last executing test programs: 4.428083183s ago: executing program 1 (id=162): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) r1 = socket$qrtr(0x2a, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x2, 0xfffffe81, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000008"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r3}, 0x18) connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r4 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r1, 0x0, 0x0}) io_uring_enter(r4, 0x40f9, 0x217, 0xa5, 0x0, 0x0) close_range(r0, r1, 0x0) 4.213648847s ago: executing program 1 (id=165): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x800, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x8, 0x18, 0x9, 0x3, 0x4, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0) 3.527414621s ago: executing program 1 (id=169): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="757466383d312c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d77696e39352c000f3556feecb6412e00c80bdee16891f8bf67c9f201996782a86d4bab33b4f23383380e0b7bf403dc599e5136364ccafc9da9def41b05c1dfb2cfa24e43aedf5536d3bce06ddda97c586bc37fab5366b1ab6fee95cc224e56e681e82dd4dbbde3785fdd0fc4e7df753a0e2658aa5e88e1d38366c7908a7b2b678ee4b4bfc7aafa2101c157745926241a142f040e9eced78c1611b972d099eff046f4adcada230ef0ac02ede79fb7d92a8354670c01cb80361c1fde2cef3204a182323c318e10ef11cb24c435d589b17a396377800f"], 0x1, 0x225, &(0x7f0000000540)="$eJzs2j+LXFUcBuDfXSOJGzYz4j8SEA9aqM0lM7VFFklAHFA0I0RBcuPe0WGuM8vcYWFEzFba+hGsxdJOkJQ22/gJLOy22TKFeCWZaHbjWARxZzHP08wLZ17uOZzL4RR3/7WvPx0N6nxQzGIty2LtUuzG7SzasRZ/2o1XX7720/PvXnv/zc1e7/I7KV3ZvNrpppTOvfDjB59/9+Kt2dn3vj/3w+nYa3+4f9D9de/ZvfP7v1/9ZFinYZ3Gk1kq0o3JZFbcqMq0NaxHeUpvV2VRl2k4rsvpkfFBNdnenqdivLWxvj0t6zoV43kalfM0m6TZdJ6Kj4vhOOV5njbWg3+j/+3tpomD5vHr0TTNE9/E2Vux8Uu0InsyZU9dyp65nj23m50/aJrWqqfKf8L+P9oOHepnIqqvdvo7/cXvYnxzEMOoooyL0Yrf4s5rcs8iX3mjd/liuqsdX1Y37/Vv7vQfO9rvRCvay/udRT8d7Z+O9cP9brTi6eX97t/6WUSciVdeOtTPoxU/fxSTqGIr7nTv97/opPT6W70Hnn/h7v8AAP5v8vSXpfe3PP+n8UX/Ie6HD9yvTsWFU6tdOxH1/LNRUVXlVBCWhrU4EdMQjjms+mTiONzf9FXPBAAAAAAAAAAAgIdxHJ8TrnqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAyfZHAAAA///sZdM+") r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r0, 0x0, 0x4804}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) 3.161396968s ago: executing program 1 (id=172): r0 = epoll_create1(0x0) epoll_wait(r0, &(0x7f00000001c0)=[{}], 0x1, 0x7) 2.879493363s ago: executing program 1 (id=175): eventfd2(0xb, 0x800) r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0xe, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) unshare(0x64000600) 2.752876146s ago: executing program 2 (id=176): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r0, 0x0, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x5, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x2, @can={{}, 0x0, 0x3, 0x0, 0x0, "3fd31340e92c4bb8"}}, 0x48}, 0x300}, 0x0) 1.50787717s ago: executing program 3 (id=179): r0 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x2000000, @empty, 0xb851}, 0x1c) 1.50547155s ago: executing program 2 (id=180): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") socket$inet6(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r2}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r3, 0x1, 0x1d, &(0x7f00000001c0), 0x4) 1.445518932s ago: executing program 0 (id=181): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000800008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93, 0xfc}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0xfffffffc}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x404, 0x0, 0x8000000, 0x0, 0x4}, {0x0, 0xffffffff, 0x0, 0x0, 0xfffffffd}, {0x2, 0x0, 0x400000, 0x0, 0x6}, {0xf}, {}, {}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {0xfffffffd, 0x0, 0x0, 0xd}, {}, {0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x3}, {0x0, 0x2000}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffd}, {0xffffffff}, {}, {0x0, 0x0, 0xc, 0x0, 0x0, 0x6}, {0xffffffff}, {}, {}, {}, {0xffffffff, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x9, 0x0, 0x0, 0x2, 0x2}, {}, {0x0, 0x0, 0x0, 0x1, 0x3}, {0x80, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x15, 0x0, 0x48510}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0xd, 0xffffffff}, {}, {}, {0x0, 0xfffefffd, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x1}, {}, {0x5}, {}, {0x0, 0xfffffffc, 0x0, 0x3ff, 0x40000000}, {0x0, 0x0, 0x0, 0xfffffffd}, {0x3, 0x7, 0x0, 0x0, 0x0, 0x400000}, {0x4, 0x0, 0x200}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x5}, {}, {0xb, 0x0, 0x0, 0x4000, 0x0, 0xfb4}, {}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x4, 0x9}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {}, {}, {}, {0x800000, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffefffff}, {0x0, 0xfffffffe}, {0xfffffff7, 0x0, 0x6, 0x0, 0x4}, {}, {}, {0x0, 0xfffffffd, 0x0, 0xffffffff}, {0x6}, {0x7f, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x4000}, {0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x6fdf}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x2, 0x0, 0x20000000}, {0x0, 0xfffffffc, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x0, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x7fff, 0x80}, {0x10000000, 0x0, 0x0, 0x4, 0x4}, {0x0, 0x2e9c, 0x0, 0x0, 0x7}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8, 0x2, 0x6}, {}, {}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x8000, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x8000}, {0x0, 0x0, 0x10000, 0x0, 0xfffffffc, 0x2}, {0x0, 0x80000000, 0x0, 0x7dff800}], [{}, {}, {0x0, 0x1}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x1, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x5}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {0x4}, {}, {}, {}, {0x4}, {0x0, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {0x7}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {0x1}, {}, {0x5}, {}, {0x3}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {0x3}, {}, {}, {}, {0x4}, {0x2}, {}, {}, {0x4}, {0x3}, {}, {}, {0x0, 0x1}, {0x2}]}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xe68}}, 0x0) 1.365831413s ago: executing program 3 (id=182): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) r2 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r2, &(0x7f0000000380)={0xc, 0x8, 0x144, {&(0x7f0000000700)}}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000500)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x1, @loopback, 0x9}, {0xa, 0x4e22, 0xfffffffc, @mcast1}, r3}}, 0x48) 1.319460344s ago: executing program 0 (id=183): socket(0x18, 0xa, 0x9) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000240)={r0, &(0x7f00000003c0)="2b59e195661f4c36e425e0e0e2bb33147de01228596fb3dd46bb88b1b27a8e579448b6cfbe7336feb89c9e3cf730187eb0a3336b706cb6f7ef3a0f66b605b4f475d53cbb24a3feb918799bd74531ec1fc2c4b2b547be4e8f24273c0c77632e4c717d5ef7ed233fdd1f855cddddb8d17322", &(0x7f0000000140)=""/32}, 0x20) 1.153575077s ago: executing program 0 (id=184): bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) socket$packet(0x11, 0x3, 0x300) socket(0x2a, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0xffffffffffffff0f, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r1}, 0x18) socket(0x10, 0x803, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100)) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r3, @ANYRES32=r3]) 1.148839127s ago: executing program 2 (id=185): bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) fchmodat(0xffffffffffffff9c, 0x0, 0xffffff70) 1.074492299s ago: executing program 3 (id=186): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10) sendmmsg$inet(r0, &(0x7f0000001480)=[{{&(0x7f0000000100)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) sendto$inet(r0, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0) 881.574022ms ago: executing program 0 (id=187): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000380)=0x2) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0x4}, 0x18) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000180)={0x20, 0x0}) 881.448423ms ago: executing program 3 (id=188): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r0, 0x0, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x5, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x2, @can={{}, 0x0, 0x3, 0x0, 0x0, "3fd31340e92c4bb8"}}, 0x48}, 0x300}, 0x0) 847.235613ms ago: executing program 2 (id=189): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002100), 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000640)='syzkaller\x00', 0x7, 0xf9, &(0x7f0000000080)=""/249}, 0x94) 764.662875ms ago: executing program 3 (id=190): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x58e, &(0x7f0000000180), 0x1, 0x451, &(0x7f0000000780)="$eJzs289vFFUcAPDvTFug/LAV8Qc/1CoaG3+0tKBy8KLRxIMmJl7wWNtCkIUaWhMhRNEYPBoS78ajiX+BJ70Y9WTiVe+GhBguoqc1szvD/mC3tMu2g+znkwx9b+YN7333zdt9M283gIE1kf2TROyMiN8jYqyebS0wUf9z/dqF+X+uXZhPolp9+6+kVu7vaxfmi6LFeTvyzGQakX6WxP4O9S6fO39qrlJZPJvnp1dOvz+9fO78cydPz51YPLF4Zvbo0SOHZ158Yfb5vsR5b9bWfR8tHdj7+juX35w/dvndn78dKuJvi6NPJlY7+GS12ufqyrWrKZ0Ml9gQ1iUbA1l3jdTG/1gMRaPzxuK1T0ttHLChqrkuhy9WgbtYEmW3AChH8UGf3f8W2+bNPsp39eX6DVAW9/V8qx8ZjjQvM9J2f9tPExFx7OK/X2VbbMxzCACAFt9n859nO83/0nigqdw9+drQeL6Wsjsi7ouIPRFxf0St7IMR8dA6629fJLl5/pNe6SmwNcrmfy/la1ut879i9hfjQ3luVy3+keT4ycriofw1mYyRrVl+ZpU6fnj1ty+6HWue/2VbVn8xF8zbcWV4a+s5C3Mrc7cTc7Orn0TsG+4Uf3JjJSCJiL0Rsa/HOk4+/c2BbsduHf8q+rDOVP064ql6/1+MtvgLyerrk9PborJ4aLq4Km72y6+X3upW/23F3wdZ/2/veP3fiH88aV6vXV5/HZf++LzrPc1UT9d/Y8eW/O+HcysrZ2citiRv1BvdvH+2cW6RL8pn8U8e7Dz+d0fjldgfEdlF/HBEPBIRj+Z991hEPB4RB9viar6//umVJ97rFv+d0P8Lbf0/3lqkrf8biS3RvqdzYujUj9+1/o+N5Nre/47UUpP5nrW8/62lXb1dzQAAAPD/k0bEzkjSqRvp0XRqqv4d/j2xPa0sLa88c3zpgzML9d8IjMdIWjzpGmt6HjqT39YX+dm2/OH8ufGXQ6O1/NT8UmWh7OBhwO24afyntfGf+XOo7NYBG87vtWBwNY3/pMx2AJvP5z8MLuMfBleH8T9aRjuAzdfp8//jEtoBbL628W/ZDwaI+38YXMY/DK7m8e8LADAwlkfj1j+S75TYFr2cJXHXJCK9I5rRn0TS4yhYa2Jn2QGuP1H2OxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB//BcAAP//pgHvrg==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000e00)='./file0\x00', 0x9001) renameat2(r1, &(0x7f0000000480)='./file0\x00', r1, &(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4) getdents64(r0, 0x0, 0x0) 637.565647ms ago: executing program 0 (id=191): bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000340)='sched_switch\x00', r1}, 0x18) vmsplice(0xffffffffffffffff, &(0x7f0000000cc0), 0x0, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="50020000", @ANYRES16=r3, @ANYBLOB="0100000000000000000001000000080001000000000004000480080002000100000010000c7d0c000b8008000a00b4ed000004000880c8000c8024000900f36aad4208000a156878badf10076800d5441e0f080009002bd49f3b0c00008008000a00697100002c000b8008000a"], 0x250}}, 0x4c000) 637.388627ms ago: executing program 2 (id=192): r0 = socket$rds(0x15, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7fff}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000200), &(0x7f0000000240)=r2}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1}}], 0x48}, 0x0) 504.39219ms ago: executing program 2 (id=193): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x1, 0x66c, 0x0, 'queue1\x00'}) poll(&(0x7f0000000100)=[{r0}], 0x1, 0x9d) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) prctl$PR_SET_IO_FLUSHER(0x39, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x2}, 0x18) syz_emit_ethernet(0x4a, &(0x7f0000000a40)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0xefff}}}}}}}, 0x0) 331.358173ms ago: executing program 1 (id=194): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x80078b, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs281rHGUYAPBnJh9t7UdirR+tVaNFCIpJk1btwYui4KGioId6jMm2hG4baaLYUmwqUi+CFPQsHgX/Am8iiHoSvOrFkxSK9tLqKTKzM+1mm02N2WRi9veDzb7vzrs7z5P5eud9dwPoWkPZnyRiR0T8EhEDjeriBkONpxvXzk/+de38ZBILC6//keTtrl87P1k2Ld+3vagMpxHph0mxksVmz547OVGv184U9dG5U2+Pzp4999S7pyZO1E7UTo8fOXL40Nizz4w/3ZE8s7yu73t/Zv/el9+8/Mrksctv/fBVFu+OYnlzHp0ylCX+50KuddnjnV5ZxXY2lZPeCgNhRXoiIttcffnxPxA9cWvjDcRLH1QaHLCmsmvTlvaL5xeATSyJqiMAqlFe6LP73/KxTl2PDeHq840boCzvG8WjsaQ30qJNX8v9bScNRcSx+b8/zx6xRuMQAADNPp787Gh/U7/jVv8jjfvy59/yv7uKOZTBiLg7InZHxD0RsSci7o3I294fEQ+sMp7b+z/plVV+5LKy/t9zxdzW4v5f2fuLwZ6itjPPvy85Pl2vHSz+J8PRtyWrjy2zjm9e/PmTdsua+3/ZI1t/2Rcs4rjS2zJANzUxN5F3Sjvg6sWIfb1L5Z/cnAlIImJvROxb2UfvKgvTT3y5v12jO+e/jA7MMy18kaU3n+U/Hy35l5Lm+cnp2+YnR7dGvXZwtNwrbvfjT5dea7f+VeXfAVdrjeem7d/aZDBpnq+dXfk6Lv36Udt7mv+4/6f9yRv5PHN/8dp7E3NzZ8Yi+pOjeX3R6+O33lvWy/bZ/j98YOnjf3fxniz/ByMi24kfioiHI+KRIvZHI+KxiDiwTP7fv9B+WZl/pBVt/4sRU0ue/27u/y3bf+WFnpPffd1u/f9u+x/OS8PFK/n57w6WCic7XbQGuJr/HQAAAPxfpPl34JN05GY5TUdGGt/h3xN3pfWZ2bknj8+8c3qq8V35wehLy5GugWI8tD5dr40l88UnNsZHx4ux4nK89FAxbvxpz7a8PjI5U5+qOHfodtvbHP+Z33uqjg5YY9uWfHW8f90DASrQOo+eLq5eeDWcDGCz8ntt6F53OP7T9YoDWH+u/9C9ljr+L7TUzQXA5uT6D93L8Q9dKv226giACrn+Q1daze/617CwdWOEUU1ho26UvBBRFtINEY/CGhWqPjMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xj8BAAD//02e6R0=") r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x18) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'}) 265.566364ms ago: executing program 3 (id=195): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) read(r1, &(0x7f0000000040)=""/148, 0xffffff96) 0s ago: executing program 0 (id=196): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x13f}}, 0x20) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.104' (ED25519) to the list of known hosts. [ 81.254277][ T5776] cgroup: Unknown subsys name 'net' [ 81.391375][ T5776] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.123021][ T5776] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.844770][ T5792] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.855151][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.863565][ T5801] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.872042][ T5801] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.880234][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.889111][ T5801] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.897549][ T5801] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.906037][ T5801] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 84.913834][ T5801] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.916916][ T5802] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.936472][ T5801] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.954341][ T5801] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.954645][ T5802] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.962249][ T5801] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 84.977881][ T5801] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.982126][ T5792] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.995109][ T5792] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.002721][ T5804] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.014115][ T5792] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.024468][ T5804] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.031899][ T5804] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.039209][ T5792] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.048081][ T5792] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.056822][ T5799] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.527632][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 85.570673][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 85.618018][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 85.778721][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.786000][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.794033][ T5785] bridge_slave_0: entered allmulticast mode [ 85.801119][ T5785] bridge_slave_0: entered promiscuous mode [ 85.849707][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.857015][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.864284][ T5785] bridge_slave_1: entered allmulticast mode [ 85.871310][ T5785] bridge_slave_1: entered promiscuous mode [ 85.923601][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.930930][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.939314][ T5787] bridge_slave_0: entered allmulticast mode [ 85.947377][ T5787] bridge_slave_0: entered promiscuous mode [ 85.967223][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.975497][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.982984][ T5786] bridge_slave_0: entered allmulticast mode [ 85.990019][ T5786] bridge_slave_0: entered promiscuous mode [ 86.001932][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.009193][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.016484][ T5786] bridge_slave_1: entered allmulticast mode [ 86.025065][ T5786] bridge_slave_1: entered promiscuous mode [ 86.031926][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.039365][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.046733][ T5787] bridge_slave_1: entered allmulticast mode [ 86.054629][ T5787] bridge_slave_1: entered promiscuous mode [ 86.065969][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.075398][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 86.113324][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.201289][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.213786][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.227409][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.239805][ T5785] team0: Port device team_slave_0 added [ 86.249177][ T5785] team0: Port device team_slave_1 added [ 86.266056][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.337713][ T5786] team0: Port device team_slave_0 added [ 86.383515][ T5786] team0: Port device team_slave_1 added [ 86.390447][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.398300][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.424985][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.447624][ T5787] team0: Port device team_slave_0 added [ 86.457348][ T5787] team0: Port device team_slave_1 added [ 86.487047][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.494191][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.522342][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.553846][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.561047][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.568518][ T5788] bridge_slave_0: entered allmulticast mode [ 86.575734][ T5788] bridge_slave_0: entered promiscuous mode [ 86.584695][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.591842][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.599509][ T5788] bridge_slave_1: entered allmulticast mode [ 86.614209][ T5788] bridge_slave_1: entered promiscuous mode [ 86.634145][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.641131][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.667573][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.680521][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.689019][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.715076][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.775793][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.785702][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.793696][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.825015][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.840446][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.847633][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.874204][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.914150][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.947864][ T5785] hsr_slave_0: entered promiscuous mode [ 86.955896][ T5785] hsr_slave_1: entered promiscuous mode [ 86.993943][ T5796] Bluetooth: hci2: command tx timeout [ 86.993961][ T5799] Bluetooth: hci1: command tx timeout [ 86.996845][ T5788] team0: Port device team_slave_0 added [ 87.082303][ T5788] team0: Port device team_slave_1 added [ 87.119096][ T5786] hsr_slave_0: entered promiscuous mode [ 87.128380][ T5786] hsr_slave_1: entered promiscuous mode [ 87.137563][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.148388][ T5786] Cannot create hsr debugfs directory [ 87.154854][ T5796] Bluetooth: hci0: command tx timeout [ 87.162613][ T5796] Bluetooth: hci3: command tx timeout [ 87.280093][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.291509][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.323886][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.345018][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.352025][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.378597][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.409296][ T5787] hsr_slave_0: entered promiscuous mode [ 87.416217][ T5787] hsr_slave_1: entered promiscuous mode [ 87.423256][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.430847][ T5787] Cannot create hsr debugfs directory [ 87.670009][ T5788] hsr_slave_0: entered promiscuous mode [ 87.676975][ T5788] hsr_slave_1: entered promiscuous mode [ 87.683462][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.691054][ T5788] Cannot create hsr debugfs directory [ 87.947651][ T5785] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.973247][ T5785] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.984313][ T5785] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 87.994674][ T5785] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.077184][ T5786] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.093362][ T5786] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.120726][ T5786] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.141008][ T5786] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.199969][ T5787] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.219992][ T5787] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.232151][ T5787] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.244234][ T5787] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.361605][ T5788] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.372239][ T5788] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.387398][ T5788] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.399784][ T5788] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.455274][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.535815][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.561782][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.572552][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.579930][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.612130][ T1072] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.619310][ T1072] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.677768][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.706560][ T1072] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.713793][ T1072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.739493][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.746704][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.776558][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.830897][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.878961][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.899719][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.906973][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.955932][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.963152][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.988306][ T5786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.035550][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.073644][ T5796] Bluetooth: hci2: command tx timeout [ 89.077014][ T5799] Bluetooth: hci1: command tx timeout [ 89.127585][ T1084] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.134824][ T1084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.151822][ T1084] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.159024][ T1084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.185541][ T5787] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.234927][ T5799] Bluetooth: hci3: command tx timeout [ 89.237469][ T5796] Bluetooth: hci0: command tx timeout [ 89.312382][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.471318][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.515959][ T5785] veth0_vlan: entered promiscuous mode [ 89.551242][ T5785] veth1_vlan: entered promiscuous mode [ 89.669578][ T5786] veth0_vlan: entered promiscuous mode [ 89.685778][ T5785] veth0_macvtap: entered promiscuous mode [ 89.701065][ T5786] veth1_vlan: entered promiscuous mode [ 89.724801][ T5785] veth1_macvtap: entered promiscuous mode [ 89.767015][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.800632][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.813658][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.842055][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.859418][ T5785] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.869022][ T5785] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.878346][ T5785] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.887971][ T5785] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.935629][ T5786] veth0_macvtap: entered promiscuous mode [ 89.978944][ T5786] veth1_macvtap: entered promiscuous mode [ 89.997978][ T5787] veth0_vlan: entered promiscuous mode [ 90.009415][ T5788] veth0_vlan: entered promiscuous mode [ 90.076725][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.088320][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.104018][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.112156][ T5788] veth1_vlan: entered promiscuous mode [ 90.122158][ T5787] veth1_vlan: entered promiscuous mode [ 90.155115][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.168195][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.180189][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.215046][ T5786] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.226642][ T5786] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.236431][ T5786] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.245705][ T5786] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.275047][ T1084] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.291885][ T1084] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.349050][ T1072] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.358533][ T1072] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.366987][ T5787] veth0_macvtap: entered promiscuous mode [ 90.380672][ T5787] veth1_macvtap: entered promiscuous mode [ 90.392973][ T5788] veth0_macvtap: entered promiscuous mode [ 90.421536][ T5788] veth1_macvtap: entered promiscuous mode [ 90.499088][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.515937][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.527581][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.538475][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.550829][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.625189][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.643758][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.654296][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.664908][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.677131][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.690317][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.703783][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.714918][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.726171][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.737219][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.748067][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.760837][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.780163][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.791536][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.801855][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.813809][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.824145][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.842659][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.856853][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.868277][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.869023][ T5788] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.885741][ T5788] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.892677][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.905199][ T5788] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.915259][ T5788] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.930720][ T5787] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.940362][ T5787] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.949744][ T5787] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.958651][ T5787] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.027043][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.037042][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.153744][ T5796] Bluetooth: hci2: command tx timeout [ 91.153755][ T5799] Bluetooth: hci1: command tx timeout [ 91.185699][ T1084] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.222625][ T1084] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.267483][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.287161][ T5884] syz.2.3[5884]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 91.290656][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.312861][ T5796] Bluetooth: hci0: command tx timeout [ 91.313760][ T5799] Bluetooth: hci3: command tx timeout [ 91.337219][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.338570][ T5884] loop2: detected capacity change from 0 to 512 [ 91.360736][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.408296][ T5884] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.3: bad orphan inode 11862016 [ 91.444175][ T5884] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 91.464086][ T5884] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.509982][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.538264][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.733306][ T5884] IPVS: set_ctl: invalid protocol: 58 172.20.20.24:20004 [ 91.779177][ T5890] loop0: detected capacity change from 0 to 1024 [ 91.810363][ T5890] EXT4-fs: Ignoring removed mblk_io_submit option [ 91.862948][ T5890] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 91.967766][ T5890] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.072133][ T5900] capability: warning: `syz.1.6' uses deprecated v2 capabilities in a way that may be insecure [ 92.121062][ T5890] syz.0.1 uses obsolete (PF_INET,SOCK_PACKET) [ 92.124513][ T27] cfg80211: failed to load regulatory.db [ 92.242156][ T5898] loop3: detected capacity change from 0 to 2048 [ 92.388916][ T28] audit: type=1326 audit(1757791260.803:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 92.390973][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 92.424984][ T28] audit: type=1326 audit(1757791260.803:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 92.449823][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x4 [ 92.463574][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.490535][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.522680][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.563058][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x2 [ 92.570513][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.614217][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.637895][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.652907][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.672263][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.694143][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.710210][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.743009][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.771864][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.807653][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.825807][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.856371][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.865703][ T5906] loop2: detected capacity change from 0 to 2048 [ 92.872550][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.880939][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.931755][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 92.953406][ T5906] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.966491][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.009784][ T5906] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.8: bg 0: block 234: padding at end of block bitmap is not set [ 93.022626][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.051641][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.096371][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.116809][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.130106][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.145153][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.175972][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.189970][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.201610][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.230071][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.239125][ T5799] Bluetooth: hci1: command tx timeout [ 93.242607][ T5796] Bluetooth: hci2: command tx timeout [ 93.261193][ T5914] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11'. [ 93.283365][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.299644][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.305240][ T9] IPVS: starting estimator thread 0... [ 93.325932][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.357006][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.392940][ T5796] Bluetooth: hci3: command tx timeout [ 93.394729][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.405832][ T5796] Bluetooth: hci0: command tx timeout [ 93.417416][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.442837][ T5915] IPVS: using max 17 ests per chain, 40800 per kthread [ 93.446378][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.499760][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.531591][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.545364][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.557080][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.560162][ T5920] syzkaller0: entered promiscuous mode [ 93.578107][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.580649][ T5922] loop3: detected capacity change from 0 to 512 [ 93.591315][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.592179][ T5920] syzkaller0: entered allmulticast mode [ 93.604299][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.626336][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.628870][ T5922] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 93.647775][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.667690][ T5922] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01c, mo2=0003] [ 93.673000][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.679918][ T5920] tipc: Started in network mode [ 93.689736][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.698506][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.705098][ T5922] EXT4-fs (loop3): orphan cleanup on readonly fs [ 93.706656][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.719034][ T5920] tipc: Node identity daf0c07238c5, cluster identity 4711 [ 93.721067][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.735200][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.742930][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.750332][ T5922] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #13: comm syz.3.13: iget: bad i_size value: 12154761577498 [ 93.752860][ T5922] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.13: couldn't read orphan inode 13 (err -117) [ 93.763156][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.783444][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.791019][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.791366][ T5920] tipc: Enabled bearer , priority 0 [ 93.798820][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.798849][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.798874][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.798897][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.798922][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.798944][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.798967][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799001][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799026][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799050][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799074][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799099][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799124][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799148][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799173][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799197][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799220][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799241][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799261][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.799284][ T5879] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 93.813217][ T5879] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.03 Device [syz1] on syz1 [ 93.880046][ T5925] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 93.956932][ T5922] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 94.093313][ T5924] tipc: Resetting bearer [ 94.128118][ T5922] EXT4-fs warning (device loop3): dx_probe:893: inode #2: comm syz.3.13: dx entry: limit 65535 != root limit 120 [ 94.141990][ T5922] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.13: Corrupt directory, running e2fsck is recommended [ 94.147110][ T5926] fido_id[5926]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 94.169202][ T5919] tipc: Resetting bearer [ 94.190799][ T28] audit: type=1326 audit(1757791262.613:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.1.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 94.227712][ T28] audit: type=1326 audit(1757791262.623:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.1.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 94.264430][ T28] audit: type=1326 audit(1757791262.623:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.1.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 94.270319][ T5919] tipc: Disabling bearer [ 94.287937][ T28] audit: type=1326 audit(1757791262.653:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.1.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 94.353452][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.361185][ T28] audit: type=1326 audit(1757791262.653:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.1.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 94.404276][ T5928] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.414010][ T5928] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.461666][ T28] audit: type=1326 audit(1757791262.653:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.1.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 94.497220][ T5928] bridge0: entered allmulticast mode [ 94.543833][ T28] audit: type=1326 audit(1757791262.653:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.1.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 94.623713][ T5929] bridge_slave_1: left allmulticast mode [ 94.631343][ T28] audit: type=1326 audit(1757791262.653:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.1.15" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 94.682737][ T5929] bridge_slave_1: left promiscuous mode [ 94.704802][ T5929] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.739403][ T5929] bridge_slave_0: left allmulticast mode [ 94.753978][ T5929] bridge_slave_0: left promiscuous mode [ 94.780266][ T5929] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.044034][ T5943] loop3: detected capacity change from 0 to 256 [ 96.108090][ T5800] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 96.554956][ T5953] netlink: 'syz.3.23': attribute type 21 has an invalid length. [ 96.602592][ T5953] netlink: 156 bytes leftover after parsing attributes in process `syz.3.23'. [ 96.611604][ T5953] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23'. [ 96.974710][ T5960] loop1: detected capacity change from 0 to 512 [ 97.042896][ T5960] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 97.105817][ T5960] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01c, mo2=0003] [ 97.174974][ T5960] EXT4-fs (loop1): orphan cleanup on readonly fs [ 97.199801][ T5960] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #13: comm syz.1.25: iget: bad i_size value: 12154761577498 [ 97.290549][ T5960] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.25: couldn't read orphan inode 13 (err -117) [ 97.423022][ T5960] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 97.555050][ T5960] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.25: dx entry: limit 65535 != root limit 120 [ 97.605045][ T5960] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.25: Corrupt directory, running e2fsck is recommended [ 97.769004][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.939148][ T5977] loop1: detected capacity change from 0 to 1024 [ 97.987511][ T5977] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.054014][ T5982] syzkaller0: entered promiscuous mode [ 98.059681][ T5982] syzkaller0: entered allmulticast mode [ 98.073261][ T5982] tipc: Started in network mode [ 98.079292][ T5982] tipc: Node identity a6a31cfa083, cluster identity 4711 [ 98.087155][ T5982] tipc: Enabled bearer , priority 0 [ 98.097523][ T5977] EXT4-fs error (device loop1): ext4_get_first_dir_block:3606: inode #11: comm syz.1.30: directory missing '..' [ 98.099056][ T5982] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 98.171937][ T5982] tipc: Resetting bearer [ 98.191109][ T5981] tipc: Resetting bearer [ 98.257694][ T5981] tipc: Disabling bearer [ 98.271228][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.463686][ T5986] netlink: 16 bytes leftover after parsing attributes in process `syz.1.33'. [ 98.559027][ T5882] IPVS: starting estimator thread 0... [ 98.653053][ T5987] IPVS: using max 17 ests per chain, 40800 per kthread [ 99.573576][ T6010] syz.0.43 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 100.227509][ T28] kauditd_printk_skb: 29 callbacks suppressed [ 100.227524][ T28] audit: type=1326 audit(1757791268.653:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6027 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 100.316559][ T28] audit: type=1326 audit(1757791268.683:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6027 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 100.387567][ T28] audit: type=1326 audit(1757791268.733:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6027 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 100.437911][ T28] audit: type=1326 audit(1757791268.763:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6031 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f4a08dc1465 code=0x7ffc0000 [ 100.486874][ T28] audit: type=1326 audit(1757791268.763:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6027 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 100.569172][ T28] audit: type=1326 audit(1757791268.933:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6031 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 100.693989][ T6035] syz.3.55: attempt to access beyond end of device [ 100.693989][ T6035] loop3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 100.740516][ T6038] netlink: 'syz.3.55': attribute type 1 has an invalid length. [ 100.754854][ T6035] isofs_fill_super: bread failed, dev=loop3, iso_blknum=16, block=32 [ 100.772571][ T6038] netlink: 224 bytes leftover after parsing attributes in process `syz.3.55'. [ 100.826239][ T28] audit: type=1326 audit(1757791269.253:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6034 comm="syz.3.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 100.844177][ T6035] process 'syz.3.55' launched './file1' with NULL argv: empty string added [ 100.882670][ T28] audit: type=1326 audit(1757791269.253:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6034 comm="syz.3.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 100.915484][ T6038] loop3: detected capacity change from 0 to 128 [ 100.938290][ T28] audit: type=1326 audit(1757791269.253:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6034 comm="syz.3.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 101.012867][ T28] audit: type=1326 audit(1757791269.253:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6034 comm="syz.3.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 101.105309][ T6040] batadv_slave_1: entered promiscuous mode [ 101.117542][ T6040] batadv_slave_1: left promiscuous mode [ 101.526260][ T6044] netlink: 12 bytes leftover after parsing attributes in process `syz.1.59'. [ 101.837205][ T6048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.61'. [ 102.076753][ T6030] syz.0.53: vmalloc error: size 1075838976, failed to allocated page array size 2101248, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 102.104191][ T6030] CPU: 0 PID: 6030 Comm: syz.0.53 Not tainted syzkaller #0 [ 102.111478][ T6030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 102.121593][ T6030] Call Trace: [ 102.124921][ T6030] [ 102.127908][ T6030] dump_stack_lvl+0x16c/0x230 [ 102.132650][ T6030] ? show_regs_print_info+0x20/0x20 [ 102.137903][ T6030] ? load_image+0x3b0/0x3b0 [ 102.142452][ T6030] ? __rcu_read_unlock+0x7c/0xd0 [ 102.147436][ T6030] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 102.153899][ T6030] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 102.160458][ T6030] warn_alloc+0x210/0x300 [ 102.164848][ T6030] ? zone_watermark_ok_safe+0x230/0x230 [ 102.170448][ T6030] ? _raw_spin_unlock+0x28/0x40 [ 102.175517][ T6030] ? __kasan_kmalloc+0x8f/0xa0 [ 102.180362][ T6030] __vmalloc_node_range+0x662/0x1320 [ 102.185697][ T6030] ? __asan_memset+0x22/0x40 [ 102.190355][ T6030] ? free_vm_area+0x50/0x50 [ 102.194907][ T6030] ? kvmalloc_node+0x70/0x180 [ 102.199627][ T6030] ? rcu_is_watching+0x15/0xb0 [ 102.204443][ T6030] ? kvmalloc_node+0x70/0x180 [ 102.209170][ T6030] ? trace_kmalloc+0x1f/0xa0 [ 102.213825][ T6030] kvmalloc_node+0x13f/0x180 [ 102.218469][ T6030] ? hash_netiface_create+0x361/0xff0 [ 102.223892][ T6030] hash_netiface_create+0x361/0xff0 [ 102.229137][ T6030] ? __lock_acquire+0x7c80/0x7c80 [ 102.234250][ T6030] ? __nla_parse+0x40/0x50 [ 102.238723][ T6030] ? hash_netport6_gc+0x570/0x570 [ 102.243803][ T6030] ip_set_create+0xa87/0x18e0 [ 102.248542][ T6030] ? ip_set_create+0x4b2/0x18e0 [ 102.253456][ T6030] ? ip_set_protocol+0x5d0/0x5d0 [ 102.258437][ T6030] ? trace_contention_end+0x39/0xe0 [ 102.263717][ T6030] nfnetlink_rcv_msg+0xb49/0x1130 [ 102.268781][ T6030] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 102.274903][ T6030] ? nfnetlink_rcv_msg+0x20e/0x1130 [ 102.280170][ T6030] ? nfnetlink_unbind+0x160/0x160 [ 102.285274][ T6030] ? __dev_queue_xmit+0x1a64/0x35a0 [ 102.290510][ T6030] ? __netlink_deliver_tap+0x5ab/0x830 [ 102.296016][ T6030] ? netlink_deliver_tap+0x19c/0x1b0 [ 102.301355][ T6030] ? netlink_unicast+0x72c/0x8d0 [ 102.306515][ T6030] ? netlink_sendmsg+0x8c1/0xbe0 [ 102.311494][ T6030] ? ____sys_sendmsg+0x5bf/0x950 [ 102.316481][ T6030] ? ___sys_sendmsg+0x220/0x290 [ 102.321375][ T6030] ? __se_sys_sendmsg+0x1a5/0x270 [ 102.326467][ T6030] ? do_syscall_64+0x55/0xb0 [ 102.331121][ T6030] netlink_rcv_skb+0x216/0x480 [ 102.335937][ T6030] ? nfnetlink_unbind+0x160/0x160 [ 102.341012][ T6030] ? netlink_ack+0x1110/0x1110 [ 102.345840][ T6030] ? apparmor_capable+0x137/0x1a0 [ 102.350914][ T6030] ? bpf_lsm_capable+0x9/0x10 [ 102.355641][ T6030] ? security_capable+0x89/0xb0 [ 102.360555][ T6030] nfnetlink_rcv+0x274/0x2180 [ 102.365296][ T6030] ? __local_bh_enable_ip+0x12e/0x1c0 [ 102.370712][ T6030] ? lockdep_hardirqs_on+0x98/0x150 [ 102.375967][ T6030] ? __local_bh_enable_ip+0x12e/0x1c0 [ 102.381383][ T6030] ? _local_bh_enable+0xa0/0xa0 [ 102.386278][ T6030] ? __dev_queue_xmit+0x245/0x35a0 [ 102.391449][ T6030] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 102.397046][ T6030] ? __dev_queue_xmit+0x245/0x35a0 [ 102.402214][ T6030] ? ref_tracker_free+0x634/0x7d0 [ 102.407313][ T6030] ? __copy_skb_header+0xa7/0x550 [ 102.412386][ T6030] ? refcount_inc+0x70/0x70 [ 102.416933][ T6030] ? __skb_clone+0x63/0x790 [ 102.421485][ T6030] ? __skb_clone+0x480/0x790 [ 102.426154][ T6030] ? __netlink_deliver_tap+0x7e8/0x830 [ 102.431657][ T6030] ? netlink_deliver_tap+0x2e/0x1b0 [ 102.436903][ T6030] ? __lock_acquire+0x7c80/0x7c80 [ 102.441974][ T6030] ? netlink_deliver_tap+0x2e/0x1b0 [ 102.447223][ T6030] netlink_unicast+0x751/0x8d0 [ 102.452150][ T6030] netlink_sendmsg+0x8c1/0xbe0 [ 102.456969][ T6030] ? netlink_getsockopt+0x580/0x580 [ 102.462212][ T6030] ? aa_sock_msg_perm+0x94/0x150 [ 102.467195][ T6030] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 102.472518][ T6030] ? security_socket_sendmsg+0x80/0xa0 [ 102.478018][ T6030] ? netlink_getsockopt+0x580/0x580 [ 102.483263][ T6030] ____sys_sendmsg+0x5bf/0x950 [ 102.488088][ T6030] ? __asan_memset+0x22/0x40 [ 102.492738][ T6030] ? __sys_sendmsg_sock+0x30/0x30 [ 102.497837][ T6030] ? __import_iovec+0x5f2/0x860 [ 102.502765][ T6030] ? import_iovec+0x73/0xa0 [ 102.507359][ T6030] ___sys_sendmsg+0x220/0x290 [ 102.512180][ T6030] ? __sys_sendmsg+0x270/0x270 [ 102.517057][ T6030] __se_sys_sendmsg+0x1a5/0x270 [ 102.522050][ T6030] ? __x64_sys_sendmsg+0x80/0x80 [ 102.527069][ T6030] ? lockdep_hardirqs_on+0x98/0x150 [ 102.532635][ T6030] do_syscall_64+0x55/0xb0 [ 102.537103][ T6030] ? clear_bhb_loop+0x40/0x90 [ 102.541834][ T6030] ? clear_bhb_loop+0x40/0x90 [ 102.546553][ T6030] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 102.552504][ T6030] RIP: 0033:0x7fe1c5b8eba9 [ 102.556956][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.576642][ T6030] RSP: 002b:00007fe1c69e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 102.585107][ T6030] RAX: ffffffffffffffda RBX: 00007fe1c5dd5fa0 RCX: 00007fe1c5b8eba9 [ 102.593118][ T6030] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 102.601135][ T6030] RBP: 00007fe1c5c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 102.609321][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 102.617333][ T6030] R13: 00007fe1c5dd6038 R14: 00007fe1c5dd5fa0 R15: 00007ffde8e020d8 [ 102.625395][ T6030] [ 102.656031][ T6030] Mem-Info: [ 102.659314][ T6030] active_anon:8510 inactive_anon:0 isolated_anon:0 [ 102.659314][ T6030] active_file:1171 inactive_file:39887 isolated_file:0 [ 102.659314][ T6030] unevictable:768 dirty:687 writeback:0 [ 102.659314][ T6030] slab_reclaimable:9869 slab_unreclaimable:91514 [ 102.659314][ T6030] mapped:24193 shmem:4932 pagetables:557 [ 102.659314][ T6030] sec_pagetables:0 bounce:0 [ 102.659314][ T6030] kernel_misc_reclaimable:0 [ 102.659314][ T6030] free:1328573 free_pcp:12897 free_cma:0 [ 102.742582][ T6030] Node 0 active_anon:33940kB inactive_anon:0kB active_file:4684kB inactive_file:159344kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96772kB dirty:2732kB writeback:0kB shmem:18192kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11284kB pagetables:2028kB sec_pagetables:0kB all_unreclaimable? no [ 102.803569][ T6030] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:16kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 102.867039][ T6030] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 102.925207][ T6030] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 102.931122][ T6030] Node 0 DMA32 free:1409808kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:33892kB inactive_anon:0kB active_file:4684kB inactive_file:158028kB unevictable:1536kB writepending:2724kB present:3129332kB managed:2589592kB mlocked:0kB bounce:0kB free_pcp:32060kB local_pcp:16732kB free_cma:0kB [ 102.995253][ T6030] lowmem_reserve[]: 0 0 1 1 1 [ 103.001145][ T6030] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1316kB unevictable:0kB writepending:8kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 103.051045][ T6030] lowmem_reserve[]: 0 0 0 0 0 [ 103.056516][ T6030] Node 1 Normal free:3888888kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:16kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20672kB local_pcp:10496kB free_cma:0kB [ 103.117680][ T6030] lowmem_reserve[]: 0 0 0 0 0 [ 103.122641][ T6030] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 103.136520][ T6030] Node 0 DMA32: 38*4kB (UM) 37*8kB (UM) 23*16kB (ME) 10*32kB (ME) 13*64kB (ME) 3*128kB (ME) 3*256kB (UM) 3*512kB (ME) 4*1024kB (UME) 2*2048kB (ME) 341*4096kB (M) = 1409584kB [ 103.154773][ T6030] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 103.172595][ T6030] Node 1 Normal: 228*4kB (UME) 45*8kB (UME) 38*16kB (UME) 47*32kB (UME) 13*64kB (UE) 7*128kB (UME) 1*256kB (U) 1*512kB (M) 2*1024kB (UE) 1*2048kB (E) 947*4096kB (M) = 3888888kB [ 103.209817][ T6030] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 103.229880][ T6030] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 103.259940][ T6030] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 103.281477][ T6030] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 103.321939][ T6030] 46424 total pagecache pages [ 103.349212][ T6030] 0 pages in swap cache [ 103.362986][ T6030] Free swap = 124996kB [ 103.371702][ T6030] Total swap = 124996kB [ 103.377743][ T6030] 2097051 pages RAM [ 103.381607][ T6030] 0 pages HighMem/MovableOnly [ 103.388294][ T6030] 416139 pages reserved [ 103.393543][ T6030] 0 pages cma reserved [ 103.860435][ T6070] loop1: detected capacity change from 0 to 8192 [ 103.879580][ T6070] ======================================================= [ 103.879580][ T6070] WARNING: The mand mount option has been deprecated and [ 103.879580][ T6070] and is ignored by this kernel. Remove the mand [ 103.879580][ T6070] option from the mount to silence this warning. [ 103.879580][ T6070] ======================================================= [ 105.194503][ T6075] netlink: 4 bytes leftover after parsing attributes in process `syz.2.74'. [ 106.834233][ T5879] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 107.373238][ T6084] loop0: detected capacity change from 0 to 512 [ 107.394684][ T5879] usb 3-1: device descriptor read/64, error -71 [ 107.433933][ T6084] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.451892][ T6084] ext4 filesystem being mounted at /15/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 107.628814][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.639192][ T6095] netlink: 96 bytes leftover after parsing attributes in process `syz.1.81'. [ 107.662530][ T5879] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 107.832872][ T5879] usb 3-1: device descriptor read/64, error -71 [ 107.955182][ T5879] usb usb3-port1: attempt power cycle [ 108.176892][ T6106] loop0: detected capacity change from 0 to 8192 [ 108.215325][ T6114] netlink: 24 bytes leftover after parsing attributes in process `syz.1.90'. [ 108.235285][ T6106] loop0: p1 p2[DM] p4 [ 108.239959][ T6106] loop0: p1 size 196608 extends beyond EOD, truncated [ 108.277813][ T6106] loop0: p2 start 4292936063 is beyond EOD, truncated [ 108.297244][ T6106] loop0: p4 size 50331648 extends beyond EOD, truncated [ 108.382632][ T5879] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 108.455772][ T5879] usb 3-1: device descriptor read/8, error -71 [ 108.559428][ T6121] loop0: detected capacity change from 0 to 512 [ 108.560379][ T5789] udevd[5789]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 108.577371][ T5800] udevd[5800]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 108.626152][ T6121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.676004][ T6121] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 108.733137][ T5879] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 108.789432][ T5879] usb 3-1: device descriptor read/8, error -71 [ 108.933487][ T5879] usb usb3-port1: unable to enumerate USB device [ 108.957888][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.996499][ T6133] loop3: detected capacity change from 0 to 8192 [ 109.015932][ T6136] loop1: detected capacity change from 0 to 1024 [ 109.079830][ T5789] I/O error, dev loop3, sector 8064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 109.129491][ T6136] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.264419][ T28] kauditd_printk_skb: 45 callbacks suppressed [ 109.264434][ T28] audit: type=1800 audit(1757791277.693:96): pid=6136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.96" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 109.330392][ T6133] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.863041][ T6133] Zero length message leads to an empty skb [ 109.930572][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.043332][ T6158] loop2: detected capacity change from 0 to 2048 [ 110.077657][ T6162] syz.1.106[6162] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 110.077797][ T6162] syz.1.106[6162] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 110.102856][ T6158] loop2: p1 < > p4 [ 110.152019][ T6158] loop2: p4 size 8388608 extends beyond EOD, truncated [ 110.284268][ T28] audit: type=1326 audit(1757791278.713:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6165 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 110.352232][ T28] audit: type=1326 audit(1757791278.713:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6165 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 110.405979][ T28] audit: type=1326 audit(1757791278.753:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6165 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 110.504600][ T5789] udevd[5789]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 110.528728][ T5800] udevd[5800]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 110.543911][ T28] audit: type=1326 audit(1757791278.753:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6165 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 110.566303][ T6171] loop2: detected capacity change from 0 to 512 [ 110.602291][ T28] audit: type=1326 audit(1757791278.753:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6165 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 110.631628][ T6171] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 110.647390][ T28] audit: type=1326 audit(1757791278.763:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6165 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 110.687326][ T6175] loop0: detected capacity change from 0 to 128 [ 110.690039][ T6171] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 110.737905][ T28] audit: type=1326 audit(1757791278.763:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6165 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 110.764298][ T6171] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 110.790311][ T28] audit: type=1326 audit(1757791278.763:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6165 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 110.813235][ T6175] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 110.813691][ T6171] EXT4-fs (loop2): 1 truncate cleaned up [ 110.834863][ T6171] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.849124][ T28] audit: type=1326 audit(1757791278.763:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6165 comm="syz.1.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0abf38eba9 code=0x7ffc0000 [ 110.938669][ T6175] ext4 filesystem being mounted at /28/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 111.120141][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.288010][ T6193] loop3: detected capacity change from 0 to 128 [ 111.354149][ T6193] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 111.385853][ T6193] FAT-fs (loop3): Filesystem has been set read-only [ 111.411787][ T5788] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 111.429972][ T6193] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 111.459519][ T6193] syz.3.118: attempt to access beyond end of device [ 111.459519][ T6193] loop3: rw=2049, sector=2065, nr_sectors = 8 limit=128 [ 111.654903][ T6197] program syz.1.120 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 112.073342][ T6215] netlink: 'syz.2.127': attribute type 3 has an invalid length. [ 112.449726][ T6227] netlink: 60 bytes leftover after parsing attributes in process `syz.2.130'. [ 112.507765][ T6227] unsupported nlmsg_type 40 [ 113.050043][ T6245] netlink: 96 bytes leftover after parsing attributes in process `syz.0.139'. [ 113.247459][ T6249] netlink: 24 bytes leftover after parsing attributes in process `syz.0.141'. [ 113.613555][ T6263] netlink: 12 bytes leftover after parsing attributes in process `syz.3.148'. [ 113.819280][ T6271] loop1: detected capacity change from 0 to 128 [ 113.848719][ T6271] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 113.891250][ T6271] ext4 filesystem being mounted at /44/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 114.103450][ T6279] loop2: detected capacity change from 0 to 512 [ 114.159023][ T6279] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.155: bg 0: block 131: padding at end of block bitmap is not set [ 114.229407][ T5785] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 114.281193][ T6279] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6637: Corrupt filesystem [ 114.301785][ T6279] EXT4-fs (loop2): 1 truncate cleaned up [ 114.313865][ T6279] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.673653][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 114.673669][ T28] audit: type=1326 audit(1757791283.103:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 114.753272][ T28] audit: type=1326 audit(1757791283.103:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 114.799445][ T6298] loop0: detected capacity change from 0 to 512 [ 114.832024][ T28] audit: type=1326 audit(1757791283.133:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 114.898504][ T6298] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.952563][ T28] audit: type=1326 audit(1757791283.133:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 114.981757][ T6298] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.053976][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.097268][ T28] audit: type=1326 audit(1757791283.133:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 115.131251][ T28] audit: type=1326 audit(1757791283.133:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 115.189921][ T28] audit: type=1326 audit(1757791283.133:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 115.323175][ T28] audit: type=1326 audit(1757791283.133:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 115.398564][ T28] audit: type=1326 audit(1757791283.133:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 115.432985][ T6311] loop3: detected capacity change from 0 to 512 [ 115.447519][ T28] audit: type=1326 audit(1757791283.143:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6295 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4a08d8eba9 code=0x7ffc0000 [ 115.519986][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.618104][ T6313] loop1: detected capacity change from 0 to 128 [ 115.758436][ T6319] loop2: detected capacity change from 0 to 1024 [ 115.778740][ T6319] EXT4-fs: Ignoring removed nomblk_io_submit option [ 115.809932][ T6319] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 115.881674][ T6319] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 115.966909][ T6319] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.213232][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.300867][ T6327] netlink: 'syz.0.174': attribute type 10 has an invalid length. [ 116.358254][ T6327] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 117.601912][ T6346] loop2: detected capacity change from 0 to 1024 [ 117.693944][ T6346] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.824943][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.907332][ T6358] program syz.0.184 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 118.253881][ T6370] loop3: detected capacity change from 0 to 512 [ 118.268171][ T6370] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 118.325460][ T6370] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.190: invalid indirect mapped block 4294967295 (level 0) [ 118.403375][ T6370] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.190: invalid indirect mapped block 4294967295 (level 1) [ 118.484720][ T6370] EXT4-fs (loop3): 1 orphan inode deleted [ 118.490620][ T6370] EXT4-fs (loop3): 1 truncate cleaned up [ 118.497851][ T6370] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.522191][ T6370] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 118.669268][ T6375] netlink: 332 bytes leftover after parsing attributes in process `syz.0.191'. [ 118.714361][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.716224][ T6375] netlink: 'syz.0.191': attribute type 9 has an invalid length. [ 118.733373][ T6375] netlink: 108 bytes leftover after parsing attributes in process `syz.0.191'. [ 118.746648][ T6375] netlink: 32 bytes leftover after parsing attributes in process `syz.0.191'. [ 118.816497][ T6384] loop1: detected capacity change from 0 to 512 [ 118.877496][ T6384] EXT4-fs (loop1): orphan cleanup on readonly fs [ 118.928308][ T6384] EXT4-fs warning (device loop1): ext4_xattr_inode_get:559: inode #11: comm syz.1.194: EA inode hash validation failed [ 119.109161][ T6384] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 119.183229][ T6384] ------------[ cut here ]------------ [ 119.189219][ T6384] EA inode 11 ref_count=-1 [ 119.239635][ T6384] WARNING: CPU: 1 PID: 6384 at fs/ext4/xattr.c:1065 ext4_xattr_inode_update_ref+0x483/0x580 [ 119.254652][ T6384] Modules linked in: [ 119.258598][ T6384] CPU: 1 PID: 6384 Comm: syz.1.194 Not tainted syzkaller #0 [ 119.266031][ T6384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 119.277136][ T6384] RIP: 0010:ext4_xattr_inode_update_ref+0x483/0x580 [ 119.284050][ T6384] Code: 24 50 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 cf 43 9a ff 49 8b 36 48 c7 c7 c0 d0 be 8a 48 89 da e8 6d 74 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 d0 fe ff ff [ 119.303969][ T6384] RSP: 0018:ffffc90004e5f340 EFLAGS: 00010246 [ 119.310097][ T6384] RAX: b26ec3057f8f8600 RBX: ffffffffffffffff RCX: 0000000000080000 [ 119.318730][ T6384] RDX: ffffc9000d6db000 RSI: 000000000002a4e2 RDI: 000000000002a4e3 [ 119.326963][ T6384] RBP: ffffc90004e5f430 R08: ffff8880b8f28c13 R09: 1ffff110171e5182 [ 119.335043][ T6384] R10: dffffc0000000000 R11: ffffed10171e5183 R12: ffff88805f600cb0 [ 119.343237][ T6384] R13: dffffc0000000000 R14: ffff88805f600d00 R15: ffffc90004e5f3a0 [ 119.351254][ T6384] FS: 00007f0ac017b6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 119.360311][ T6384] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.367091][ T6384] CR2: 000000110c2a8bff CR3: 000000002dfe8000 CR4: 00000000003506e0 [ 119.376084][ T6384] Call Trace: [ 119.379423][ T6384] [ 119.382674][ T6384] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 119.388397][ T6384] ? __ext4_journal_ensure_credits+0x30/0x450 [ 119.394629][ T6384] ext4_xattr_inode_dec_ref_all+0xa2b/0xf90 [ 119.400605][ T6384] ? ext4_xattr_delete_inode+0xc00/0xc00 [ 119.406461][ T6384] ? __ext4_journal_ensure_credits+0x450/0x450 [ 119.412750][ T6384] ext4_xattr_delete_inode+0xa45/0xc00 [ 119.418282][ T6384] ? ext4_truncate+0xc12/0x1060 [ 119.423247][ T6384] ? ext4_expand_extra_isize_ea+0x19e0/0x19e0 [ 119.429388][ T6384] ext4_evict_inode+0xaa3/0xea0 [ 119.434379][ T6384] ? _raw_spin_unlock+0x28/0x40 [ 119.439291][ T6384] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 119.445300][ T6384] ? do_raw_spin_unlock+0x121/0x230 [ 119.450553][ T6384] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 119.456591][ T6384] evict+0x486/0x870 [ 119.460544][ T6384] ? __lock_acquire+0x7c80/0x7c80 [ 119.465728][ T6384] ? proc_nr_inodes+0x230/0x230 [ 119.470643][ T6384] ? do_raw_spin_unlock+0x121/0x230 [ 119.475999][ T6384] ? _raw_spin_unlock+0x28/0x40 [ 119.481799][ T6384] ? iput+0x70a/0x920 [ 119.486093][ T6384] ext4_orphan_cleanup+0xbd4/0x1400 [ 119.491385][ T6384] ? ext4_orphan_del+0xba0/0xba0 [ 119.496456][ T6384] ? ext4_register_li_request+0x183/0x940 [ 119.502249][ T6384] ? errseq_check_and_advance+0x66/0x120 [ 119.508039][ T6384] ext4_fill_super+0x5de7/0x66c0 [ 119.513135][ T6384] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 119.519437][ T6384] ? vscnprintf+0x80/0x80 [ 119.523913][ T6384] ? down_read_killable+0x340/0x340 [ 119.529216][ T6384] ? setup_bdev_super+0x56b/0x660 [ 119.534394][ T6384] get_tree_bdev+0x3e4/0x510 [ 119.539040][ T6384] ? vfs_parse_fs_string+0x160/0x160 [ 119.544447][ T6384] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 119.550768][ T6384] ? setup_bdev_super+0x660/0x660 [ 119.555951][ T6384] ? apparmor_capable+0x137/0x1a0 [ 119.561031][ T6384] ? bpf_lsm_capable+0x9/0x10 [ 119.565857][ T6384] ? security_capable+0x89/0xb0 [ 119.570860][ T6384] vfs_get_tree+0x8c/0x280 [ 119.575414][ T6384] do_new_mount+0x24b/0xa40 [ 119.580858][ T6384] __se_sys_mount+0x2da/0x3c0 [ 119.585865][ T6384] ? __x64_sys_mount+0xc0/0xc0 [ 119.590701][ T6384] ? lockdep_hardirqs_on+0x98/0x150 [ 119.596122][ T6384] ? __x64_sys_mount+0x20/0xc0 [ 119.600947][ T6384] do_syscall_64+0x55/0xb0 [ 119.605537][ T6384] ? clear_bhb_loop+0x40/0x90 [ 119.610263][ T6384] ? clear_bhb_loop+0x40/0x90 [ 119.615067][ T6384] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 119.621025][ T6384] RIP: 0033:0x7f0abf39034a [ 119.625560][ T6384] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.650747][ T6384] RSP: 002b:00007f0ac017ae68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 119.660291][ T6384] RAX: ffffffffffffffda RBX: 00007f0ac017aef0 RCX: 00007f0abf39034a [ 119.668436][ T6384] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f0ac017aeb0 [ 119.676559][ T6384] RBP: 0000200000000180 R08: 00007f0ac017aef0 R09: 000000000080078b [ 119.685491][ T6384] R10: 000000000080078b R11: 0000000000000246 R12: 00002000000001c0 [ 119.693745][ T6384] R13: 00007f0ac017aeb0 R14: 0000000000000473 R15: 0000200000000680 [ 119.701796][ T6384] [ 119.704942][ T6384] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 119.712259][ T6384] CPU: 1 PID: 6384 Comm: syz.1.194 Not tainted syzkaller #0 [ 119.719584][ T6384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 119.729681][ T6384] Call Trace: [ 119.733086][ T6384] [ 119.736050][ T6384] dump_stack_lvl+0x16c/0x230 [ 119.740787][ T6384] ? show_regs_print_info+0x20/0x20 [ 119.746056][ T6384] ? load_image+0x3b0/0x3b0 [ 119.750699][ T6384] panic+0x2c0/0x710 [ 119.754649][ T6384] ? bpf_jit_dump+0xd0/0xd0 [ 119.759235][ T6384] __warn+0x2e0/0x470 [ 119.763350][ T6384] ? ext4_xattr_inode_update_ref+0x483/0x580 [ 119.769383][ T6384] ? ext4_xattr_inode_update_ref+0x483/0x580 [ 119.775411][ T6384] report_bug+0x2be/0x4f0 [ 119.779796][ T6384] ? ext4_xattr_inode_update_ref+0x483/0x580 [ 119.785832][ T6384] ? ext4_xattr_inode_update_ref+0x483/0x580 [ 119.792386][ T6384] ? ext4_xattr_inode_update_ref+0x485/0x580 [ 119.798417][ T6384] handle_bug+0xcf/0x120 [ 119.802713][ T6384] exc_invalid_op+0x1a/0x50 [ 119.807273][ T6384] asm_exc_invalid_op+0x1a/0x20 [ 119.812166][ T6384] RIP: 0010:ext4_xattr_inode_update_ref+0x483/0x580 [ 119.818810][ T6384] Code: 24 50 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 cf 43 9a ff 49 8b 36 48 c7 c7 c0 d0 be 8a 48 89 da e8 6d 74 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 d0 fe ff ff [ 119.838454][ T6384] RSP: 0018:ffffc90004e5f340 EFLAGS: 00010246 [ 119.844546][ T6384] RAX: b26ec3057f8f8600 RBX: ffffffffffffffff RCX: 0000000000080000 [ 119.852619][ T6384] RDX: ffffc9000d6db000 RSI: 000000000002a4e2 RDI: 000000000002a4e3 [ 119.860604][ T6384] RBP: ffffc90004e5f430 R08: ffff8880b8f28c13 R09: 1ffff110171e5182 [ 119.868587][ T6384] R10: dffffc0000000000 R11: ffffed10171e5183 R12: ffff88805f600cb0 [ 119.876576][ T6384] R13: dffffc0000000000 R14: ffff88805f600d00 R15: ffffc90004e5f3a0 [ 119.884590][ T6384] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 119.890260][ T6384] ? __ext4_journal_ensure_credits+0x30/0x450 [ 119.896360][ T6384] ext4_xattr_inode_dec_ref_all+0xa2b/0xf90 [ 119.902289][ T6384] ? ext4_xattr_delete_inode+0xc00/0xc00 [ 119.907952][ T6384] ? __ext4_journal_ensure_credits+0x450/0x450 [ 119.914138][ T6384] ext4_xattr_delete_inode+0xa45/0xc00 [ 119.919636][ T6384] ? ext4_truncate+0xc12/0x1060 [ 119.924527][ T6384] ? ext4_expand_extra_isize_ea+0x19e0/0x19e0 [ 119.930623][ T6384] ext4_evict_inode+0xaa3/0xea0 [ 119.935500][ T6384] ? _raw_spin_unlock+0x28/0x40 [ 119.940368][ T6384] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 119.946276][ T6384] ? do_raw_spin_unlock+0x121/0x230 [ 119.951493][ T6384] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 119.957403][ T6384] evict+0x486/0x870 [ 119.961313][ T6384] ? __lock_acquire+0x7c80/0x7c80 [ 119.966355][ T6384] ? proc_nr_inodes+0x230/0x230 [ 119.971230][ T6384] ? do_raw_spin_unlock+0x121/0x230 [ 119.976447][ T6384] ? _raw_spin_unlock+0x28/0x40 [ 119.981337][ T6384] ? iput+0x70a/0x920 [ 119.985339][ T6384] ext4_orphan_cleanup+0xbd4/0x1400 [ 119.990579][ T6384] ? ext4_orphan_del+0xba0/0xba0 [ 119.995547][ T6384] ? ext4_register_li_request+0x183/0x940 [ 120.001291][ T6384] ? errseq_check_and_advance+0x66/0x120 [ 120.006942][ T6384] ext4_fill_super+0x5de7/0x66c0 [ 120.011918][ T6384] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 120.018186][ T6384] ? vscnprintf+0x80/0x80 [ 120.022533][ T6384] ? down_read_killable+0x340/0x340 [ 120.027755][ T6384] ? setup_bdev_super+0x56b/0x660 [ 120.032790][ T6384] get_tree_bdev+0x3e4/0x510 [ 120.037393][ T6384] ? vfs_parse_fs_string+0x160/0x160 [ 120.042713][ T6384] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 120.048971][ T6384] ? setup_bdev_super+0x660/0x660 [ 120.054017][ T6384] ? apparmor_capable+0x137/0x1a0 [ 120.059059][ T6384] ? bpf_lsm_capable+0x9/0x10 [ 120.063758][ T6384] ? security_capable+0x89/0xb0 [ 120.068630][ T6384] vfs_get_tree+0x8c/0x280 [ 120.073064][ T6384] do_new_mount+0x24b/0xa40 [ 120.077587][ T6384] __se_sys_mount+0x2da/0x3c0 [ 120.082405][ T6384] ? __x64_sys_mount+0xc0/0xc0 [ 120.087191][ T6384] ? lockdep_hardirqs_on+0x98/0x150 [ 120.092415][ T6384] ? __x64_sys_mount+0x20/0xc0 [ 120.097204][ T6384] do_syscall_64+0x55/0xb0 [ 120.101724][ T6384] ? clear_bhb_loop+0x40/0x90 [ 120.106411][ T6384] ? clear_bhb_loop+0x40/0x90 [ 120.111102][ T6384] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 120.117029][ T6384] RIP: 0033:0x7f0abf39034a [ 120.121455][ T6384] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.141085][ T6384] RSP: 002b:00007f0ac017ae68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 120.149522][ T6384] RAX: ffffffffffffffda RBX: 00007f0ac017aef0 RCX: 00007f0abf39034a [ 120.157506][ T6384] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f0ac017aeb0 [ 120.165497][ T6384] RBP: 0000200000000180 R08: 00007f0ac017aef0 R09: 000000000080078b [ 120.173476][ T6384] R10: 000000000080078b R11: 0000000000000246 R12: 00002000000001c0 [ 120.181454][ T6384] R13: 00007f0ac017aeb0 R14: 0000000000000473 R15: 0000200000000680 [ 120.189535][ T6384] [ 120.192910][ T6384] Kernel Offset: disabled [ 120.197351][ T6384] Rebooting in 86400 seconds..