7145] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 363.527914][ T7145] CR2: 0000000000000000 CR3: 000000007795b000 CR4: 00000000003506e0 [ 363.535953][ T7145] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 363.543964][ T7145] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 363.552033][ T7145] Call Trace: [ 363.555388][ T7145] [ 363.558356][ T7145] ? memset+0x1e/0x40 [ 363.562409][ T7145] ? pipe_zero+0xfb/0x140 [ 363.566854][ T7145] ? ext4_alloc_da_blocks+0x2c0/0x2c0 [ 363.572268][ T7145] ? filemap_write_and_wait_range+0x16c/0x1d0 [ 363.578471][ T7145] ? xas_next_entry+0x3d0/0x3d0 [ 363.583417][ T7145] ? ext4_alloc_da_blocks+0x2c0/0x2c0 [ 363.588843][ T7145] iomap_iter+0x6c6/0x1040 [ 363.593378][ T7145] __iomap_dio_rw+0x1384/0x1dd0 [ 363.598300][ T7145] ? iomap_dio_complete_work+0x70/0x70 [ 363.603880][ T7145] ? aa_file_perm+0x117/0xec0 [ 363.608617][ T7145] iomap_dio_rw+0x41/0xa0 [ 363.613046][ T7145] ext4_file_read_iter+0x4ef/0x650 [ 363.618214][ T7145] generic_file_splice_read+0x1a5/0x4e0 [ 363.623875][ T7145] ? lockdep_init_map_type+0x9d/0x880 [ 363.629329][ T7145] ? aa_path_link+0x850/0x850 [ 363.634051][ T7145] ? splice_shrink_spd+0xc0/0xc0 [ 363.639107][ T7145] ? common_file_perm+0x171/0x1c0 [ 363.644172][ T7145] ? fsnotify_perm+0x248/0x550 [ 363.649038][ T7145] splice_direct_to_actor+0x3b9/0xb60 [ 363.654537][ T7145] ? direct_file_splice_eof+0xa0/0xa0 [ 363.660022][ T7145] ? pipe_to_sendpage+0x310/0x310 [ 363.665102][ T7145] ? common_file_perm+0x171/0x1c0 [ 363.670220][ T7145] ? fsnotify_perm+0x5a/0x550 [ 363.674939][ T7145] ? security_file_permission+0x75/0xa0 [ 363.680607][ T7145] do_splice_direct+0x1b0/0x2b0 [ 363.685547][ T7145] ? splice_direct_to_actor+0xb60/0xb60 [ 363.691229][ T7145] ? rcu_read_lock_any_held+0xb0/0x120 [ 363.696790][ T7145] ? do_splice_direct+0x2b0/0x2b0 [ 363.701867][ T7145] ? common_file_perm+0x171/0x1c0 [ 363.706995][ T7145] do_sendfile+0x5cc/0xeb0 [ 363.711451][ T7145] ? __might_fault+0xa6/0x120 [ 363.716235][ T7145] ? do_pwritev+0x340/0x340 [ 363.720779][ T7145] ? __might_fault+0xa6/0x120 [ 363.725557][ T7145] ? __might_fault+0xc2/0x120 [ 363.730274][ T7145] ? __might_fault+0xa6/0x120 [ 363.735053][ T7145] __se_sys_sendfile64+0xd6/0x190 [ 363.740115][ T7145] ? lock_chain_count+0x20/0x20 [ 363.745067][ T7145] ? __x64_sys_sendfile64+0xa0/0xa0 [ 363.750342][ T7145] ? lockdep_hardirqs_on+0x94/0x140 [ 363.755595][ T7145] do_syscall_64+0x4c/0xa0 [ 363.760112][ T7145] ? clear_bhb_loop+0x60/0xb0 [ 363.764820][ T7145] ? clear_bhb_loop+0x60/0xb0 [ 363.769569][ T7145] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 363.775513][ T7145] RIP: 0033:0x7f9426b8e969 [ 363.780006][ T7145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 363.799689][ T7145] RSP: 002b:00007f9427ac3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 363.808188][ T7145] RAX: ffffffffffffffda RBX: 00007f9426db6080 RCX: 00007f9426b8e969 [ 363.816233][ T7145] RDX: 00002000000000c0 RSI: 0000000000000006 RDI: 0000000000000006 [ 363.824240][ T7145] RBP: 00007f9426c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 363.832284][ T7145] R10: 0000000000014000 R11: 0000000000000246 R12: 0000000000000000 [ 363.840326][ T7145] R13: 0000000000000001 R14: 00007f9426db6080 R15: 00007ffdb1db9948 [ 363.848383][ T7145] [ 363.851453][ T7145] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 363.858750][ T7145] CPU: 1 PID: 7145 Comm: syz.3.694 Not tainted 6.1.140-syzkaller #0 [ 363.866745][ T7145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 363.876810][ T7145] Call Trace: [ 363.880093][ T7145] [ 363.883035][ T7145] dump_stack_lvl+0x168/0x22e [ 363.887734][ T7145] ? memcpy+0x3c/0x60 [ 363.891726][ T7145] ? show_regs_print_info+0x12/0x12 [ 363.896937][ T7145] ? load_image+0x3b0/0x3b0 [ 363.901464][ T7145] panic+0x2c9/0x710 [ 363.905383][ T7145] ? bpf_jit_dump+0xd0/0xd0 [ 363.909925][ T7145] __warn+0x2f8/0x4f0 [ 363.913930][ T7145] ? ext4_iomap_begin+0x977/0xae0 [ 363.918965][ T7145] ? ext4_iomap_begin+0x977/0xae0 [ 363.923997][ T7145] report_bug+0x2ba/0x4f0 [ 363.928345][ T7145] ? ext4_iomap_begin+0x977/0xae0 [ 363.933384][ T7145] handle_bug+0x3a/0x70 [ 363.937566][ T7145] exc_invalid_op+0x16/0x40 [ 363.942123][ T7145] asm_exc_invalid_op+0x16/0x20 [ 363.946996][ T7145] RIP: 0010:ext4_iomap_begin+0x977/0xae0 [ 363.952649][ T7145] Code: 3b 84 24 20 01 00 00 75 6d 44 89 f0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 83 9c 5d ff e9 73 ff ff ff e8 79 9c 5d ff <0f> 0b 41 be de ff ff ff 49 bf 00 00 00 00 00 fc ff df eb 85 89 d9 [ 363.972268][ T7145] RSP: 0018:ffffc900032373c0 EFLAGS: 00010287 [ 363.978361][ T7145] RAX: ffffffff82233a97 RBX: ffff8880554e67ca RCX: 0000000000080000 [ 363.986347][ T7145] RDX: ffffc9000f01b000 RSI: 000000000000357d RDI: 000000000000357e [ 363.994323][ T7145] RBP: ffffc90003237530 R08: dffffc0000000000 R09: ffffed100aa9cc95 [ 364.002325][ T7145] R10: ffffed100aa9cc95 R11: 1ffff1100aa9cc94 R12: 00000000000000d4 [ 364.010311][ T7145] R13: 1ffff1100aa9ccf9 R14: 000000000000000a R15: 0000000000000001 [ 364.018298][ T7145] ? ext4_iomap_begin+0x977/0xae0 [ 364.023359][ T7145] ? memset+0x1e/0x40 [ 364.027443][ T7145] ? pipe_zero+0xfb/0x140 [ 364.031789][ T7145] ? ext4_alloc_da_blocks+0x2c0/0x2c0 [ 364.037167][ T7145] ? filemap_write_and_wait_range+0x16c/0x1d0 [ 364.043252][ T7145] ? xas_next_entry+0x3d0/0x3d0 [ 364.048126][ T7145] ? ext4_alloc_da_blocks+0x2c0/0x2c0 [ 364.053512][ T7145] iomap_iter+0x6c6/0x1040 [ 364.057945][ T7145] __iomap_dio_rw+0x1384/0x1dd0 [ 364.062823][ T7145] ? iomap_dio_complete_work+0x70/0x70 [ 364.068308][ T7145] ? aa_file_perm+0x117/0xec0 [ 364.073032][ T7145] iomap_dio_rw+0x41/0xa0 [ 364.077377][ T7145] ext4_file_read_iter+0x4ef/0x650 [ 364.082514][ T7145] generic_file_splice_read+0x1a5/0x4e0 [ 364.088078][ T7145] ? lockdep_init_map_type+0x9d/0x880 [ 364.093467][ T7145] ? aa_path_link+0x850/0x850 [ 364.098172][ T7145] ? splice_shrink_spd+0xc0/0xc0 [ 364.103136][ T7145] ? common_file_perm+0x171/0x1c0 [ 364.108202][ T7145] ? fsnotify_perm+0x248/0x550 [ 364.112987][ T7145] splice_direct_to_actor+0x3b9/0xb60 [ 364.118405][ T7145] ? direct_file_splice_eof+0xa0/0xa0 [ 364.123802][ T7145] ? pipe_to_sendpage+0x310/0x310 [ 364.128846][ T7145] ? common_file_perm+0x171/0x1c0 [ 364.133901][ T7145] ? fsnotify_perm+0x5a/0x550 [ 364.138595][ T7145] ? security_file_permission+0x75/0xa0 [ 364.144182][ T7145] do_splice_direct+0x1b0/0x2b0 [ 364.149057][ T7145] ? splice_direct_to_actor+0xb60/0xb60 [ 364.154620][ T7145] ? rcu_read_lock_any_held+0xb0/0x120 [ 364.160094][ T7145] ? do_splice_direct+0x2b0/0x2b0 [ 364.165169][ T7145] ? common_file_perm+0x171/0x1c0 [ 364.170211][ T7145] do_sendfile+0x5cc/0xeb0 [ 364.174655][ T7145] ? __might_fault+0xa6/0x120 [ 364.179352][ T7145] ? do_pwritev+0x340/0x340 [ 364.183866][ T7145] ? __might_fault+0xa6/0x120 [ 364.188552][ T7145] ? __might_fault+0xc2/0x120 [ 364.193237][ T7145] ? __might_fault+0xa6/0x120 [ 364.197931][ T7145] __se_sys_sendfile64+0xd6/0x190 [ 364.202966][ T7145] ? lock_chain_count+0x20/0x20 [ 364.207831][ T7145] ? __x64_sys_sendfile64+0xa0/0xa0 [ 364.213057][ T7145] ? lockdep_hardirqs_on+0x94/0x140 [ 364.218277][ T7145] do_syscall_64+0x4c/0xa0 [ 364.222719][ T7145] ? clear_bhb_loop+0x60/0xb0 [ 364.227425][ T7145] ? clear_bhb_loop+0x60/0xb0 [ 364.232112][ T7145] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 364.238023][ T7145] RIP: 0033:0x7f9426b8e969 [ 364.242443][ T7145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.262057][ T7145] RSP: 002b:00007f9427ac3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 364.270478][ T7145] RAX: ffffffffffffffda RBX: 00007f9426db6080 RCX: 00007f9426b8e969 [ 364.278459][ T7145] RDX: 00002000000000c0 RSI: 0000000000000006 RDI: 0000000000000006 [ 364.286435][ T7145] RBP: 00007f9426c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 364.294426][ T7145] R10: 0000000000014000 R11: 0000000000000246 R12: 0000000000000000 [ 364.302448][ T7145] R13: 0000000000000001 R14: 00007f9426db6080 R15: 00007ffdb1db9948 [ 364.310449][ T7145] [ 364.313743][ T7145] Kernel Offset: disabled [ 364.318180][ T7145] Rebooting in 86400 seconds..