last executing test programs: 3.876044318s ago: executing program 2 (id=330): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x800, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, 0x0) ioctl$PPPIOCSMRU1(r1, 0x40047452, 0x0) 3.773400794s ago: executing program 2 (id=331): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xe) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x200, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x1) close_range(r0, 0xffffffffffffffff, 0x0) 2.243116601s ago: executing program 3 (id=348): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0xfffffffe, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8801}, 0x20008850) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=@newtfilter={0x488, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xfff3, 0xffe0}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x45c, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x9, 0x4}]}}, @TCA_BPF_POLICE={0x444, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x3, 0x8, 0x1, 0x7, 0xd988, 0x3, 0x3, 0xa08b, 0x1, 0x3ff, 0x5, 0x5, 0x6, 0x4, 0x3, 0x930, 0x7, 0xffffffb2, 0xeaac, 0x2, 0xe13, 0x4, 0x10000, 0xded, 0x8, 0x10000000, 0x2, 0x10001, 0xc6d, 0x80000001, 0x8, 0x7, 0x7, 0x7, 0x5, 0x7, 0x800, 0x9, 0x100, 0x8, 0x9, 0x8, 0x3, 0x5, 0x6, 0x9, 0x3, 0xd, 0x7, 0x5, 0x13f6, 0x81, 0x53, 0x17, 0x4, 0x1, 0x6, 0x4, 0x8, 0x800, 0x86e1, 0x8, 0xfffffff9, 0x5, 0x1, 0x3, 0x5, 0x5, 0x80000000, 0xf3, 0xd, 0x8, 0xfffffff9, 0x800, 0x2726a3ed, 0x6, 0x4, 0x2, 0x6, 0x8, 0x2, 0x7ff, 0x100, 0x1ff, 0x7, 0x3, 0x4, 0x8, 0x5, 0x8000002, 0x5, 0x0, 0x8, 0x3, 0x16, 0xff, 0x1, 0xc, 0x9, 0xb, 0x5, 0x8000, 0xc, 0x6, 0xa, 0xfa, 0x3, 0x0, 0x10, 0x1ff, 0x3, 0x4, 0x60000000, 0x8, 0x2, 0x4000000d, 0x3, 0x3, 0x401, 0xa955, 0x5000, 0x1, 0xe6, 0x2, 0x9, 0x6e4, 0x3, 0x5, 0xe, 0xb, 0x6, 0x4, 0x80000001, 0x3, 0x99b, 0x9c4, 0x7f, 0x3, 0x70, 0xff800, 0x1, 0x7, 0x5, 0xff, 0x7, 0x6, 0xfff, 0x800, 0xa3, 0x10000, 0xff, 0x80000000, 0xc, 0x7, 0x8, 0xff, 0x0, 0x0, 0x8, 0x6, 0xe2f3, 0x4, 0x7f, 0x9, 0x1, 0xffff, 0x3, 0x9, 0x9, 0x8, 0x7, 0xfffffc00, 0x0, 0x40, 0x400, 0x64c, 0x8, 0x7, 0x8, 0x5, 0xfffffffe, 0x6, 0x5, 0x7ff, 0xc7, 0x7, 0xf30, 0x800, 0x0, 0xfffffff8, 0x5, 0x4, 0x8, 0x8, 0x1000, 0x8, 0x7, 0xa37f, 0x8, 0x9, 0x3, 0xfffffffb, 0xff, 0x5, 0x10000, 0xb, 0xcf9, 0x8, 0xfc, 0x40, 0x3, 0x1731, 0x3b, 0xff, 0x6, 0x6ad880, 0x266d, 0x7, 0xc28, 0x2, 0x400, 0x7d75, 0x40000052, 0xd3, 0x8, 0x2, 0x4, 0xfffffff8, 0x200, 0x6, 0x6, 0x8, 0xe, 0xe459, 0x7ff, 0xc7, 0x80, 0x40, 0x0, 0x9, 0x3feb, 0x800, 0x100, 0x100, 0x8, 0xfffffb98, 0xfffffffb, 0x4, 0x20001, 0x3, 0x8, 0x1, 0x15b9, 0x7, 0x100, 0xffffffff]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x3, 0x7a94, 0x7, 0xb, {0x7, 0x0, 0x1, 0x80, 0x6572, 0x6}, {0x2, 0x1, 0x400, 0x8, 0x8}, 0x3, 0x4, 0x7fffffff}}]}]}}]}, 0x488}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, 0x0, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x4) 2.020138784s ago: executing program 3 (id=351): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, 0x0) 1.896033381s ago: executing program 3 (id=353): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(0x0, r0) sendmsg$IEEE802154_START_REQ(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000280)={0x54, r1, 0x101, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0x51}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x17}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}, @IEEE802154_ATTR_BCN_ORD={0x5, 0x17, 0x9}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa0}, @IEEE802154_ATTR_SF_ORD={0x5, 0x18, 0xb}, @IEEE802154_ATTR_COORD_REALIGN={0x5, 0x1b, 0x1}, @IEEE802154_ATTR_BAT_EXT={0x5, 0x1a, 0x4}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x8080) 1.880759592s ago: executing program 0 (id=354): r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) listen(r0, 0x5) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a0, 0xc000, 0x8000008, 0xc0}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0d00010004000000010004000000000000000000", @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00\x00'], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) accept$unix(r0, 0x0, 0x0) shutdown(r0, 0x0) 1.835875415s ago: executing program 3 (id=355): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x40c42, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000280)=0x3) r1 = syz_io_uring_setup(0x313f, &(0x7f0000000080)={0x0, 0x2, 0x10100, 0x3, 0x171}, &(0x7f0000000380)=0x0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x40, 0x0, @fd_index=0x3, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="1a", 0x1}], 0x1}) io_uring_enter(r1, 0x4d10, 0x2, 0x2, 0x0, 0x0) 1.604002998s ago: executing program 0 (id=357): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a50000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000001300c000b40000000000000000614000000110001"], 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c0001800600010058c6000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 1.556379081s ago: executing program 3 (id=358): syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000000), 0x2c, 0x516, &(0x7f0000000740)="$eJzs3c9vG1kdAPCvnV9umm6ysIcFAVuWhYKq2om7G632wnJBQqvVIi2cEGqjxI2i2HEUO6UJkUjPXJGoxAn+BA5IHJB64s4NblzKAalABWqQEPJq7HGbOHFiNXHcxp+PNPJ7MxN/v8/SvBc/2/MCGFpXI2I3IsYj4nZETKf7M+kWH7a25LynT3YW957sLGai0fj0n6PpmTuL7fPbLqfPmYv4JKlPHBG3trW9ulAulzbSeqFeWS/UtrZvrFQWlkvLpbVicX5ufvb9m+8Vz6ytb1V++/i7Kx/98A+///KjP+1+66dJzt9OjyVtO7NA+7Rel7GY2rcveeU+6kewARhJ2zM+6ER4IdmI+FxEvJ2Wn8kNLicAoL8ajeloTO+vd5fp4RwA4OWXvOefikw2n77/n4psNp9vzuHl3ojJbLlaq1+/U91cW4rmHNZMjGXvrJRLs+lc4UyMZZL6XLP8vF7sqN+MiNcj4hcTl5r1/GK1vDSof3oAYMhd7hj//zPRGv974BMCAHiVGckBYPgcHv/HBpIHAHB+vP8HgOGzb/w/6re6AMAFlOv47T8AcPGdOP//Zvzsx+eTCgBwTnz+DwBD5fsff5xsjb30/tdLd7c2V6t3byyVaqv5yuZifrG6sZ5frlaXm/fsqZz0fOVqdX3u3di8V6iXavVCbWv7VqW6uVa/1byv962SHxYAwOC9/tbDv2QiYveDS80t2ms5+EIAXHgucxheI4NOABiY0UEnAAyM+Xggc8Lxrl8RetD9by6dIh+g/659ocv8//H/G/y/cT7pAX1k/h+G1+nm/80ewKvM/D8Mr0YjYz1/ABgyPbyD9xVBuOBe+PN/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGGJTzS2TzadrgU9FNpvPR1yJiJkYy9xZKZdmI+K1iPjzxNhEUp8bdNIAwCll/55J1/+6Nv3OVOfR8cx/J5qPEfGTX336y3sL9frGXLL/X8/21x+k+4tHBpjofxsAgH1GO3e0x+n2ON5e3/fpk53F9naeCT7+Tmtx0STuXrq1U28ln4uxiJj8d+ZAYzJntDDx7v2IeLOz/dlnx2fSlU874yexr/QtfjRbOHUgfvZA/GzzWOsxeS0+fwa5wLB5mPQ/Hx51/WXjavMxvf4yBzvTXPz8cOf6Atr9316js/9rXe+fXMk1+5qj+r+rvcZ494/f63rs/kjji6MRe4f63/aK0Llm6aj47/QY/69f+srb3Y41fh1xLY6L3yoV6pX1Qm1r+8ZKZWG5tFxaKxbn5+Zn37/5XrHQnKMutGeqD/vHB9df697+iMku8XMntP/rPbb/N/+7/aOvHhP/m187Kn423jgmfjImfqPH+AuTv+u6fHcSf6lL+0cPxB8/8HfJvus9xn/0t+2lHk8FAM5BbWt7daFcLm0onLaQ69czX35JGqhwTGEkyu35qJcin1MXBtwxAX33/KIfdCYAAAAAAAAAAAAAAEA3tR+kt/zr44/hBt1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq7PAgAA//+iDcmp") rename(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000180)='./file1\x00') 1.451839677s ago: executing program 1 (id=359): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0xfffffffe, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8801}, 0x20008850) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=@newtfilter={0x488, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xfff3, 0xffe0}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x45c, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x9, 0x4}]}}, @TCA_BPF_POLICE={0x444, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x3, 0x8, 0x1, 0x7, 0xd988, 0x3, 0x3, 0xa08b, 0x1, 0x3ff, 0x5, 0x5, 0x6, 0x4, 0x3, 0x930, 0x7, 0xffffffb2, 0xeaac, 0x2, 0xe13, 0x4, 0x10000, 0xded, 0x8, 0x10000000, 0x2, 0x10001, 0xc6d, 0x80000001, 0x8, 0x7, 0x7, 0x7, 0x5, 0x7, 0x800, 0x9, 0x100, 0x8, 0x9, 0x8, 0x3, 0x5, 0x6, 0x9, 0x3, 0xd, 0x7, 0x5, 0x13f6, 0x81, 0x53, 0x17, 0x4, 0x1, 0x6, 0x4, 0x8, 0x800, 0x86e1, 0x8, 0xfffffff9, 0x5, 0x1, 0x3, 0x5, 0x5, 0x80000000, 0xf3, 0xd, 0x8, 0xfffffff9, 0x800, 0x2726a3ed, 0x6, 0x4, 0x2, 0x6, 0x8, 0x2, 0x7ff, 0x100, 0x1ff, 0x7, 0x3, 0x4, 0x8, 0x5, 0x8000002, 0x5, 0x0, 0x8, 0x3, 0x16, 0xff, 0x1, 0xc, 0x9, 0xb, 0x5, 0x8000, 0xc, 0x6, 0xa, 0xfa, 0x3, 0x0, 0x10, 0x1ff, 0x3, 0x4, 0x60000000, 0x8, 0x2, 0x4000000d, 0x3, 0x3, 0x401, 0xa955, 0x5000, 0x1, 0xe6, 0x2, 0x9, 0x6e4, 0x3, 0x5, 0xe, 0xb, 0x6, 0x4, 0x80000001, 0x3, 0x99b, 0x9c4, 0x7f, 0x3, 0x70, 0xff800, 0x1, 0x7, 0x5, 0xff, 0x7, 0x6, 0xfff, 0x800, 0xa3, 0x10000, 0xff, 0x80000000, 0xc, 0x7, 0x8, 0xff, 0x0, 0x0, 0x8, 0x6, 0xe2f3, 0x4, 0x7f, 0x9, 0x1, 0xffff, 0x3, 0x9, 0x9, 0x8, 0x7, 0xfffffc00, 0x0, 0x40, 0x400, 0x64c, 0x8, 0x7, 0x8, 0x5, 0xfffffffe, 0x6, 0x5, 0x7ff, 0xc7, 0x7, 0xf30, 0x800, 0x0, 0xfffffff8, 0x5, 0x4, 0x8, 0x8, 0x1000, 0x8, 0x7, 0xa37f, 0x8, 0x9, 0x3, 0xfffffffb, 0xff, 0x5, 0x10000, 0xb, 0xcf9, 0x8, 0xfc, 0x40, 0x3, 0x1731, 0x3b, 0xff, 0x6, 0x6ad880, 0x266d, 0x7, 0xc28, 0x2, 0x400, 0x7d75, 0x40000052, 0xd3, 0x8, 0x2, 0x4, 0xfffffff8, 0x200, 0x6, 0x6, 0x8, 0xe, 0xe459, 0x7ff, 0xc7, 0x80, 0x40, 0x0, 0x9, 0x3feb, 0x800, 0x100, 0x100, 0x8, 0xfffffb98, 0xfffffffb, 0x4, 0x20001, 0x3, 0x8, 0x1, 0x15b9, 0x7, 0x100, 0xffffffff]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x3, 0x7a94, 0x7, 0xb, {0x7, 0x0, 0x1, 0x80, 0x6572, 0x6}, {0x2, 0x1, 0x400, 0x8, 0x8}, 0x3, 0x4, 0x7fffffff}}]}]}}]}, 0x488}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, 0x0, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x4) 1.178966513s ago: executing program 3 (id=360): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) r1 = accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x80800) setsockopt$inet6_int(r1, 0x29, 0x46, &(0x7f0000000080)=0x80000000, 0x4) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/sctp\x00') open_tree(r2, &(0x7f0000000640)='\x00', 0x89901) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x13, 0xffffffffffffffff, 0x0) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1c1) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='westwood', 0x8) getsockopt$inet_tcp_buf(r3, 0x6, 0x1a, 0x0, &(0x7f00000000c0)) mount(0x0, 0x0, &(0x7f0000000140)='ramfs\x00', 0x14010, 0x0) r4 = socket(0x11, 0x3, 0x0) connect$vsock_stream(r4, &(0x7f00000000c0)={0x28, 0x0, 0x2710, @local}, 0x10) getpeername$packet(r4, &(0x7f0000001040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001080)=0x14) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x3c0, 0xffffffff, 0xf0, 0x240, 0xf0, 0xffffffff, 0xffffffff, 0x328, 0x328, 0x328, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@broadcast, @loopback, 0xff, 0xffffffff, 'vlan1\x00', 'macvlan0\x00', {}, {}, 0x62, 0x2, 0x42}, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'veth0\x00', {0x63, 0x518, 0x7fff, 0x586b, 0x2, 0x200, 0xfffffffc, 0x78, 0x80}, {0x8000000000000001}}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0x4, 0x2, 0x2}}, @common=@ah={{0x30}, {[0x10001, 0x6]}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0x0, 0x7, 0x2, 0x2, 0x1, 0x3]}, {0x2, [0x4, 0x1, 0x7, 0x1, 0x0, 0x3], 0x2}}}}, {{@ip={@remote, @empty, 0xff000000, 0x0, 'vlan1\x00', 'vcan0\x00', {}, {}, 0x29, 0x2, 0x8}, 0x0, 0xa0, 0xe8, 0x0, {}, [@common=@ah={{0x30}, {[0x1, 0x5]}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast1, 'pim6reg1\x00', {0x8}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x420) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e1f}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) sendmsg$IPSET_CMD_LIST(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810) recvmsg(r5, &(0x7f000000c1c0)={0x0, 0x0, 0x0}, 0x20) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e23, @remote}}, 0xfff, 0x4}, 0x90) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x60, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x2}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_REG_PROTO_MIN={0x8, 0x5, 0x1, 0x0, 0x3}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NAT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}]}}}, {0x10, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xb4}}, 0x0) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000000c0)) open_tree(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x81000) close_range(r0, 0xffffffffffffffff, 0x0) 1.177717663s ago: executing program 0 (id=368): r0 = open(0x0, 0x4000, 0x0) preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0185879, &(0x7f0000000040)={@desc={0x1, 0x0, @desc4}}) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000000040)=[@in={0x2, 0x4e22, @multicast2}], 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000000000000040000000700000000000000", @ANYRES32=0x1], 0x50) r1 = socket$kcm(0xa, 0x5, 0x0) r2 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r2, &(0x7f00000002c0)={&(0x7f0000000180)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xfd}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000380)="c9", 0x1}], 0x1}, 0x48051) setsockopt$sock_attach_bpf(r2, 0x84, 0x1e, &(0x7f0000000240), 0x4) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x2, 0x1b, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x9}, {}, {}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0xf3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00', 0x1, 0x6c, &(0x7f0000000300)=""/108, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, r0, 0x8, &(0x7f00000004c0)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000500)={0x5, 0x7, 0x90f, 0x1ff}, 0x10, 0x0, 0xffffffffffffffff, 0x2, 0x0, &(0x7f0000000540)=[{0x4, 0x2, 0x10, 0x8}, {0x3, 0x3, 0x6, 0x2}]}, 0x94) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800"], 0x3c}}, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="4400000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="00000000084400001c0012800b00010067656e65766500000c00028005000c000500000008000a00", @ANYRES32=r6], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r7 = socket$kcm(0xa, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)={r7}) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8936, &(0x7f0000000000)={r7}) 1.153843354s ago: executing program 2 (id=361): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r2 = socket(0x10, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x3, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 955.762395ms ago: executing program 1 (id=362): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x3, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x4c, 0x2c, 0xd27, 0x30bd29, 0x40000002, {0x0, 0x0, 0x0, r3, {0x300, 0x3}, {}, {0xc, 0xa}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8, 0x6, r4}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}]}}]}, 0x4c}}, 0x0) 774.073415ms ago: executing program 1 (id=363): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000440), r0) sendmsg$IEEE802154_START_REQ(r0, 0x0, 0x8080) 655.967172ms ago: executing program 1 (id=364): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x20) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc04000000000000"], 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) recvfrom(r0, &(0x7f0000000000)=""/44, 0x2c, 0x40, 0x0, 0x0) 595.862156ms ago: executing program 0 (id=365): r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) listen(r0, 0x5) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a0, 0xc000, 0x8000008, 0xc0}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0d00010004000000010004000000000000000000", @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00\x00'], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) accept$unix(r0, 0x0, 0x0) shutdown(r0, 0x0) 547.567109ms ago: executing program 2 (id=366): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x40c42, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000280)=0x3) r1 = syz_io_uring_setup(0x313f, &(0x7f0000000080)={0x0, 0x2, 0x10100, 0x3, 0x171}, &(0x7f0000000380)=0x0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x40, 0x0, @fd_index=0x3, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="1a", 0x1}], 0x1}) io_uring_enter(r1, 0x4d10, 0x2, 0x2, 0x0, 0x0) 476.520363ms ago: executing program 1 (id=367): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000840)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fbdbdf250c000000180005800800010075647000050002"], 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x810) 383.121998ms ago: executing program 0 (id=369): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25GSUBSCRIP(r0, 0x89e0, &(0x7f00000004c0)={'ip6tnl0\x00', 0x1, 0xe17}) 275.873174ms ago: executing program 1 (id=370): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000a80)={[{@max_batch_time={'max_batch_time', 0x3d, 0x3ff}}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@nombcache}, {@quota}, {@init_itable}, {@errors_remount}]}, 0x5, 0x569, &(0x7f0000000b00)="$eJzs3U1rXFUfAPD/nWT6/jxNoRQVkYALK7WTJvGlgou61mJB93VIbkPJpFMyk9LEgu3CrqW4EQviXly7LH4BF36GghaKlKALN5E7uTOdJDPJtJ0mU+f3g1vOuS8598y5/9NzcmYyAQyt8eyfQsTLEfF1EnE0IpL82GjkB8fXz1t9dGMm25JYW/v0z6RxXpZv/qzmdYfzzEsR8ctXEacKW8utLa/MlyuVdDHPT9QXrk7UlldOX14oz6Vz6ZWp6emz70xPvf/eu32r65sX/v72k3sjee7YnSTOxZE8116PZ3CzPTMe4/lrUoxzm06c7ENhgyTpuPenXb8PnsxIHufFyPqAozGSRz3w3/dlRKwBQyp54vj/rfh87gTYXc1xQHNu36d58Avj4YfrE6Ct9R9d/91IHGjMjQ6tJhtmRtl8d6wP5Wdl/PzH3TvZFv37PQTAjm7eiogzo6Nb+78k7/+e3pkeztlchv4Pds+9bPzzVqfxT6E1/okO45/DHWL3aewc/4UHfSimq2z890HH8W9r0WpsJM/9rzHmKyaXLlfSrG/7f0ScjOL+LL/des7Z1ftr3Y61j/+yLSu/ORbM7+PB6P6N18yW6+VnqXO7h7ciXuk4/k1a7Z90aP/s9bjQYxkn0ruvdTu2c/2fr7UfIt7o2P6PV7SS7dcnJxrPw0Tzqdjqr9snfu1W/l7XP2v/Q9vXfyxpX6+ttV890lMZ3x/4J43WevJGG+ofvT//+5LPGul9+b7r5Xp9cTJiX/Jxa3+huX/q8bXNfPP8rP4nX9++/+v0/B+MiM97qn3E7eM/vtrt2CC0/2zH9m/Nbje1/5Mn7n/0xXfdyu+t/3u7kTqZ7+ml/+v1Bp/ltQMAAAAAAIBBU4iII5EUSq10oVAqrb+/43gcKlSqtfqpS9WlK7PR+KzsWBQLzZXuo23vh5jMVwyb+alN+emIOBYR34wcbORLM9XK7F5XHgAAAAAAAAAAAAAAAAAAAAbE4S6f/8/8vvXPux/Y/TsEnitf+Q3Da8f478c3PQEDyf//MLzEPwwv8Q/DS/zD8BL/MLzEPwwv8Q/DS/wDAAAAAAAAAAAAAAAAAAAAAAAAAABAX104fz7b1lYf3ZjJ8rPXlpfmq9dOz6a1+dLC0kxpprp4tTRXrc5V0tJMdWGnn1epVq9OTsXS9Yl6WqtP1JZXLi5Ul67UL15eKM+lF9PirtQKAAAAAAAAAAAAAAAAAAAAXiy15ZX5cqWSLkpIPFVidDBuQ6LPib3umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsX8DAAD//welMww=") lsetxattr$trusted_overlay_upper(&(0x7f0000000080)='./file1\x00', &(0x7f0000000840), &(0x7f0000000940)=ANY=[], 0x361, 0x1) mount$9p_fd(0x0, 0x0, 0x0, 0x4, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x48, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffffffc}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x4044081}, 0x0) setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000000c0), &(0x7f00000001c0)=ANY=[], 0xfe37, 0x0) 205.962068ms ago: executing program 0 (id=371): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0xfffffffe, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8801}, 0x20008850) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000c00)=@newtfilter={0x488, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xfff3, 0xffe0}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x45c, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x9, 0x4}]}}, @TCA_BPF_POLICE={0x444, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x3, 0x8, 0x1, 0x7, 0xd988, 0x3, 0x3, 0xa08b, 0x1, 0x3ff, 0x5, 0x5, 0x6, 0x4, 0x3, 0x930, 0x7, 0xffffffb2, 0xeaac, 0x2, 0xe13, 0x4, 0x10000, 0xded, 0x8, 0x10000000, 0x2, 0x10001, 0xc6d, 0x80000001, 0x8, 0x7, 0x7, 0x7, 0x5, 0x7, 0x800, 0x9, 0x100, 0x8, 0x9, 0x8, 0x3, 0x5, 0x6, 0x9, 0x3, 0xd, 0x7, 0x5, 0x13f6, 0x81, 0x53, 0x17, 0x4, 0x1, 0x6, 0x4, 0x8, 0x800, 0x86e1, 0x8, 0xfffffff9, 0x5, 0x1, 0x3, 0x5, 0x5, 0x80000000, 0xf3, 0xd, 0x8, 0xfffffff9, 0x800, 0x2726a3ed, 0x6, 0x4, 0x2, 0x6, 0x8, 0x2, 0x7ff, 0x100, 0x1ff, 0x7, 0x3, 0x4, 0x8, 0x5, 0x8000002, 0x5, 0x0, 0x8, 0x3, 0x16, 0xff, 0x1, 0xc, 0x9, 0xb, 0x5, 0x8000, 0xc, 0x6, 0xa, 0xfa, 0x3, 0x0, 0x10, 0x1ff, 0x3, 0x4, 0x60000000, 0x8, 0x2, 0x4000000d, 0x3, 0x3, 0x401, 0xa955, 0x5000, 0x1, 0xe6, 0x2, 0x9, 0x6e4, 0x3, 0x5, 0xe, 0xb, 0x6, 0x4, 0x80000001, 0x3, 0x99b, 0x9c4, 0x7f, 0x3, 0x70, 0xff800, 0x1, 0x7, 0x5, 0xff, 0x7, 0x6, 0xfff, 0x800, 0xa3, 0x10000, 0xff, 0x80000000, 0xc, 0x7, 0x8, 0xff, 0x0, 0x0, 0x8, 0x6, 0xe2f3, 0x4, 0x7f, 0x9, 0x1, 0xffff, 0x3, 0x9, 0x9, 0x8, 0x7, 0xfffffc00, 0x0, 0x40, 0x400, 0x64c, 0x8, 0x7, 0x8, 0x5, 0xfffffffe, 0x6, 0x5, 0x7ff, 0xc7, 0x7, 0xf30, 0x800, 0x0, 0xfffffff8, 0x5, 0x4, 0x8, 0x8, 0x1000, 0x8, 0x7, 0xa37f, 0x8, 0x9, 0x3, 0xfffffffb, 0xff, 0x5, 0x10000, 0xb, 0xcf9, 0x8, 0xfc, 0x40, 0x3, 0x1731, 0x3b, 0xff, 0x6, 0x6ad880, 0x266d, 0x7, 0xc28, 0x2, 0x400, 0x7d75, 0x40000052, 0xd3, 0x8, 0x2, 0x4, 0xfffffff8, 0x200, 0x6, 0x6, 0x8, 0xe, 0xe459, 0x7ff, 0xc7, 0x80, 0x40, 0x0, 0x9, 0x3feb, 0x800, 0x100, 0x100, 0x8, 0xfffffb98, 0xfffffffb, 0x4, 0x20001, 0x3, 0x8, 0x1, 0x15b9, 0x7, 0x100, 0xffffffff]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x3, 0x7a94, 0x7, 0xb, {0x7, 0x0, 0x1, 0x80, 0x6572, 0x6}, {0x2, 0x1, 0x400, 0x8, 0x8}, 0x3, 0x4, 0x7fffffff}}]}]}}]}, 0x488}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, 0x0, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x4) 192.925369ms ago: executing program 2 (id=372): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000002300000095"], &(0x7f0000000380)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000440)) sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5088a8", 0xe, 0x0, &(0x7f0000000140)={0x11, 0x1c, r3, 0x1, 0x0, 0x6, @local}, 0x14) 0s ago: executing program 2 (id=373): syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x8400, &(0x7f0000000880)={[{@overriderock}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@showassoc}, {@dmode={'dmode', 0x3d, 0x5}}, {@nojoliet}, {@uid}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@iocharset={'iocharset', 0x3d, 'koi8-ru'}}]}, 0x0, 0x688, &(0x7f0000000100)="$eJzs3V1vFOf1APCzBAvLfwn91VYIIUIm0EogEbO7DkZWbrpdj+1J1jurmXUEVykKdoQwSQupVLgKN2krtR8it/0Q7SeKets7qp3dhQW/rEOCl6DfbwXz7MzZec4Myxw99rwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABC19mq93qhFJ+tu3UwO1l4t8s1Dlo/X9+8XJof0G1Eb/In5+Tg7nHX2V88Xnxn8dTHOD9+dj/nBZD4e/9+Z///olydPjD9/SELH4uGjx/du7+5uP5h1IjOynnazMs82W+tpkpV5srK8XL+2sVYma1knLW+V/XQzaRdpq58XyeX2laSxsrKUpIu38q3u+mqrk45n3vigWa8vJx8v9tJWUebdax8vlu2NrNPJuutVzGDxIObG4Iv4SdZP+mlrM0l27u5uL01LchDUOEpQc1pQs95sNhrNZmP5+sr1G/X6yT0z6i+JPRGz/9IyWz/xERxe3YlR/Y9OZNGNrbgZyb6vdqxGEXlsHrB8ZFz/f3MtHba+2b/fyfo/rvJnny8+F1X9vzB8d+Gg+n9ALsf3ehiP4nHci9uxG7uxHQ9mntHxvtYjjW5kUUYeWWxGq5qTjOYksRLLsRz1+Cw2Yi3KSGItsuhEGmXcijL6kVbfqHYUkUYr+pFHEUlcjnZciSQasRIrsRRJpLEYtyKPrejGeqxGq1rLTtyt9vvSITk+C2ocJah5SJD6zw81v2fO6zmQwyt4Oq7/AAAAwFurVv30fTD+n4t3q9Za1knrs04LAAAA+AlVv/k/P5jMDVrvRs34HwAAAN42teoau1pELMR7w9b4SqjxDwHmZpwiAAAA8CNVv/+/MJgsDFrvRW3P+B8AAAD4mfvr1Hvsz/dO1f71nyiKudqT3s1f1+63BnGt++8MP1dN/vt0aNDur52rnR6tpJosnxy9a6fna6O7Xz67Cebo5ILvd6blUTs0gUkHJxB/j/eHMe/fGU7vjJcMe1lYyzrpYjvvfNSIVuv0iX56s/+nL+/+OarN/1t383Qtdu7ubi9+/tXunSqXJ4O1PLk/uoHinvso7pPLeNHX1f0Wqmsu9t3iuepCjFG/C8N+65Pbf2L48RM/YPu/jYvDmIsL8fRURCy8uP3zgz4biwdt/SiLRpXF/AudHmXLn2dxaRhz6fKl4WSfLJrTsmhO7v9X2hdHyGJpWhZLPzILgFnZmVKFansL/ysc5Y6nun8bl4cxl89VB9aT5/Y5otenHdHrr1jXx339M64MY66Mgw+qsYN+//FSVf1u8IHvDuy37DRrg134ztf3/xBnHj56/MHd+7e/2P5i+8tmc2m5/mG9fr0Zc9VmjCZqDwD7mP6MnakRtQ+njKp/8eyUgsX4PL6K3bgTV6urDaozDvZd60Ls/DZGpyFcnRi1Vl4atS5MPOHl6pRR3cLEg16OHrt0DP8SAHB8Lk6pw0ep/1enjLsXJk4pvDpldDxZywGA1yMtvq8t9P9SK4qs91ljZaXR6m+kSZG3P0mKbHU9TbJuPy3aG63uepr0iryft/POoPFptpqWSbnV6+VFP1nLi6SXl9nN6snvyejR72W62er2s3bZ66StMk3aebffaveT1axsJ72t33WyciMtqg+XvbSdrWXtVj/Lu0mZbxXtdDFJyjSdCMxW024/W8sGzW7SK7LNVnEr+TTvbG2myWpatous18+HKxz3lXXX8mKzWu3irHc2ALwhHj56fO/27u72g9fYiFOz3koAYNJElQYAAAAAAAAAAAAAAN5Qx3H931vY+OPPededejPS0JhJ45vfD//nTwue9ZEJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPb6XwAAAP//2kFZhw==") r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd0900300003003000000560ce902d9f0c2f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001120088be"], 0xfdef) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.60' (ED25519) to the list of known hosts. [ 81.242214][ T5757] cgroup: Unknown subsys name 'net' [ 81.385614][ T5757] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.162710][ T5757] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.002443][ T5784] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.011105][ T5784] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.016142][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.026474][ T5785] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.034400][ T5785] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.042619][ T5785] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.046843][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.052392][ T5785] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.061141][ T5777] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.066956][ T5785] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.078499][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.080350][ T5785] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.092762][ T5777] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.100884][ T5785] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.109205][ T5777] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.117478][ T5785] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.118229][ T5777] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.133632][ T5785] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.136442][ T5777] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.148610][ T5777] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.156507][ T5782] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.162930][ T5777] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.171361][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.183891][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.679089][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 85.738516][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 85.861077][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 85.921433][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.928782][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.936769][ T5770] bridge_slave_0: entered allmulticast mode [ 85.944380][ T5770] bridge_slave_0: entered promiscuous mode [ 85.953175][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 85.965341][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.972642][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.979949][ T5770] bridge_slave_1: entered allmulticast mode [ 85.988228][ T5770] bridge_slave_1: entered promiscuous mode [ 86.033502][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.040984][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.048979][ T5772] bridge_slave_0: entered allmulticast mode [ 86.056229][ T5772] bridge_slave_0: entered promiscuous mode [ 86.100893][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.108263][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.115458][ T5772] bridge_slave_1: entered allmulticast mode [ 86.123084][ T5772] bridge_slave_1: entered promiscuous mode [ 86.170218][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.182340][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.256889][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.271215][ T5770] team0: Port device team_slave_0 added [ 86.304025][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.315794][ T5770] team0: Port device team_slave_1 added [ 86.333585][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.341591][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.348963][ T5769] bridge_slave_0: entered allmulticast mode [ 86.360183][ T5769] bridge_slave_0: entered promiscuous mode [ 86.369221][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.378833][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.386979][ T5769] bridge_slave_1: entered allmulticast mode [ 86.394463][ T5769] bridge_slave_1: entered promiscuous mode [ 86.459177][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.466556][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.473722][ T5768] bridge_slave_0: entered allmulticast mode [ 86.483896][ T5768] bridge_slave_0: entered promiscuous mode [ 86.505152][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.512369][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.519851][ T5768] bridge_slave_1: entered allmulticast mode [ 86.529728][ T5768] bridge_slave_1: entered promiscuous mode [ 86.540355][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.553925][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.564233][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.571628][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.597781][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.611710][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.618908][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.644871][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.659636][ T5772] team0: Port device team_slave_0 added [ 86.705110][ T5772] team0: Port device team_slave_1 added [ 86.781052][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.795477][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.815084][ T5769] team0: Port device team_slave_0 added [ 86.822055][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.829674][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.856003][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.869251][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.876354][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.902578][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.919539][ T5770] hsr_slave_0: entered promiscuous mode [ 86.929109][ T5770] hsr_slave_1: entered promiscuous mode [ 86.960503][ T5769] team0: Port device team_slave_1 added [ 87.011419][ T5768] team0: Port device team_slave_0 added [ 87.022299][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.029640][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.055788][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.074296][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.081508][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.107800][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.121596][ T5768] team0: Port device team_slave_1 added [ 87.185216][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.193262][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.225229][ T5777] Bluetooth: hci0: command tx timeout [ 87.226312][ T5774] Bluetooth: hci2: command tx timeout [ 87.233579][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.286059][ T5774] Bluetooth: hci1: command tx timeout [ 87.286092][ T5777] Bluetooth: hci3: command tx timeout [ 87.311284][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.318632][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.350004][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.451934][ T5772] hsr_slave_0: entered promiscuous mode [ 87.459025][ T5772] hsr_slave_1: entered promiscuous mode [ 87.471208][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.479405][ T5772] Cannot create hsr debugfs directory [ 87.504589][ T5769] hsr_slave_0: entered promiscuous mode [ 87.516983][ T5769] hsr_slave_1: entered promiscuous mode [ 87.523441][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.536300][ T5769] Cannot create hsr debugfs directory [ 87.637008][ T5768] hsr_slave_0: entered promiscuous mode [ 87.644212][ T5768] hsr_slave_1: entered promiscuous mode [ 87.660600][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.668741][ T5768] Cannot create hsr debugfs directory [ 88.091767][ T5770] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.105016][ T5770] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.123284][ T5770] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.135099][ T5770] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.220478][ T5772] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.241691][ T5772] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.257065][ T5772] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.269967][ T5772] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.371277][ T5769] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.384584][ T5769] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.395281][ T5769] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.433734][ T5769] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.475582][ T5768] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.490620][ T5768] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.501688][ T5768] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.513063][ T5768] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.628637][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.682015][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.709539][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.716994][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.756888][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.764140][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.791129][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.843564][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.914654][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.948971][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.973303][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.980598][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.992036][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.999367][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.011832][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.019129][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.037365][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.050759][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.058083][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.147041][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.198224][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.205484][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.269130][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.276388][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.287033][ T5774] Bluetooth: hci0: command tx timeout [ 89.293107][ T5777] Bluetooth: hci2: command tx timeout [ 89.367777][ T5777] Bluetooth: hci1: command tx timeout [ 89.373500][ T5774] Bluetooth: hci3: command tx timeout [ 89.575345][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.775420][ T5770] veth0_vlan: entered promiscuous mode [ 89.877618][ T5770] veth1_vlan: entered promiscuous mode [ 89.939562][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.963800][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.018842][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.047860][ T5770] veth0_macvtap: entered promiscuous mode [ 90.069577][ T5770] veth1_macvtap: entered promiscuous mode [ 90.129270][ T5772] veth0_vlan: entered promiscuous mode [ 90.150111][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.173046][ T5769] veth0_vlan: entered promiscuous mode [ 90.194542][ T5768] veth0_vlan: entered promiscuous mode [ 90.208195][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.227328][ T5772] veth1_vlan: entered promiscuous mode [ 90.243558][ T5768] veth1_vlan: entered promiscuous mode [ 90.257681][ T5770] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.269148][ T5770] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.281882][ T5770] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.290808][ T5770] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.303652][ T5769] veth1_vlan: entered promiscuous mode [ 90.444816][ T5772] veth0_macvtap: entered promiscuous mode [ 90.473225][ T5768] veth0_macvtap: entered promiscuous mode [ 90.491865][ T5772] veth1_macvtap: entered promiscuous mode [ 90.507379][ T5768] veth1_macvtap: entered promiscuous mode [ 90.513845][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.542965][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.565202][ T5769] veth0_macvtap: entered promiscuous mode [ 90.611445][ T5769] veth1_macvtap: entered promiscuous mode [ 90.630191][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.641964][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.655362][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.667243][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.675142][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.692557][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.704127][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.714831][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.726605][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.739056][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.750129][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.760927][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.772812][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.791056][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.801762][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.813691][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.824880][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.835642][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.846847][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.858991][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.871171][ T5768] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.881118][ T5768] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.892542][ T5768] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.902337][ T5768] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.917191][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.931164][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.942229][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.957352][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.974884][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.988805][ T5772] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.004018][ T5772] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.014069][ T5772] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.024175][ T5772] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.045205][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.057984][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.068733][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.079784][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.090273][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.101203][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.113474][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.170358][ T5769] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.182313][ T5769] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.192627][ T5769] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.201797][ T5769] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.367403][ T5777] Bluetooth: hci2: command tx timeout [ 91.373451][ T5774] Bluetooth: hci0: command tx timeout [ 91.447223][ T5774] Bluetooth: hci3: command tx timeout [ 91.453066][ T5777] Bluetooth: hci1: command tx timeout [ 91.462912][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.476591][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.563273][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.571618][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.582952][ T5866] syz.1.5[5866]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 91.674040][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.709618][ T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.718252][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.730084][ T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.765698][ T5866] loop1: detected capacity change from 0 to 8192 [ 91.829524][ T138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.849540][ T138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.860864][ T5866] loop1: p1 p2 p4 < > [ 91.865210][ T5866] loop1: partition table partially beyond EOD, truncated [ 91.921901][ T5866] loop1: p1 start 16777216 is beyond EOD, truncated [ 91.966235][ T5866] loop1: p2 size 515840 extends beyond EOD, truncated [ 91.979911][ T5866] loop1: p4 start 16777216 is beyond EOD, truncated [ 92.030868][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.047543][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.269238][ T789] cfg80211: failed to load regulatory.db [ 92.385552][ T5877] loop3: detected capacity change from 0 to 128 [ 92.512751][ T5877] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 92.545476][ T5771] udevd[5771]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 92.607654][ T5877] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.959828][ T5769] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 93.289258][ T5898] loop2: detected capacity change from 0 to 1024 [ 93.331858][ T5898] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 93.351619][ T5898] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 93.370694][ T5898] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 93.384589][ T5898] EXT4-fs error (device loop2): ext4_get_journal_inode:5816: inode #32: comm syz.2.14: iget: special inode unallocated [ 93.401262][ T5898] EXT4-fs (loop2): no journal found [ 93.408037][ T5898] EXT4-fs (loop2): can't get journal size [ 93.432417][ T5898] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 93.446485][ T5777] Bluetooth: hci0: command tx timeout [ 93.452957][ T5774] Bluetooth: hci2: command tx timeout [ 93.529597][ T5774] Bluetooth: hci1: command tx timeout [ 93.535272][ T5777] Bluetooth: hci3: command tx timeout [ 93.644458][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.238200][ T5915] loop2: detected capacity change from 0 to 512 [ 94.258585][ T5918] capability: warning: `syz.3.20' uses deprecated v2 capabilities in a way that may be insecure [ 94.278620][ T5915] EXT4-fs: Ignoring removed nobh option [ 94.302389][ T5915] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 94.335371][ T5915] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 94.404434][ T5915] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 94.461633][ T5915] EXT4-fs (loop2): 1 truncate cleaned up [ 94.472106][ T5915] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.630642][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.687413][ T5927] netlink: 12 bytes leftover after parsing attributes in process `syz.3.21'. [ 94.992097][ T5935] netlink: 24 bytes leftover after parsing attributes in process `syz.3.24'. [ 95.186801][ T5937] loop1: detected capacity change from 0 to 1024 [ 95.217133][ T5937] EXT4-fs: Ignoring removed orlov option [ 95.285180][ T5937] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.325175][ T5931] loop2: detected capacity change from 0 to 2048 [ 95.363043][ T5931] EXT4-fs (loop2): cluster size (2048) smaller than block size (4096) [ 95.496984][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.662619][ T5943] netlink: 24 bytes leftover after parsing attributes in process `syz.1.27'. [ 95.779032][ T5947] loop2: detected capacity change from 0 to 764 [ 95.792335][ T5945] loop3: detected capacity change from 0 to 1764 [ 95.861507][ T5771] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 95.923907][ T5947] syz.2.29 uses obsolete (PF_INET,SOCK_PACKET) [ 95.963266][ T5947] syzkaller1: entered promiscuous mode [ 95.987938][ T5947] syzkaller1: entered allmulticast mode [ 96.670497][ T5965] netlink: 1500 bytes leftover after parsing attributes in process `syz.2.36'. [ 96.755007][ T5966] netlink: 12 bytes leftover after parsing attributes in process `syz.2.36'. [ 96.921302][ T5969] loop1: detected capacity change from 0 to 128 [ 96.980326][ T5969] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 97.022293][ T5969] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.254691][ T5770] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 97.298985][ T5977] netlink: 24 bytes leftover after parsing attributes in process `syz.3.40'. [ 97.775366][ T5980] loop0: detected capacity change from 0 to 8192 [ 97.838359][ T5980] loop0: p1 p2 p4 < > [ 97.842521][ T5980] loop0: partition table partially beyond EOD, truncated [ 97.861641][ T5980] loop0: p1 start 16777216 is beyond EOD, truncated [ 97.872674][ T5980] loop0: p2 size 515840 extends beyond EOD, truncated [ 97.884035][ T5980] loop0: p4 start 16777216 is beyond EOD, truncated [ 98.345904][ T5771] udevd[5771]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 99.535045][ T6007] syz.1.52: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 99.575747][ T6007] CPU: 0 PID: 6007 Comm: syz.1.52 Not tainted syzkaller #0 [ 99.583048][ T6007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 99.593162][ T6007] Call Trace: [ 99.596479][ T6007] [ 99.599480][ T6007] dump_stack_lvl+0x18c/0x250 [ 99.604222][ T6007] ? show_regs_print_info+0x20/0x20 [ 99.609469][ T6007] ? load_image+0x400/0x400 [ 99.614009][ T6007] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 99.620461][ T6007] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 99.626997][ T6007] warn_alloc+0x246/0x340 [ 99.631385][ T6007] ? zone_watermark_ok_safe+0x230/0x230 [ 99.636980][ T6007] ? _raw_spin_unlock+0x28/0x40 [ 99.641876][ T6007] __vmalloc_node_range+0x662/0x1330 [ 99.647639][ T6007] ? __asan_memset+0x22/0x40 [ 99.652284][ T6007] ? free_vm_area+0x50/0x50 [ 99.656827][ T6007] ? kvmalloc_node+0x70/0x180 [ 99.661556][ T6007] ? rcu_is_watching+0x15/0xb0 [ 99.666356][ T6007] ? kvmalloc_node+0x70/0x180 [ 99.671067][ T6007] ? trace_kmalloc+0x1f/0x90 [ 99.675692][ T6007] kvmalloc_node+0x13f/0x180 [ 99.680317][ T6007] ? translate_table+0x192/0x2090 [ 99.685369][ T6007] translate_table+0x192/0x2090 [ 99.690276][ T6007] ? ip6t_register_table+0x7e0/0x7e0 [ 99.695597][ T6007] ? __might_fault+0xaa/0x120 [ 99.700306][ T6007] ? __lock_acquire+0x7d40/0x7d40 [ 99.705364][ T6007] ? __virt_addr_valid+0x18c/0x540 [ 99.710521][ T6007] ? __might_fault+0xaa/0x120 [ 99.715232][ T6007] ? __might_fault+0xc6/0x120 [ 99.719945][ T6007] ? __might_fault+0xaa/0x120 [ 99.724713][ T6007] do_ip6t_set_ctl+0x9fc/0xe10 [ 99.729516][ T6007] ? ip6t_unregister_table_exit+0x230/0x230 [ 99.735443][ T6007] ? __lock_acquire+0x7d40/0x7d40 [ 99.740504][ T6007] ? rcu_is_watching+0x15/0xb0 [ 99.745307][ T6007] ? trace_contention_end+0x39/0xe0 [ 99.750543][ T6007] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 99.756219][ T6007] ? mutex_unlock+0x10/0x10 [ 99.760771][ T6007] ? mutex_lock_nested+0x20/0x20 [ 99.765755][ T6007] nf_setsockopt+0x263/0x280 [ 99.770397][ T6007] ? sock_common_recvmsg+0x190/0x190 [ 99.775743][ T6007] smc_setsockopt+0x243/0xac0 [ 99.780473][ T6007] ? smc_shutdown+0x9b0/0x9b0 [ 99.785185][ T6007] ? __fget_files+0x28/0x4b0 [ 99.789815][ T6007] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 99.795393][ T6007] ? security_socket_setsockopt+0x7e/0xa0 [ 99.801149][ T6007] ? smc_shutdown+0x9b0/0x9b0 [ 99.805872][ T6007] do_sock_setsockopt+0x175/0x1a0 [ 99.810954][ T6007] ? __fdget+0x180/0x210 [ 99.815235][ T6007] __x64_sys_setsockopt+0x182/0x200 [ 99.820477][ T6007] do_syscall_64+0x55/0xa0 [ 99.824940][ T6007] ? clear_bhb_loop+0x40/0x90 [ 99.829651][ T6007] ? clear_bhb_loop+0x40/0x90 [ 99.834361][ T6007] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 99.840288][ T6007] RIP: 0033:0x7f3e3cf9aeb9 [ 99.844754][ T6007] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.864488][ T6007] RSP: 002b:00007f3e3de09028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 99.872948][ T6007] RAX: ffffffffffffffda RBX: 00007f3e3d215fa0 RCX: 00007f3e3cf9aeb9 [ 99.880950][ T6007] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 99.888956][ T6007] RBP: 00007f3e3d008c1f R08: 0000000000000330 R09: 0000000000000000 [ 99.896955][ T6007] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.904951][ T6007] R13: 00007f3e3d216038 R14: 00007f3e3d215fa0 R15: 00007ffdc89372b8 [ 99.913061][ T6007] [ 100.022378][ T6007] Mem-Info: [ 100.025585][ T6007] active_anon:5543 inactive_anon:0 isolated_anon:0 [ 100.025585][ T6007] active_file:1244 inactive_file:39924 isolated_file:0 [ 100.025585][ T6007] unevictable:791 dirty:1736 writeback:0 [ 100.025585][ T6007] slab_reclaimable:9829 slab_unreclaimable:92421 [ 100.025585][ T6007] mapped:24198 shmem:1361 pagetables:564 [ 100.025585][ T6007] sec_pagetables:0 bounce:0 [ 100.025585][ T6007] kernel_misc_reclaimable:0 [ 100.025585][ T6007] free:1348968 free_pcp:9761 free_cma:0 [ 100.147151][ T6007] Node 0 active_anon:22072kB inactive_anon:0kB active_file:4976kB inactive_file:159492kB unevictable:1628kB isolated(anon):0kB isolated(file):0kB mapped:96692kB dirty:6944kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11236kB pagetables:2156kB sec_pagetables:0kB all_unreclaimable? no [ 100.216735][ T6007] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 100.248315][ T6033] loop0: detected capacity change from 0 to 1024 [ 100.258924][ T6033] ======================================================= [ 100.258924][ T6033] WARNING: The mand mount option has been deprecated and [ 100.258924][ T6033] and is ignored by this kernel. Remove the mand [ 100.258924][ T6033] option from the mount to silence this warning. [ 100.258924][ T6033] ======================================================= [ 100.288682][ T6007] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 100.356004][ T6033] EXT4-fs: Ignoring removed mblk_io_submit option [ 100.381860][ T6007] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 100.398399][ T6007] Node 0 DMA32 free:1482704kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:22660kB inactive_anon:0kB active_file:4976kB inactive_file:158664kB unevictable:1536kB writepending:6944kB present:3129332kB managed:2586972kB mlocked:0kB bounce:0kB free_pcp:20472kB local_pcp:11856kB free_cma:0kB [ 100.445659][ T6033] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 100.455225][ T6007] lowmem_reserve[]: [ 100.458829][ T6033] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.491088][ T6007] 0 0 0 0 0 [ 100.494464][ T6007] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 100.529267][ T6033] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: comm syz.0.73: lblock 0 mapped to illegal pblock 0 (length 1) [ 100.543376][ T28] audit: type=1800 audit(1770274945.224:2): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.73" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 100.563940][ T6007] lowmem_reserve[]: 0 0 0 0 0 [ 100.570323][ T6007] Node 1 Normal free:3897104kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17888kB local_pcp:9824kB free_cma:0kB [ 100.648247][ T6007] lowmem_reserve[]: 0 0 0 0 0 [ 100.666340][ T6007] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 100.691001][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 100.715086][ T6007] Node 0 DMA32: 2*4kB (UE) 1*8kB (U) 0*16kB 0*32kB 2*64kB (ME) 1*128kB (E) 1*256kB (M) 2*512kB (UM) 2*1024kB (UE) 2*2048kB (ME) 360*4096kB (M) = 1482256kB [ 100.736089][ T6007] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 100.754101][ T6007] Node 1 Normal: 220*4kB (UME) 58*8kB (UME) 40*16kB (UME) 65*32kB (UME) 22*64kB (UME) 8*128kB (UME) 2*256kB (UM) 2*512kB (UE) 2*1024kB (UE) 2*2048kB (UE) 948*4096kB (M) = 3897184kB [ 100.876419][ T6007] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 100.903847][ T6007] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 100.922588][ T6007] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 100.935637][ T6007] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 100.946266][ T6007] 42532 total pagecache pages [ 100.951194][ T6007] 0 pages in swap cache [ 100.955406][ T6007] Free swap = 124996kB [ 100.962387][ T6047] loop2: detected capacity change from 0 to 128 [ 100.973041][ T6007] Total swap = 124996kB [ 101.004188][ T6047] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 101.011204][ T6007] 2097051 pages RAM [ 101.045937][ T6047] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.066130][ T6007] 0 pages HighMem/MovableOnly [ 101.084058][ T6007] 416922 pages reserved [ 101.095276][ T6007] 0 pages cma reserved [ 101.179194][ T5772] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 102.144021][ T6070] loop2: detected capacity change from 0 to 1764 [ 102.428473][ T6075] loop2: detected capacity change from 0 to 128 [ 102.604154][ T6075] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 102.638932][ T6075] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.659291][ T6072] loop3: detected capacity change from 0 to 8192 [ 102.740687][ T6072] loop3: p1 p2 p4 < > [ 102.763592][ T5772] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 102.764911][ T6072] loop3: partition table partially beyond EOD, truncated [ 102.817459][ T6072] loop3: p1 start 16777216 is beyond EOD, truncated [ 102.836049][ T6072] loop3: p2 size 515840 extends beyond EOD, truncated [ 102.879706][ T6072] loop3: p4 start 16777216 is beyond EOD, truncated [ 103.394115][ T5771] udevd[5771]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 103.762667][ T6103] loop0: detected capacity change from 0 to 128 [ 103.821472][ T6103] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 103.835396][ T6103] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.929344][ T5768] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 104.110740][ T6110] loop0: detected capacity change from 0 to 1024 [ 104.139595][ T6110] EXT4-fs: Ignoring removed orlov option [ 104.179531][ T6110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.334790][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.388029][ T6108] loop2: detected capacity change from 0 to 8192 [ 104.475498][ T6108] loop2: p1 p2 p4 < > [ 104.483006][ T6108] loop2: partition table partially beyond EOD, truncated [ 104.518817][ T6108] loop2: p1 start 16777216 is beyond EOD, truncated [ 104.531190][ T6108] loop2: p2 size 515840 extends beyond EOD, truncated [ 104.580515][ T6108] loop2: p4 start 16777216 is beyond EOD, truncated [ 104.939190][ T5771] udevd[5771]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 105.872669][ T6141] loop3: detected capacity change from 0 to 256 [ 106.018441][ T6141] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000003) [ 107.173457][ T6179] netlink: 'syz.2.118': attribute type 10 has an invalid length. [ 107.240028][ T6179] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.262348][ T6179] team0: Port device bond0 added [ 107.432579][ T6181] loop1: detected capacity change from 0 to 1024 [ 107.447467][ T6181] EXT4-fs: Ignoring removed orlov option [ 107.531029][ T6181] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.594733][ T28] audit: type=1800 audit(1770274952.284:3): pid=6181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.119" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 107.687690][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.064886][ T6200] Illegal XDP return value 4294967274 on prog (id 11) dev N/A, expect packet loss! [ 109.166311][ T6239] Zero length message leads to an empty skb [ 109.674540][ T6250] loop0: detected capacity change from 0 to 8192 [ 109.738610][ T6250] loop0: p1 p2 p4 < > [ 109.742777][ T6250] loop0: partition table partially beyond EOD, truncated [ 109.750707][ T6254] loop3: detected capacity change from 0 to 128 [ 109.777737][ T6250] loop0: p1 start 16777216 is beyond EOD, truncated [ 109.784462][ T6250] loop0: p2 size 515840 extends beyond EOD, truncated [ 109.825445][ T6254] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 109.857403][ T6250] loop0: p4 start 16777216 is beyond EOD, truncated [ 109.974558][ T6254] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.241936][ T5771] udevd[5771]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 110.300505][ T5769] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 110.619270][ T6275] syzkaller0: entered promiscuous mode [ 110.624835][ T6275] syzkaller0: entered allmulticast mode [ 110.705913][ T6277] netlink: 4 bytes leftover after parsing attributes in process `syz.1.159'. [ 111.509452][ T6305] loop1: detected capacity change from 0 to 512 [ 111.549746][ T6305] FAT-fs (loop1): Unrecognized mount option "umask=0NÜ5¦kß ÎNðÏÉç ¦0000000000000000000010" or missing value [ 111.599587][ T6305] tmpfs: Bad value for 'mpol' [ 111.777735][ T6311] loop1: detected capacity change from 0 to 764 [ 111.842958][ T5771] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 112.380175][ T6331] loop1: detected capacity change from 0 to 256 [ 112.424357][ T28] audit: type=1800 audit(1770274957.114:4): pid=6331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.182" name="file1" dev="loop1" ino=1048593 res=0 errno=0 [ 112.459512][ T6331] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097152) [ 112.494280][ T6331] FAT-fs (loop1): Filesystem has been set read-only [ 112.905478][ T6343] netlink: 4 bytes leftover after parsing attributes in process `syz.2.189'. [ 113.064507][ T6347] loop0: detected capacity change from 0 to 764 [ 113.120768][ T5771] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 113.239034][ T6352] loop3: detected capacity change from 0 to 128 [ 113.324741][ T6352] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 113.417210][ T6352] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.607403][ T5769] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 113.758359][ T6367] loop3: detected capacity change from 0 to 1024 [ 113.770546][ T6367] EXT4-fs: Ignoring removed orlov option [ 113.809436][ T6367] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.942609][ T28] audit: type=1800 audit(1770274958.634:5): pid=6367 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.198" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 113.977128][ T6376] netlink: 48 bytes leftover after parsing attributes in process `syz.2.202'. [ 114.086466][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.112647][ T6377] loop0: detected capacity change from 0 to 1764 [ 114.455709][ T6385] loop2: detected capacity change from 0 to 764 [ 114.573727][ T5771] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 114.920414][ T6402] loop0: detected capacity change from 0 to 1024 [ 114.930918][ T6402] EXT4-fs: Ignoring removed orlov option [ 114.979737][ T6402] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.017323][ T28] audit: type=1800 audit(1770274959.714:6): pid=6402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.212" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 115.047104][ T6404] syzkaller0: entered promiscuous mode [ 115.052709][ T6404] syzkaller0: entered allmulticast mode [ 115.161428][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.567704][ T6422] loop0: detected capacity change from 0 to 8192 [ 115.618845][ T6422] loop0: p1 p2 p4 < > [ 115.623040][ T6422] loop0: partition table partially beyond EOD, truncated [ 115.633427][ T6422] loop0: p1 start 16777216 is beyond EOD, truncated [ 115.647550][ T6422] loop0: p2 size 515840 extends beyond EOD, truncated [ 115.688308][ T6422] loop0: p4 start 16777216 is beyond EOD, truncated [ 115.755270][ T6424] loop1: detected capacity change from 0 to 2048 [ 115.777979][ T6424] EXT4-fs (loop1): cluster size (2048) smaller than block size (4096) [ 115.849726][ T5787] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 115.903284][ T6430] syzkaller1: entered promiscuous mode [ 115.935109][ T6430] syzkaller1: entered allmulticast mode [ 115.960512][ T6432] loop0: detected capacity change from 0 to 512 [ 116.035678][ T6432] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.052947][ T6432] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.114210][ T5771] udevd[5771]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 116.144951][ T6436] loop1: detected capacity change from 0 to 128 [ 116.199340][ T6436] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 116.248781][ T6436] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.460836][ T5770] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 116.498114][ T6443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.229'. [ 116.591937][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.867100][ T6449] syzkaller0: entered promiscuous mode [ 116.873504][ T6449] syzkaller0: entered allmulticast mode [ 117.481502][ T6469] syzkaller1: entered promiscuous mode [ 117.499509][ T6469] syzkaller1: entered allmulticast mode [ 117.842354][ T6476] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 117.868271][ T6476] ext4 filesystem being mounted at /62/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 117.942861][ T5768] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 118.382896][ T6489] set_capacity_and_notify: 2 callbacks suppressed [ 118.382912][ T6489] loop1: detected capacity change from 0 to 1024 [ 118.454864][ T6489] EXT4-fs: Ignoring removed nomblk_io_submit option [ 118.474502][ T6486] syzkaller0: entered promiscuous mode [ 118.492903][ T6486] syzkaller0: entered allmulticast mode [ 118.500056][ T6489] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 118.547229][ T6489] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 118.584135][ T6489] System zones: 0-1, 3-36 [ 118.636217][ T6489] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.831703][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.041181][ T6498] loop3: detected capacity change from 0 to 1024 [ 119.094103][ T6498] EXT4-fs: Ignoring removed orlov option [ 119.174095][ T6498] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 119.393939][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.884000][ T6512] loop3: detected capacity change from 0 to 1764 [ 120.264544][ T6526] loop2: detected capacity change from 0 to 128 [ 120.312953][ T6525] loop3: detected capacity change from 0 to 1024 [ 120.337919][ T6525] EXT4-fs: Ignoring removed orlov option [ 120.361029][ T6526] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 120.434529][ T6525] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 120.459966][ T6526] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 120.674244][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.757093][ T5772] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 120.952078][ T6542] loop0: detected capacity change from 0 to 1764 [ 120.977372][ T6544] syzkaller0: entered promiscuous mode [ 120.985243][ T6544] syzkaller0: entered allmulticast mode [ 121.468864][ T6559] loop2: detected capacity change from 0 to 1024 [ 121.496731][ T6559] EXT4-fs: Ignoring removed orlov option [ 121.563269][ T6559] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.647949][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.843931][ T6571] loop1: detected capacity change from 0 to 1764 [ 122.221651][ T6586] loop2: detected capacity change from 0 to 512 [ 122.290728][ T6586] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.306045][ T6586] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.385052][ T6590] loop3: detected capacity change from 0 to 1024 [ 122.405267][ T6590] EXT4-fs: Ignoring removed orlov option [ 122.468165][ T6590] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.661178][ T6600] netlink: 4 bytes leftover after parsing attributes in process `syz.0.285'. [ 122.747900][ T6592] EXT4-fs (loop1): cluster size (2048) smaller than block size (4096) [ 122.767559][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.777962][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.489905][ T6623] set_capacity_and_notify: 1 callbacks suppressed [ 123.489921][ T6623] loop1: detected capacity change from 0 to 512 [ 123.512712][ T6622] loop3: detected capacity change from 0 to 1024 [ 123.535023][ T6623] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.552496][ T6622] EXT4-fs: Ignoring removed orlov option [ 123.578734][ T6623] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.667214][ T6622] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.817218][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.877834][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.058748][ T6637] loop1: detected capacity change from 0 to 2048 [ 124.090640][ T6637] EXT4-fs (loop1): cluster size (2048) smaller than block size (4096) [ 124.685365][ T6657] loop2: detected capacity change from 0 to 128 [ 124.844904][ T6659] (null): rxe_set_mtu: Set mtu to 4096 [ 124.869339][ T6659] lo speed is unknown, defaulting to 1000 [ 124.915568][ T6659] lo speed is unknown, defaulting to 1000 [ 124.953838][ T6659] lo speed is unknown, defaulting to 1000 [ 125.717693][ T6659] infiniband syz1: set active [ 125.723294][ T6659] infiniband syz1: added lo [ 125.735386][ T5651] lo speed is unknown, defaulting to 1000 [ 125.755669][ T6659] syz1: rxe_create_cq: returned err = -12 [ 125.788290][ T6659] infiniband syz1: Couldn't create ib_mad CQ [ 125.804914][ T6659] infiniband syz1: Couldn't open port 1 [ 125.933130][ T6659] RDS/IB: syz1: added [ 125.939728][ T6659] smc: adding ib device syz1 with port count 1 [ 125.946632][ T6659] smc: ib device syz1 port 1 has pnetid [ 125.964412][ T5651] lo speed is unknown, defaulting to 1000 [ 125.984051][ T6659] lo speed is unknown, defaulting to 1000 [ 126.404042][ T6659] lo speed is unknown, defaulting to 1000 [ 126.423398][ T6697] loop1: detected capacity change from 0 to 512 [ 126.476412][ T6697] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.494468][ T6697] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.752582][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.985290][ T6659] lo speed is unknown, defaulting to 1000 [ 127.340421][ T6659] lo speed is unknown, defaulting to 1000 [ 127.581184][ T6725] loop3: detected capacity change from 0 to 512 [ 127.621369][ T6725] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.661692][ T6725] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.889634][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.897433][ T6718] lo speed is unknown, defaulting to 1000 [ 128.844639][ T6758] syzkaller0: entered promiscuous mode [ 128.850606][ T6758] syzkaller0: entered allmulticast mode [ 129.567562][ T6780] loop3: detected capacity change from 0 to 512 [ 129.595571][ T6780] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 129.626293][ T6780] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 129.653491][ T6782] syzkaller0: entered promiscuous mode [ 129.659382][ T6782] syzkaller0: entered allmulticast mode [ 129.672666][ T6780] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 129.701631][ T6780] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 129.712280][ T6780] System zones: 0-2, 18-18, 34-35 [ 129.723908][ T6780] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.753622][ T6780] fscrypt (loop3, inode 12): Error -61 getting encryption context [ 129.857094][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.060927][ T6785] 8021q: adding VLAN 0 to HW filter on device bond1 [ 130.152633][ T6791] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 130.789906][ T6816] loop1: detected capacity change from 0 to 1024 [ 130.844926][ T6816] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.015745][ T6823] loop2: detected capacity change from 0 to 764 [ 131.028783][ T6825] ================================================================== [ 131.036917][ T6825] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 131.044713][ T6825] Read of size 18446744073709551588 at addr ffff88802cc5e040 by task syz.1.370/6825 [ 131.054134][ T6825] [ 131.056512][ T6825] CPU: 1 PID: 6825 Comm: syz.1.370 Not tainted syzkaller #0 [ 131.063850][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 131.073962][ T6825] Call Trace: [ 131.077290][ T6825] [ 131.080262][ T6825] dump_stack_lvl+0x18c/0x250 [ 131.085018][ T6825] ? read_lock_is_recursive+0x20/0x20 [ 131.090456][ T6825] ? show_regs_print_info+0x20/0x20 [ 131.095805][ T6825] ? load_image+0x400/0x400 [ 131.100349][ T6825] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 131.105836][ T6825] ? __virt_addr_valid+0x18c/0x540 [ 131.111002][ T6825] ? __virt_addr_valid+0x469/0x540 [ 131.116161][ T6825] print_report+0xa8/0x210 [ 131.120617][ T6825] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 131.126126][ T6825] kasan_report+0x117/0x150 [ 131.130668][ T6825] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 131.136164][ T6825] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 131.141676][ T6825] kasan_check_range+0x241/0x290 [ 131.146660][ T6825] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 131.152250][ T6825] __asan_memmove+0x29/0x70 [ 131.156793][ T6825] ext4_xattr_set_entry+0x94b/0x1e90 [ 131.162122][ T6825] ext4_xattr_block_set+0xae8/0x32b0 [ 131.167532][ T6825] ? ext4_destroy_inode+0x200/0x200 [ 131.172794][ T6825] ? proc_nr_inodes+0x230/0x230 [ 131.177697][ T6825] ? do_raw_spin_unlock+0x121/0x230 [ 131.182954][ T6825] ? _raw_spin_unlock+0x28/0x40 [ 131.187852][ T6825] ? ext4_xattr_block_find+0x350/0x350 [ 131.193369][ T6825] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 131.199142][ T6825] ext4_xattr_set_handle+0xe2e/0x14c0 [ 131.204565][ T6825] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 131.210670][ T6825] ? __ext4_journal_start_sb+0x259/0x560 [ 131.216352][ T6825] ext4_xattr_set+0x252/0x340 [ 131.221071][ T6825] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 131.226653][ T6825] ? evm_protected_xattr_common+0x170/0x190 [ 131.232584][ T6825] ? ext4_xattr_security_get+0x40/0x40 [ 131.238075][ T6825] __vfs_setxattr+0x431/0x470 [ 131.242798][ T6825] __vfs_setxattr_noperm+0x12d/0x5e0 [ 131.248316][ T6825] vfs_setxattr+0x16b/0x2f0 [ 131.252864][ T6825] ? xattr_permission+0x470/0x470 [ 131.257930][ T6825] ? __mnt_want_write+0x223/0x2a0 [ 131.262992][ T6825] ? path_setxattr+0x3a1/0x5d0 [ 131.267876][ T6825] path_setxattr+0x3f3/0x5d0 [ 131.272497][ T6825] ? simple_xattrs_free+0x150/0x150 [ 131.277740][ T6825] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 131.283757][ T6825] ? lock_chain_count+0x20/0x20 [ 131.288641][ T6825] __x64_sys_setxattr+0xbb/0xd0 [ 131.294095][ T6825] do_syscall_64+0x55/0xa0 [ 131.298559][ T6825] ? clear_bhb_loop+0x40/0x90 [ 131.303289][ T6825] ? clear_bhb_loop+0x40/0x90 [ 131.308024][ T6825] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 131.313965][ T6825] RIP: 0033:0x7f3e3cf9aeb9 [ 131.318486][ T6825] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 131.338225][ T6825] RSP: 002b:00007f3e3dde8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 131.346681][ T6825] RAX: ffffffffffffffda RBX: 00007f3e3d216090 RCX: 00007f3e3cf9aeb9 [ 131.354761][ T6825] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 131.362764][ T6825] RBP: 00007f3e3d008c1f R08: 0000000000000000 R09: 0000000000000000 [ 131.370840][ T6825] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 131.378842][ T6825] R13: 00007f3e3d216128 R14: 00007f3e3d216090 R15: 00007ffdc89372b8 [ 131.386856][ T6825] [ 131.389904][ T6825] [ 131.392243][ T6825] Allocated by task 6825: [ 131.396589][ T6825] kasan_set_track+0x4e/0x70 [ 131.401206][ T6825] __kasan_kmalloc+0x8f/0xa0 [ 131.405826][ T6825] __kmalloc_node_track_caller+0xb2/0x230 [ 131.411618][ T6825] kmemdup+0x2b/0x70 [ 131.415548][ T6825] ext4_xattr_block_set+0x9ea/0x32b0 [ 131.420864][ T6825] ext4_xattr_set_handle+0xe2e/0x14c0 [ 131.426269][ T6825] ext4_xattr_set+0x252/0x340 [ 131.430971][ T6825] __vfs_setxattr+0x431/0x470 [ 131.435666][ T6825] __vfs_setxattr_noperm+0x12d/0x5e0 [ 131.440977][ T6825] vfs_setxattr+0x16b/0x2f0 [ 131.445512][ T6825] path_setxattr+0x3f3/0x5d0 [ 131.450143][ T6825] __x64_sys_setxattr+0xbb/0xd0 [ 131.455105][ T6825] do_syscall_64+0x55/0xa0 [ 131.459550][ T6825] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 131.465470][ T6825] [ 131.467809][ T6825] Last potentially related work creation: [ 131.473543][ T6825] kasan_save_stack+0x3e/0x60 [ 131.478250][ T6825] __kasan_record_aux_stack+0xaf/0xc0 [ 131.483656][ T6825] kvfree_call_rcu+0xee/0x790 [ 131.488377][ T6825] neigh_remove_one+0x5f1/0x700 [ 131.493257][ T6825] ___neigh_create+0x467/0x2440 [ 131.498133][ T6825] ip6_finish_output2+0x1581/0x1630 [ 131.503367][ T6825] NF_HOOK+0x167/0x4a0 [ 131.507468][ T6825] mld_sendpack+0x7f5/0xd50 [ 131.511998][ T6825] mld_ifc_work+0x835/0xb40 [ 131.516584][ T6825] process_scheduled_works+0xa5d/0x15d0 [ 131.522247][ T6825] worker_thread+0xa55/0xfc0 [ 131.526864][ T6825] kthread+0x2fa/0x390 [ 131.530955][ T6825] ret_from_fork+0x48/0x80 [ 131.535395][ T6825] ret_from_fork_asm+0x11/0x20 [ 131.540193][ T6825] [ 131.542538][ T6825] The buggy address belongs to the object at ffff88802cc5e000 [ 131.542538][ T6825] which belongs to the cache kmalloc-1k of size 1024 [ 131.556637][ T6825] The buggy address is located 64 bytes inside of [ 131.556637][ T6825] 1024-byte region [ffff88802cc5e000, ffff88802cc5e400) [ 131.570456][ T6825] [ 131.572801][ T6825] The buggy address belongs to the physical page: [ 131.579336][ T6825] page:ffffea0000b31600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2cc58 [ 131.589542][ T6825] head:ffffea0000b31600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 131.598492][ T6825] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 131.606501][ T6825] page_type: 0xffffffff() [ 131.610858][ T6825] raw: 00fff00000000840 ffff888017c41dc0 ffffea000092e200 dead000000000002 [ 131.619475][ T6825] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 131.628085][ T6825] page dumped because: kasan: bad access detected [ 131.634528][ T6825] page_owner tracks the page as allocated [ 131.640309][ T6825] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5772, tgid 5772 (syz-executor), ts 85518036209, free_ts 71341547223 [ 131.661794][ T6825] post_alloc_hook+0x1c1/0x200 [ 131.666618][ T6825] get_page_from_freelist+0x1951/0x19e0 [ 131.672193][ T6825] __alloc_pages+0x1f0/0x460 [ 131.676806][ T6825] alloc_slab_page+0x5d/0x160 [ 131.681604][ T6825] new_slab+0x87/0x2d0 [ 131.685882][ T6825] ___slab_alloc+0xc5d/0x12f0 [ 131.690600][ T6825] __kmem_cache_alloc_node+0x19e/0x250 [ 131.696093][ T6825] __kmalloc_node+0xa4/0x230 [ 131.700711][ T6825] kvmalloc_node+0x70/0x180 [ 131.705244][ T6825] rhashtable_init+0x57f/0xa80 [ 131.710036][ T6825] br_mdb_hash_init+0x26/0x90 [ 131.714775][ T6825] br_dev_init+0x17d/0x330 [ 131.719224][ T6825] register_netdevice+0x67b/0x1bb0 [ 131.724395][ T6825] br_dev_newlink+0x27/0x100 [ 131.729041][ T6825] rtnl_newlink+0x1542/0x20a0 [ 131.733756][ T6825] rtnetlink_rcv_msg+0x869/0xfa0 [ 131.738724][ T6825] page last free stack trace: [ 131.743763][ T6825] free_unref_page_prepare+0x7b2/0x8c0 [ 131.749252][ T6825] free_unref_page+0x32/0x2e0 [ 131.753963][ T6825] __slab_free+0x35a/0x400 [ 131.758420][ T6825] qlist_free_all+0x75/0xd0 [ 131.762992][ T6825] kasan_quarantine_reduce+0x143/0x160 [ 131.768481][ T6825] __kasan_slab_alloc+0x22/0x80 [ 131.773356][ T6825] slab_post_alloc_hook+0x6e/0x4b0 [ 131.778498][ T6825] kmem_cache_alloc+0x11a/0x2d0 [ 131.783374][ T6825] getname_flags+0xbb/0x500 [ 131.787913][ T6825] __x64_sys_unlink+0x3c/0x50 [ 131.792615][ T6825] do_syscall_64+0x55/0xa0 [ 131.797097][ T6825] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 131.803014][ T6825] [ 131.805358][ T6825] Memory state around the buggy address: [ 131.811032][ T6825] ffff88802cc5df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 131.819121][ T6825] ffff88802cc5df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 131.827379][ T6825] >ffff88802cc5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 131.835540][ T6825] ^ [ 131.841708][ T6825] ffff88802cc5e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 131.849787][ T6825] ffff88802cc5e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 131.857877][ T6825] ================================================================== [ 131.882228][ T6825] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 131.889497][ T6825] CPU: 0 PID: 6825 Comm: syz.1.370 Not tainted syzkaller #0 [ 131.896827][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 131.906937][ T6825] Call Trace: [ 131.910255][ T6825] [ 131.913218][ T6825] dump_stack_lvl+0x18c/0x250 [ 131.917954][ T6825] ? show_regs_print_info+0x20/0x20 [ 131.923205][ T6825] ? load_image+0x400/0x400 [ 131.927758][ T6825] panic+0x2dc/0x730 [ 131.931700][ T6825] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 131.937911][ T6825] ? bpf_jit_dump+0xd0/0xd0 [ 131.942474][ T6825] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 131.948503][ T6825] ? _raw_spin_unlock+0x40/0x40 [ 131.953502][ T6825] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 131.959011][ T6825] check_panic_on_warn+0x84/0xa0 [ 131.964005][ T6825] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 131.969524][ T6825] end_report+0x6f/0x130 [ 131.973829][ T6825] kasan_report+0x128/0x150 [ 131.978391][ T6825] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 131.983912][ T6825] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 131.989432][ T6825] kasan_check_range+0x241/0x290 [ 131.994422][ T6825] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 131.999948][ T6825] __asan_memmove+0x29/0x70 [ 132.004505][ T6825] ext4_xattr_set_entry+0x94b/0x1e90 [ 132.009869][ T6825] ext4_xattr_block_set+0xae8/0x32b0 [ 132.015224][ T6825] ? ext4_destroy_inode+0x200/0x200 [ 132.020480][ T6825] ? proc_nr_inodes+0x230/0x230 [ 132.025388][ T6825] ? do_raw_spin_unlock+0x121/0x230 [ 132.030642][ T6825] ? _raw_spin_unlock+0x28/0x40 [ 132.035546][ T6825] ? ext4_xattr_block_find+0x350/0x350 [ 132.041077][ T6825] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 132.046534][ T6825] ext4_xattr_set_handle+0xe2e/0x14c0 [ 132.051989][ T6825] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 132.058040][ T6825] ? __ext4_journal_start_sb+0x259/0x560 [ 132.063745][ T6825] ext4_xattr_set+0x252/0x340 [ 132.068506][ T6825] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 132.074122][ T6825] ? evm_protected_xattr_common+0x170/0x190 [ 132.080265][ T6825] ? ext4_xattr_security_get+0x40/0x40 [ 132.085785][ T6825] __vfs_setxattr+0x431/0x470 [ 132.090528][ T6825] __vfs_setxattr_noperm+0x12d/0x5e0 [ 132.095879][ T6825] vfs_setxattr+0x16b/0x2f0 [ 132.100452][ T6825] ? xattr_permission+0x470/0x470 [ 132.105557][ T6825] ? __mnt_want_write+0x223/0x2a0 [ 132.110644][ T6825] ? path_setxattr+0x3a1/0x5d0 [ 132.115583][ T6825] path_setxattr+0x3f3/0x5d0 [ 132.120237][ T6825] ? simple_xattrs_free+0x150/0x150 [ 132.125507][ T6825] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 132.131636][ T6825] ? lock_chain_count+0x20/0x20 [ 132.136542][ T6825] __x64_sys_setxattr+0xbb/0xd0 [ 132.141455][ T6825] do_syscall_64+0x55/0xa0 [ 132.145927][ T6825] ? clear_bhb_loop+0x40/0x90 [ 132.150744][ T6825] ? clear_bhb_loop+0x40/0x90 [ 132.155470][ T6825] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 132.161395][ T6825] RIP: 0033:0x7f3e3cf9aeb9 [ 132.165858][ T6825] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 132.185515][ T6825] RSP: 002b:00007f3e3dde8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 132.193982][ T6825] RAX: ffffffffffffffda RBX: 00007f3e3d216090 RCX: 00007f3e3cf9aeb9 [ 132.202001][ T6825] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 132.210025][ T6825] RBP: 00007f3e3d008c1f R08: 0000000000000000 R09: 0000000000000000 [ 132.218044][ T6825] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 132.226067][ T6825] R13: 00007f3e3d216128 R14: 00007f3e3d216090 R15: 00007ffdc89372b8 [ 132.234104][ T6825] [ 132.237725][ T6825] Kernel Offset: disabled [ 132.242059][ T6825] Rebooting in 86400 seconds..