last executing test programs: 5.004093408s ago: executing program 3 (id=362): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc4f27000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_clone(0x40800300, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000001640)=@mangle={'mangle\x00', 0x44, 0x6, 0x510, 0x3a8, 0x210, 0x210, 0x0, 0x138, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x11000000, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570) 3.239177314s ago: executing program 2 (id=373): socketpair$unix(0x1, 0x2, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x2) futex(&(0x7f000000cffc), 0x9, 0x0, 0x0, 0x0, 0x80) futex(&(0x7f000000cffc), 0xa, 0x301, 0x0, 0x0, 0x2) 2.950293291s ago: executing program 0 (id=376): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000640)=ANY=[@ANYBLOB="14000000100001000c000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x2000c080}, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000040)={0x4, 0x7fff, 0x7, 0x6, 0x40, 0x77}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'syztnl0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x4, 0x7, 0x8, 0x800, 0x39, @loopback, @local, 0x8000, 0x8, 0xb9e, 0xa8}}) r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)=@o_path={&(0x7f0000000440)='./file0\x00', 0x0, 0x38, r1}, 0x18) r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000540)=@generic={&(0x7f0000000500)='./file0\x00', 0x0, 0x8}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1c, 0x11, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400}, [@call={0x85, 0x0, 0x0, 0x82}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7f}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xff}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x0, &(0x7f0000000100), 0x41100, 0x34, '\x00', r3, @fallback=0xd, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x9, 0x6043aa10, 0x800}, 0x10, 0x0, r2, 0x0, &(0x7f00000005c0)=[r4, 0xffffffffffffffff, r5, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x200}, 0x94) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c000080080003400000000214000000110001"], 0xb0}}, 0x40) 2.656405209s ago: executing program 0 (id=380): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) openat(r3, &(0x7f00000000c0)='./file0\x00', 0x6a1c2, 0x50) faccessat(r3, &(0x7f0000000000)='./file0\x00', 0x5) 2.523530136s ago: executing program 0 (id=382): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @local, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x4, 0x3e, 0x66, 0x0, 0x7, 0x2, 0x0, @private=0xa010102, @local}, {0x11, 0xff, 0x0, @empty}}}}}, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000800}, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet(0x2, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000", 0x36}], 0x1) 2.288225236s ago: executing program 2 (id=384): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x62000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="eefa7d71f24a41d1b604", @ANYRES32=0x1, @ANYBLOB="9c45306e00"/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="0400000002000000030000000c00"/28], 0x50) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x208, 0x1ffe0000000}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) r2 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000100)={0x20000014}) close_range(r2, r3, 0x0) 2.037981188s ago: executing program 2 (id=386): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000900)='kfree\x00', r0}, 0x18) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r2 = fcntl$dupfd(r1, 0x406, r1) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 1.959918809s ago: executing program 0 (id=387): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000fedbdf25080000001800028014000380100001800400030008000100050000000c00018008000100", @ANYRES32], 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f00000001c0)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xd6\xd1\x98,\xc8\x18E/\x8c\x1a\xe3\xbd') bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x20081e, &(0x7f0000000840)={[{@grpjquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xa30}}, {@grpquota}]}, 0x1, 0x52a, &(0x7f0000001440)="$eJzs3c9vHFcdAPDvjL22k7h1WnoABG1oCwFFWcebNqp6gHJCCFVC9AhSauyNFWXXa3nXpTaRcM9ckajECY78AZx74s4FwY1LOSDxwwLVSBwGzezY2di7tpPYXmv385FG+9688XzfizPvzbxd7wtgbF2LiO2ImIqI9yNirtyflFu8093y4z7bebi0u/NwKYkse++fSVGe74uen8ldKc85ExE/+E7Ej5PDcdubWw8WG436epmf7zTX5tubWzfvNxdX6iv11VrtzsKdW2/dfrP2BK2ZObL0leZUmfryp3/Y/sZP82rNlnt623Gauk2v7MfJTUbE984i2BBMlO2ZGnZFeCppRLwYEa8W1/9cTBS/TQBglGXZXGRzvXkAYNSlxRxYklbLuYDZSNNqtTuH91JcThutdufGvdbG6nJ3ruxqVNJ79xv1W+Vc4dWoJHl+oUg/ytcO5G9HxAsR8YvpS0W+utRqLA/zxgcAxtiVA+P/f6a74z8AMOKO/tgMADCKjP8AMH6M/wAwfoz/ADB+uuP/pSf9sSzLfnYW1QEAzoHnfwAYP8Z/ABgr33/33XzLdsvvv17+YHPjQeuDm8v19oNqc2OputRaX6uutForxXf2NI87X6PVWlt4IzY+vPrNtXZnvr25dbfZ2ljt3C2+1/tuvVIctX0OLQMABnnhlU/+nOQj8tuXii161nKoDLVmwFlLh10BYGgmhl0BYGi6q331WaAPGHmPnvGf+EMApgdgRBx3BzDT7w+EsizLzq5KwBm7/gXz/zCuyvn/SZ8ChvFz3Px/sTawNwlhJE0OuwLA0GRZctI1/+OkBwIAF9sRc/xXz/M+BBieAe//v1i+/rZ8c+BHyweP+PgsawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX2976v9Vymd/ZSNNqNeK5YgGgSnLvfqN+KyKej4g/TVem8/zCkOsMADyr9G9Juf7X9bnXZx8revnKfnIqIn7yq/d++eFip7P+x4ip5F/Te/s7H5f7a8cGmzmLFgAAR9sbp4vXngf5z3YeLu1t51mfv3+7e1eQx93dmYrd/fiTMVm8zkQlIi7/OynzXUnP3MWz2P4oIj7fr/1JzBZzIN1bloPx89jPnVL8iRPFTx+Ln5YLNKflv8XnTqEuMG4+yfufd/pdf2lcK177X/8zRQ/17Mr+Lz/V0m7RBz6Kv9f/TQzo/66dNMYbv/9uN3XpcNlHEV+cjNiLvdvT/+zFTwbEf/2E8f/ypZdfHVSW/TrievSP3xtrvtNcm29vbt2831xcqa/UV2u1Owt3br11+83afDFHPT94NPjH2zeeH1SWt//ygPgzx7T/q4NOeuAp9zf/e/+HXzki/tdf6xc/jZeOiJ+PiV8b2OLHLV7+3cDn7jz+8uH2Jyf5/d84YfxP/7p1aNlwAGB42ptbDxYbjfq6hMTFT+T/ZS9ANfomvnVesaaif9HPX+te0weKsuypYg3qMU5j1g24CPYv+oj477ArAwAAAAAAAAAAAAAA9HUef7E07DYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwuv4fAAD//9VG0+g=") pipe(&(0x7f0000000140)) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff27}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r2 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x40900, 0x0) r3 = syz_io_uring_setup(0x49a, 0x0, 0x0, &(0x7f0000000400)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, r4, &(0x7f0000000040)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x0, @fd=r2, 0x8006, &(0x7f0000000300)=""/210, 0xd2, 0x2, 0x1}) io_uring_enter(r3, 0x4be7, 0x4c3, 0x43, 0x0, 0x0) r5 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x80642, 0x150) pwrite64(r6, &(0x7f0000000140)='2', 0xfdef, 0xfecc) fallocate(r5, 0x0, 0xbf5, 0x2000402) 1.828457455s ago: executing program 3 (id=388): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10) msync(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4) 1.828327235s ago: executing program 2 (id=389): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182) ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0) ioctl$USBDEVFS_DROP_PRIVILEGES(r1, 0x4004551e, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c090}, 0xc000) ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x5522, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d80672e65a6a0a72e19c2b60bd6276fd8bb6366e9d1ed9a60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d10d1f600"}) ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522) ioctl$USBDEVFS_SETINTERFACE(r0, 0x80045510, &(0x7f0000000000)={0x0, 0x40000000}) 1.78619929s ago: executing program 1 (id=390): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/nfsfs\x00') getdents(r2, &(0x7f0000000080)=""/53, 0x35) 1.673168986s ago: executing program 3 (id=391): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0xe, 0x7ffc0001}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = memfd_create(&(0x7f0000000780)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x06\x00\x00\x00\x97A\xc2\xd8\xf0Uq!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19\xe5\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\x16\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xf1k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9k\x83\xfc\xa4\xad4\x03\xa2X\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xdfY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96?\x00\x00\x00\x00\x00\x00\x00\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKl\xcc\xa4:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcb\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93>m\xd7q\'\xdf\xfajo\xd8n\xa7\xecJi\xde\xdf\x7f\xe3\xc4*Z 4\xe8S$\xa1H=\xdf\x05\xf3\xc3T\xd1\xdd\xc6f\xa4\xb4\x96\\\xa0\xf9\x0f\x17\x11{\xb6\x9d\xd21\xc1\x90Vj\x13r\x00\x00\xde\x03\xab\xff\x8as0\xc6E\xca\"\xd9*\x9a\x15\xb95r\x8f\xaaj\x82\xd6\xd2%\xed\xa2WQ\xec2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xccX\xfdRB\xffU\xe9\xfa\x1f\xf6\xce\b\xde@\x061\xc6z\xe4\xe0\xc9?\xa7\x94>\x9c\xd1\xa5o\x04\xaaim\xae\xfe\xc7f\xa3\x96\xd7\xb4c)r{\r#\xddI&\n\xf2\xec\xd4\xff\x9f\x136zZ-2\x80\xfbH+\x9b8\xf3\xed\xdf\xa2my\xb28c[\xc3\xfe\xb5M\x84\x97\xa5\'s\xe9\xdc=)I\xabLt2\x9c\v\xd9S', 0x6) fallocate(r2, 0x0, 0x9, 0x4) 1.408369819s ago: executing program 0 (id=392): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$nl_route(0x10, 0x3, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001940), 0x202, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e00000020000280060002003000000014000600", @ANYRESOCT], 0x5c}}, 0x0) 1.407994809s ago: executing program 2 (id=393): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000400)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x1}, 0x18) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 1.356260096s ago: executing program 1 (id=394): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x62000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="eefa7d71f24a41d1b604", @ANYRES32=0x1, @ANYBLOB="9c45306e00"/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="0400000002000000030000000c00"/28], 0x50) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x208, 0x1ffe0000000}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) r3 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000100)={0x20000014}) close_range(r3, r4, 0x0) 1.331044779s ago: executing program 3 (id=395): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @local, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x4, 0x3e, 0x66, 0x0, 0x7, 0x2, 0x0, @private=0xa010102, @local}, {0x11, 0xff, 0x0, @empty}}}}}, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000800}, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet(0x2, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000", 0x36}], 0x1) 1.17244878s ago: executing program 2 (id=396): syz_usb_connect(0x2, 0x24, &(0x7f0000000f80)={{0x12, 0x1, 0x250, 0xd6, 0xfc, 0xb, 0xff, 0xeba, 0x2080, 0x6488, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x6, 0x2, 0xd0, 0x3, [{{0x9, 0x4, 0x42, 0xf, 0x0, 0x3, 0x83, 0x4e, 0x7}}]}}]}}, 0x0) 1.145212573s ago: executing program 1 (id=397): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0) r1 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x3, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44) sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 1.061921804s ago: executing program 1 (id=398): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000009500"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000380)={0x43, 0x4, 0x3, 0x3}, 0x10) 193.382015ms ago: executing program 1 (id=399): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000000000800000000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x1228000, 0x800, 0x11c}, 0x20) 192.454695ms ago: executing program 3 (id=400): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1, 0x0, 0x200000000000006}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000300000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r2}, 0x10) sendmsg$DEVLINK_CMD_PORT_SPLIT(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x280040}, 0xc, &(0x7f0000000680)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="dc010000", @ANYRES16=0x0, @ANYBLOB="010029bd7000ffdbdf2509000000080001007063690011000200303030303a30303a31302e300000000008000300000000000800090006000000080001007063690011000200303030303a30303a31302e300000000008000300010000000800090005000000080001007063690011000200303030303a30303a31302e300000000008000300030000000800090001000000080001007063690011000200303030303a30303a31302e300000000008000300000000000800090002000000080001007063690011000200303030303a30303a31302e300000000008000300010000000800090001000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000900080000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000200000008000900010000000e0001006e657464657673696d0000000f0002006e1c24657464657673696d30000008000300000000000854e7bd030000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000008000900040000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000300030000000800090003000000"], 0x1dc}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="160000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r6 = socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x4, 0x2, 0x1, 0x90}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', r7, 0xd}, 0x94) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=@newqdisc={0x78, 0x24, 0xe0b, 0x70bd26, 0x2000000, {0x0, 0x0, 0x0, r7, {0xb, 0xfff1}, {0xffff, 0xffff}, {0x9, 0xa}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x96, 0x8, 0x1a, 0x1, 0xf}, 0x2, 0x1, 0xf, 0x4, 0x80, 0x18, 0x3, 0xf, 0x1, 0x80000001, {0x5, 0x2, 0x1, 0x4, 0x1, 0x9}}}}]}, 0x78}}, 0x40440c0) ioctl$MON_IOCG_STATS(0xffffffffffffffff, 0xc0109207, &(0x7f0000000180)) sendto$inet6(r5, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x8, 0x7ffc0001}]}) bpf$PROG_LOAD(0x5, 0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) 80.392939ms ago: executing program 1 (id=401): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x561, &(0x7f0000000f80)="$eJzs3U1rG0cfAPD/ylbenycOhNCWUgw9NCWNHNt9SaGH9NyGBtp7KuyNCZajYMkhdgNNDs25hF5KA6X30nOPoV+gh36GQBsIJZj20IvLyivFL5ItJ7KtVL8frJnZXWl2NPsfz2gkFMDAGs3+FCJejoivk4jjEZHkx4YjPzi6et7yk1tT2ZbEysqnfyaN87J887majzuaZ16KiF++ijhT2FxubXFptlyppPN5fqw+d32strh09upceSadSa9NTE6ef2dy4v333u1ZXd+89Pe3nzwYynMn7iVxIY7lubX1eA6312ZGYzR/TYpxYcOJ4z0orJ8kbff+tOfXwc4M5XFejKwPOB5DedQD/31fRsQKMKCSHcf/b8XduRJgbzXHAc25fY/mwS+Mxx+uToA213949b2RONSYGx1ZTtbNjLL57kgPys/K+PmP+/eyLXr3PgTAtm7fiYhzw8Ob+78k7/+e3bkuztlYhv4P9s6DbPzzVrvxT6E1/ok245+jbWL3WWwf/4VHPSimo2z890Hb8W9r0WpkKM/9rzHmKyZXrlbSrG/7f0ScjuLBLL/Ves755YcrnY6tHf9lW1Z+cyyYX8ej4YPrHzNdrpefp85rPb4T8Urb8W/Sav+kTftnr8elLss4ld5/rdOx7eu/u1Z+iHijbfs/XdFKtl6fHGvcD2PNu2Kzv+6e+rVT+ftd/6z9j2xd/5Fk7XptbedlfH/onzRa68nrrat/dH//H0g+a6QP5Ptuluv1+fGIA8nHrf2F5v6Jp49t5pvnZ/U//frW/V+7+/9wRHzeZf3vnvzx1U7H+qH9p9u2f2t2u6H9d554+NEX33Uqv7v+7+1G6nS+p5v+r9sLfJ7XDgAAAAAAAPpNISKORVIotdKFQqm0+vmOk3GkUKnW6meuVBeuTUfju7IjUSw0V7qPr/k8xHi+YtjMT2zIT0bEiYj4ZuhwI1+aqlam97vyAAAAAAAAAAAAAAAAAAAA0CeOdvj+f+b3of2+OmDX+clvGFzbxn8vfukJ6Ev+/8PgEv8wuMQ/DC7xD4NL/MPgEv8wuMQ/DC7xDwAAAAAAAAAAAAAAAAAAAAAAAAAAAD116eLFbFtZfnJrKstP31hcmK3eODud1mZLcwtTpanq/PXSTLU6U0lLU9W57Z6vUq1eH5+IhZtj9bRWH6stLl2eqy5cq1++OleeSS+nxT2pFQAAAAAAAAAAAAAAAAAAALxYaotLs+VKJZ2XkHimxHB/XIZEjxP73TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFP/BgAA//9q6zMB") r0 = socket(0x10, 0x3, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$nl_route_sched(r0, 0x0, 0x0) setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), &(0x7f00000002c0)="30573472b621739991c336124406e8a5c812ca847e3bf9b837c91d46ab", 0x1d, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000000), &(0x7f0000000000)=ANY=[], 0x361, 0x0) r3 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) getsockopt$inet_mreqn(r0, 0x0, 0x23, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000340)={0x14, r3, 0x1, 0x0, 0x25dfdbfe}, 0x14}}, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000300)=ANY=[], 0xfe37, 0x0) 41.939334ms ago: executing program 3 (id=402): r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000004cbd18110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18) r3 = socket$netlink(0x10, 0x3, 0x14) sendfile(r3, r0, 0x0, 0x7ffff088) 0s ago: executing program 0 (id=403): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newlink={0x40, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0xc9d, 0x8023}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLAGS={0x6, 0x8, 0x19}, @IFLA_IPTUN_PMTUDISC={0x5}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x28001}, 0x24004850) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.234' (ED25519) to the list of known hosts. [ 82.789194][ T5754] cgroup: Unknown subsys name 'net' [ 82.925115][ T5754] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.651185][ T5754] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.386073][ T5768] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.397067][ T5768] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.405276][ T5768] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.414144][ T5768] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.422415][ T5768] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.430065][ T5768] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.445347][ T5771] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.464411][ T5771] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.472610][ T5771] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.480952][ T5771] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.489758][ T5771] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.498544][ T5771] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.506043][ T5771] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.514848][ T5775] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.514871][ T5771] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.527852][ T5775] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.537928][ T5775] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.545411][ T5775] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.553930][ T5775] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 86.561343][ T5771] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.561779][ T5775] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.571196][ T5771] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.580733][ T5775] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.584577][ T5771] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.204781][ T5765] chnl_net:caif_netlink_parms(): no params data found [ 87.237525][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 87.415300][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 87.445793][ T5766] chnl_net:caif_netlink_parms(): no params data found [ 87.574579][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.582969][ T5765] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.592044][ T5765] bridge_slave_0: entered allmulticast mode [ 87.600222][ T5765] bridge_slave_0: entered promiscuous mode [ 87.620764][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.628257][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.635491][ T5769] bridge_slave_0: entered allmulticast mode [ 87.643983][ T5769] bridge_slave_0: entered promiscuous mode [ 87.659732][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.667272][ T5765] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.674521][ T5765] bridge_slave_1: entered allmulticast mode [ 87.682897][ T5765] bridge_slave_1: entered promiscuous mode [ 87.712204][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.719532][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.727072][ T5769] bridge_slave_1: entered allmulticast mode [ 87.734888][ T5769] bridge_slave_1: entered promiscuous mode [ 87.854300][ T5765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.895566][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.908384][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.933685][ T5765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.946261][ T5766] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.953464][ T5766] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.960914][ T5766] bridge_slave_0: entered allmulticast mode [ 87.968645][ T5766] bridge_slave_0: entered promiscuous mode [ 87.989888][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.998215][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.005459][ T5773] bridge_slave_0: entered allmulticast mode [ 88.014462][ T5773] bridge_slave_0: entered promiscuous mode [ 88.062646][ T5766] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.072896][ T5766] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.080233][ T5766] bridge_slave_1: entered allmulticast mode [ 88.088575][ T5766] bridge_slave_1: entered promiscuous mode [ 88.095327][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.102749][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.112122][ T5773] bridge_slave_1: entered allmulticast mode [ 88.119372][ T5773] bridge_slave_1: entered promiscuous mode [ 88.145335][ T5765] team0: Port device team_slave_0 added [ 88.154735][ T5769] team0: Port device team_slave_0 added [ 88.190927][ T5765] team0: Port device team_slave_1 added [ 88.200668][ T5769] team0: Port device team_slave_1 added [ 88.235487][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.288821][ T5766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.302378][ T5766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.314200][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.335121][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.342503][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.369039][ T5765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.383028][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.390425][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.416678][ T5765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.429270][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.436366][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.462511][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.475464][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.482558][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.508709][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.551850][ T5779] Bluetooth: hci1: command tx timeout [ 88.589918][ T5773] team0: Port device team_slave_0 added [ 88.613299][ T5766] team0: Port device team_slave_0 added [ 88.619480][ T5779] Bluetooth: hci2: command tx timeout [ 88.629959][ T5773] team0: Port device team_slave_1 added [ 88.662172][ T5769] hsr_slave_0: entered promiscuous mode [ 88.671451][ T5769] hsr_slave_1: entered promiscuous mode [ 88.682451][ T5766] team0: Port device team_slave_1 added [ 88.706372][ T5779] Bluetooth: hci0: command tx timeout [ 88.706394][ T51] Bluetooth: hci3: command tx timeout [ 88.777944][ T5765] hsr_slave_0: entered promiscuous mode [ 88.784515][ T5765] hsr_slave_1: entered promiscuous mode [ 88.791660][ T5765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.800968][ T5765] Cannot create hsr debugfs directory [ 88.820195][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.830284][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.856515][ T5766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.869398][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.876478][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.902475][ T5766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.914444][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.923914][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.950287][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.963043][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.970634][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.997144][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.193687][ T5766] hsr_slave_0: entered promiscuous mode [ 89.200808][ T5766] hsr_slave_1: entered promiscuous mode [ 89.207382][ T5766] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.214995][ T5766] Cannot create hsr debugfs directory [ 89.225361][ T5773] hsr_slave_0: entered promiscuous mode [ 89.235559][ T5773] hsr_slave_1: entered promiscuous mode [ 89.241857][ T5773] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.249676][ T5773] Cannot create hsr debugfs directory [ 89.590493][ T5769] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.619570][ T5769] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.631832][ T5769] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.659513][ T5769] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.727795][ T5765] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.741513][ T5765] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.774416][ T5765] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.785379][ T5765] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.850127][ T5766] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.876973][ T5766] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.900631][ T5766] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.913873][ T5766] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.039741][ T5773] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.052370][ T5773] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.084386][ T5773] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.095219][ T5773] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.132173][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.206043][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.223515][ T5765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.276374][ T1073] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.283771][ T1073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.298757][ T1073] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.305896][ T1073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.359817][ T5765] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.380421][ T1073] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.387587][ T1073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.418205][ T5766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.467731][ T1073] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.474903][ T1073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.554614][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.570826][ T5766] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.621116][ T5779] Bluetooth: hci1: command tx timeout [ 90.631633][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.651448][ T1073] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.658708][ T1073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.668901][ T1073] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.676283][ T1073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.691490][ T1317] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.698710][ T1317] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.706728][ T5779] Bluetooth: hci2: command tx timeout [ 90.778161][ T51] Bluetooth: hci3: command tx timeout [ 90.783927][ T5779] Bluetooth: hci0: command tx timeout [ 90.794378][ T2962] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.801769][ T2962] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.902203][ T5766] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.990983][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.163568][ T5769] veth0_vlan: entered promiscuous mode [ 91.209599][ T5769] veth1_vlan: entered promiscuous mode [ 91.303691][ T5769] veth0_macvtap: entered promiscuous mode [ 91.328108][ T5765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.353019][ T5769] veth1_macvtap: entered promiscuous mode [ 91.423572][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.458280][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.484158][ T5769] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.494194][ T5769] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.511678][ T5769] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.520512][ T5769] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.543119][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.590595][ T5766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.731076][ T5765] veth0_vlan: entered promiscuous mode [ 91.754770][ T5765] veth1_vlan: entered promiscuous mode [ 91.762740][ T1093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.783052][ T1093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.783890][ T5773] veth0_vlan: entered promiscuous mode [ 91.864012][ T5773] veth1_vlan: entered promiscuous mode [ 91.875358][ T2962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.887589][ T5766] veth0_vlan: entered promiscuous mode [ 91.904426][ T5766] veth1_vlan: entered promiscuous mode [ 91.912101][ T2962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.942621][ T5765] veth0_macvtap: entered promiscuous mode [ 91.954219][ T5765] veth1_macvtap: entered promiscuous mode [ 92.014297][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.030162][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.043686][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.065371][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.077575][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.090273][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.120017][ T5765] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.141789][ T5765] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.162196][ T5765] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.186241][ T5765] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.218921][ T1797] cfg80211: failed to load regulatory.db [ 92.238430][ T5857] syz.1.2[5857]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.251351][ T5766] veth0_macvtap: entered promiscuous mode [ 92.268669][ T5766] veth1_macvtap: entered promiscuous mode [ 92.284997][ T5773] veth0_macvtap: entered promiscuous mode [ 92.302912][ T5773] veth1_macvtap: entered promiscuous mode [ 92.345086][ T5857] loop1: detected capacity change from 0 to 4096 [ 92.353633][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.370457][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.383067][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.412439][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.424960][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.447726][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.459600][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.470484][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.481306][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.493704][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.503809][ T5857] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.545430][ T5766] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.587381][ T5766] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.597138][ T5766] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.605879][ T5766] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.625231][ T28] audit: type=1800 audit(1768580731.538:2): pid=5857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 92.682863][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.695530][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.707216][ T5779] Bluetooth: hci1: command tx timeout [ 92.714532][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.732206][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.742797][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.760456][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.773771][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.786617][ T5779] Bluetooth: hci2: command tx timeout [ 92.835173][ T1093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.855486][ T1093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.866576][ T51] Bluetooth: hci3: command tx timeout [ 92.872892][ T5779] Bluetooth: hci0: command tx timeout [ 92.883714][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.898632][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.909561][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.920917][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.932590][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.944225][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.956579][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.980245][ T5773] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.990633][ T5773] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.000650][ T5773] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.009609][ T5773] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.090607][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.112942][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.176058][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.251603][ T2962] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.286291][ T2962] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.378824][ T1073] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.410345][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.418265][ T1073] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.468185][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.672188][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.776795][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.952993][ T5870] loop3: detected capacity change from 0 to 128 [ 94.217163][ T5870] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 94.243475][ T5870] ext4 filesystem being mounted at /0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 94.841424][ T5779] Bluetooth: hci1: command tx timeout [ 94.856439][ T5779] Bluetooth: hci2: command tx timeout [ 94.936824][ T51] Bluetooth: hci0: command tx timeout [ 94.942488][ T51] Bluetooth: hci3: command tx timeout [ 95.262896][ T5873] process 'syz.1.5' launched './file0' with NULL argv: empty string added [ 95.331688][ T5877] hub 9-0:1.0: USB hub found [ 95.421618][ T5877] hub 9-0:1.0: 1 port detected [ 95.433904][ T5873] Invalid argument reading file caps for ./file0 [ 95.456132][ C1] sched: RT throttling activated [ 96.212773][ T5765] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 96.241320][ T5885] loop1: detected capacity change from 0 to 8192 [ 96.299773][ T28] audit: type=1800 audit(1768580735.218:3): pid=5885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.7" name="bus" dev="loop1" ino=1048592 res=0 errno=0 [ 96.372751][ T28] audit: type=1326 audit(1768580735.258:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5886 comm="syz.0.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 96.436908][ T28] audit: type=1326 audit(1768580735.258:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5886 comm="syz.0.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 96.481022][ T5889] Zero length message leads to an empty skb [ 96.517027][ T28] audit: type=1326 audit(1768580735.288:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5886 comm="syz.0.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 96.690392][ T28] audit: type=1326 audit(1768580735.288:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5886 comm="syz.0.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 96.725124][ T28] audit: type=1326 audit(1768580735.288:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5886 comm="syz.0.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 96.751323][ T28] audit: type=1326 audit(1768580735.318:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5886 comm="syz.0.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 96.831975][ T28] audit: type=1326 audit(1768580735.328:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5886 comm="syz.0.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 96.893629][ T5895] loop2: detected capacity change from 0 to 512 [ 96.923522][ T28] audit: type=1326 audit(1768580735.328:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5886 comm="syz.0.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 96.964137][ T5893] 9pnet_fd: Insufficient options for proto=fd [ 96.989745][ T5895] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 97.036325][ T5895] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 97.095366][ T5893] syz.0.12 uses obsolete (PF_INET,SOCK_PACKET) [ 97.104291][ T5895] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c018, mo2=0002] [ 97.144550][ T5895] System zones: 1-12 [ 97.199265][ T5895] EXT4-fs (loop2): 1 truncate cleaned up [ 97.227776][ T5895] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.291304][ T5893] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.323166][ T5901] syz.3.14[5901] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 97.323307][ T5901] syz.3.14[5901] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 97.329942][ T5893] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 97.415579][ T5893] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.435615][ T5893] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 97.445203][ T5903] loop1: detected capacity change from 0 to 512 [ 97.481969][ T5903] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 97.502935][ T5903] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 97.524310][ T5895] netlink: 36 bytes leftover after parsing attributes in process `syz.2.10'. [ 97.567346][ T5903] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4047: comm syz.1.15: Allocating blocks 41-42 which overlap fs metadata [ 97.630254][ T5903] __quota_error: 42 callbacks suppressed [ 97.630271][ T5903] Quota error (device loop1): write_blk: dquota write failed [ 97.646469][ T5901] @: renamed from vlan0 (while UP) [ 97.703921][ T5903] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5 [ 97.736787][ T5903] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4047: comm syz.1.15: Allocating blocks 41-42 which overlap fs metadata [ 97.752245][ T28] audit: type=1800 audit(1768580736.668:54): pid=5895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.10" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 97.789258][ T28] audit: type=1326 audit(1768580736.698:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5892 comm="syz.0.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 97.791952][ T5903] Quota error (device loop1): write_blk: dquota write failed [ 97.834524][ T28] audit: type=1326 audit(1768580736.698:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5892 comm="syz.0.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 97.861559][ T5903] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 97.912933][ T5903] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.15: Failed to acquire dquot type 1 [ 97.943025][ T5903] EXT4-fs error (device loop1): mb_free_blocks:1954: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 97.978731][ T5903] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #12: comm syz.1.15: corrupted inode contents [ 98.029009][ T5903] EXT4-fs error (device loop1): ext4_dirty_inode:6124: inode #12: comm syz.1.15: mark_inode_dirty error [ 98.061830][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.088276][ T5903] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #12: comm syz.1.15: corrupted inode contents [ 98.159261][ T5903] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #12: comm syz.1.15: mark_inode_dirty error [ 98.195084][ T5903] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #12: comm syz.1.15: corrupted inode contents [ 98.246956][ T5903] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 98.270217][ T5903] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #12: comm syz.1.15: corrupted inode contents [ 98.286724][ T5915] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.308396][ T5903] EXT4-fs error (device loop1): ext4_truncate:4294: inode #12: comm syz.1.15: mark_inode_dirty error [ 98.338647][ T5903] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 98.375161][ T5903] EXT4-fs (loop1): 1 truncate cleaned up [ 98.400568][ T5903] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.453675][ T5903] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.031243][ T5922] rdma_op ffff8880236ce9f0 conn xmit_rdma 0000000000000000 [ 99.061192][ T5921] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.081856][ T5919] netlink: 8 bytes leftover after parsing attributes in process `syz.3.19'. [ 99.091119][ T5919] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (1136) [ 99.100958][ T5919] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023 [ 99.209261][ T5921] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.519387][ T5921] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.826495][ T5929] netlink: 'syz.2.22': attribute type 4 has an invalid length. [ 100.030116][ T5921] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.378483][ T5936] loop1: detected capacity change from 0 to 512 [ 100.388507][ T5936] ======================================================= [ 100.388507][ T5936] WARNING: The mand mount option has been deprecated and [ 100.388507][ T5936] and is ignored by this kernel. Remove the mand [ 100.388507][ T5936] option from the mount to silence this warning. [ 100.388507][ T5936] ======================================================= [ 100.614702][ T5936] EXT4-fs (loop1): failed to initialize system zone (-117) [ 100.622759][ T5936] EXT4-fs (loop1): mount failed [ 100.834655][ T5934] loop2: detected capacity change from 0 to 8192 [ 101.078457][ T28] audit: type=1800 audit(1768580739.988:57): pid=5934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.23" name="bus" dev="loop2" ino=1048593 res=0 errno=0 [ 101.161183][ T5921] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.201536][ T5921] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.219501][ T5921] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.237643][ T5921] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.732873][ T5941] loop3: detected capacity change from 0 to 4096 [ 101.939650][ T5941] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.100529][ T5945] hub 9-0:1.0: USB hub found [ 102.105725][ T28] audit: type=1800 audit(1768580741.008:58): pid=5941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.24" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 102.116451][ T5945] hub 9-0:1.0: 1 port detected [ 102.520292][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.652466][ T5951] loop2: detected capacity change from 0 to 512 [ 102.817356][ T5951] EXT4-fs: Ignoring removed bh option [ 102.853620][ T5951] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 103.025736][ T5956] loop3: detected capacity change from 0 to 128 [ 103.150368][ T5951] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz.2.28: invalid block [ 103.180488][ T5956] syz.3.27: attempt to access beyond end of device [ 103.180488][ T5956] loop3: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 103.204782][ T5956] syz.3.27: attempt to access beyond end of device [ 103.204782][ T5956] loop3: rw=2049, sector=142, nr_sectors = 2 limit=128 [ 103.218791][ T5956] Buffer I/O error on dev loop3, logical block 71, lost async page write [ 103.339950][ T5951] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.28: invalid indirect mapped block 4294967295 (level 1) [ 103.419233][ T5951] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.28: invalid indirect mapped block 4294967295 (level 1) [ 103.438849][ T5951] EXT4-fs (loop2): 2 truncates cleaned up [ 103.445997][ T5951] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.535221][ T5951] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm syz.2.28: bg 0: block 5: invalid block bitmap [ 103.785724][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.023852][ T5960] rdma_op ffff88807e1de9f0 conn xmit_rdma 0000000000000000 [ 104.230245][ T5964] loop3: detected capacity change from 0 to 512 [ 104.260268][ T5964] EXT4-fs: Ignoring removed bh option [ 104.325933][ T5964] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 104.365027][ T5964] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.42: invalid indirect mapped block 4294967295 (level 1) [ 104.423717][ T5964] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.42: invalid indirect mapped block 4294967295 (level 1) [ 104.502246][ T5970] loop2: detected capacity change from 0 to 512 [ 104.651906][ T5970] EXT4-fs (loop2): failed to initialize system zone (-117) [ 104.660591][ T5970] EXT4-fs (loop2): mount failed [ 104.908823][ T5964] EXT4-fs (loop3): 2 truncates cleaned up [ 105.135739][ T5964] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.256605][ T5964] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm syz.3.42: bg 0: block 5: invalid block bitmap [ 105.669572][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.136348][ T5979] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.158428][ T5978] netlink: 8 bytes leftover after parsing attributes in process `syz.1.34'. [ 106.167658][ T5978] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (1136) [ 106.177440][ T5978] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023 [ 106.313432][ T5979] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.411483][ T5979] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.503171][ T5979] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.608140][ T5979] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.628189][ T5979] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.646513][ T5979] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.664593][ T5979] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.538973][ T5992] loop1: detected capacity change from 0 to 128 [ 107.577316][ T5992] syz.1.41: attempt to access beyond end of device [ 107.577316][ T5992] loop1: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 107.598765][ T5992] syz.1.41: attempt to access beyond end of device [ 107.598765][ T5992] loop1: rw=2049, sector=142, nr_sectors = 2 limit=128 [ 107.612303][ T5992] Buffer I/O error on dev loop1, logical block 71, lost async page write [ 108.404252][ T5995] netlink: 'syz.2.44': attribute type 4 has an invalid length. [ 108.450415][ T5999] rdma_op ffff88804c4c59f0 conn xmit_rdma 0000000000000000 [ 108.653082][ T28] audit: type=1326 audit(1768580747.568:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6002 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 108.706245][ T28] audit: type=1326 audit(1768580747.568:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6002 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 108.753222][ T28] audit: type=1326 audit(1768580747.568:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6002 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 108.806265][ T28] audit: type=1326 audit(1768580747.568:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6002 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 108.906399][ T28] audit: type=1326 audit(1768580747.568:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6002 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 109.066194][ T28] audit: type=1326 audit(1768580747.568:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6002 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 110.260094][ T28] audit: type=1326 audit(1768580747.568:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6002 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 110.282593][ T28] audit: type=1326 audit(1768580747.568:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6002 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 110.305811][ T28] audit: type=1326 audit(1768580747.568:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6002 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 110.328434][ T28] audit: type=1326 audit(1768580747.568:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6002 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 110.534012][ T5915] Set syz1 is full, maxelem 65536 reached [ 110.923963][ T6016] tipc: Started in network mode [ 110.929199][ T6016] tipc: Node identity 76ae319999e1, cluster identity 4711 [ 110.937782][ T6016] tipc: Enabled bearer , priority 0 [ 111.027913][ T6021] loop0: detected capacity change from 0 to 128 [ 111.316264][ T6021] syz.0.52: attempt to access beyond end of device [ 111.316264][ T6021] loop0: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 111.334514][ T6021] syz.0.52: attempt to access beyond end of device [ 111.334514][ T6021] loop0: rw=2049, sector=142, nr_sectors = 2 limit=128 [ 111.349380][ T6021] Buffer I/O error on dev loop0, logical block 71, lost async page write [ 111.432985][ T6019] syzkaller0: entered promiscuous mode [ 111.438848][ T6019] syzkaller0: entered allmulticast mode [ 111.445387][ T6019] tipc: Resetting bearer [ 111.477789][ T6014] tipc: Resetting bearer [ 112.048530][ T6034] loop0: detected capacity change from 0 to 4096 [ 112.090865][ T6034] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.269986][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.215329][ T6014] tipc: Disabling bearer [ 114.235177][ T6032] netlink: 'syz.2.56': attribute type 4 has an invalid length. [ 114.243205][ T5756] tipc: Node number set to 4014944665 [ 114.391060][ T6050] vlan2: entered allmulticast mode [ 114.419949][ T6050] veth1: entered allmulticast mode [ 114.579088][ T6058] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 ! [ 114.730397][ T6061] loop1: detected capacity change from 0 to 128 [ 114.774223][ T6061] syz.1.64: attempt to access beyond end of device [ 114.774223][ T6061] loop1: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 114.797501][ T6061] syz.1.64: attempt to access beyond end of device [ 114.797501][ T6061] loop1: rw=2049, sector=142, nr_sectors = 2 limit=128 [ 114.810894][ T6061] Buffer I/O error on dev loop1, logical block 71, lost async page write [ 115.052727][ T6063] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.122649][ T6067] loop3: detected capacity change from 0 to 512 [ 115.154984][ T6067] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c018, mo2=0002] [ 115.183391][ T6067] EXT4-fs (loop3): orphan cleanup on readonly fs [ 115.194175][ T6063] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.227713][ T6067] EXT4-fs warning (device loop3): ext4_enable_quotas:7184: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 115.248148][ T6067] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 115.267002][ T6067] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #13: comm syz.3.68: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 115.291074][ T6067] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.68: couldn't read orphan inode 13 (err -117) [ 115.312281][ T6067] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 115.328511][ T6063] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.351982][ T6067] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 115.364079][ T6067] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c018, mo2=0002] [ 115.491226][ T6067] EXT4-fs warning (device loop3): ext4_enable_quotas:7184: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 115.521638][ T6063] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.654539][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.677548][ T6073] loop1: detected capacity change from 0 to 512 [ 115.758324][ T6073] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.69: error while reading EA inode 32 err=-116 [ 115.869734][ T6063] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.882323][ T6073] EXT4-fs (loop1): Remounting filesystem read-only [ 115.905687][ T6073] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2852: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 115.911126][ T6080] netlink: 4 bytes leftover after parsing attributes in process `syz.2.72'. [ 115.970708][ T6063] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.979176][ T6073] EXT4-fs warning (device loop1): ext4_evict_inode:255: couldn't mark inode dirty (err -5) [ 115.997365][ T6073] EXT4-fs (loop1): 1 orphan inode deleted [ 116.004550][ T6073] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.045616][ T6063] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.074930][ T6082] netlink: 'syz.3.71': attribute type 4 has an invalid length. [ 116.210503][ T6087] loop2: detected capacity change from 0 to 512 [ 116.228415][ T6087] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 116.247056][ T6087] EXT4-fs (loop2): orphan cleanup on readonly fs [ 116.254942][ T6087] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:512: comm syz.2.75: Block bitmap for bg 0 marked uninitialized [ 116.273064][ T6087] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6653: Corrupt filesystem [ 116.284468][ T6087] EXT4-fs (loop2): 1 orphan inode deleted [ 116.298344][ T6087] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 116.439457][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.494923][ T6063] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.692394][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.137542][ T6103] loop2: detected capacity change from 0 to 128 [ 117.158479][ T6107] loop3: detected capacity change from 0 to 4096 [ 117.190845][ T6103] syz.2.78: attempt to access beyond end of device [ 117.190845][ T6103] loop2: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 117.217928][ T6103] syz.2.78: attempt to access beyond end of device [ 117.217928][ T6103] loop2: rw=2049, sector=142, nr_sectors = 2 limit=128 [ 117.231884][ T6103] Buffer I/O error on dev loop2, logical block 71, lost async page write [ 117.259784][ T6107] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.604995][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.025118][ T6118] (null): rxe_set_mtu: Set mtu to 256 [ 118.056680][ T6118] lo speed is unknown, defaulting to 1000 [ 118.077543][ T6121] netlink: 40 bytes leftover after parsing attributes in process `syz.2.88'. [ 118.092078][ T6118] lo speed is unknown, defaulting to 1000 [ 118.109462][ T6118] lo speed is unknown, defaulting to 1000 [ 118.116952][ T6119] netlink: 'syz.1.86': attribute type 4 has an invalid length. [ 118.426341][ T6125] usb usb8: usbfs: process 6125 (syz.2.90) did not claim interface 0 before use [ 118.559089][ T6118] infiniband syz1: set down [ 118.576273][ T6118] infiniband syz1: added lo [ 118.654307][ T23] lo speed is unknown, defaulting to 1000 [ 118.818427][ T6118] RDS/IB: syz1: added [ 118.854672][ T6118] smc: adding ib device syz1 with port count 1 [ 118.891410][ T6118] smc: ib device syz1 port 1 has pnetid [ 118.904995][ T6133] loop2: detected capacity change from 0 to 1024 [ 118.934392][ T6133] EXT4-fs: inline encryption not supported [ 118.940424][ T23] lo speed is unknown, defaulting to 1000 [ 118.962215][ T6118] lo speed is unknown, defaulting to 1000 [ 118.964555][ T6133] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 119.038826][ T6133] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.107812][ T28] kauditd_printk_skb: 28 callbacks suppressed [ 119.107827][ T28] audit: type=1800 audit(1768580758.028:97): pid=6133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.92" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 119.135794][ T6135] loop1: detected capacity change from 0 to 4096 [ 119.230911][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.256780][ T6135] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.518676][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.589940][ T6118] lo speed is unknown, defaulting to 1000 [ 120.097355][ T6155] loop1: detected capacity change from 0 to 512 [ 120.256809][ T6155] EXT4-fs (loop1): failed to initialize system zone (-117) [ 120.264673][ T6155] EXT4-fs (loop1): mount failed [ 120.805690][ T5778] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 120.926292][ T6118] lo speed is unknown, defaulting to 1000 [ 121.116629][ T6164] hub 9-0:1.0: USB hub found [ 121.137016][ T6164] hub 9-0:1.0: 1 port detected [ 121.239564][ T6167] netlink: 'syz.1.102': attribute type 4 has an invalid length. [ 121.359938][ T6118] lo speed is unknown, defaulting to 1000 [ 121.702512][ T6146] lo speed is unknown, defaulting to 1000 [ 122.137651][ T6182] 9pnet_fd: Insufficient options for proto=fd [ 122.228535][ T28] audit: type=1326 audit(1768580761.148:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 122.306296][ T28] audit: type=1326 audit(1768580761.168:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 122.354919][ T28] audit: type=1326 audit(1768580761.168:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 122.389822][ T28] audit: type=1326 audit(1768580761.168:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 122.415892][ T28] audit: type=1326 audit(1768580761.168:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 122.443412][ T28] audit: type=1326 audit(1768580761.168:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 122.479233][ T28] audit: type=1326 audit(1768580761.168:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 122.511756][ T28] audit: type=1326 audit(1768580761.168:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 122.543464][ T28] audit: type=1326 audit(1768580761.168:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 123.003099][ T6191] mmap: syz.0.111 (6191) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 123.286450][ T6194] loop1: detected capacity change from 0 to 512 [ 123.330352][ T6194] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 123.361713][ T6199] loop3: detected capacity change from 0 to 1024 [ 123.407157][ T6199] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 123.432726][ T6194] EXT4-fs (loop1): 1 orphan inode deleted [ 123.438821][ T6194] EXT4-fs (loop1): 1 truncate cleaned up [ 123.442346][ T6199] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.469361][ T6194] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.772892][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.820419][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 123.832854][ T6197] netlink: 'syz.0.114': attribute type 4 has an invalid length. [ 124.117100][ T28] kauditd_printk_skb: 217 callbacks suppressed [ 124.117116][ T28] audit: type=1326 audit(1768580763.038:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6209 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 124.186494][ T28] audit: type=1326 audit(1768580763.068:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6209 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 124.250430][ T28] audit: type=1326 audit(1768580763.068:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6209 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 124.286253][ T28] audit: type=1326 audit(1768580763.068:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6209 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 124.336278][ T28] audit: type=1326 audit(1768580763.068:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6209 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 124.389353][ T28] audit: type=1326 audit(1768580763.068:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6209 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 124.432224][ T6214] netlink: 4 bytes leftover after parsing attributes in process `syz.3.120'. [ 124.467390][ T28] audit: type=1326 audit(1768580763.068:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6209 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 124.509708][ T28] audit: type=1326 audit(1768580763.068:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6209 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 124.585750][ T28] audit: type=1326 audit(1768580763.068:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6209 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 124.626263][ T28] audit: type=1326 audit(1768580763.068:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6209 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 125.371647][ T6230] loop2: detected capacity change from 0 to 512 [ 125.570338][ T6230] EXT4-fs (loop2): failed to initialize system zone (-117) [ 125.578421][ T6230] EXT4-fs (loop2): mount failed [ 126.752651][ T6248] netlink: 16 bytes leftover after parsing attributes in process `syz.0.128'. [ 127.024545][ T6252] netlink: 'syz.2.129': attribute type 27 has an invalid length. [ 127.104425][ T6255] loop2: detected capacity change from 0 to 512 [ 127.127162][ T6255] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 127.169440][ T6255] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002] [ 127.191260][ T6255] System zones: 1-12 [ 127.207746][ T6255] EXT4-fs (loop2): 1 truncate cleaned up [ 127.235349][ T6255] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.507383][ T6261] netlink: 40 bytes leftover after parsing attributes in process `syz.3.130'. [ 127.757857][ T6261] netlink: 40 bytes leftover after parsing attributes in process `syz.3.130'. [ 127.840068][ T6252] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.849427][ T6252] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.027131][ T6261] netlink: 40 bytes leftover after parsing attributes in process `syz.3.130'. [ 128.178456][ T6252] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 128.195325][ T6252] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 129.119834][ T6299] loop3: detected capacity change from 0 to 512 [ 129.288421][ T6299] EXT4-fs (loop3): failed to initialize system zone (-117) [ 129.296513][ T6299] EXT4-fs (loop3): mount failed [ 129.884600][ T6252] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.897644][ T6252] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.908342][ T6252] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.919992][ T6252] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.222965][ T6264] bridge0: port 3(ipvlan2) entered blocking state [ 130.229742][ T6264] bridge0: port 3(ipvlan2) entered disabled state [ 130.238998][ T6264] ipvlan2: entered allmulticast mode [ 130.244363][ T6264] bridge0: entered allmulticast mode [ 130.252574][ T6264] ipvlan2: left allmulticast mode [ 130.259660][ T6264] bridge0: left allmulticast mode [ 130.354072][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.412158][ T6304] loop3: detected capacity change from 0 to 512 [ 130.445067][ T6304] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 130.502200][ T6304] EXT4-fs (loop3): 1 orphan inode deleted [ 130.513477][ T6304] EXT4-fs (loop3): 1 truncate cleaned up [ 130.537641][ T6304] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 130.570019][ T6309] @: renamed from vlan0 [ 130.601217][ T6304] EXT4-fs error (device loop3): htree_dirblock_to_tree:1112: inode #2: block 255: comm syz.3.136: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 130.919875][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.139622][ T6324] loop2: detected capacity change from 0 to 1024 [ 131.167427][ T6324] EXT4-fs: Ignoring removed nomblk_io_submit option [ 131.231736][ T6324] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.297484][ T6333] loop3: detected capacity change from 0 to 764 [ 131.500403][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.848180][ T6348] IPv6: NLM_F_CREATE should be specified when creating new route [ 132.056462][ T6353] bridge0: port 3(macsec1) entered blocking state [ 132.106785][ T6353] bridge0: port 3(macsec1) entered disabled state [ 132.113531][ T6353] macsec1: entered allmulticast mode [ 132.127576][ T6353] bridge0: entered allmulticast mode [ 132.154933][ T6353] macsec1: left allmulticast mode [ 132.163871][ T6353] bridge0: left allmulticast mode [ 133.084330][ T6387] (null): rxe_set_mtu: Set mtu to 256 [ 133.104903][ T6387] vcan0 speed is unknown, defaulting to 1000 [ 133.121414][ T6387] vcan0 speed is unknown, defaulting to 1000 [ 133.156995][ T6387] vcan0 speed is unknown, defaulting to 1000 [ 133.188380][ T6393] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 133.217819][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.224775][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.509404][ T6400] loop3: detected capacity change from 0 to 512 [ 133.655687][ T6400] EXT4-fs (loop3): failed to initialize system zone (-117) [ 133.663669][ T6400] EXT4-fs (loop3): mount failed [ 134.474824][ T6387] infiniband syz0: set active [ 134.479764][ T6287] vcan0 speed is unknown, defaulting to 1000 [ 134.506220][ T6387] infiniband syz0: added vcan0 [ 134.521214][ T6387] syz0: rxe_create_cq: returned err = -12 [ 134.547434][ T6387] infiniband syz0: Couldn't create ib_mad CQ [ 134.567166][ T6387] infiniband syz0: Couldn't open port 1 [ 134.638816][ T6387] RDS/IB: syz0: added [ 134.642950][ T6387] smc: adding ib device syz0 with port count 1 [ 134.658652][ T6417] lo speed is unknown, defaulting to 1000 [ 134.671849][ T6387] smc: ib device syz0 port 1 has pnetid [ 134.679272][ T6287] vcan0 speed is unknown, defaulting to 1000 [ 134.688586][ T6387] vcan0 speed is unknown, defaulting to 1000 [ 135.292935][ T6387] vcan0 speed is unknown, defaulting to 1000 [ 135.738696][ T6417] vcan0 speed is unknown, defaulting to 1000 [ 135.753262][ T6441] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.170' sets config #1 [ 136.202771][ T6387] vcan0 speed is unknown, defaulting to 1000 [ 136.213989][ T6453] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 136.222067][ T6453] IPv6: NLM_F_CREATE should be set when creating new route [ 136.229424][ T6453] IPv6: NLM_F_CREATE should be set when creating new route [ 136.838292][ T6464] loop1: detected capacity change from 0 to 512 [ 136.973966][ T6464] EXT4-fs (loop1): failed to initialize system zone (-117) [ 136.981947][ T6464] EXT4-fs (loop1): mount failed [ 137.676278][ T6387] vcan0 speed is unknown, defaulting to 1000 [ 138.400870][ T6489] loop0: detected capacity change from 0 to 512 [ 138.429103][ T6489] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 138.485225][ T6493] netlink: 8 bytes leftover after parsing attributes in process `syz.1.181'. [ 138.500420][ T6489] EXT4-fs (loop0): 1 orphan inode deleted [ 138.508480][ T6489] EXT4-fs (loop0): 1 truncate cleaned up [ 138.514369][ T6493] netlink: 12 bytes leftover after parsing attributes in process `syz.1.181'. [ 138.587369][ T28] kauditd_printk_skb: 86 callbacks suppressed [ 138.587383][ T28] audit: type=1326 audit(1768580777.508:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6494 comm="syz.3.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 138.593744][ T6489] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.644074][ T6493] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.653054][ T6493] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.661892][ T6493] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.670448][ T6493] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.696301][ T28] audit: type=1326 audit(1768580777.538:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6494 comm="syz.3.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 138.721884][ T28] audit: type=1326 audit(1768580777.538:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6494 comm="syz.3.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 138.766875][ T28] audit: type=1326 audit(1768580777.538:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6494 comm="syz.3.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 138.821582][ T28] audit: type=1326 audit(1768580777.558:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6494 comm="syz.3.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 138.876839][ T6489] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 255: comm syz.0.179: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 138.992227][ T6499] loop3: detected capacity change from 0 to 512 [ 139.011522][ T6499] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' [ 139.087078][ T6499] EXT4-fs: error: could not find journal device path [ 139.141372][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.727034][ T6514] loop3: detected capacity change from 0 to 512 [ 139.921359][ T6514] EXT4-fs (loop3): failed to initialize system zone (-117) [ 139.929381][ T6514] EXT4-fs (loop3): mount failed [ 140.515465][ T6521] pimreg: entered allmulticast mode [ 140.547844][ T6521] pimreg: left allmulticast mode [ 140.913930][ T6534] ip6t_rpfilter: unknown options [ 141.250154][ T6535] lo speed is unknown, defaulting to 1000 [ 141.669546][ T6536] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 141.813034][ T6535] vcan0 speed is unknown, defaulting to 1000 [ 142.507523][ T6555] loop1: detected capacity change from 0 to 512 [ 142.637037][ T6555] EXT4-fs (loop1): failed to initialize system zone (-117) [ 142.638788][ T6555] EXT4-fs (loop1): mount failed [ 143.111988][ T6553] loop3: detected capacity change from 0 to 2048 [ 143.351752][ T6553] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.419691][ T6553] EXT4-fs error (device loop3): ext4_ext_precache:627: inode #2: comm syz.3.202: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 143.446936][ T6553] EXT4-fs (loop3): Remounting filesystem read-only [ 143.585845][ T6563] loop1: detected capacity change from 0 to 4096 [ 143.608750][ T6563] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.652138][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.681249][ T28] audit: type=1800 audit(1768580782.598:425): pid=6563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.204" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 143.792188][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.098545][ T6576] binfmt_misc: register: failed to install interpreter file ./file0 [ 144.531485][ T6586] loop0: detected capacity change from 0 to 1024 [ 144.551187][ T6586] EXT4-fs: Ignoring removed orlov option [ 144.566391][ T6584] netlink: 4 bytes leftover after parsing attributes in process `syz.1.211'. [ 144.651579][ T6586] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.912172][ T6595] netlink: 332 bytes leftover after parsing attributes in process `syz.3.214'. [ 144.953499][ T6584] hsr_slave_1 (unregistering): left promiscuous mode [ 144.975225][ T6586] netlink: 'syz.0.212': attribute type 10 has an invalid length. [ 145.053440][ T6586] team0: Port device dummy0 added [ 145.061499][ T6592] netlink: 'syz.0.212': attribute type 10 has an invalid length. [ 145.083736][ T6592] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 145.122274][ T6592] team0: Failed to send options change via netlink (err -105) [ 145.131146][ T6592] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 145.142679][ T6592] team0: Port device dummy0 removed [ 145.154778][ T6592] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 145.164133][ T6601] netlink: 28 bytes leftover after parsing attributes in process `syz.3.216'. [ 145.186192][ T6601] netlink: 28 bytes leftover after parsing attributes in process `syz.3.216'. [ 145.230613][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.440838][ T6610] netlink: 44 bytes leftover after parsing attributes in process `syz.2.221'. [ 145.476278][ T6610] netlink: 84 bytes leftover after parsing attributes in process `syz.2.221'. [ 145.609808][ T6613] netlink: 766 bytes leftover after parsing attributes in process `syz.1.222'. [ 145.750040][ T6620] xfrm1: entered promiscuous mode [ 145.923454][ T28] audit: type=1326 audit(1768580784.838:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6623 comm="syz.2.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 145.967123][ T28] audit: type=1326 audit(1768580784.838:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6623 comm="syz.2.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 145.996426][ T28] audit: type=1326 audit(1768580784.878:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6623 comm="syz.2.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 146.020548][ T28] audit: type=1326 audit(1768580784.878:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6623 comm="syz.2.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 146.046661][ T28] audit: type=1326 audit(1768580784.878:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6623 comm="syz.2.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 146.073616][ T28] audit: type=1326 audit(1768580784.908:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6623 comm="syz.2.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 146.172716][ T6626] loop1: detected capacity change from 0 to 512 [ 146.191187][ T6626] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 146.214959][ T6626] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 146.247228][ T28] audit: type=1326 audit(1768580785.158:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6623 comm="syz.2.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 146.299564][ T6628] netlink: 4 bytes leftover after parsing attributes in process `syz.3.228'. [ 146.350207][ T6626] EXT4-fs (loop1): 1 truncate cleaned up [ 146.353313][ T28] audit: type=1326 audit(1768580785.158:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6623 comm="syz.2.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd41d7865e7 code=0x7ffc0000 [ 146.380505][ T28] audit: type=1326 audit(1768580785.158:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6623 comm="syz.2.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd41d72b829 code=0x7ffc0000 [ 146.389420][ T6626] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 146.475272][ T5778] udevd[5778]: failed to send result of seq 11547 to main daemon: Connection refused [ 146.543906][ T6628] hsr_slave_1 (unregistering): left promiscuous mode [ 146.608107][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.862949][ T6642] loop2: detected capacity change from 0 to 1024 [ 146.879271][ T6642] EXT4-fs: Ignoring removed bh option [ 146.916769][ T6642] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.133082][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.175525][ T6651] loop6: detected capacity change from 0 to 7 [ 147.190451][ T6651] Dev loop6: unable to read RDB block 7 [ 147.198089][ T6651] loop6: unable to read partition table [ 147.204024][ T6651] loop6: partition table beyond EOD, truncated [ 147.214877][ T6651] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 147.661568][ T6662] syzkaller0: entered promiscuous mode [ 147.680485][ T6662] syzkaller0: entered allmulticast mode [ 147.701752][ T6671] netlink: 4 bytes leftover after parsing attributes in process `syz.2.242'. [ 147.901661][ T6677] loop1: detected capacity change from 0 to 512 [ 148.004657][ T6677] EXT4-fs (loop1): failed to initialize system zone (-117) [ 148.012935][ T6677] EXT4-fs (loop1): mount failed [ 148.061257][ T6671] hsr_slave_1 (unregistering): left promiscuous mode [ 148.707352][ T6686] loop1: detected capacity change from 0 to 512 [ 148.735199][ T6687] loop0: detected capacity change from 0 to 1024 [ 148.744257][ T6687] EXT4-fs: Ignoring removed bh option [ 148.768894][ T6686] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.245: error while reading EA inode 32 err=-116 [ 148.801451][ T6686] EXT4-fs (loop1): Remounting filesystem read-only [ 148.830024][ T6686] EXT4-fs warning (device loop1): ext4_evict_inode:255: couldn't mark inode dirty (err -5) [ 148.831130][ T6687] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.840737][ T6686] EXT4-fs (loop1): 1 orphan inode deleted [ 148.859767][ T6686] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.892078][ T6686] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.102183][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.560673][ T6698] loop0: detected capacity change from 0 to 2048 [ 149.628238][ T6698] loop0: p1 p3 p4 [ 149.661699][ T6698] loop0: p4 size 589824 extends beyond EOD, truncated [ 149.868882][ T6700] FAT-fs (loop0p1): bogus number of reserved sectors [ 149.880585][ T6700] FAT-fs (loop0p1): Can't find a valid FAT filesystem [ 151.185937][ T28] kauditd_printk_skb: 97 callbacks suppressed [ 151.185952][ T28] audit: type=1326 audit(1768580790.098:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.2.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 151.268145][ T28] audit: type=1326 audit(1768580790.138:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.2.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 151.309432][ T28] audit: type=1326 audit(1768580790.138:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.2.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 151.361475][ T28] audit: type=1326 audit(1768580790.138:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.2.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 151.414069][ T28] audit: type=1326 audit(1768580790.138:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.2.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 151.454435][ T28] audit: type=1326 audit(1768580790.138:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.2.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 151.485542][ T6714] loop0: detected capacity change from 0 to 164 [ 151.494213][ T28] audit: type=1326 audit(1768580790.138:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6702 comm="syz.2.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd41d78f749 code=0x7ffc0000 [ 151.500121][ T6709] loop2: detected capacity change from 0 to 2048 [ 151.610823][ T6709] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 151.651460][ T28] audit: type=1800 audit(1768580790.568:539): pid=6709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.253" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 151.658252][ T6714] lo speed is unknown, defaulting to 1000 [ 151.752080][ T6719] loop0: detected capacity change from 0 to 2048 [ 151.945373][ T6726] loop3: detected capacity change from 0 to 512 [ 151.965260][ T6726] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 151.993172][ T6726] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 152.018748][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.033117][ T6726] EXT4-fs (loop3): 1 truncate cleaned up [ 152.042806][ T6726] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.178592][ T6714] vcan0 speed is unknown, defaulting to 1000 [ 152.185021][ T6719] Alternate GPT is invalid, using primary GPT. [ 152.193170][ T6719] loop0: p2 p3 p7 [ 152.371659][ T5765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.813845][ T6751] netlink: 12 bytes leftover after parsing attributes in process `syz.3.270'. [ 153.104995][ T28] audit: type=1326 audit(1768580792.018:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6758 comm="syz.3.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 153.130597][ T6760] xt_CT: No such helper "pptp" [ 153.154501][ T28] audit: type=1326 audit(1768580792.018:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6758 comm="syz.3.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 153.351252][ T6770] netlink: 'syz.1.277': attribute type 1 has an invalid length. [ 153.379312][ T6770] bond1: entered promiscuous mode [ 153.384733][ T6770] 8021q: adding VLAN 0 to HW filter on device bond1 [ 153.463176][ T6772] lo speed is unknown, defaulting to 1000 [ 153.685239][ T6772] vcan0 speed is unknown, defaulting to 1000 [ 154.034817][ T6783] syz.3.281[6783] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 154.037116][ T6783] syz.3.281[6783] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 154.340845][ T6785] loop2: detected capacity change from 0 to 2048 [ 154.390889][ T6785] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.429571][ T6785] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.568016][ T6785] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.283: bg 0: block 345: padding at end of block bitmap is not set [ 154.609526][ T6785] EXT4-fs (loop2): Remounting filesystem read-only [ 154.622513][ T6785] EXT4-fs warning (device loop2): ext4_xattr_inode_lookup_create:1606: inode #18: comm syz.2.283: cleanup dec ref error -117 [ 154.751272][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.992435][ T6801] loop0: detected capacity change from 0 to 512 [ 155.030097][ T6805] capability: warning: `syz.1.289' uses 32-bit capabilities (legacy support in use) [ 155.056060][ T6801] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 155.081725][ T6801] EXT4-fs (loop0): 1 orphan inode deleted [ 155.087668][ T6801] EXT4-fs (loop0): 1 truncate cleaned up [ 155.094890][ T6801] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.273312][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.370360][ T6814] futex_wake_op: syz.2.293 tries to shift op by -3; fix this program [ 155.451859][ T6814] loop2: detected capacity change from 0 to 512 [ 155.487445][ T6814] EXT4-fs: Ignoring removed orlov option [ 155.543408][ T6814] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 155.712659][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.782072][ T6827] netlink: 8 bytes leftover after parsing attributes in process `syz.0.299'. [ 155.794742][ T6827] netlink: 4 bytes leftover after parsing attributes in process `syz.0.299'. [ 156.210263][ T28] kauditd_printk_skb: 38 callbacks suppressed [ 156.210279][ T28] audit: type=1326 audit(1768580795.128:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6842 comm="syz.1.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 156.292196][ T6845] loop3: detected capacity change from 0 to 764 [ 156.298698][ T28] audit: type=1326 audit(1768580795.128:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6842 comm="syz.1.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 156.357529][ T28] audit: type=1326 audit(1768580795.128:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6842 comm="syz.1.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 156.382104][ T28] audit: type=1326 audit(1768580795.128:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6842 comm="syz.1.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 156.407256][ T6845] rock: directory entry would overflow storage [ 156.427637][ T6845] rock: sig=0x4f50, size=4, remaining=3 [ 156.434343][ T6845] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 156.453548][ T28] audit: type=1326 audit(1768580795.158:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6842 comm="syz.1.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 156.509633][ T28] audit: type=1326 audit(1768580795.158:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6842 comm="syz.1.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 156.546755][ T28] audit: type=1326 audit(1768580795.158:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6842 comm="syz.1.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 156.578033][ T28] audit: type=1326 audit(1768580795.158:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6842 comm="syz.1.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 156.614605][ T28] audit: type=1326 audit(1768580795.158:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6842 comm="syz.1.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 156.650695][ T28] audit: type=1326 audit(1768580795.158:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6842 comm="syz.1.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe59078f749 code=0x7ffc0000 [ 156.744849][ T6854] warning: `syz.1.312' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 158.270857][ T6889] loop1: detected capacity change from 0 to 1024 [ 158.307199][ T6889] EXT4-fs: Ignoring removed orlov option [ 158.381504][ T6889] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 158.537227][ T6889] netlink: 'syz.1.322': attribute type 10 has an invalid length. [ 158.623986][ T6889] team0: Port device dummy0 added [ 158.643155][ T6900] netlink: 'syz.1.322': attribute type 10 has an invalid length. [ 158.688916][ T6900] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 158.770288][ T6900] team0: Failed to send options change via netlink (err -105) [ 158.795937][ T6900] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 158.857379][ T6900] team0: Port device dummy0 removed [ 158.897140][ T6900] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 159.079282][ T6909] netlink: 4 bytes leftover after parsing attributes in process `syz.0.331'. [ 159.115231][ C1] vxcan0: j1939_session_tx_dat: 0xffff88805ebe2000: queue data error: -100 [ 159.369257][ T6913] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 159.509385][ T6915] netlink: 'syz.2.334': attribute type 1 has an invalid length. [ 159.528675][ T6915] netlink: 'syz.2.334': attribute type 4 has an invalid length. [ 159.541320][ T6915] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.334'. [ 159.553920][ T6915] netlink: 'syz.2.334': attribute type 1 has an invalid length. [ 159.566243][ T6915] netlink: 'syz.2.334': attribute type 4 has an invalid length. [ 159.575228][ T6915] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.334'. [ 159.941714][ T6885] syz.1.322: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 159.964850][ T6885] CPU: 1 PID: 6885 Comm: syz.1.322 Not tainted syzkaller #0 [ 159.972216][ T6885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 159.982338][ T6885] Call Trace: [ 159.985665][ T6885] [ 159.988642][ T6885] dump_stack_lvl+0x16c/0x230 [ 159.993366][ T6885] ? show_regs_print_info+0x20/0x20 [ 159.998610][ T6885] ? load_image+0x3b0/0x3b0 [ 160.003173][ T6885] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 160.009639][ T6885] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 160.016195][ T6885] warn_alloc+0x210/0x300 [ 160.020592][ T6885] ? zone_watermark_ok_safe+0x230/0x230 [ 160.026202][ T6885] ? _raw_spin_unlock+0x28/0x40 [ 160.031111][ T6885] __vmalloc_node_range+0x662/0x1320 [ 160.036479][ T6885] ? free_vm_area+0x50/0x50 [ 160.041036][ T6885] ? _raw_spin_unlock+0x28/0x40 [ 160.045954][ T6885] ? __kasan_kmalloc+0x8f/0xa0 [ 160.050779][ T6885] __vmalloc_node_range+0x568/0x1320 [ 160.056199][ T6885] ? hash_netiface_create+0x361/0xff0 [ 160.061630][ T6885] ? __asan_memset+0x22/0x40 [ 160.066299][ T6885] ? free_vm_area+0x50/0x50 [ 160.070947][ T6885] ? kvmalloc_node+0x70/0x180 [ 160.075677][ T6885] ? rcu_is_watching+0x15/0xb0 [ 160.080496][ T6885] ? kvmalloc_node+0x70/0x180 [ 160.085226][ T6885] ? trace_kmalloc+0x1f/0xa0 [ 160.089969][ T6885] kvmalloc_node+0x13f/0x180 [ 160.094605][ T6885] ? hash_netiface_create+0x361/0xff0 [ 160.100037][ T6885] hash_netiface_create+0x361/0xff0 [ 160.105296][ T6885] ? __lock_acquire+0x7c80/0x7c80 [ 160.110426][ T6885] ? __nla_parse+0x40/0x50 [ 160.114902][ T6885] ? hash_netport6_gc+0x570/0x570 [ 160.119997][ T6885] ip_set_create+0xa87/0x18e0 [ 160.124818][ T6885] ? ip_set_create+0x4b2/0x18e0 [ 160.129730][ T6885] ? ip_set_protocol+0x5d0/0x5d0 [ 160.134754][ T6885] ? trace_contention_end+0x39/0xe0 [ 160.140073][ T6885] nfnetlink_rcv_msg+0xb49/0x1130 [ 160.145169][ T6885] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 160.151325][ T6885] ? nfnetlink_rcv_msg+0x20e/0x1130 [ 160.156614][ T6885] ? nfnetlink_unbind+0x160/0x160 [ 160.161725][ T6885] ? __dev_queue_xmit+0x1a55/0x3580 [ 160.166976][ T6885] ? __netlink_deliver_tap+0x5ab/0x830 [ 160.172485][ T6885] ? netlink_deliver_tap+0x19c/0x1b0 [ 160.177820][ T6885] ? netlink_unicast+0x72c/0x8d0 [ 160.182814][ T6885] ? netlink_sendmsg+0x8c1/0xbe0 [ 160.187809][ T6885] ? ____sys_sendmsg+0x5bf/0x950 [ 160.192809][ T6885] ? ___sys_sendmsg+0x220/0x290 [ 160.197715][ T6885] ? __se_sys_sendmsg+0x1a5/0x270 [ 160.202783][ T6885] ? do_syscall_64+0x55/0xb0 [ 160.207525][ T6885] netlink_rcv_skb+0x216/0x480 [ 160.212426][ T6885] ? nfnetlink_unbind+0x160/0x160 [ 160.217516][ T6885] ? netlink_ack+0x1110/0x1110 [ 160.222344][ T6885] ? apparmor_capable+0x137/0x1a0 [ 160.227426][ T6885] ? bpf_lsm_capable+0x9/0x10 [ 160.232170][ T6885] ? security_capable+0x89/0xb0 [ 160.237118][ T6885] nfnetlink_rcv+0x274/0x2180 [ 160.241860][ T6885] ? __local_bh_enable_ip+0x12e/0x1c0 [ 160.247300][ T6885] ? lockdep_hardirqs_on+0x98/0x150 [ 160.252562][ T6885] ? __local_bh_enable_ip+0x12e/0x1c0 [ 160.257998][ T6885] ? _local_bh_enable+0xa0/0xa0 [ 160.262908][ T6885] ? __dev_queue_xmit+0x245/0x3580 [ 160.268078][ T6885] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 160.273695][ T6885] ? __dev_queue_xmit+0x245/0x3580 [ 160.278870][ T6885] ? ref_tracker_free+0x634/0x7d0 [ 160.283939][ T6885] ? __copy_skb_header+0xa7/0x550 [ 160.289019][ T6885] ? refcount_inc+0x70/0x70 [ 160.293577][ T6885] ? __skb_clone+0x63/0x790 [ 160.298135][ T6885] ? __skb_clone+0x480/0x790 [ 160.302792][ T6885] ? __netlink_deliver_tap+0x7e8/0x830 [ 160.308388][ T6885] ? netlink_deliver_tap+0x2e/0x1b0 [ 160.313630][ T6885] ? __lock_acquire+0x7c80/0x7c80 [ 160.318720][ T6885] ? netlink_deliver_tap+0x2e/0x1b0 [ 160.323970][ T6885] netlink_unicast+0x751/0x8d0 [ 160.328809][ T6885] netlink_sendmsg+0x8c1/0xbe0 [ 160.333632][ T6885] ? netlink_getsockopt+0x580/0x580 [ 160.338891][ T6885] ? aa_sock_msg_perm+0x94/0x150 [ 160.343889][ T6885] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 160.349222][ T6885] ? security_socket_sendmsg+0x80/0xa0 [ 160.354818][ T6885] ? netlink_getsockopt+0x580/0x580 [ 160.360063][ T6885] ____sys_sendmsg+0x5bf/0x950 [ 160.364990][ T6885] ? __asan_memset+0x22/0x40 [ 160.369890][ T6885] ? __sys_sendmsg_sock+0x30/0x30 [ 160.374968][ T6885] ? __import_iovec+0x5f2/0x860 [ 160.379885][ T6885] ? import_iovec+0x73/0xa0 [ 160.384533][ T6885] ___sys_sendmsg+0x220/0x290 [ 160.389277][ T6885] ? __sys_sendmsg+0x270/0x270 [ 160.394160][ T6885] __se_sys_sendmsg+0x1a5/0x270 [ 160.399066][ T6885] ? __x64_sys_sendmsg+0x80/0x80 [ 160.404051][ T6885] ? bpf_trace_run2+0x26f/0x3e0 [ 160.408972][ T6885] ? trace_sys_enter+0x1f/0x80 [ 160.413795][ T6885] do_syscall_64+0x55/0xb0 [ 160.418258][ T6885] ? clear_bhb_loop+0x40/0x90 [ 160.422983][ T6885] ? clear_bhb_loop+0x40/0x90 [ 160.427711][ T6885] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 160.433653][ T6885] RIP: 0033:0x7fe59078f749 [ 160.438132][ T6885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.457798][ T6885] RSP: 002b:00007fe591586038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 160.466268][ T6885] RAX: ffffffffffffffda RBX: 00007fe5909e5fa0 RCX: 00007fe59078f749 [ 160.474291][ T6885] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000008 [ 160.482311][ T6885] RBP: 00007fe590813f91 R08: 0000000000000000 R09: 0000000000000000 [ 160.490333][ T6885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 160.498376][ T6885] R13: 00007fe5909e6038 R14: 00007fe5909e5fa0 R15: 00007ffce98023f8 [ 160.506421][ T6885] [ 160.527553][ T6885] Mem-Info: [ 160.530743][ T6885] active_anon:14858 inactive_anon:0 isolated_anon:0 [ 160.530743][ T6885] active_file:10807 inactive_file:39919 isolated_file:0 [ 160.530743][ T6885] unevictable:768 dirty:97 writeback:0 [ 160.530743][ T6885] slab_reclaimable:10637 slab_unreclaimable:96232 [ 160.530743][ T6885] mapped:24155 shmem:11865 pagetables:511 [ 160.530743][ T6885] sec_pagetables:0 bounce:0 [ 160.530743][ T6885] kernel_misc_reclaimable:0 [ 160.530743][ T6885] free:1311471 free_pcp:7362 free_cma:0 [ 160.584490][ T6885] Node 0 active_anon:58532kB inactive_anon:0kB active_file:43228kB inactive_file:159472kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96620kB dirty:384kB writeback:0kB shmem:44924kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11952kB pagetables:2044kB sec_pagetables:0kB all_unreclaimable? no [ 160.617147][ T6885] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 160.650394][ T6885] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 160.678039][ T6885] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 160.683921][ T6885] Node 0 DMA32 free:1334300kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:56384kB inactive_anon:0kB active_file:43228kB inactive_file:158156kB unevictable:1536kB writepending:384kB present:3129332kB managed:2589632kB mlocked:0kB bounce:0kB free_pcp:9584kB local_pcp:6432kB free_cma:0kB [ 160.715802][ T6885] lowmem_reserve[]: 0 0 1 1 1 [ 160.720832][ T6885] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1316kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 160.748701][ T6885] lowmem_reserve[]: 0 0 0 0 0 [ 160.753495][ T6885] Node 1 Normal free:3896204kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:22592kB local_pcp:7648kB free_cma:0kB [ 160.824677][ T6885] lowmem_reserve[]: 0 0 0 0 0 [ 160.844194][ T6885] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 160.879706][ T6885] Node 0 DMA32: 715*4kB (ME) 413*8kB (UME) 249*16kB (ME) 318*32kB (UME) 127*64kB (UME) 22*128kB (UME) 2*256kB (UM) 1*512kB (M) 1*1024kB (U) 3*2048kB (UE) 316*4096kB (M) = 1333796kB [ 160.916134][ T6885] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 160.939318][ T6885] Node 1 Normal: 241*4kB (UME) 53*8kB (UME) 40*16kB (UME) 79*32kB (UME) 23*64kB (UME) 8*128kB (UME) 2*256kB (ME) 1*512kB (E) 1*1024kB (U) 2*2048kB (UE) 948*4096kB (M) = 3896204kB [ 160.981454][ T6885] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 161.001716][ T6885] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 161.016157][ T6885] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 161.049629][ T6885] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 161.069608][ T6885] 55933 total pagecache pages [ 161.079491][ T6885] 0 pages in swap cache [ 161.083725][ T6885] Free swap = 124996kB [ 161.106157][ T6885] Total swap = 124996kB [ 161.116250][ T6885] 2097051 pages RAM [ 161.120136][ T6885] 0 pages HighMem/MovableOnly [ 161.145329][ T6885] 416129 pages reserved [ 161.149654][ T6885] 0 pages cma reserved [ 161.331984][ T28] kauditd_printk_skb: 23 callbacks suppressed [ 161.332009][ T28] audit: type=1326 audit(1768580800.248:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 161.387527][ T6923] capability: warning: `syz.3.337' uses deprecated v2 capabilities in a way that may be insecure [ 161.410044][ T28] audit: type=1326 audit(1768580800.288:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 161.466507][ T28] audit: type=1326 audit(1768580800.288:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 161.511101][ T28] audit: type=1326 audit(1768580800.298:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 161.540964][ T28] audit: type=1326 audit(1768580800.298:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 161.624674][ T28] audit: type=1326 audit(1768580800.298:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 161.674732][ T28] audit: type=1326 audit(1768580800.298:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 161.729241][ T28] audit: type=1326 audit(1768580800.298:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 161.792291][ T28] audit: type=1326 audit(1768580800.298:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 161.881016][ T28] audit: type=1326 audit(1768580800.298:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.0.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3718f749 code=0x7ffc0000 [ 162.042966][ T6938] loop0: detected capacity change from 0 to 512 [ 162.063324][ T6940] pim6reg: entered allmulticast mode [ 162.074370][ T6940] pim6reg: left allmulticast mode [ 162.105043][ T6938] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.171641][ T6938] ext4 filesystem being mounted at /83/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 162.981668][ T6946] loop2: detected capacity change from 0 to 8192 [ 163.026016][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.093973][ T6946] loop2: p1 < > p2 p3 < p5 p6 > p4 [ 163.099685][ T6946] loop2: partition table partially beyond EOD, truncated [ 163.149848][ T6946] loop2: p1 start 100663296 is beyond EOD, truncated [ 163.161094][ T6946] loop2: p2 size 134217732 extends beyond EOD, truncated [ 163.205615][ T6946] loop2: p4 size 14876672 extends beyond EOD, truncated [ 163.245998][ T6946] loop2: p5 size 134217732 extends beyond EOD, truncated [ 163.288719][ T6946] loop2: p6 size 14876672 extends beyond EOD, truncated [ 164.169004][ T6967] netlink: 24 bytes leftover after parsing attributes in process `syz.3.353'. [ 164.169080][ T6967] IPVS: Unknown mcast interface: ipvlan1 [ 165.646712][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.850771][ T6998] netlink: 32 bytes leftover after parsing attributes in process `syz.1.359'. [ 165.913010][ T6998] netlink: 32 bytes leftover after parsing attributes in process `syz.1.359'. [ 165.970045][ T7000] netlink: 24 bytes leftover after parsing attributes in process `syz.2.364'. [ 166.271073][ T7005] lo speed is unknown, defaulting to 1000 [ 166.864496][ T7005] vcan0 speed is unknown, defaulting to 1000 [ 167.274649][ T7018] x_tables: unsorted underflow at hook 1 [ 167.806055][ T7036] tc_dump_action: action bad kind [ 168.496678][ T7054] loop1: detected capacity change from 0 to 512 [ 168.504412][ T7054] EXT4-fs: Ignoring removed orlov option [ 168.514014][ T7054] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 168.528708][ T7054] EXT4-fs (loop1): orphan cleanup on readonly fs [ 168.566751][ T7054] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.385: bg 0: block 248: padding at end of block bitmap is not set [ 168.596935][ T7054] __quota_error: 51 callbacks suppressed [ 168.596957][ T7054] Quota error (device loop1): write_blk: dquota write failed [ 168.611786][ T7054] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 168.623636][ T7054] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.385: Failed to acquire dquot type 1 [ 168.643003][ T7054] EXT4-fs (loop1): 1 truncate cleaned up [ 168.777143][ T7054] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 168.844194][ T7059] loop0: detected capacity change from 0 to 512 [ 168.862848][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.875279][ T7059] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 168.918276][ T7059] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.940830][ T7059] ext4 filesystem being mounted at /99/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 169.005967][ T28] audit: type=1326 audit(1768580807.918:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7070 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 169.029673][ T28] audit: type=1326 audit(1768580807.928:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7070 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 169.054038][ T28] audit: type=1326 audit(1768580807.928:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7070 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 169.076786][ T28] audit: type=1326 audit(1768580807.998:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7070 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 169.113049][ T28] audit: type=1326 audit(1768580807.998:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7070 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 169.145825][ T28] audit: type=1326 audit(1768580807.998:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7070 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 169.186712][ T28] audit: type=1326 audit(1768580807.998:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7070 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 169.210329][ T28] audit: type=1326 audit(1768580808.008:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7070 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5ff18f749 code=0x7ffc0000 [ 169.256926][ T5766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.387285][ T6279] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 170.399812][ T7092] netlink: 8 bytes leftover after parsing attributes in process `syz.0.392'. [ 170.574339][ T6279] usb 3-1: device descriptor read/64, error -71 [ 170.650946][ T7101] loop1: detected capacity change from 0 to 1024 [ 170.673659][ T7101] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 170.701801][ T7101] ================================================================== [ 170.709946][ T7101] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 170.717732][ T7101] Read of size 18446744073709551588 at addr ffff88807df7a840 by task syz.1.401/7101 [ 170.727149][ T7101] [ 170.729504][ T7101] CPU: 1 PID: 7101 Comm: syz.1.401 Not tainted syzkaller #0 [ 170.736909][ T7101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 170.747018][ T7101] Call Trace: [ 170.750355][ T7101] [ 170.753323][ T7101] dump_stack_lvl+0x16c/0x230 [ 170.758055][ T7101] ? read_lock_is_recursive+0x20/0x20 [ 170.763509][ T7101] ? show_regs_print_info+0x20/0x20 [ 170.768757][ T7101] ? load_image+0x3b0/0x3b0 [ 170.773312][ T7101] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 170.778740][ T7101] ? __virt_addr_valid+0x18c/0x540 [ 170.783911][ T7101] ? __virt_addr_valid+0x469/0x540 [ 170.789081][ T7101] print_report+0xac/0x220 [ 170.793550][ T7101] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 170.799072][ T7101] kasan_report+0x117/0x150 [ 170.803638][ T7101] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 170.809163][ T7101] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 170.814670][ T7101] kasan_check_range+0x288/0x290 [ 170.819653][ T7101] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 170.825418][ T7101] __asan_memmove+0x29/0x70 [ 170.830088][ T7101] ext4_xattr_set_entry+0x94b/0x1e90 [ 170.835507][ T7101] ext4_xattr_block_set+0xae3/0x32a0 [ 170.840828][ T7101] ? ext4_destroy_inode+0x200/0x200 [ 170.846079][ T7101] ? proc_nr_inodes+0x230/0x230 [ 170.850969][ T7101] ? do_raw_spin_unlock+0x121/0x230 [ 170.856206][ T7101] ? _raw_spin_unlock+0x28/0x40 [ 170.861097][ T7101] ? ext4_xattr_block_find+0x350/0x350 [ 170.866605][ T7101] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 170.872010][ T7101] ext4_xattr_set_handle+0x1346/0x1580 [ 170.877514][ T7101] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 170.883538][ T7101] ? __ext4_journal_start_sb+0x259/0x570 [ 170.889210][ T7101] ext4_xattr_set+0x22d/0x320 [ 170.893928][ T7101] ? end_current_label_crit_section+0x170/0x170 [ 170.900213][ T7101] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 170.905804][ T7101] ? posix_xattr_acl+0x93/0xb0 [ 170.910603][ T7101] ? evm_protect_xattr+0x36d/0x7a0 [ 170.915747][ T7101] ? ext4_xattr_trusted_get+0x40/0x40 [ 170.921162][ T7101] __vfs_setxattr+0x431/0x470 [ 170.925877][ T7101] __vfs_setxattr_noperm+0x12d/0x5e0 [ 170.931200][ T7101] vfs_setxattr+0x16c/0x2f0 [ 170.935740][ T7101] ? xattr_permission+0x470/0x470 [ 170.940791][ T7101] ? __mnt_want_write+0x223/0x2a0 [ 170.945853][ T7101] ? path_setxattr+0x314/0x550 [ 170.950647][ T7101] path_setxattr+0x362/0x550 [ 170.955273][ T7101] ? simple_xattrs_free+0x150/0x150 [ 170.960532][ T7101] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 170.966544][ T7101] ? lock_chain_count+0x20/0x20 [ 170.971453][ T7101] __x64_sys_lsetxattr+0xb8/0xd0 [ 170.976423][ T7101] do_syscall_64+0x55/0xb0 [ 170.981298][ T7101] ? clear_bhb_loop+0x40/0x90 [ 170.986010][ T7101] ? clear_bhb_loop+0x40/0x90 [ 170.990714][ T7101] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 170.996636][ T7101] RIP: 0033:0x7fe59078f749 [ 171.001188][ T7101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.020909][ T7101] RSP: 002b:00007fe591586038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 171.029451][ T7101] RAX: ffffffffffffffda RBX: 00007fe5909e5fa0 RCX: 00007fe59078f749 [ 171.037541][ T7101] RDX: 0000200000000000 RSI: 0000200000000000 RDI: 00002000000001c0 [ 171.045545][ T7101] RBP: 00007fe590813f91 R08: 0000000000000000 R09: 0000000000000000 [ 171.053549][ T7101] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 171.061543][ T7101] R13: 00007fe5909e6038 R14: 00007fe5909e5fa0 R15: 00007ffce98023f8 [ 171.069554][ T7101] [ 171.072599][ T7101] [ 171.075004][ T7101] Allocated by task 7101: [ 171.079358][ T7101] kasan_set_track+0x4e/0x70 [ 171.083973][ T7101] __kasan_kmalloc+0x8f/0xa0 [ 171.088587][ T7101] __kmalloc_node_track_caller+0xb2/0x230 [ 171.094330][ T7101] kmemdup+0x2b/0x70 [ 171.098251][ T7101] ext4_xattr_block_set+0x9e5/0x32a0 [ 171.103568][ T7101] ext4_xattr_set_handle+0x1346/0x1580 [ 171.109053][ T7101] ext4_xattr_set+0x22d/0x320 [ 171.113756][ T7101] __vfs_setxattr+0x431/0x470 [ 171.118459][ T7101] __vfs_setxattr_noperm+0x12d/0x5e0 [ 171.123762][ T7101] vfs_setxattr+0x16c/0x2f0 [ 171.128284][ T7101] path_setxattr+0x362/0x550 [ 171.132897][ T7101] __x64_sys_lsetxattr+0xb8/0xd0 [ 171.137859][ T7101] do_syscall_64+0x55/0xb0 [ 171.142295][ T7101] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 171.148230][ T7101] [ 171.150577][ T7101] The buggy address belongs to the object at ffff88807df7a800 [ 171.150577][ T7101] which belongs to the cache kmalloc-1k of size 1024 [ 171.164741][ T7101] The buggy address is located 64 bytes inside of [ 171.164741][ T7101] 1024-byte region [ffff88807df7a800, ffff88807df7ac00) [ 171.180990][ T7101] [ 171.183340][ T7101] The buggy address belongs to the physical page: [ 171.189781][ T7101] page:ffffea0001f7de00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7df78 [ 171.199959][ T7101] head:ffffea0001f7de00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 171.209010][ T7101] ksm flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 171.217361][ T7101] page_type: 0xffffffff() [ 171.221753][ T7101] raw: 00fff00000000840 ffff888017841dc0 ffffea0000c5ca00 dead000000000003 [ 171.230377][ T7101] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 171.238979][ T7101] page dumped because: kasan: bad access detected [ 171.245502][ T7101] page_owner tracks the page as allocated [ 171.251332][ T7101] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5125, tgid 5125 (S02klogd), ts 31758906613, free_ts 29477436577 [ 171.272547][ T7101] post_alloc_hook+0x1cd/0x210 [ 171.277353][ T7101] get_page_from_freelist+0x195c/0x19f0 [ 171.282943][ T7101] __alloc_pages+0x1e3/0x460 [ 171.287570][ T7101] alloc_slab_page+0x5d/0x170 [ 171.292275][ T7101] new_slab+0x87/0x2e0 [ 171.297103][ T7101] ___slab_alloc+0xc6d/0x1300 [ 171.301803][ T7101] __kmem_cache_alloc_node+0x1a2/0x260 [ 171.307292][ T7101] __kmalloc+0xa4/0x240 [ 171.311479][ T7101] load_elf_phdrs+0x136/0x230 [ 171.316278][ T7101] load_elf_binary+0x956/0x2700 [ 171.321351][ T7101] bprm_execve+0xaeb/0x16f0 [ 171.325882][ T7101] do_execveat_common+0x51b/0x6c0 [ 171.330933][ T7101] __x64_sys_execve+0x92/0xa0 [ 171.335639][ T7101] do_syscall_64+0x55/0xb0 [ 171.340075][ T7101] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 171.345992][ T7101] page last free stack trace: [ 171.350683][ T7101] free_unref_page_prepare+0x7ce/0x8e0 [ 171.356174][ T7101] free_unref_page+0x32/0x2e0 [ 171.360886][ T7101] free_contig_range+0xa1/0x160 [ 171.365754][ T7101] destroy_args+0x80/0x850 [ 171.370196][ T7101] debug_vm_pgtable+0x3cc/0x410 [ 171.375076][ T7101] do_one_initcall+0x1fd/0x750 [ 171.379958][ T7101] do_initcall_level+0x137/0x1f0 [ 171.384926][ T7101] do_initcalls+0x69/0xd0 [ 171.389290][ T7101] kernel_init_freeable+0x3d2/0x570 [ 171.394528][ T7101] kernel_init+0x1d/0x1c0 [ 171.398889][ T7101] ret_from_fork+0x48/0x80 [ 171.403347][ T7101] ret_from_fork_asm+0x11/0x20 [ 171.408149][ T7101] [ 171.410493][ T7101] Memory state around the buggy address: [ 171.416322][ T7101] ffff88807df7a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 171.424405][ T7101] ffff88807df7a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 171.432496][ T7101] >ffff88807df7a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 171.440664][ T7101] ^ [ 171.446829][ T7101] ffff88807df7a880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 171.454920][ T7101] ffff88807df7a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 171.463085][ T7101] ================================================================== [ 171.482813][ T7101] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 171.490181][ T7101] CPU: 0 PID: 7101 Comm: syz.1.401 Not tainted syzkaller #0 [ 171.497548][ T7101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 171.507736][ T7101] Call Trace: [ 171.511146][ T7101] [ 171.514124][ T7101] dump_stack_lvl+0x16c/0x230 [ 171.518939][ T7101] ? show_regs_print_info+0x20/0x20 [ 171.524194][ T7101] ? load_image+0x3b0/0x3b0 [ 171.528759][ T7101] panic+0x2c0/0x710 [ 171.532713][ T7101] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 171.538934][ T7101] ? bpf_jit_dump+0xd0/0xd0 [ 171.543517][ T7101] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 171.549455][ T7101] ? _raw_spin_unlock+0x40/0x40 [ 171.554435][ T7101] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 171.559932][ T7101] check_panic_on_warn+0x84/0xa0 [ 171.564904][ T7101] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 171.570404][ T7101] end_report+0x6f/0x140 [ 171.574686][ T7101] kasan_report+0x128/0x150 [ 171.579246][ T7101] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 171.584821][ T7101] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 171.590308][ T7101] kasan_check_range+0x288/0x290 [ 171.595272][ T7101] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 171.600771][ T7101] __asan_memmove+0x29/0x70 [ 171.605308][ T7101] ext4_xattr_set_entry+0x94b/0x1e90 [ 171.610639][ T7101] ext4_xattr_block_set+0xae3/0x32a0 [ 171.616050][ T7101] ? ext4_destroy_inode+0x200/0x200 [ 171.621286][ T7101] ? proc_nr_inodes+0x230/0x230 [ 171.626171][ T7101] ? do_raw_spin_unlock+0x121/0x230 [ 171.631418][ T7101] ? _raw_spin_unlock+0x28/0x40 [ 171.636326][ T7101] ? ext4_xattr_block_find+0x350/0x350 [ 171.641828][ T7101] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 171.647280][ T7101] ext4_xattr_set_handle+0x1346/0x1580 [ 171.652801][ T7101] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 171.658820][ T7101] ? __ext4_journal_start_sb+0x259/0x570 [ 171.664488][ T7101] ext4_xattr_set+0x22d/0x320 [ 171.669379][ T7101] ? end_current_label_crit_section+0x170/0x170 [ 171.675651][ T7101] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 171.681269][ T7101] ? posix_xattr_acl+0x93/0xb0 [ 171.686072][ T7101] ? evm_protect_xattr+0x36d/0x7a0 [ 171.691224][ T7101] ? ext4_xattr_trusted_get+0x40/0x40 [ 171.696628][ T7101] __vfs_setxattr+0x431/0x470 [ 171.701337][ T7101] __vfs_setxattr_noperm+0x12d/0x5e0 [ 171.706657][ T7101] vfs_setxattr+0x16c/0x2f0 [ 171.711200][ T7101] ? xattr_permission+0x470/0x470 [ 171.716248][ T7101] ? __mnt_want_write+0x223/0x2a0 [ 171.721335][ T7101] ? path_setxattr+0x314/0x550 [ 171.726141][ T7101] path_setxattr+0x362/0x550 [ 171.730774][ T7101] ? simple_xattrs_free+0x150/0x150 [ 171.736048][ T7101] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 171.742070][ T7101] ? lock_chain_count+0x20/0x20 [ 171.746955][ T7101] __x64_sys_lsetxattr+0xb8/0xd0 [ 171.751948][ T7101] do_syscall_64+0x55/0xb0 [ 171.756482][ T7101] ? clear_bhb_loop+0x40/0x90 [ 171.761259][ T7101] ? clear_bhb_loop+0x40/0x90 [ 171.765996][ T7101] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 171.771934][ T7101] RIP: 0033:0x7fe59078f749 [ 171.776375][ T7101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.796022][ T7101] RSP: 002b:00007fe591586038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 171.804462][ T7101] RAX: ffffffffffffffda RBX: 00007fe5909e5fa0 RCX: 00007fe59078f749 [ 171.812452][ T7101] RDX: 0000200000000000 RSI: 0000200000000000 RDI: 00002000000001c0 [ 171.820444][ T7101] RBP: 00007fe590813f91 R08: 0000000000000000 R09: 0000000000000000 [ 171.828500][ T7101] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 171.836588][ T7101] R13: 00007fe5909e6038 R14: 00007fe5909e5fa0 R15: 00007ffce98023f8 [ 171.844623][ T7101] [ 171.848218][ T7101] Kernel Offset: disabled [ 171.852664][ T7101] Rebooting in 86400 seconds..