last executing test programs: 1m17.692695089s ago: executing program 3 (id=5500): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(0xffffffffffffffff, 0x4018f50b, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f38c1f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607104c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa87ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09002100000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf4ece4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000acc4d4ba52084d9b997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562e00e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb2214209ed2d5d776e22a2a798de44aeadea2a40da8daccf080842a486216e6949f5e195d2cb2003016f1514216bdf57d2a40d40b55ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c7f5db2fea6f26e4a4304e50c349f4f608ce27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e30400000000000000000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f921860c6e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a95d32f46ed9bd1f00fb8191bbab2dc599dda61fe2010000294800323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854256cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd210819203828b202779d386ed295f023c67d867014d12ca3c471c7868e75a7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e824f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5cd628ab84875f2deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c49a0189da9173c62f0ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b0600b805d5edd9d188daf28d8935a9c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f5"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}}}]}, 0x48}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) write$binfmt_script(r1, &(0x7f00000016c0), 0x3af4701e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'gre0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x3c0, 0x43) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="0201130010061e00cb2f4359b648d5ed0000388dcf66ac141415ef06e63a808a5e5cbd43af9111aa0c520f06"], 0x3000}], 0x1}, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x80004700) 1m17.266461846s ago: executing program 3 (id=5506): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f00000018c0), 0xffffffffffffffff) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) preadv(r1, &(0x7f0000000980)=[{&(0x7f0000000580)=""/109, 0x6d}], 0x1, 0xa, 0xfffffff9) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x44) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000100)={[{@delalloc}, {@data_err_abort}, {@barrier}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@jqfmt_vfsv0}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001600)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r3 = open(&(0x7f00000000c0)='./file1\x00', 0x66842, 0x19) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffe4}], 0x1, 0x1400, 0x0, 0x0) r4 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002380)="1b0000001a007f029e741683c28f7b331c00"/27, 0x1b}], 0x1}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000009c0)='kfree\x00', r9}, 0x10) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000215c0000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b8010000180090001006c617374000000001000018009000100"], 0xe0}, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 1m15.806510498s ago: executing program 3 (id=5516): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) unshare(0x22020600) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r0, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 1m14.938074072s ago: executing program 3 (id=5524): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f00000018c0), 0xffffffffffffffff) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) preadv(r1, &(0x7f0000000980)=[{&(0x7f0000000580)=""/109, 0x6d}], 0x1, 0xa, 0xfffffff9) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x44) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000100)={[{@delalloc}, {@data_err_abort}, {@barrier}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@jqfmt_vfsv0}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001600)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r3 = open(&(0x7f00000000c0)='./file1\x00', 0x66842, 0x19) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffe4}], 0x1, 0x1400, 0x0, 0x0) r4 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002380)="1b0000001a007f029e741683c28f7b331c00"/27, 0x1b}], 0x1}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000009c0)='kfree\x00', r9}, 0x10) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000215c0000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b8010000180090001006c617374000000001000018009000100"], 0xe0}, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 1m14.186710443s ago: executing program 0 (id=5528): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) 1m13.890148227s ago: executing program 0 (id=5529): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)="67d8901bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c14498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d3abc8a75ac1f30e53a0eff506f6e6b369ba6c5306e91acaa94e89d3bff4e52cd151235f3defff171c60b91c0c5aeb29736830a09b262dbe4c7ed149885a054de1d7ff5bcecd7a50061814ceefb", 0x9d}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df895d9907e4afb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b907e0974f1073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf4dee8512f3bac440f5d5e4bed6b897608b01eae26a54433e5f5c74a2ee3c2fc50067be05a677ff52a7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fedb679328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e27252804059094a318c4cdeeddd5793a42", 0x3c5}], 0x2}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 1m13.630144861s ago: executing program 0 (id=5531): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1m13.431007514s ago: executing program 3 (id=5533): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000002c0)={@void, @void, @eth={@random="339ed397e389", @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}, @val={@val={0x88a8, 0x2, 0x1}, {0x8100, 0x7, 0x1, 0x4}}, {@ipv4={0x800, @udp={{0x14, 0x4, 0x0, 0x0, 0x58, 0x0, 0xe000, 0xbc, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, {[@timestamp_prespec={0x44, 0x14, 0xf9, 0x3, 0xf, [{@local, 0x9}, {@broadcast, 0xe84}]}, @ssrr={0x89, 0xf, 0x9e, [@private=0xa010100, @local, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ssrr={0x89, 0x13, 0x91, [@private=0xa010102, @rand_addr=0x64010101, @local, @remote]}, @ra={0x94, 0x4}]}}, {0xa000, 0x86da, 0x8}}}}}}, 0x6e) 1m13.322502146s ago: executing program 0 (id=5534): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @generic={0x66}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1m13.103687149s ago: executing program 0 (id=5537): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) 1m13.001796141s ago: executing program 0 (id=5540): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000580)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@errors_remount}, {@grpid}, {@orlov}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r5, 0x0, 0x1, 0x0) vmsplice(r5, &(0x7f0000000380)=[{&(0x7f0000000180)}], 0x1, 0x6) ioctl$sock_inet_udp_SIOCINQ(r5, 0x541b, 0x0) write(r3, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r5}, 0x8) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYRES64=r1], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x130, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r6, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x10, &(0x7f0000002e00), 0x0, 0x0, 0xa0, 0x8, 0x0, 0x0}}, 0x10) r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r6, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) r9 = add_key$keyring(&(0x7f0000000340), 0x0, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f00000001c0)='ceph\x00', 0x0, &(0x7f0000000840)='\x00\x00\x00\x00\x00\x00\x00\x00\x00*\x00\x00', 0xc, r9) write$binfmt_script(r8, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r8, 0x0) fdatasync(r8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ftruncate(r8, 0x5) 1m12.977374871s ago: executing program 3 (id=5541): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f00000018c0), 0xffffffffffffffff) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) preadv(r1, &(0x7f0000000980)=[{&(0x7f0000000580)=""/109, 0x6d}], 0x1, 0xa, 0xfffffff9) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c}}, 0x44) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000100)={[{@delalloc}, {@data_err_abort}, {@barrier}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@jqfmt_vfsv0}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001600)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r3 = open(&(0x7f00000000c0)='./file1\x00', 0x66842, 0x19) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffe4}], 0x1, 0x1400, 0x0, 0x0) r4 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002380)="1b0000001a007f029e741683c28f7b331c00"/27, 0x1b}], 0x1}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000009c0)='kfree\x00', r9}, 0x10) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000215c0000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b8010000180090001006c617374000000001000018009000100"], 0xe0}, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 57.93849607s ago: executing program 32 (id=5540): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000580)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@errors_remount}, {@grpid}, {@orlov}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r5, 0x0, 0x1, 0x0) vmsplice(r5, &(0x7f0000000380)=[{&(0x7f0000000180)}], 0x1, 0x6) ioctl$sock_inet_udp_SIOCINQ(r5, 0x541b, 0x0) write(r3, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r5}, 0x8) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYRES64=r1], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x130, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r6, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x10, &(0x7f0000002e00), 0x0, 0x0, 0xa0, 0x8, 0x0, 0x0}}, 0x10) r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r6, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) r9 = add_key$keyring(&(0x7f0000000340), 0x0, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f00000001c0)='ceph\x00', 0x0, &(0x7f0000000840)='\x00\x00\x00\x00\x00\x00\x00\x00\x00*\x00\x00', 0xc, r9) write$binfmt_script(r8, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r8, 0x0) fdatasync(r8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ftruncate(r8, 0x5) 57.890739131s ago: executing program 33 (id=5541): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f00000018c0), 0xffffffffffffffff) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) preadv(r1, &(0x7f0000000980)=[{&(0x7f0000000580)=""/109, 0x6d}], 0x1, 0xa, 0xfffffff9) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c}}, 0x44) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000100)={[{@delalloc}, {@data_err_abort}, {@barrier}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@jqfmt_vfsv0}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001600)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r3 = open(&(0x7f00000000c0)='./file1\x00', 0x66842, 0x19) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffe4}], 0x1, 0x1400, 0x0, 0x0) r4 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002380)="1b0000001a007f029e741683c28f7b331c00"/27, 0x1b}], 0x1}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000009c0)='kfree\x00', r9}, 0x10) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000215c0000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b8010000180090001006c617374000000001000018009000100"], 0xe0}, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 20.410977289s ago: executing program 2 (id=5888): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc89, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000008500000007000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 20.312672671s ago: executing program 2 (id=5889): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) readv(r0, &(0x7f0000001180)=[{&(0x7f0000000000)=""/186, 0xba}], 0x1) ioctl$IMADDTIMER(r0, 0x80044940, 0x0) 18.942850572s ago: executing program 2 (id=5893): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000840)={0x300, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0xa8}}, 0x4000) 18.880086783s ago: executing program 2 (id=5895): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc89, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000008500000007000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 18.816341954s ago: executing program 2 (id=5897): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)="67d8901bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c14498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d3abc8a75ac1f30e53a0eff506f6e6b369ba6c5306e91acaa94e89d3bff4e52cd151235f3defff171c60b91c0c5aeb29736830a09b262dbe4c7ed149885a054de1d7ff5bcecd7a50061814c", 0x9b}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df895d9907e4afb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b907e0974f1073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf4dee8512f3bac440f5d5e4bed6b897608b01eae26a54433e5f5c74a2ee3c2fc50067be05a677ff52a7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fedb679328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e27252804059094a318c4cdeeddd5793a427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9", 0x3e4}], 0x2}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 18.749934485s ago: executing program 2 (id=5899): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close_range(0xffffffffffffffff, r2, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r5) sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, r6, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x8004) write$nci(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r5], 0x4) 17.359603746s ago: executing program 1 (id=5907): bpf$MAP_CREATE(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000570000"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) 16.404344541s ago: executing program 1 (id=5908): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000840)={0x300, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0xa8}}, 0x4000) 16.361274921s ago: executing program 1 (id=5909): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a99985000000040000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r0}, 0x18) r1 = syz_open_dev$vcsn(&(0x7f0000000180), 0x0, 0x26642) fsetxattr$security_capability(r1, &(0x7f0000000280), &(0x7f0000000380)=@v3={0x3000000, [{0x5, 0x82}, {0x80000000, 0xffffaf0a}]}, 0x18, 0x0) 16.308348762s ago: executing program 1 (id=5910): r0 = syz_open_procfs(0xffffffffffffffff, 0x0) fchdir(r0) setxattr$incfs_metadata(0x0, 0x0, 0x0, 0x0, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYBLOB='\x00\x00\x00\x00\x00'], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='&\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) recvmsg$unix(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1}, 0x0) sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0) getgid() prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) removexattr(0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r7, 0x0, 0x178}, 0x18) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) 15.428486835s ago: executing program 1 (id=5911): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) mremap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000, 0xf452ff85b85f9f6f, &(0x7f00006f6000/0x2000)=nil) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_print_times', 0x149a82, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) 15.384850756s ago: executing program 1 (id=5912): r0 = socket$netlink(0x10, 0x3, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth1_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r1, {0x5, 0x8}, {0xfff1, 0xffff}, {0xd, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x3000c81c) socket$kcm(0x10, 0x5, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000007c0)="d800000019007b29e00212ba0d8105040a601100fe02040b067c55a1bc001400090006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95ca0200010000730d7a5025ccca262f3d40fad95667e04adcca634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb50000000000003469302403c844388b9214428c6c5df771a8d8e4da2ce86404882b53566ed52b5afe1cbc149c8c68c0e92b5c0cb52bb12eeb92d71f67ff288c", 0x111}], 0x1, 0x0, 0x0, 0x2663}, 0x20000041) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305829, &(0x7f00000003c0)={0x17c04, 0xffffffffffffffff, 0x4ea, 0xfffd, 0x0, 0x8}) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0x1, @multicast, 'geneve0\x00'}}, 0x1e) socket$pppoe(0x18, 0x1, 0x0) socket$pppoe(0x18, 0x1, 0x0) close(r3) 3.502514046s ago: executing program 34 (id=5899): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close_range(0xffffffffffffffff, r2, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r5) sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, r6, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x8004) write$nci(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r5], 0x4) 0s ago: executing program 35 (id=5912): r0 = socket$netlink(0x10, 0x3, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth1_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r1, {0x5, 0x8}, {0xfff1, 0xffff}, {0xd, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x3000c81c) socket$kcm(0x10, 0x5, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000007c0)="d800000019007b29e00212ba0d8105040a601100fe02040b067c55a1bc001400090006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95ca0200010000730d7a5025ccca262f3d40fad95667e04adcca634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb50000000000003469302403c844388b9214428c6c5df771a8d8e4da2ce86404882b53566ed52b5afe1cbc149c8c68c0e92b5c0cb52bb12eeb92d71f67ff288c", 0x111}], 0x1, 0x0, 0x0, 0x2663}, 0x20000041) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305829, &(0x7f00000003c0)={0x17c04, 0xffffffffffffffff, 0x4ea, 0xfffd, 0x0, 0x8}) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0x1, @multicast, 'geneve0\x00'}}, 0x1e) socket$pppoe(0x18, 0x1, 0x0) socket$pppoe(0x18, 0x1, 0x0) close(r3) kernel console output (not intermixed with test programs): 3 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f351318e929 code=0x7ffc0000 [ 484.905158][ T28] audit: type=1326 audit(1750144251.223:6009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17103 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351318e929 code=0x7ffc0000 [ 484.950818][ T28] audit: type=1326 audit(1750144251.223:6010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17103 comm="syz.0.4277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351318e929 code=0x7ffc0000 [ 485.069365][T17123] hub 2-0:1.0: USB hub found [ 485.076410][T17123] hub 2-0:1.0: 1 port detected [ 486.122231][T17146] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4289'. [ 486.259558][T17149] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4287'. [ 488.193725][T17232] hub 2-0:1.0: USB hub found [ 488.209622][T17232] hub 2-0:1.0: 1 port detected [ 489.947414][T17297] futex_wake_op: syz.1.4338 tries to shift op by -1; fix this program [ 490.712047][T17329] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4351'. [ 491.697415][T17359] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4361'. [ 491.762177][T17365] futex_wake_op: syz.0.4365 tries to shift op by -1; fix this program [ 491.926063][ T28] kauditd_printk_skb: 110 callbacks suppressed [ 491.926077][ T28] audit: type=1326 audit(1750144258.473:6121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17361 comm="syz.1.4363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 491.994225][ T28] audit: type=1326 audit(1750144258.473:6122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17361 comm="syz.1.4363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 492.044086][ T28] audit: type=1326 audit(1750144258.473:6123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17361 comm="syz.1.4363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 492.081452][ T28] audit: type=1326 audit(1750144258.473:6124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17361 comm="syz.1.4363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 492.134247][ T28] audit: type=1326 audit(1750144258.473:6125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17361 comm="syz.1.4363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 492.184165][ T28] audit: type=1326 audit(1750144258.473:6126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17361 comm="syz.1.4363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 492.234092][ T28] audit: type=1326 audit(1750144258.533:6127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17361 comm="syz.1.4363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 492.288539][ T28] audit: type=1326 audit(1750144258.533:6128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17361 comm="syz.1.4363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 492.344065][ T28] audit: type=1326 audit(1750144258.633:6129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17361 comm="syz.1.4363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 492.393746][ T28] audit: type=1326 audit(1750144258.633:6130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17361 comm="syz.1.4363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 493.291037][T17401] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4374'. [ 493.709379][T17409] loop1: detected capacity change from 0 to 2048 [ 493.752914][T17409] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 494.406413][T17442] futex_wake_op: syz.2.4387 tries to shift op by -1; fix this program [ 496.944783][ T28] kauditd_printk_skb: 38 callbacks suppressed [ 496.944797][ T28] audit: type=1326 audit(1750144263.493:6169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17464 comm="syz.0.4393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351318e929 code=0x7ffc0000 [ 497.005968][ T28] audit: type=1326 audit(1750144263.493:6170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17464 comm="syz.0.4393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351318e929 code=0x7ffc0000 [ 497.481329][ T28] audit: type=1326 audit(1750144263.573:6171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17474 comm="syz.0.4393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f351318e929 code=0x7ffc0000 [ 497.850926][T17489] futex_wake_op: syz.0.4398 tries to shift op by -1; fix this program [ 498.065376][T11574] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 499.058712][ T28] audit: type=1326 audit(1750144265.603:6172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17506 comm="syz.1.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 499.105248][ T28] audit: type=1326 audit(1750144265.633:6173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17506 comm="syz.1.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 499.133149][ T28] audit: type=1326 audit(1750144265.633:6174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17506 comm="syz.1.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 499.166323][ T28] audit: type=1326 audit(1750144265.633:6175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17506 comm="syz.1.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 499.199575][ T28] audit: type=1326 audit(1750144265.633:6176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17506 comm="syz.1.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 499.273416][ T28] audit: type=1326 audit(1750144265.633:6177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17506 comm="syz.1.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 499.360028][ T28] audit: type=1326 audit(1750144265.633:6178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17506 comm="syz.1.4406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6168d8e929 code=0x7ffc0000 [ 500.003800][T17526] loop3: detected capacity change from 0 to 1024 [ 500.062644][T17526] EXT4-fs: Ignoring removed nobh option [ 500.104449][T17526] EXT4-fs: Ignoring removed bh option [ 500.143540][T17526] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 500.211703][T17526] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 500.395608][T17541] futex_wake_op: syz.1.4413 tries to shift op by -1; fix this program [ 501.081157][T11999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 501.639208][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.646995][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.927024][T17567] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4420'. [ 502.705747][T17575] loop3: detected capacity change from 0 to 1024 [ 502.835223][T17575] EXT4-fs: Ignoring removed nobh option [ 502.863419][T17575] EXT4-fs: Ignoring removed bh option [ 502.883535][T17575] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 502.949347][T17581] futex_wake_op: syz.0.4423 tries to shift op by -1; fix this program [ 502.989482][T17575] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 503.027909][ T28] kauditd_printk_skb: 19 callbacks suppressed [ 503.027924][ T28] audit: type=1800 audit(1750144269.573:6198): pid=17575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4422" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 503.327072][T11999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 503.689048][T17615] loop3: detected capacity change from 0 to 2048 [ 503.765677][T17615] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 505.258143][ T28] audit: type=1326 audit(1750144271.803:6199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17636 comm="syz.0.4437" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f351318e929 code=0x0 [ 505.611257][T17646] loop1: detected capacity change from 0 to 256 [ 505.629680][T17646] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 506.752987][T11999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 506.826048][T17661] futex_wake_op: syz.2.4445 tries to shift op by -1; fix this program [ 507.981426][T17689] loop1: detected capacity change from 0 to 2048 [ 508.031709][T17689] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 508.777063][T17708] loop3: detected capacity change from 0 to 256 [ 508.872645][T17708] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 510.496247][T11574] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 511.115053][T17758] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4473'. [ 511.244670][T17758] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4473'. [ 511.300545][T17761] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4473'. [ 511.423619][T17758] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4473'. [ 513.146194][T17791] sg_write: data in/out 2012/14 bytes for SCSI command 0x0-- guessing data in; [ 513.146194][T17791] program syz.2.4483 not setting count and/or reply_len properly [ 513.475540][T17801] loop3: detected capacity change from 0 to 2048 [ 513.526316][T17801] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 513.628830][ T28] audit: type=1326 audit(1750144280.173:6200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17807 comm="syz.2.4489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 513.676029][ T28] audit: type=1326 audit(1750144280.193:6201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17807 comm="syz.2.4489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 513.709094][T17801] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 513.726143][ T28] audit: type=1326 audit(1750144280.203:6202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17807 comm="syz.2.4489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 513.765395][T17801] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 386 with error 28 [ 513.798409][T17801] EXT4-fs (loop3): This should not happen!! Data will be lost [ 513.798409][T17801] [ 513.803750][ T28] audit: type=1326 audit(1750144280.203:6203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17807 comm="syz.2.4489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 513.814106][T17801] EXT4-fs (loop3): Total free blocks count 0 [ 513.845428][ T28] audit: type=1326 audit(1750144280.203:6204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17807 comm="syz.2.4489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 513.873730][T17801] EXT4-fs (loop3): Free/Dirty block details [ 513.880744][T17801] EXT4-fs (loop3): free_blocks=2415919104 [ 513.886829][T17801] EXT4-fs (loop3): dirty_blocks=400 [ 513.902072][T17801] EXT4-fs (loop3): Block reservation details [ 513.911509][T17801] EXT4-fs (loop3): i_reserved_data_blocks=25 [ 513.917760][ T28] audit: type=1326 audit(1750144280.463:6205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17810 comm="syz.2.4490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 513.972545][ T28] audit: type=1326 audit(1750144280.463:6206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17810 comm="syz.2.4490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 514.000229][ T28] audit: type=1326 audit(1750144280.463:6207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17810 comm="syz.2.4490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 514.025379][ T28] audit: type=1326 audit(1750144280.463:6208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17810 comm="syz.2.4490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 514.051184][ T28] audit: type=1326 audit(1750144280.473:6209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17810 comm="syz.2.4490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 514.089138][T11999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 514.243434][T17821] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4493'. [ 514.324267][T17821] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4493'. [ 514.419470][T17826] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4493'. [ 514.456103][T17826] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4493'. [ 514.478213][T17821] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4493'. [ 515.226568][T17849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 515.255633][T17849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 515.268292][T17849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 515.294474][T17849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 515.316030][T17849] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 515.323645][T17849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 515.356814][ T5766] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 515.391703][ T5766] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 515.399808][ T5766] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 515.408155][ T5766] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 515.416071][ T5766] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 515.423501][ T5766] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 516.181510][T17846] chnl_net:caif_netlink_parms(): no params data found [ 516.222593][T17863] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4505'. [ 516.246473][T17867] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4504'. [ 516.343405][T17863] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4505'. [ 516.466648][T17881] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4505'. [ 516.518178][T17875] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4505'. [ 516.558135][T17846] bridge0: port 1(bridge_slave_0) entered blocking state [ 516.565469][T17846] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.567660][T17863] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4505'. [ 516.582304][T17846] bridge_slave_0: entered allmulticast mode [ 516.598585][T17846] bridge_slave_0: entered promiscuous mode [ 516.638511][T17846] bridge0: port 2(bridge_slave_1) entered blocking state [ 516.659057][T17846] bridge0: port 2(bridge_slave_1) entered disabled state [ 516.684467][T17846] bridge_slave_1: entered allmulticast mode [ 516.691569][T17846] bridge_slave_1: entered promiscuous mode [ 516.771080][T17846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 516.796801][T17846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 516.948333][T17846] team0: Port device team_slave_0 added [ 516.976558][T17846] team0: Port device team_slave_1 added [ 517.122135][T17846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 517.139212][T17846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 517.174704][T17846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 517.202080][T17846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 517.219441][T17846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 517.267539][T17846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 517.345551][T17846] hsr_slave_0: entered promiscuous mode [ 517.355514][T17846] hsr_slave_1: entered promiscuous mode [ 517.374515][T17846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 517.386260][T17846] Cannot create hsr debugfs directory [ 517.474716][ T5766] Bluetooth: hci4: command tx timeout [ 517.879740][T17913] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4515'. [ 517.998146][T17917] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4516'. [ 518.456214][T17927] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4519'. [ 518.567479][T17927] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4519'. [ 518.738224][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 518.738238][ T28] audit: type=1326 audit(1750144285.283:6232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.4518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a818e929 code=0x7ffc0000 [ 518.825481][ T28] audit: type=1326 audit(1750144285.293:6233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17939 comm="syz.3.4518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f80a81c11e5 code=0x7ffc0000 [ 518.868532][ T28] audit: type=1326 audit(1750144285.313:6234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.4518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a818e929 code=0x7ffc0000 [ 518.918048][T17846] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 518.936643][T17846] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 518.952070][ T28] audit: type=1326 audit(1750144285.333:6235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.4518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f80a818e929 code=0x7ffc0000 [ 518.982886][ T28] audit: type=1326 audit(1750144285.343:6236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.4518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a818e929 code=0x7ffc0000 [ 519.019426][ T28] audit: type=1326 audit(1750144285.343:6237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.4518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a818e929 code=0x7ffc0000 [ 519.063599][ T28] audit: type=1326 audit(1750144285.343:6238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.4518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f80a818e929 code=0x7ffc0000 [ 519.114487][ T28] audit: type=1326 audit(1750144285.343:6239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.4518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a818e929 code=0x7ffc0000 [ 519.156056][T17846] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 519.179715][T17846] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 519.182745][ T28] audit: type=1326 audit(1750144285.343:6240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.4518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f80a818e929 code=0x7ffc0000 [ 519.284298][ T28] audit: type=1326 audit(1750144285.363:6241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.4518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80a818e929 code=0x7ffc0000 [ 519.466311][ T1130] hsr_slave_1: left promiscuous mode [ 519.479835][ T1130] bridge_slave_1: left allmulticast mode [ 519.490703][ T1130] bridge_slave_1: left promiscuous mode [ 519.504304][ T1130] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.544846][ T1130] bridge_slave_0: left allmulticast mode [ 519.550555][ T1130] bridge_slave_0: left promiscuous mode [ 519.556486][ T5766] Bluetooth: hci4: command tx timeout [ 519.562226][ T1130] bridge0: port 1(bridge_slave_0) entered disabled state [ 519.577681][ T1130] dummy0: left allmulticast mode [ 519.582772][ T1130] dummy0: left promiscuous mode [ 519.588098][ T1130] team0: left allmulticast mode [ 519.593064][ T1130] team_slave_0: left allmulticast mode [ 519.601127][ T1130] team_slave_1: left allmulticast mode [ 519.606808][ T1130] team0: left promiscuous mode [ 519.611731][ T1130] team_slave_0: left promiscuous mode [ 519.618017][ T1130] team_slave_1: left promiscuous mode [ 519.716964][ T1130] pimreg (unregistering): left allmulticast mode [ 520.341627][ T1130] team0 (unregistering): Port device team_slave_1 removed [ 520.416440][ T1130] team0 (unregistering): Port device team_slave_0 removed [ 520.472650][ T1130] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 520.518900][ T1130] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 521.142883][ T1130] bond0 (unregistering): Released all slaves [ 521.466117][T17846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 521.546571][T17846] 8021q: adding VLAN 0 to HW filter on device team0 [ 521.611109][T17972] __nla_validate_parse: 3 callbacks suppressed [ 521.611126][T17972] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4524'. [ 521.636938][ T5766] Bluetooth: hci4: command tx timeout [ 521.647812][ T3456] bridge0: port 1(bridge_slave_0) entered blocking state [ 521.655014][ T3456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 521.689002][ T3456] bridge0: port 2(bridge_slave_1) entered blocking state [ 521.696254][ T3456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 521.822850][T17846] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 521.839881][T17846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 522.246835][T17846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 522.384099][T17846] veth0_vlan: entered promiscuous mode [ 522.422197][T17846] veth1_vlan: entered promiscuous mode [ 522.473553][T17846] veth0_macvtap: entered promiscuous mode [ 522.529521][T17846] veth1_macvtap: entered promiscuous mode [ 522.588440][T17846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 522.618720][T17846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 522.646748][T17846] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.665245][T17846] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.685889][T17846] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.705027][T17846] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.832280][T18010] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4533'. [ 522.949641][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 522.979588][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 523.032974][ T1130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 523.048503][ T1130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 523.305277][T18021] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4536'. [ 523.353645][T18021] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4536'. [ 523.565765][T18027] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4536'. [ 523.639355][T18029] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4536'. [ 523.697714][T18021] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4536'. [ 523.718544][ T5766] Bluetooth: hci4: command tx timeout [ 523.942072][T18040] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4543'. [ 523.990887][T18040] dummy0: entered promiscuous mode [ 524.003153][T18040] macvtap6: entered promiscuous mode [ 524.020133][T18040] macvtap6: entered allmulticast mode [ 524.027248][T18040] dummy0: entered allmulticast mode [ 524.046664][T18046] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4543'. [ 524.058430][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 524.058443][ T28] audit: type=1326 audit(1750144290.603:6250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18039 comm="syz.2.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 524.097702][T18046] dummy0: left allmulticast mode [ 524.114433][ T28] audit: type=1326 audit(1750144290.603:6251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18039 comm="syz.2.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 524.114983][T18046] dummy0: left promiscuous mode [ 524.149625][ T28] audit: type=1326 audit(1750144290.603:6252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18039 comm="syz.2.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 524.209044][ T28] audit: type=1326 audit(1750144290.603:6253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18039 comm="syz.2.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 524.264494][ T28] audit: type=1326 audit(1750144290.633:6254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18039 comm="syz.2.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 524.310572][ T28] audit: type=1326 audit(1750144290.653:6255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18039 comm="syz.2.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 524.354810][ T28] audit: type=1326 audit(1750144290.723:6256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18039 comm="syz.2.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 524.414717][ T28] audit: type=1326 audit(1750144290.723:6257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18039 comm="syz.2.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 524.465021][ T28] audit: type=1326 audit(1750144290.723:6258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18049 comm="syz.2.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9bae1c11e5 code=0x7ffc0000 [ 524.534425][ T28] audit: type=1326 audit(1750144290.753:6259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18039 comm="syz.2.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9bae12ab19 code=0x7ffc0000 [ 526.354631][T18087] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4556'. [ 527.829006][T18119] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4567'. [ 529.180749][T18147] syzkaller1: entered promiscuous mode [ 529.186882][T18147] syzkaller1: entered allmulticast mode [ 529.222660][T18152] futex_wake_op: syz.3.4579 tries to shift op by -1; fix this program [ 531.280855][T18184] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4591'. [ 531.364658][T18184] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4591'. [ 531.460640][T18192] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4591'. [ 531.482239][T18192] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4591'. [ 531.531724][T18184] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4591'. [ 531.537724][T18196] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4593'. [ 531.644974][T18198] futex_wake_op: syz.2.4594 tries to shift op by -1; fix this program [ 531.861399][T18205] loop1: detected capacity change from 0 to 1024 [ 531.887350][T18205] EXT4-fs: Ignoring removed nobh option [ 531.913512][T18205] EXT4-fs: Ignoring removed bh option [ 531.941949][T18205] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 532.268380][T18205] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 532.319560][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 532.319574][ T28] audit: type=1800 audit(1750144298.863:6284): pid=18200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4595" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 532.722082][T11574] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 532.973280][T18232] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4603'. [ 533.075511][T18232] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4603'. [ 533.114966][ C0] vcan0: j1939_tp_rxtimer: 0xffff888067028800: rx timeout, send abort [ 533.291433][T18237] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4603'. [ 533.339812][T18232] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4603'. [ 533.363663][T18237] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4603'. [ 533.375444][T18242] loop3: detected capacity change from 0 to 2048 [ 533.434444][T18242] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 533.624947][ C0] vcan0: j1939_tp_rxtimer: 0xffff888067028800: abort rx timeout. Force session deactivation [ 533.660207][T18247] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 533.678449][T18247] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 418 with error 28 [ 533.704771][T18247] EXT4-fs (loop3): This should not happen!! Data will be lost [ 533.704771][T18247] [ 533.716866][T18247] EXT4-fs (loop3): Total free blocks count 0 [ 533.723032][T18247] EXT4-fs (loop3): Free/Dirty block details [ 533.731152][T18247] EXT4-fs (loop3): free_blocks=2415919104 [ 533.745913][T18247] EXT4-fs (loop3): dirty_blocks=432 [ 533.751270][T18247] EXT4-fs (loop3): Block reservation details [ 533.760635][T18247] EXT4-fs (loop3): i_reserved_data_blocks=27 [ 533.884405][ T78] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 534.374850][T18271] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4614'. [ 534.465301][T18271] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4614'. [ 534.558796][T18275] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4614'. [ 534.656827][T18277] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4614'. [ 534.681297][T18271] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4614'. [ 534.793451][T18283] loop3: detected capacity change from 0 to 2048 [ 534.842266][T18283] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 535.147357][T18291] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 535.194160][T18291] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 180 with max blocks 208 with error 28 [ 535.224334][T18291] EXT4-fs (loop3): This should not happen!! Data will be lost [ 535.224334][T18291] [ 535.254064][T18291] EXT4-fs (loop3): Total free blocks count 0 [ 535.260123][T18291] EXT4-fs (loop3): Free/Dirty block details [ 535.274298][T18291] EXT4-fs (loop3): free_blocks=2415919104 [ 535.280096][T18291] EXT4-fs (loop3): dirty_blocks=400 [ 535.294053][T18291] EXT4-fs (loop3): Block reservation details [ 535.318503][T18291] EXT4-fs (loop3): i_reserved_data_blocks=25 [ 535.419395][ T3485] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 535.988828][T18321] loop3: detected capacity change from 0 to 1024 [ 536.018003][T18321] EXT4-fs: Ignoring removed nobh option [ 536.047684][T18321] EXT4-fs: Ignoring removed bh option [ 536.077132][T18321] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 536.129071][T18321] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 536.179810][ T28] audit: type=1800 audit(1750144302.723:6285): pid=18321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4628" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 536.755535][T11999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 537.618664][T18388] loop3: detected capacity change from 0 to 1024 [ 537.648093][T18388] EXT4-fs: Ignoring removed nobh option [ 537.663367][T18388] EXT4-fs: Ignoring removed bh option [ 537.720424][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805d1a1000: rx timeout, send abort [ 537.757159][T18388] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 537.845772][T18388] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 537.860978][ T28] audit: type=1326 audit(1750144304.403:6286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18406 comm="syz.2.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 537.933910][ T28] audit: type=1326 audit(1750144304.433:6287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18406 comm="syz.2.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 538.007599][ T28] audit: type=1326 audit(1750144304.433:6288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18406 comm="syz.2.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 538.073419][ T28] audit: type=1326 audit(1750144304.433:6289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18406 comm="syz.2.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 538.104914][ T28] audit: type=1326 audit(1750144304.433:6290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18406 comm="syz.2.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 538.136379][ T28] audit: type=1326 audit(1750144304.433:6291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18406 comm="syz.2.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 538.224196][ T28] audit: type=1326 audit(1750144304.433:6292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18406 comm="syz.2.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 538.228754][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805d1a1000: abort rx timeout. Force session deactivation [ 538.296144][ T28] audit: type=1326 audit(1750144304.433:6293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18406 comm="syz.2.4657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bae18e929 code=0x7ffc0000 [ 538.380721][ T28] audit: type=1800 audit(1750144304.473:6294): pid=18388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4652" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 538.423134][T18422] loop1: detected capacity change from 0 to 512 [ 538.449200][T11999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 538.528377][T18422] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 538.588388][T18422] ext4 filesystem being mounted at /525/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 538.593846][T18432] __nla_validate_parse: 16 callbacks suppressed [ 538.593862][T18432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4665'. [ 538.751729][T18432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4665'. [ 538.762427][ T28] audit: type=1326 audit(1750144305.293:6295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18436 comm="syz.0.4666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47ce18e929 code=0x7ffc0000 [ 538.794950][T11574] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 538.869812][T18435] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4665'. [ 538.954221][T18434] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4665'. [ 538.972608][T18432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4665'. [ 539.587899][T18473] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4679'. [ 539.599844][T18474] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4678'. [ 539.636644][T18473] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4679'. [ 539.822370][T18476] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4679'. [ 539.874994][T18478] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4679'. [ 540.234330][T18494] syzkaller1: entered promiscuous mode [ 540.239871][T18494] syzkaller1: entered allmulticast mode [ 540.818922][T18521] futex_wake_op: syz.1.4693 tries to shift op by -1; fix this program [ 541.196099][T18526] loop3: detected capacity change from 0 to 1024 [ 541.209110][T18526] EXT4-fs: Ignoring removed nobh option [ 541.224383][T18526] EXT4-fs: Ignoring removed bh option [ 541.233625][T18526] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 541.287479][T18526] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 542.007502][T11999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 542.193323][T18574] loop3: detected capacity change from 0 to 2048 [ 542.300895][T18574] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 542.572442][T18584] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 542.605435][T18584] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 244 with error 28 [ 542.639597][T18584] EXT4-fs (loop3): This should not happen!! Data will be lost [ 542.639597][T18584] [ 542.671394][T18584] EXT4-fs (loop3): Total free blocks count 0 [ 542.701324][T18584] EXT4-fs (loop3): Free/Dirty block details [ 542.718848][T18584] EXT4-fs (loop3): free_blocks=2415919104 [ 542.744469][T18584] EXT4-fs (loop3): dirty_blocks=256 [ 542.772197][T18584] EXT4-fs (loop3): Block reservation details [ 542.789211][T18584] EXT4-fs (loop3): i_reserved_data_blocks=16 [ 542.920031][ T78] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 543.376744][T18597] loop1: detected capacity change from 0 to 1024 [ 543.414590][T18597] EXT4-fs: Ignoring removed nobh option [ 543.420222][T18597] EXT4-fs: Ignoring removed bh option [ 543.454113][T18597] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 543.502306][T18597] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 543.539572][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 543.539585][ T28] audit: type=1800 audit(1750144310.083:6305): pid=18597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4714" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 543.598022][T18619] __nla_validate_parse: 13 callbacks suppressed [ 543.598039][T18619] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4719'. [ 544.106759][T11574] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 545.029788][T18660] loop1: detected capacity change from 0 to 1024 [ 545.030681][T18660] EXT4-fs: Ignoring removed nobh option [ 545.030701][T18660] EXT4-fs: Ignoring removed bh option [ 545.034613][T18660] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 545.063488][T18660] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 545.084098][ T28] audit: type=1800 audit(1750144311.623:6306): pid=18660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4736" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 545.107487][T18667] loop3: detected capacity change from 0 to 2048 [ 545.151224][T18667] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 545.305271][T18677] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 545.305574][T18677] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 242 with error 28 [ 545.305601][T18677] EXT4-fs (loop3): This should not happen!! Data will be lost [ 545.305601][T18677] [ 545.305615][T18677] EXT4-fs (loop3): Total free blocks count 0 [ 545.305629][T18677] EXT4-fs (loop3): Free/Dirty block details [ 545.305644][T18677] EXT4-fs (loop3): free_blocks=2415919104 [ 545.305659][T18677] EXT4-fs (loop3): dirty_blocks=256 [ 545.305672][T18677] EXT4-fs (loop3): Block reservation details [ 545.305684][T18677] EXT4-fs (loop3): i_reserved_data_blocks=16 [ 545.636250][T11999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 545.837647][T11574] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 547.087549][T18717] vlan2: entered allmulticast mode [ 547.463954][T18727] Driver unsupported XDP return value 0 on prog (id 2094) dev N/A, expect packet loss! [ 547.708249][T18735] futex_wake_op: syz.1.4760 tries to shift op by -1; fix this program [ 548.187409][T18742] loop1: detected capacity change from 0 to 2048 [ 548.293831][T18742] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 548.344216][T18742] ext4 filesystem being mounted at /553/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 549.431003][T11574] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 549.756464][T18785] futex_wake_op: syz.2.4781 tries to shift op by -1; fix this program [ 549.983314][T18795] futex_wake_op: syz.1.4784 tries to shift op by -1; fix this program [ 551.496099][T18826] futex_wake_op: syz.0.4795 tries to shift op by -1; fix this program [ 552.999371][T18866] futex_wake_op: syz.3.4809 tries to shift op by -1; fix this program [ 553.415588][T18874] loop3: detected capacity change from 0 to 2048 [ 553.502725][T18874] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 553.526596][T18874] ext4 filesystem being mounted at /586/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 553.557710][T18882] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set [ 554.696782][T11999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 555.277720][T18917] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4826'. [ 555.516857][T18872] syz.0.4811: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 555.554911][T18872] CPU: 1 PID: 18872 Comm: syz.0.4811 Not tainted 6.6.93-syzkaller #0 [ 555.563051][T18872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 555.573291][T18872] Call Trace: [ 555.576599][T18872] [ 555.579556][T18872] dump_stack_lvl+0x16c/0x230 [ 555.584298][T18872] ? show_regs_print_info+0x20/0x20 [ 555.589535][T18872] ? load_image+0x3b0/0x3b0 [ 555.594114][T18872] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 555.600566][T18872] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 555.607109][T18872] warn_alloc+0x210/0x300 [ 555.611654][T18872] ? zone_watermark_ok_safe+0x230/0x230 [ 555.617772][T18872] ? _raw_spin_unlock+0x28/0x40 [ 555.623113][T18872] __vmalloc_node_range+0x662/0x1320 [ 555.628520][T18872] ? free_vm_area+0x50/0x50 [ 555.633062][T18872] ? _raw_spin_unlock+0x28/0x40 [ 555.637951][T18872] ? __kasan_kmalloc+0x8f/0xa0 [ 555.642753][T18872] __vmalloc_node_range+0x568/0x1320 [ 555.648141][T18872] ? hash_netiface_create+0x361/0xff0 [ 555.653550][T18872] ? __asan_memset+0x22/0x40 [ 555.658185][T18872] ? free_vm_area+0x50/0x50 [ 555.662697][T18872] ? kvmalloc_node+0x70/0x180 [ 555.667395][T18872] ? rcu_is_watching+0x15/0xb0 [ 555.672165][T18872] ? kvmalloc_node+0x70/0x180 [ 555.676845][T18872] ? trace_kmalloc+0x1f/0xa0 [ 555.681436][T18872] kvmalloc_node+0x13f/0x180 [ 555.686028][T18872] ? hash_netiface_create+0x361/0xff0 [ 555.691407][T18872] hash_netiface_create+0x361/0xff0 [ 555.696602][T18872] ? __lock_acquire+0x7c80/0x7c80 [ 555.701623][T18872] ? __nla_parse+0x40/0x50 [ 555.706033][T18872] ? hash_netport6_gc+0x570/0x570 [ 555.711055][T18872] ip_set_create+0xa87/0x18e0 [ 555.715744][T18872] ? ip_set_create+0x4b2/0x18e0 [ 555.720614][T18872] ? ip_set_protocol+0x5d0/0x5d0 [ 555.725643][T18872] ? trace_contention_end+0x39/0xe0 [ 555.730865][T18872] nfnetlink_rcv_msg+0xb49/0x1130 [ 555.735890][T18872] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 555.741959][T18872] ? nfnetlink_rcv_msg+0x20e/0x1130 [ 555.747176][T18872] ? nfnetlink_unbind+0x160/0x160 [ 555.752215][T18872] ? __dev_queue_xmit+0x1a64/0x35a0 [ 555.757408][T18872] ? __netlink_deliver_tap+0x5ab/0x830 [ 555.762864][T18872] ? netlink_deliver_tap+0x19c/0x1b0 [ 555.768144][T18872] ? netlink_unicast+0x72b/0x8c0 [ 555.773075][T18872] ? netlink_sendmsg+0x8c1/0xbe0 [ 555.778016][T18872] ? ____sys_sendmsg+0x5bf/0x950 [ 555.782950][T18872] ? ___sys_sendmsg+0x220/0x290 [ 555.787803][T18872] ? __se_sys_sendmsg+0x1a5/0x270 [ 555.792841][T18872] ? do_syscall_64+0x55/0xb0 [ 555.797478][T18872] netlink_rcv_skb+0x216/0x480 [ 555.802259][T18872] ? nfnetlink_unbind+0x160/0x160 [ 555.807295][T18872] ? netlink_ack+0x1110/0x1110 [ 555.812151][T18872] ? apparmor_capable+0x137/0x1a0 [ 555.817174][T18872] ? bpf_lsm_capable+0x9/0x10 [ 555.821859][T18872] ? security_capable+0x89/0xb0 [ 555.826745][T18872] nfnetlink_rcv+0x274/0x2180 [ 555.831436][T18872] ? __local_bh_enable_ip+0x12e/0x1c0 [ 555.836805][T18872] ? lockdep_hardirqs_on+0x98/0x150 [ 555.842000][T18872] ? __local_bh_enable_ip+0x12e/0x1c0 [ 555.847370][T18872] ? _local_bh_enable+0xa0/0xa0 [ 555.852221][T18872] ? __dev_queue_xmit+0x245/0x35a0 [ 555.857472][T18872] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 555.863229][T18872] ? __dev_queue_xmit+0x245/0x35a0 [ 555.868390][T18872] ? ref_tracker_free+0x634/0x7d0 [ 555.873436][T18872] ? __copy_skb_header+0xa7/0x550 [ 555.878483][T18872] ? refcount_inc+0x70/0x70 [ 555.883015][T18872] ? __skb_clone+0x63/0x790 [ 555.887796][T18872] ? __skb_clone+0x480/0x790 [ 555.892402][T18872] ? __netlink_deliver_tap+0x7e8/0x830 [ 555.897881][T18872] ? netlink_deliver_tap+0x2e/0x1b0 [ 555.903105][T18872] ? __lock_acquire+0x7c80/0x7c80 [ 555.908138][T18872] ? netlink_deliver_tap+0x2e/0x1b0 [ 555.913343][T18872] netlink_unicast+0x750/0x8c0 [ 555.918117][T18872] netlink_sendmsg+0x8c1/0xbe0 [ 555.922886][T18872] ? netlink_getsockopt+0x580/0x580 [ 555.928175][T18872] ? aa_sock_msg_perm+0x94/0x150 [ 555.933111][T18872] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 555.938410][T18872] ? security_socket_sendmsg+0x80/0xa0 [ 555.943882][T18872] ? netlink_getsockopt+0x580/0x580 [ 555.949092][T18872] ____sys_sendmsg+0x5bf/0x950 [ 555.953863][T18872] ? __asan_memset+0x22/0x40 [ 555.958457][T18872] ? __sys_sendmsg_sock+0x30/0x30 [ 555.963470][T18872] ? __import_iovec+0x5f2/0x860 [ 555.968324][T18872] ? import_iovec+0x73/0xa0 [ 555.972820][T18872] ___sys_sendmsg+0x220/0x290 [ 555.977492][T18872] ? __sys_sendmsg+0x270/0x270 [ 555.982285][T18872] __se_sys_sendmsg+0x1a5/0x270 [ 555.987133][T18872] ? __x64_sys_sendmsg+0x80/0x80 [ 555.992080][T18872] ? lockdep_hardirqs_on+0x98/0x150 [ 555.997278][T18872] do_syscall_64+0x55/0xb0 [ 556.001698][T18872] ? clear_bhb_loop+0x40/0x90 [ 556.006388][T18872] ? clear_bhb_loop+0x40/0x90 [ 556.011166][T18872] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 556.017084][T18872] RIP: 0033:0x7f47ce18e929 [ 556.021519][T18872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 556.041128][T18872] RSP: 002b:00007f47cf090038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 556.049542][T18872] RAX: ffffffffffffffda RBX: 00007f47ce3b5fa0 RCX: 00007f47ce18e929 [ 556.057525][T18872] RDX: 0000000000000810 RSI: 0000200000000040 RDI: 0000000000000008 [ 556.065506][T18872] RBP: 00007f47ce210b39 R08: 0000000000000000 R09: 0000000000000000 [ 556.073477][T18872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 556.081460][T18872] R13: 0000000000000000 R14: 00007f47ce3b5fa0 R15: 00007ffdfd04a978 [ 556.089465][T18872] [ 556.092613][ C1] vkms_vblank_simulate: vblank timer overrun [ 556.102130][T18872] Mem-Info: [ 556.106700][T18872] active_anon:10741 inactive_anon:0 isolated_anon:0 [ 556.106700][T18872] active_file:1252 inactive_file:40051 isolated_file:0 [ 556.106700][T18872] unevictable:768 dirty:179 writeback:0 [ 556.106700][T18872] slab_reclaimable:10484 slab_unreclaimable:133756 [ 556.106700][T18872] mapped:34862 shmem:5853 pagetables:944 [ 556.106700][T18872] sec_pagetables:0 bounce:0 [ 556.106700][T18872] kernel_misc_reclaimable:0 [ 556.106700][T18872] free:1276176 free_pcp:8264 free_cma:0 [ 556.158016][T18872] Node 0 active_anon:40244kB inactive_anon:0kB active_file:5008kB inactive_file:160000kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:139468kB dirty:720kB writeback:0kB shmem:19176kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11248kB pagetables:3796kB sec_pagetables:0kB all_unreclaimable? no [ 556.208743][T18872] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 556.239459][T18872] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 556.305689][T18872] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 556.320199][T18872] Node 0 DMA32 free:1180636kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:40000kB inactive_anon:0kB active_file:5008kB inactive_file:158692kB unevictable:1536kB writepending:720kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:27116kB local_pcp:8576kB free_cma:0kB [ 556.389461][T18872] lowmem_reserve[]: 0 0 1 1 1 [ 556.404130][T18872] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1308kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 556.467459][T18872] lowmem_reserve[]: 0 0 0 0 0 [ 556.479137][T18872] Node 1 Normal free:3908436kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:9216kB local_pcp:7552kB free_cma:0kB [ 556.506035][T18938] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4836'. [ 556.537370][T18872] lowmem_reserve[]: 0 0 0 0 0 [ 556.543254][T18872] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 556.572444][T18872] Node 0 DMA32: 9*4kB (E) 33*8kB (UME) 23*16kB (UE) 57*32kB (UME) 79*64kB (ME) 51*128kB (UME) 18*256kB (UM) 3*512kB (ME) 2*1024kB (ME) 4*2048kB (UME) 280*4096kB (UM) = 1177340kB [ 556.612777][T18872] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 556.628032][T18872] Node 1 Normal: 237*4kB (UME) 60*8kB (UME) 56*16kB (UME) 204*32kB (UME) 59*64kB (UE) 12*128kB (UME) 2*256kB (UE) 1*512kB (M) 2*1024kB (UE) 2*2048kB (UE) 949*4096kB (M) = 3908436kB [ 556.676366][T18872] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 556.688338][T18872] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 556.698820][T18872] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 556.710415][T18872] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 556.720778][T18872] 46466 total pagecache pages [ 556.739320][T18872] 0 pages in swap cache [ 556.772154][T18872] Free swap = 124472kB [ 556.835049][T18872] Total swap = 124996kB [ 556.839268][T18872] 2097051 pages RAM [ 556.843089][T18872] 0 pages HighMem/MovableOnly [ 556.854499][T18872] 416120 pages reserved [ 556.858712][T18872] 0 pages cma reserved [ 560.815922][T17849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 560.831565][T17849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 560.842218][T17849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 560.858883][T17849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 560.868132][T17849] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 560.894821][T17849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 561.000852][ T28] audit: type=1326 audit(1750144327.543:6307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19024 comm="syz.2.4875" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9bae18e929 code=0x0 [ 561.223689][T19038] futex_wake_op: syz.1.4880 tries to shift op by -1; fix this program [ 561.429701][T19018] chnl_net:caif_netlink_parms(): no params data found [ 561.441051][T19038] loop1: detected capacity change from 0 to 2048 [ 561.461477][T19038] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 561.473922][T19038] ext4 filesystem being mounted at /589/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 561.592445][T11574] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 561.820594][ T58] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.917181][T19018] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.933505][T19018] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.951341][T19018] bridge_slave_0: entered allmulticast mode [ 561.962304][T19018] bridge_slave_0: entered promiscuous mode [ 562.001003][ T58] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.031452][T19018] bridge0: port 2(bridge_slave_1) entered blocking state [ 562.039439][T19018] bridge0: port 2(bridge_slave_1) entered disabled state [ 562.048982][T19018] bridge_slave_1: entered allmulticast mode [ 562.060104][T19018] bridge_slave_1: entered promiscuous mode [ 562.138045][ T58] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.220887][T19018] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 562.250328][T19074] loop1: detected capacity change from 0 to 2048 [ 562.278110][ T58] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.316614][T19018] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 562.337391][T19074] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 562.476285][T19018] team0: Port device team_slave_0 added [ 562.513590][T19018] team0: Port device team_slave_1 added [ 562.537820][T19079] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 562.584322][T19079] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 90 with max blocks 104 with error 28 [ 562.611313][T19018] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 562.623832][T19018] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 562.630736][T19079] EXT4-fs (loop1): This should not happen!! Data will be lost [ 562.630736][T19079] [ 562.655179][T19018] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 562.683633][ T28] audit: type=1326 audit(1750144329.223:6308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19081 comm="syz.0.4892" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f47ce18e929 code=0x0 [ 562.713309][T19018] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 562.727698][T19018] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 562.728637][T19079] EXT4-fs (loop1): Total free blocks count 0 [ 562.757031][T19018] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 562.781740][T19079] EXT4-fs (loop1): Free/Dirty block details [ 562.799458][T19079] EXT4-fs (loop1): free_blocks=2415919104 [ 562.812372][T19079] EXT4-fs (loop1): dirty_blocks=208 [ 562.828131][T19079] EXT4-fs (loop1): Block reservation details [ 562.846119][T19079] EXT4-fs (loop1): i_reserved_data_blocks=13 [ 562.889059][T19018] hsr_slave_0: entered promiscuous mode [ 562.897351][T19018] hsr_slave_1: entered promiscuous mode [ 562.905425][T19018] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 562.914364][T17849] Bluetooth: hci0: command tx timeout [ 562.923502][T19018] Cannot create hsr debugfs directory [ 562.965905][ T48] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 563.079806][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.173273][T19087] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 563.596193][T19098] tipc: Started in network mode [ 563.602518][T19098] tipc: Node identity ac14140f, cluster identity 4711 [ 563.617765][T19098] tipc: New replicast peer: 255.255.255.255 [ 563.648674][T19098] tipc: Enabled bearer , priority 10 [ 564.102605][T19123] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4901'. [ 564.373820][T19018] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 564.435967][T19135] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4904'. [ 564.455640][T19018] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 564.474617][T19018] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 564.511100][T19018] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 564.616405][ T58] hsr_slave_1: left promiscuous mode [ 564.632112][ T58] bridge_slave_1: left allmulticast mode [ 564.643440][ T58] bridge_slave_1: left promiscuous mode [ 564.657494][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 564.724165][ T28] audit: type=1326 audit(1750144331.243:6309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19137 comm="syz.2.4905" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9bae18e929 code=0x0 [ 564.771209][ T786] tipc: Node number set to 2886997007 [ 564.798490][ T58] bridge_slave_0: left allmulticast mode [ 564.818691][ T58] bridge_slave_0: left promiscuous mode [ 564.996674][T17849] Bluetooth: hci0: command tx timeout [ 565.182307][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 565.622390][ T58] team0: left allmulticast mode [ 565.633935][ T58] team_slave_0: left allmulticast mode [ 565.639651][ T58] team_slave_1: left allmulticast mode [ 565.646633][ T58] team0: left promiscuous mode [ 565.651925][ T58] team_slave_0: left promiscuous mode [ 565.657892][ T58] team_slave_1: left promiscuous mode [ 565.683653][ T58] veth1_macvtap: left allmulticast mode [ 565.706070][ T58] veth1_macvtap: left promiscuous mode [ 565.712181][ T58] veth0_macvtap: left promiscuous mode [ 565.724447][ T58] veth1_vlan: left promiscuous mode [ 565.730062][ T58] veth0_vlan: left promiscuous mode [ 566.513805][ T58] team0 (unregistering): Port device team_slave_1 removed [ 566.566185][ T58] team0 (unregistering): Port device team_slave_0 removed [ 566.615803][ T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 566.662748][ T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 567.084596][ T5766] Bluetooth: hci0: command tx timeout [ 567.295419][ T58] bond0 (unregistering): Released all slaves [ 568.168357][T19018] 8021q: adding VLAN 0 to HW filter on device bond0 [ 568.269051][T19018] 8021q: adding VLAN 0 to HW filter on device team0 [ 568.346835][ T1130] bridge0: port 1(bridge_slave_0) entered blocking state [ 568.355576][ T1130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 568.397055][ T1130] bridge0: port 2(bridge_slave_1) entered blocking state [ 568.404275][ T1130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 568.839550][T19208] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4925'. [ 568.959684][T19018] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 569.082984][T19018] veth0_vlan: entered promiscuous mode [ 569.125570][T19018] veth1_vlan: entered promiscuous mode [ 569.154837][ T5766] Bluetooth: hci0: command tx timeout [ 569.505285][T19018] veth0_macvtap: entered promiscuous mode [ 569.825579][T19018] veth1_macvtap: entered promiscuous mode [ 569.991736][T19018] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 570.023028][T19018] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.044669][T19018] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 570.245106][T19018] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 570.270746][T19018] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.298679][T19018] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 570.357232][T19018] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.374531][T19018] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.392521][T19018] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.401718][T19018] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.559574][ T1130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.573386][ T1130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.617840][T19231] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4933'. [ 570.631321][ T1130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.647682][ T1130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.813501][T19235] futex_wake_op: syz.3.4869 tries to shift op by -1; fix this program [ 571.902269][T19242] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 572.349859][T19258] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4941'. [ 573.115966][T19284] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4952'. [ 573.833817][T19307] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4961'. [ 574.366718][ T28] audit: type=1326 audit(1750144340.893:6310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19319 comm="syz.2.4966" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9bae18e929 code=0x0 [ 574.879583][T19333] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4971'. [ 574.919186][T17849] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 574.932468][T17849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 574.941384][T17849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 574.951289][T17849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 574.959919][T17849] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 574.967565][T17849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 575.483107][ T48] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.516855][T19334] chnl_net:caif_netlink_parms(): no params data found [ 575.650245][ T48] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.688953][T19362] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4979'. [ 575.841172][ T48] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.901861][T19334] bridge0: port 1(bridge_slave_0) entered blocking state [ 575.909641][T19334] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.919877][ T28] audit: type=1326 audit(1750144342.463:6311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19369 comm="syz.3.4981" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4be8f8e929 code=0x0 [ 575.921872][T19334] bridge_slave_0: entered allmulticast mode [ 575.953308][T19334] bridge_slave_0: entered promiscuous mode [ 575.986011][ T48] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.019616][T19334] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.027922][T19334] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.036129][T19334] bridge_slave_1: entered allmulticast mode [ 576.043802][T19334] bridge_slave_1: entered promiscuous mode [ 576.105316][T19334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 576.126102][T19334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 576.191217][T19334] team0: Port device team_slave_0 added [ 576.202393][T19334] team0: Port device team_slave_1 added [ 576.311173][T19334] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 576.325669][T19334] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 576.353100][T19334] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 576.387554][T19334] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 576.394774][T19334] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 576.421939][T19334] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 576.554772][T19334] hsr_slave_0: entered promiscuous mode [ 576.577220][T19334] hsr_slave_1: entered promiscuous mode [ 576.599757][T19334] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 576.616385][T19334] Cannot create hsr debugfs directory [ 576.631953][ T48] tipc: Disabling bearer [ 576.655128][ T48] tipc: Left network mode [ 576.817539][T19390] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4987'. [ 577.005966][T17849] Bluetooth: hci1: command tx timeout [ 578.688419][ T28] audit: type=1326 audit(1750144345.233:6312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19430 comm="syz.2.4994" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9bae18e929 code=0x0 [ 578.718348][T19334] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 578.742879][T19334] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 578.797239][T19334] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 578.811173][T19334] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 578.888442][ T48] hsr_slave_0: left promiscuous mode [ 578.902068][ T48] hsr_slave_1: left promiscuous mode [ 578.918061][ T48] bridge_slave_1: left allmulticast mode [ 578.929414][ T48] bridge_slave_1: left promiscuous mode [ 578.944228][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.956433][ T48] bridge_slave_0: left allmulticast mode [ 578.962270][ T48] bridge_slave_0: left promiscuous mode [ 578.975142][ T48] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.009912][ T48] team0: left allmulticast mode [ 579.014933][ T48] team_slave_0: left allmulticast mode [ 579.020427][ T48] team_slave_1: left allmulticast mode [ 579.027911][ T48] team0: left promiscuous mode [ 579.044685][ T48] team_slave_0: left promiscuous mode [ 579.050196][ T48] team_slave_1: left promiscuous mode [ 579.065102][ T48] veth1_macvtap: left promiscuous mode [ 579.070703][ T48] veth0_macvtap: left promiscuous mode [ 579.080150][T17849] Bluetooth: hci1: command tx timeout [ 579.086934][ T48] veth1_vlan: left promiscuous mode [ 579.092859][ T48] veth0_vlan: left promiscuous mode [ 581.143854][ T48] team0 (unregistering): Port device team_slave_1 removed [ 581.164758][T17849] Bluetooth: hci1: command tx timeout [ 581.210325][ T48] team0 (unregistering): Port device team_slave_0 removed [ 581.258596][ T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 581.310646][ T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 581.929311][ T28] audit: type=1326 audit(1750144348.463:6313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19478 comm="syz.0.5005" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f47ce18e929 code=0x0 [ 581.965107][ T48] bond0 (unregistering): Released all slaves [ 582.218063][T19334] 8021q: adding VLAN 0 to HW filter on device bond0 [ 582.293139][T19334] 8021q: adding VLAN 0 to HW filter on device team0 [ 582.299934][T19485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5007'. [ 582.429245][ T3485] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.436569][ T3485] bridge0: port 1(bridge_slave_0) entered forwarding state [ 582.462506][T19485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5007'. [ 582.519616][T19488] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5007'. [ 582.551319][ T1130] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.558565][ T1130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 582.566110][T19488] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5007'. [ 582.763578][T19485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5007'. [ 583.091526][T19334] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 583.234751][T17849] Bluetooth: hci1: command tx timeout [ 583.258488][T19334] veth0_vlan: entered promiscuous mode [ 583.286427][T19334] veth1_vlan: entered promiscuous mode [ 583.387421][T19334] veth0_macvtap: entered promiscuous mode [ 583.447573][T19334] veth1_macvtap: entered promiscuous mode [ 583.529347][T19334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 583.551036][T19334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 583.595770][T19334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 583.616661][T19334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 583.647345][T19334] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 583.693809][T19334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 583.715136][T19334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 583.734162][T19334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 583.754030][T19334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 583.768025][T19334] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 583.806617][T19334] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 583.817843][T19334] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 583.827820][T19334] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 583.839554][T19334] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.008250][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 584.034778][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 584.127625][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 584.149366][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 584.980379][T19523] loop1: detected capacity change from 0 to 512 [ 585.034412][T19523] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 585.055154][T19525] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5018'. [ 585.129381][T19523] EXT4-fs (loop1): 1 truncate cleaned up [ 585.156997][T19523] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 585.415653][T19532] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5020'. [ 585.453529][ T5766] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 585.478768][ T5766] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 585.491195][ T5766] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 585.502906][ T5766] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 585.512082][ T5766] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 585.528574][ T5766] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 585.730768][T19538] loop3: detected capacity change from 0 to 2048 [ 585.791794][T19538] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 586.065596][T19543] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 586.087203][T19543] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 408 with error 28 [ 586.106130][T19534] chnl_net:caif_netlink_parms(): no params data found [ 586.118057][T19543] EXT4-fs (loop3): This should not happen!! Data will be lost [ 586.118057][T19543] [ 586.142048][T19543] EXT4-fs (loop3): Total free blocks count 0 [ 586.158976][T19543] EXT4-fs (loop3): Free/Dirty block details [ 586.172676][T19543] EXT4-fs (loop3): free_blocks=2415919104 [ 586.179757][T19543] EXT4-fs (loop3): dirty_blocks=416 [ 586.185517][T19543] EXT4-fs (loop3): Block reservation details [ 586.211252][T19543] EXT4-fs (loop3): i_reserved_data_blocks=26 [ 586.439965][T19534] bridge0: port 1(bridge_slave_0) entered blocking state [ 586.464887][T19534] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.472199][T19534] bridge_slave_0: entered allmulticast mode [ 586.499983][ T3485] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 586.501076][T19534] bridge_slave_0: entered promiscuous mode [ 586.568013][T19534] bridge0: port 2(bridge_slave_1) entered blocking state [ 586.587602][T19534] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.604604][T19534] bridge_slave_1: entered allmulticast mode [ 586.615992][T19534] bridge_slave_1: entered promiscuous mode [ 586.793431][T19534] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 586.883092][T19534] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 586.895494][T19523] warn_alloc: 3 callbacks suppressed [ 586.895508][T19523] syz.1.5017: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 586.941169][T19523] CPU: 0 PID: 19523 Comm: syz.1.5017 Not tainted 6.6.93-syzkaller #0 [ 586.949302][T19523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 586.959380][T19523] Call Trace: [ 586.962681][T19523] [ 586.965635][T19523] dump_stack_lvl+0x16c/0x230 [ 586.970358][T19523] ? show_regs_print_info+0x20/0x20 [ 586.975712][T19523] ? load_image+0x3b0/0x3b0 [ 586.980257][T19523] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 586.986811][T19523] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 586.993404][T19523] warn_alloc+0x210/0x300 [ 586.997772][T19523] ? zone_watermark_ok_safe+0x230/0x230 [ 587.003596][T19523] ? _raw_spin_unlock+0x28/0x40 [ 587.008558][T19523] __vmalloc_node_range+0x662/0x1320 [ 587.013887][T19523] ? free_vm_area+0x50/0x50 [ 587.018391][T19523] ? _raw_spin_unlock+0x28/0x40 [ 587.023332][T19523] ? __kasan_kmalloc+0x8f/0xa0 [ 587.028127][T19523] __vmalloc_node_range+0x568/0x1320 [ 587.033607][T19523] ? hash_netiface_create+0x361/0xff0 [ 587.039086][T19523] ? __asan_memset+0x22/0x40 [ 587.043803][T19523] ? free_vm_area+0x50/0x50 [ 587.048324][T19523] ? kvmalloc_node+0x70/0x180 [ 587.053005][T19523] ? rcu_is_watching+0x15/0xb0 [ 587.057769][T19523] ? kvmalloc_node+0x70/0x180 [ 587.062444][T19523] ? trace_kmalloc+0x1f/0xa0 [ 587.067032][T19523] kvmalloc_node+0x13f/0x180 [ 587.071625][T19523] ? hash_netiface_create+0x361/0xff0 [ 587.077261][T19523] hash_netiface_create+0x361/0xff0 [ 587.082459][T19523] ? __lock_acquire+0x7c80/0x7c80 [ 587.088010][T19523] ? __nla_parse+0x40/0x50 [ 587.092428][T19523] ? hash_netport6_gc+0x570/0x570 [ 587.098020][T19523] ip_set_create+0xa87/0x18e0 [ 587.102795][T19523] ? ip_set_create+0x4b2/0x18e0 [ 587.107688][T19523] ? ip_set_protocol+0x5d0/0x5d0 [ 587.112638][T19523] ? trace_contention_end+0x39/0xe0 [ 587.117867][T19523] nfnetlink_rcv_msg+0xb49/0x1130 [ 587.123039][T19523] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 587.129168][T19523] ? nfnetlink_rcv_msg+0x20e/0x1130 [ 587.134478][T19523] ? nfnetlink_unbind+0x160/0x160 [ 587.139520][T19523] ? __dev_queue_xmit+0x1a64/0x35a0 [ 587.144717][T19523] ? __netlink_deliver_tap+0x5ab/0x830 [ 587.150622][T19523] ? netlink_deliver_tap+0x19c/0x1b0 [ 587.155917][T19523] ? netlink_unicast+0x72b/0x8c0 [ 587.160863][T19523] ? netlink_sendmsg+0x8c1/0xbe0 [ 587.165971][T19523] ? ____sys_sendmsg+0x5bf/0x950 [ 587.170933][T19523] ? ___sys_sendmsg+0x220/0x290 [ 587.175791][T19523] ? __se_sys_sendmsg+0x1a5/0x270 [ 587.180897][T19523] ? do_syscall_64+0x55/0xb0 [ 587.185501][T19523] netlink_rcv_skb+0x216/0x480 [ 587.190955][T19523] ? nfnetlink_unbind+0x160/0x160 [ 587.196276][T19523] ? netlink_ack+0x1110/0x1110 [ 587.201057][T19523] ? apparmor_capable+0x137/0x1a0 [ 587.206229][T19523] ? bpf_lsm_capable+0x9/0x10 [ 587.210929][T19523] ? security_capable+0x89/0xb0 [ 587.216270][T19523] nfnetlink_rcv+0x274/0x2180 [ 587.221166][T19523] ? __local_bh_enable_ip+0x12e/0x1c0 [ 587.227059][T19523] ? lockdep_hardirqs_on+0x98/0x150 [ 587.232472][T19523] ? __local_bh_enable_ip+0x12e/0x1c0 [ 587.238317][T19523] ? _local_bh_enable+0xa0/0xa0 [ 587.243197][T19523] ? __dev_queue_xmit+0x245/0x35a0 [ 587.248354][T19523] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 587.254805][T19523] ? __dev_queue_xmit+0x245/0x35a0 [ 587.260196][T19523] ? ref_tracker_free+0x634/0x7d0 [ 587.265259][T19523] ? __copy_skb_header+0xa7/0x550 [ 587.270903][T19523] ? refcount_inc+0x70/0x70 [ 587.275751][T19523] ? __skb_clone+0x63/0x790 [ 587.280655][T19523] ? __skb_clone+0x480/0x790 [ 587.285571][T19523] ? __netlink_deliver_tap+0x7e8/0x830 [ 587.291051][T19523] ? netlink_deliver_tap+0x2e/0x1b0 [ 587.296427][T19523] ? __lock_acquire+0x7c80/0x7c80 [ 587.301453][T19523] ? netlink_deliver_tap+0x2e/0x1b0 [ 587.306740][T19523] netlink_unicast+0x750/0x8c0 [ 587.311594][T19523] netlink_sendmsg+0x8c1/0xbe0 [ 587.316362][T19523] ? netlink_getsockopt+0x580/0x580 [ 587.321596][T19523] ? aa_sock_msg_perm+0x94/0x150 [ 587.326557][T19523] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 587.331861][T19523] ? security_socket_sendmsg+0x80/0xa0 [ 587.337348][T19523] ? netlink_getsockopt+0x580/0x580 [ 587.343398][T19523] ____sys_sendmsg+0x5bf/0x950 [ 587.348527][T19523] ? __asan_memset+0x22/0x40 [ 587.353980][T19523] ? __sys_sendmsg_sock+0x30/0x30 [ 587.359289][T19523] ? __import_iovec+0x5f2/0x860 [ 587.364348][T19523] ? import_iovec+0x73/0xa0 [ 587.368905][T19523] ___sys_sendmsg+0x220/0x290 [ 587.373760][T19523] ? __sys_sendmsg+0x270/0x270 [ 587.378553][T19523] __se_sys_sendmsg+0x1a5/0x270 [ 587.383399][T19523] ? __x64_sys_sendmsg+0x80/0x80 [ 587.388368][T19523] ? lockdep_hardirqs_on+0x98/0x150 [ 587.393573][T19523] do_syscall_64+0x55/0xb0 [ 587.397990][T19523] ? clear_bhb_loop+0x40/0x90 [ 587.402662][T19523] ? clear_bhb_loop+0x40/0x90 [ 587.407341][T19523] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 587.413241][T19523] RIP: 0033:0x7f4f6e78e929 [ 587.417652][T19523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 587.437739][T19523] RSP: 002b:00007f4f6f577038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 587.446179][T19523] RAX: ffffffffffffffda RBX: 00007f4f6e9b5fa0 RCX: 00007f4f6e78e929 [ 587.454515][T19523] RDX: 0000000000000810 RSI: 0000200000000040 RDI: 0000000000000009 [ 587.462618][T19523] RBP: 00007f4f6e810b39 R08: 0000000000000000 R09: 0000000000000000 [ 587.470617][T19523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 587.478675][T19523] R13: 0000000000000000 R14: 00007f4f6e9b5fa0 R15: 00007ffc6af4ff48 [ 587.487092][T19523] [ 587.490142][ C0] vkms_vblank_simulate: vblank timer overrun [ 587.544363][T19523] Mem-Info: [ 587.548410][T19523] active_anon:5301 inactive_anon:0 isolated_anon:0 [ 587.548410][T19523] active_file:1252 inactive_file:40135 isolated_file:0 [ 587.548410][T19523] unevictable:768 dirty:87 writeback:0 [ 587.548410][T19523] slab_reclaimable:10653 slab_unreclaimable:126115 [ 587.548410][T19523] mapped:24327 shmem:1414 pagetables:507 [ 587.548410][T19523] sec_pagetables:0 bounce:0 [ 587.548410][T19523] kernel_misc_reclaimable:0 [ 587.548410][T19523] free:1299869 free_pcp:11179 free_cma:0 [ 587.602936][T19523] Node 0 active_anon:21404kB inactive_anon:0kB active_file:5008kB inactive_file:160336kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97308kB dirty:344kB writeback:0kB shmem:4120kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10856kB pagetables:2028kB sec_pagetables:0kB all_unreclaimable? no [ 587.666990][T19523] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 587.668980][T17849] Bluetooth: hci2: command tx timeout [ 587.698325][ C0] vkms_vblank_simulate: vblank timer overrun [ 587.728594][T19523] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 587.743025][T19534] team0: Port device team_slave_0 added [ 587.758443][T19523] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 587.771667][T19523] Node 0 DMA32 free:1274892kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:21160kB inactive_anon:0kB active_file:5008kB inactive_file:159028kB unevictable:1536kB writepending:340kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:36980kB local_pcp:17012kB free_cma:0kB [ 587.802359][T19523] lowmem_reserve[]: 0 0 1 1 1 [ 587.807228][T19523] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1308kB unevictable:0kB writepending:4kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 587.836601][T19534] team0: Port device team_slave_1 added [ 587.838353][T19523] lowmem_reserve[]: 0 0 0 0 0 [ 587.847022][T19523] Node 1 Normal free:3909204kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:8448kB local_pcp:1664kB free_cma:0kB [ 587.880073][T19523] lowmem_reserve[]: 0 0 0 0 0 [ 587.884954][T19523] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 587.898259][T19523] Node 0 DMA32: 1*4kB (E) 3*8kB (UME) 75*16kB (UM) 212*32kB (UME) 101*64kB (ME) 57*128kB (ME) 29*256kB (M) 15*512kB (UME) 19*1024kB (UME) 15*2048kB (UME) 290*4096kB (UM) = 1274892kB [ 587.930915][T19523] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 587.943678][T19523] Node 1 Normal: 237*4kB (UME) 60*8kB (UME) 56*16kB (UME) 208*32kB (UME) 67*64kB (UE) 13*128kB (UME) 2*256kB (UE) 1*512kB (M) 2*1024kB (UE) 2*2048kB (UE) 949*4096kB (M) = 3909204kB [ 588.039218][T19523] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 588.060438][T19523] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 588.075348][T19523] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 588.085771][T19534] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 588.092745][T19534] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.119139][T19523] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 588.136199][T19523] 42786 total pagecache pages [ 588.140944][T19523] 0 pages in swap cache [ 588.145218][T19523] Free swap = 124472kB [ 588.149475][T19523] Total swap = 124996kB [ 588.153728][T19523] 2097051 pages RAM [ 588.153798][T19534] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 588.157650][T19523] 0 pages HighMem/MovableOnly [ 588.157660][T19523] 416120 pages reserved [ 588.157666][T19523] 0 pages cma reserved [ 588.279420][T19534] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 588.317606][T19534] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.402679][T19534] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 588.464119][T19581] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5027'. [ 588.682522][T19534] hsr_slave_0: entered promiscuous mode [ 588.706549][T19586] loop3: detected capacity change from 0 to 2048 [ 588.713427][T19534] hsr_slave_1: entered promiscuous mode [ 588.764999][T19534] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 588.774445][T19534] Cannot create hsr debugfs directory [ 588.807133][T19586] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 589.554856][T19018] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 589.794166][T17849] Bluetooth: hci2: command tx timeout [ 590.342010][ T58] hsr_slave_1: left promiscuous mode [ 590.358903][ T58] bridge_slave_1: left allmulticast mode [ 590.379262][ T58] bridge_slave_1: left promiscuous mode [ 590.397545][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 590.432384][ T58] bridge_slave_0: left promiscuous mode [ 590.442502][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.508007][ T58] pimreg (unregistering): left allmulticast mode [ 591.459353][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.813266][ T58] team0 (unregistering): Port device team_slave_1 removed [ 591.890066][T17849] Bluetooth: hci2: command tx timeout [ 591.902144][ T58] team0 (unregistering): Port device team_slave_0 removed [ 591.992801][ T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 592.082427][ T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 592.750429][ T58] bond0 (unregistering): Released all slaves [ 593.466649][T19534] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 593.510932][T19534] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 593.552794][T19534] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 593.590028][T19534] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 593.964983][T17849] Bluetooth: hci2: command tx timeout [ 593.983256][T19534] 8021q: adding VLAN 0 to HW filter on device bond0 [ 594.006729][T19534] 8021q: adding VLAN 0 to HW filter on device team0 [ 594.041937][ T2957] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.049175][ T2957] bridge0: port 1(bridge_slave_0) entered forwarding state [ 594.126362][ T2957] bridge0: port 2(bridge_slave_1) entered blocking state [ 594.133564][ T2957] bridge0: port 2(bridge_slave_1) entered forwarding state [ 594.830277][T19534] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 595.020748][T19534] veth0_vlan: entered promiscuous mode [ 595.057120][T19534] veth1_vlan: entered promiscuous mode [ 595.151061][T19534] veth0_macvtap: entered promiscuous mode [ 595.206486][T19534] veth1_macvtap: entered promiscuous mode [ 595.285131][T19534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 595.318017][T19534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 595.334102][T19534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 595.355047][T19534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 595.375366][T19534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 595.409596][T19534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 595.451045][T19534] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 595.492210][T19534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 595.527702][T19534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 595.559117][T19534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 595.591644][T19534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 595.614754][T19534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 595.635592][T19534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 595.665828][T19534] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 595.703769][T19534] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 595.744319][T19534] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 595.762881][T19534] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 595.799645][T19534] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 596.014548][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 596.054138][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 596.181935][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 596.207306][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 599.055760][T19799] vlan2: entered allmulticast mode [ 599.104750][T19803] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5091'. [ 599.800777][T19829] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5101'. [ 601.083621][T19888] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5129'. [ 601.686564][T19909] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5139'. [ 602.343264][T19933] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5151'. [ 602.444275][T19935] netlink: 156 bytes leftover after parsing attributes in process `syz.1.5152'. [ 602.476185][T19935] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5152'. [ 602.793022][T19938] netlink: 'syz.3.5153': attribute type 6 has an invalid length. [ 603.473694][T19961] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5162'. [ 604.405676][T19983] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5172'. [ 605.207080][T20004] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5182'. [ 606.274767][T20030] tun0: tun_chr_ioctl cmd 1074025675 [ 606.285902][T20030] tun0: persist enabled [ 607.272638][T20066] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5210'. [ 608.085494][T20091] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5221'. [ 609.525996][T20132] loop1: detected capacity change from 0 to 1024 [ 609.541682][T20132] EXT4-fs: Ignoring removed orlov option [ 609.620506][T20132] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 609.667502][T20132] EXT4-fs (loop1): shut down requested (0) [ 609.753610][T20139] tun0: tun_chr_ioctl cmd 1074025675 [ 609.759180][T20139] tun0: persist enabled [ 609.879197][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 610.033941][T20143] loop1: detected capacity change from 0 to 2048 [ 610.123235][T20143] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 611.077930][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 611.262186][T20168] netlink: 148 bytes leftover after parsing attributes in process `syz.2.5250'. [ 611.347396][T20171] tun0: tun_chr_ioctl cmd 1074025675 [ 611.353042][T20171] tun0: persist enabled [ 611.531416][T20181] loop1: detected capacity change from 0 to 2048 [ 611.555069][T20176] netlink: 'syz.2.5254': attribute type 5 has an invalid length. [ 611.578073][T20181] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 611.818234][T20196] netlink: 148 bytes leftover after parsing attributes in process `syz.2.5262'. [ 612.588018][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 612.855036][T20215] netlink: 'syz.2.5270': attribute type 5 has an invalid length. [ 612.883086][T20221] netlink: 148 bytes leftover after parsing attributes in process `syz.3.5272'. [ 614.218437][T20249] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5284'. [ 614.240502][T20249] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5284'. [ 614.250151][T20249] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5284'. [ 614.698879][T20263] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5291'. [ 614.822746][T20267] loop1: detected capacity change from 0 to 2048 [ 614.875364][T20267] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 614.938136][T20274] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5295'. [ 614.947516][T20274] netlink: 52 bytes leftover after parsing attributes in process `syz.3.5295'. [ 614.956685][T20274] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5295'. [ 615.672359][T20281] loop3: detected capacity change from 0 to 256 [ 615.869836][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 616.304689][T20300] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5304'. [ 616.314306][T20300] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5304'. [ 616.325193][T20300] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5304'. [ 616.983535][T20311] syz.0.5309[20311] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 617.008341][T20311] syz.0.5309[20311] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 617.718540][T20336] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5319'. [ 617.738962][T20336] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5319'. [ 617.888299][T20340] loop3: detected capacity change from 0 to 1024 [ 617.897109][T20340] EXT4-fs: Ignoring removed orlov option [ 618.058444][T20340] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 618.123167][T19018] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 619.252922][T20366] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5330'. [ 619.273365][T20366] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5330'. [ 621.491719][T20431] loop3: detected capacity change from 0 to 1024 [ 621.508707][T20431] EXT4-fs: Ignoring removed nobh option [ 621.524154][T20431] EXT4-fs: Ignoring removed bh option [ 621.539467][T20431] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 621.589924][T20431] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 621.616496][ T28] audit: type=1800 audit(1750144388.153:6314): pid=20431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5355" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 622.340646][T19018] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 622.814416][T20475] loop3: detected capacity change from 0 to 512 [ 622.850274][T20475] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 622.938268][T20475] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 622.964400][T20475] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 622.972703][T20475] System zones: 0-1, 15-15, 18-18, 34-34 [ 622.980383][T20475] EXT4-fs (loop3): orphan cleanup on readonly fs [ 622.990078][T20475] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 622.999904][T20475] EXT4-fs warning (device loop3): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 623.014789][T20475] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 623.088418][T20475] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.5373: bg 0: block 40: padding at end of block bitmap is not set [ 623.174476][T20475] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 623.210404][T20475] EXT4-fs (loop3): 1 truncate cleaned up [ 623.217421][T20475] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 624.017477][T19018] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 624.529286][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 626.694942][ T28] audit: type=1326 audit(1750144393.243:6315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20567 comm="syz.0.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47ce18e929 code=0x7ffc0000 [ 626.745746][ T28] audit: type=1326 audit(1750144393.243:6316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20567 comm="syz.0.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47ce18e929 code=0x7ffc0000 [ 626.796717][ T28] audit: type=1326 audit(1750144393.273:6317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20567 comm="syz.0.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f47ce18e929 code=0x7ffc0000 [ 626.890947][ T28] audit: type=1326 audit(1750144393.283:6318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20567 comm="syz.0.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47ce18e929 code=0x7ffc0000 [ 626.919157][ T28] audit: type=1326 audit(1750144393.283:6319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20567 comm="syz.0.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47ce18e929 code=0x7ffc0000 [ 626.942332][ T28] audit: type=1326 audit(1750144393.313:6320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20567 comm="syz.0.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f47ce18e929 code=0x7ffc0000 [ 626.966009][ T28] audit: type=1326 audit(1750144393.313:6321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20567 comm="syz.0.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47ce18e929 code=0x7ffc0000 [ 627.058502][ T28] audit: type=1326 audit(1750144393.313:6322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20567 comm="syz.0.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47ce18e929 code=0x7ffc0000 [ 627.109520][ T28] audit: type=1326 audit(1750144393.373:6323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20567 comm="syz.0.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f47ce18e929 code=0x7ffc0000 [ 627.157085][ T28] audit: type=1326 audit(1750144393.373:6324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20567 comm="syz.0.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47ce18e929 code=0x7ffc0000 [ 627.181268][T20579] netlink: 'syz.0.5412': attribute type 5 has an invalid length. [ 627.842741][T20605] netlink: 'syz.3.5424': attribute type 5 has an invalid length. [ 628.547802][T20630] netlink: 'syz.2.5435': attribute type 5 has an invalid length. [ 630.919870][T20707] loop1: detected capacity change from 0 to 2048 [ 630.985979][T20707] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 631.243750][T20716] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 631.266277][T20716] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 474 with error 28 [ 631.279667][T20716] EXT4-fs (loop1): This should not happen!! Data will be lost [ 631.279667][T20716] [ 631.290262][T20716] EXT4-fs (loop1): Total free blocks count 0 [ 631.296797][T20716] EXT4-fs (loop1): Free/Dirty block details [ 631.302945][T20716] EXT4-fs (loop1): free_blocks=2415919104 [ 631.310332][T20716] EXT4-fs (loop1): dirty_blocks=480 [ 631.316139][T20716] EXT4-fs (loop1): Block reservation details [ 631.322335][T20716] EXT4-fs (loop1): i_reserved_data_blocks=30 [ 631.475960][T20725] xt_hashlimit: max too large, truncated to 1048576 [ 631.703215][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 633.396749][T20764] loop3: detected capacity change from 0 to 2048 [ 633.430727][T20764] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 633.612879][T20764] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 633.613061][T20764] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 218 with error 28 [ 633.613086][T20764] EXT4-fs (loop3): This should not happen!! Data will be lost [ 633.613086][T20764] [ 633.613100][T20764] EXT4-fs (loop3): Total free blocks count 0 [ 633.613112][T20764] EXT4-fs (loop3): Free/Dirty block details [ 633.613127][T20764] EXT4-fs (loop3): free_blocks=2415919104 [ 633.613142][T20764] EXT4-fs (loop3): dirty_blocks=224 [ 633.613155][T20764] EXT4-fs (loop3): Block reservation details [ 633.613166][T20764] EXT4-fs (loop3): i_reserved_data_blocks=14 [ 633.767448][T19018] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 635.584602][T20812] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5507'. [ 635.646310][T20813] loop3: detected capacity change from 0 to 1024 [ 635.686992][T20813] EXT4-fs: Ignoring removed nobh option [ 635.692611][T20813] EXT4-fs: Ignoring removed bh option [ 635.745360][T20813] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 635.953101][T20813] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 635.996104][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 635.996118][ T28] audit: type=1800 audit(1750144402.543:6329): pid=20813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5506" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 636.903031][ T28] audit: type=1326 audit(1750144403.443:6330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20835 comm="syz.2.5514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 636.981939][ T28] audit: type=1326 audit(1750144403.473:6331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20835 comm="syz.2.5514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 636.982996][T19018] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 637.016090][ T28] audit: type=1326 audit(1750144403.483:6332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20835 comm="syz.2.5514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 637.064884][ T28] audit: type=1326 audit(1750144403.483:6333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20835 comm="syz.2.5514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 637.194258][ T28] audit: type=1326 audit(1750144403.483:6334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20835 comm="syz.2.5514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 637.264502][ T28] audit: type=1326 audit(1750144403.483:6335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20835 comm="syz.2.5514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 637.303632][ T28] audit: type=1326 audit(1750144403.483:6336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20835 comm="syz.2.5514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 638.333129][ T28] audit: type=1326 audit(1750144404.873:6337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20863 comm="syz.2.5526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 638.418041][T20866] loop3: detected capacity change from 0 to 1024 [ 638.445134][T20866] EXT4-fs: Ignoring removed nobh option [ 638.453053][ T28] audit: type=1326 audit(1750144404.873:6338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20863 comm="syz.2.5526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 638.523750][T20866] EXT4-fs: Ignoring removed bh option [ 638.567272][T20866] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 638.662201][T20866] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 638.676605][T20871] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5527'. [ 639.345658][T19018] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 639.740517][T20899] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5538'. [ 639.938286][T20909] loop3: detected capacity change from 0 to 1024 [ 639.946404][T20909] EXT4-fs: Ignoring removed nobh option [ 639.952013][T20909] EXT4-fs: Ignoring removed bh option [ 639.960943][T20909] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 639.996977][T20909] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 640.748164][T20939] loop1: detected capacity change from 0 to 2048 [ 640.800297][T20939] loop1: p1 < > p4 [ 640.812839][T20939] loop1: p4 size 8388608 extends beyond EOD, truncated [ 641.017659][T19533] udevd[19533]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 641.038915][T20714] udevd[20714]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 641.104466][T19533] udevd[19533]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 641.116391][T20714] udevd[20714]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 641.260920][T20955] loop1: detected capacity change from 0 to 2048 [ 641.332065][T20955] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 641.966743][ T5766] Bluetooth: hci4: command 0x0406 tx timeout [ 642.079456][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 643.272486][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 643.272501][ T28] audit: type=1326 audit(1750144409.813:6344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20975 comm="syz.1.5567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 643.329689][ T28] audit: type=1326 audit(1750144409.843:6345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20975 comm="syz.1.5567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 643.361684][ T28] audit: type=1326 audit(1750144409.843:6346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20975 comm="syz.1.5567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 643.385772][T20979] netlink: 156 bytes leftover after parsing attributes in process `syz.1.5568'. [ 643.407664][ T28] audit: type=1326 audit(1750144409.843:6347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20975 comm="syz.1.5567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 643.436787][ T28] audit: type=1326 audit(1750144409.843:6348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20975 comm="syz.1.5567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 644.668156][T21004] netlink: 156 bytes leftover after parsing attributes in process `syz.2.5578'. [ 646.592127][T21028] netlink: 156 bytes leftover after parsing attributes in process `syz.2.5588'. [ 647.741838][T21049] netlink: 128 bytes leftover after parsing attributes in process `syz.2.5597'. [ 647.816185][ T28] audit: type=1326 audit(1750144414.363:6349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21050 comm="syz.2.5598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 647.842235][ T28] audit: type=1326 audit(1750144414.363:6350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21050 comm="syz.2.5598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 647.867062][ T28] audit: type=1326 audit(1750144414.383:6351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21050 comm="syz.2.5598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 647.900278][ T28] audit: type=1326 audit(1750144414.383:6352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21050 comm="syz.2.5598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 647.939428][ T28] audit: type=1326 audit(1750144414.383:6353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21050 comm="syz.2.5598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15bd58e929 code=0x7ffc0000 [ 648.025722][T21057] futex_wake_op: syz.1.5601 tries to shift op by -1; fix this program [ 649.022470][T21071] netlink: 128 bytes leftover after parsing attributes in process `syz.1.5606'. [ 650.129953][T21089] futex_wake_op: syz.1.5614 tries to shift op by -1; fix this program [ 650.997558][T21093] netlink: 128 bytes leftover after parsing attributes in process `syz.2.5615'. [ 652.089420][T21109] netlink: 148 bytes leftover after parsing attributes in process `syz.1.5622'. [ 652.175460][T21113] futex_wake_op: syz.1.5625 tries to shift op by -1; fix this program [ 653.479407][T21135] netlink: 148 bytes leftover after parsing attributes in process `syz.1.5633'. [ 653.553391][T21137] loop1: detected capacity change from 0 to 2048 [ 653.576728][T21137] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 654.493307][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 654.988476][T21161] netlink: 148 bytes leftover after parsing attributes in process `syz.2.5642'. [ 658.059058][T21217] loop1: detected capacity change from 0 to 2048 [ 658.080259][T21217] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 658.160609][T21222] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5665'. [ 658.289089][T21222] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5665'. [ 658.960397][T21222] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5665'. [ 659.052055][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 659.315186][T21243] futex_wake_op: syz.1.5671 tries to shift op by -1; fix this program [ 659.400385][T21245] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5672'. [ 659.464967][T21245] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5672'. [ 659.552152][T21245] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5672'. [ 659.721487][T21250] loop1: detected capacity change from 0 to 2048 [ 659.990869][T21250] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 660.003690][T21250] ext4 filesystem being mounted at /201/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 660.308996][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 661.381333][T21270] netlink: 108 bytes leftover after parsing attributes in process `syz.1.5679'. [ 661.426449][T21270] netlink: 108 bytes leftover after parsing attributes in process `syz.1.5679'. [ 661.492301][T21270] netlink: 108 bytes leftover after parsing attributes in process `syz.1.5679'. [ 661.553824][T21278] futex_wake_op: syz.1.5680 tries to shift op by -1; fix this program [ 661.900811][T21280] loop1: detected capacity change from 0 to 2048 [ 662.032924][T21280] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 662.045756][T21280] ext4 filesystem being mounted at /207/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 662.485456][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 662.671466][T21290] loop1: detected capacity change from 0 to 2048 [ 662.697179][T21290] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 662.876475][T21296] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5686'. [ 662.931172][T21296] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5686'. [ 663.586748][T21296] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5686'. [ 663.701287][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 664.046326][T21319] netlink: 108 bytes leftover after parsing attributes in process `syz.1.5693'. [ 664.079701][T21319] netlink: 108 bytes leftover after parsing attributes in process `syz.1.5693'. [ 664.145876][T21319] netlink: 108 bytes leftover after parsing attributes in process `syz.1.5693'. [ 664.219339][T21324] loop1: detected capacity change from 0 to 2048 [ 664.245059][T21324] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 665.209616][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 665.530374][T21347] loop1: detected capacity change from 0 to 2048 [ 665.556893][T21347] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 666.545910][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 670.929414][T21454] futex_wake_op: syz.1.5742 tries to shift op by -1; fix this program [ 671.308032][T21459] loop1: detected capacity change from 0 to 2048 [ 671.472441][T21459] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 671.485125][T21459] ext4 filesystem being mounted at /235/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 671.903802][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 671.973231][T21464] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5744'. [ 672.028668][T21464] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5744'. [ 672.147089][T21464] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5744'. [ 673.241237][T21501] loop1: detected capacity change from 0 to 128 [ 673.760070][T21521] loop1: detected capacity change from 0 to 128 [ 673.990786][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 673.990799][ T28] audit: type=1326 audit(1750144440.533:6363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21524 comm="syz.1.5771" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4f6e78e929 code=0x0 [ 676.871577][T21577] futex_wake_op: syz.2.5794 tries to shift op by -1; fix this program [ 678.154384][ T28] audit: type=1326 audit(1750144444.703:6364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21593 comm="syz.2.5801" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f15bd58e929 code=0x0 [ 678.699057][T21605] futex_wake_op: syz.1.5805 tries to shift op by -1; fix this program [ 679.042663][T21607] loop1: detected capacity change from 0 to 2048 [ 679.148687][T21607] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 679.161599][T21607] ext4 filesystem being mounted at /268/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 679.659009][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 680.109676][ T28] audit: type=1326 audit(1750144446.653:6365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21624 comm="syz.2.5812" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f15bd58e929 code=0x0 [ 680.180663][ T28] audit: type=1326 audit(1750144446.723:6366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21631 comm="syz.1.5815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 680.219663][ T28] audit: type=1326 audit(1750144446.723:6367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21631 comm="syz.1.5815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 680.242772][ T28] audit: type=1326 audit(1750144446.753:6368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21631 comm="syz.1.5815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 680.265763][ T28] audit: type=1326 audit(1750144446.753:6369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21631 comm="syz.1.5815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 680.292907][ T28] audit: type=1326 audit(1750144446.753:6370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21631 comm="syz.1.5815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 680.735574][ T28] audit: type=1326 audit(1750144447.283:6371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21647 comm="syz.1.5822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 680.762247][ T28] audit: type=1326 audit(1750144447.283:6372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21647 comm="syz.1.5822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 680.785532][ T28] audit: type=1326 audit(1750144447.303:6373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21647 comm="syz.1.5822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 680.811235][ T28] audit: type=1326 audit(1750144447.303:6374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21647 comm="syz.1.5822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f6e78e929 code=0x7ffc0000 [ 683.425102][T21701] loop1: detected capacity change from 0 to 2048 [ 683.455083][T21701] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 684.377605][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 684.469958][T21716] loop1: detected capacity change from 0 to 1024 [ 684.485684][T21716] EXT4-fs: inline encryption not supported [ 684.506693][T21716] EXT4-fs: Ignoring removed bh option [ 684.542805][T21716] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 684.630059][T19334] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 685.959677][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 687.402831][T21771] loop1: detected capacity change from 0 to 512 [ 687.410208][T21771] EXT4-fs: Ignoring removed mblk_io_submit option [ 687.417439][T21771] ext4: Unknown parameter 'seclabel' [ 687.457196][T20714] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 687.882832][T21790] futex_wake_op: syz.1.5876 tries to shift op by -1; fix this program [ 689.699286][T21809] loop1: detected capacity change from 0 to 256 [ 689.754588][T21809] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 690.584644][T21814] futex_wake_op: syz.2.5885 tries to shift op by -1; fix this program [ 692.828031][T21831] futex_wake_op: syz.1.5892 tries to shift op by -1; fix this program [ 694.062628][T21852] futex_wake_op: syz.1.5900 tries to shift op by -1; fix this program [ 695.370263][T21869] futex_wake_op: syz.1.5907 tries to shift op by -1; fix this program [ 696.479284][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 696.479297][ T28] audit: type=1326 audit(1750144463.023:6382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21876 comm="syz.1.5910" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4f6e78e929 code=0x0 [ 747.399384][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 800.514434][ T29] INFO: task kworker/1:5:5841 blocked for more than 143 seconds. [ 800.522252][ T29] Not tainted 6.6.93-syzkaller #0 [ 800.527882][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 800.537096][ T29] task:kworker/1:5 state:D stack:24080 pid:5841 ppid:2 flags:0x00004000 [ 800.546402][ T29] Workqueue: events rfkill_global_led_trigger_worker [ 800.553107][ T29] Call Trace: [ 800.556535][ T29] [ 800.559484][ T29] __schedule+0x14e2/0x4580 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 800.564083][ T29] ? mark_lock+0x94/0x320 [ 800.568437][ T29] ? asan.module_dtor+0x20/0x20 [ 800.573331][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 800.578651][ T29] schedule+0xbd/0x170 [ 800.582790][ T29] schedule_preempt_disabled+0x13/0x20 [ 800.588339][ T29] __mutex_lock+0x6b7/0xcc0 [ 800.592870][ T29] ? __mutex_lock+0x4e8/0xcc0 [ 800.597684][ T29] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 800.603975][ T29] ? mutex_lock_nested+0x20/0x20 [ 800.609009][ T29] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 800.624112][ T29] ? read_lock_is_recursive+0x20/0x20 [ 800.629568][ T29] ? process_scheduled_works+0x957/0x15b0 [ 800.660518][ T29] rfkill_global_led_trigger_worker+0x27/0xd0 [ 800.670890][ T29] ? process_scheduled_works+0x957/0x15b0 [ 800.677016][ T29] process_scheduled_works+0xa45/0x15b0 [ 800.682628][ T29] ? assign_work+0x400/0x400 [ 800.687363][ T29] ? assign_work+0x39e/0x400 [ 800.691984][ T29] worker_thread+0xa55/0xfc0 [ 800.696720][ T29] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 800.702639][ T29] ? _raw_spin_unlock+0x40/0x40 [ 800.707571][ T29] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 800.713494][ T29] kthread+0x2fa/0x390 [ 800.717691][ T29] ? pr_cont_work+0x560/0x560 [ 800.722385][ T29] ? kthread_blkcg+0xd0/0xd0 [ 800.727054][ T29] ret_from_fork+0x48/0x80 [ 800.731480][ T29] ? kthread_blkcg+0xd0/0xd0 [ 800.736246][ T29] ret_from_fork_asm+0x11/0x20 [ 800.741036][ T29] [ 800.744200][ T29] INFO: task syz.0.5540:20901 blocked for more than 143 seconds. [ 800.751927][ T29] Not tainted 6.6.93-syzkaller #0 [ 800.757539][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 800.767100][ T29] task:syz.0.5540 state:D stack:24976 pid:20901 ppid:17846 flags:0x00004006 [ 800.776427][ T29] Call Trace: [ 800.779718][ T29] [ 800.782690][ T29] __schedule+0x14e2/0x4580 [ 800.787292][ T29] ? asan.module_dtor+0x20/0x20 [ 800.792184][ T29] ? __mutex_lock+0x6b2/0xcc0 [ 800.797146][ T29] ? __mutex_trylock_common+0x84/0x250 [ 800.802640][ T29] ? trace_raw_output_contention_end+0xd0/0xd0 [ 800.808894][ T29] schedule+0xbd/0x170 [ 800.812989][ T29] schedule_preempt_disabled+0x13/0x20 [ 800.818674][ T29] __mutex_lock+0x6b7/0xcc0 [ 800.823207][ T29] ? __mutex_lock+0x4e8/0xcc0 [ 800.827996][ T29] ? nfc_rfkill_set_block+0x50/0x2e0 [ 800.833304][ T29] ? mutex_lock_nested+0x20/0x20 [ 800.838327][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 800.843537][ T29] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 800.849556][ T29] ? _raw_spin_unlock+0x40/0x40 [ 800.854511][ T29] ? nfc_unregister_device+0x2a0/0x2a0 [ 800.859986][ T29] nfc_rfkill_set_block+0x50/0x2e0 [ 800.865163][ T29] ? nfc_unregister_device+0x2a0/0x2a0 [ 800.870667][ T29] rfkill_set_block+0x1c6/0x420 [ 800.875602][ T29] rfkill_fop_write+0x45c/0x570 [ 800.880466][ T29] ? end_current_label_crit_section+0x149/0x170 [ 800.886786][ T29] ? rfkill_fop_read+0x4b0/0x4b0 [ 800.891759][ T29] ? fsnotify_perm+0x5d/0x5e0 [ 800.896519][ T29] ? security_file_permission+0x79/0xa0 [ 800.902077][ T29] ? rfkill_fop_read+0x4b0/0x4b0 [ 800.907171][ T29] vfs_write+0x288/0x940 [ 800.912059][ T29] ? file_end_write+0x250/0x250 [ 800.917013][ T29] ? __fget_files+0x28/0x4d0 [ 800.921613][ T29] ? __fget_files+0x44a/0x4d0 [ 800.926353][ T29] ? __fdget_pos+0x1d8/0x330 [ 800.931037][ T29] ? ksys_write+0x75/0x250 [ 800.935559][ T29] ksys_write+0x147/0x250 [ 800.939909][ T29] ? __ia32_sys_read+0x90/0x90 [ 800.944774][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 800.949985][ T29] do_syscall_64+0x55/0xb0 [ 800.954537][ T29] ? clear_bhb_loop+0x40/0x90 [ 800.959226][ T29] ? clear_bhb_loop+0x40/0x90 [ 800.964059][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 800.969968][ T29] RIP: 0033:0x7f47ce18e929 [ 800.974443][ T29] RSP: 002b:00007f47cf090038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 800.982973][ T29] RAX: ffffffffffffffda RBX: 00007f47ce3b5fa0 RCX: 00007f47ce18e929 [ 800.991117][ T29] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 000000000000000a [ 800.999284][ T29] RBP: 00007f47ce210b39 R08: 0000000000000000 R09: 0000000000000000 [ 801.007599][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 801.015765][ T29] R13: 0000000000000000 R14: 00007f47ce3b5fa0 R15: 00007ffdfd04a978 [ 801.023757][ T29] [ 801.026976][ T29] INFO: task syz.3.5541:20903 blocked for more than 143 seconds. [ 801.034773][ T29] Not tainted 6.6.93-syzkaller #0 [ 801.040335][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 801.049071][ T29] task:syz.3.5541 state:D stack:25800 pid:20903 ppid:19018 flags:0x00004006 [ 801.058443][ T29] Call Trace: [ 801.061718][ T29] [ 801.064788][ T29] __schedule+0x14e2/0x4580 [ 801.069314][ T29] ? __kernfs_remove+0x720/0x840 [ 801.074630][ T29] ? asan.module_dtor+0x20/0x20 [ 801.079501][ T29] ? __mutex_lock+0x6b2/0xcc0 [ 801.084326][ T29] ? __mutex_trylock_common+0x84/0x250 [ 801.089796][ T29] ? trace_raw_output_contention_end+0xd0/0xd0 [ 801.096025][ T29] schedule+0xbd/0x170 [ 801.100102][ T29] schedule_preempt_disabled+0x13/0x20 [ 801.105673][ T29] __mutex_lock+0x6b7/0xcc0 [ 801.110205][ T29] ? __mutex_lock+0x4e8/0xcc0 [ 801.114967][ T29] ? rfkill_unregister+0xc8/0x220 [ 801.119999][ T29] ? mutex_lock_nested+0x20/0x20 [ 801.124990][ T29] ? kill_device+0x160/0x160 [ 801.129585][ T29] ? nfc_genl_device_removed+0x22e/0x320 [ 801.135299][ T29] ? destroy_workqueue+0x898/0xf20 [ 801.140419][ T29] ? nfc_genl_setup_device_added+0x320/0x320 [ 801.146445][ T29] ? destroy_workqueue+0xd80/0xf20 [ 801.151565][ T29] ? destroy_workqueue+0x898/0xf20 [ 801.156780][ T29] rfkill_unregister+0xc8/0x220 [ 801.161658][ T29] nfc_unregister_device+0x96/0x2a0 [ 801.166955][ T29] ? virtual_ncidev_open+0x1a0/0x1a0 [ 801.172279][ T29] virtual_ncidev_close+0x59/0x90 [ 801.177509][ T29] __fput+0x234/0x970 [ 801.181523][ T29] task_work_run+0x1ce/0x250 [ 801.186193][ T29] ? task_work_cancel+0x240/0x240 [ 801.191234][ T29] ? task_work_add+0x3a3/0x440 [ 801.196098][ T29] get_signal+0x1235/0x1400 [ 801.200628][ T29] ? fput+0x15b/0x1a0 [ 801.204682][ T29] ? do_preadv+0x283/0x330 [ 801.209110][ T29] arch_do_signal_or_restart+0x96/0x780 [ 801.214743][ T29] ? get_sigframe_size+0x20/0x20 [ 801.219698][ T29] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 801.225750][ T29] ? exit_to_user_mode_loop+0x3b/0x110 [ 801.231333][ T29] exit_to_user_mode_loop+0x70/0x110 [ 801.236699][ T29] exit_to_user_mode_prepare+0xb1/0x140 [ 801.242260][ T29] syscall_exit_to_user_mode+0x1a/0x50 [ 801.247976][ T29] do_syscall_64+0x61/0xb0 [ 801.252524][ T29] ? clear_bhb_loop+0x40/0x90 [ 801.257268][ T29] ? clear_bhb_loop+0x40/0x90 [ 801.261969][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 801.267954][ T29] RIP: 0033:0x7f4be8f8e929 [ 801.272376][ T29] RSP: 002b:00007f4be9dee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 801.280896][ T29] RAX: fffffffffffffff2 RBX: 00007f4be91b5fa0 RCX: 00007f4be8f8e929 [ 801.289001][ T29] RDX: 0000000000000001 RSI: 0000200000000980 RDI: 0000000000000006 [ 801.297102][ T29] RBP: 00007f4be9010b39 R08: 00000000fffffff9 R09: 0000000000000000 [ 801.305226][ T29] R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000000 [ 801.313236][ T29] R13: 0000000000000000 R14: 00007f4be91b5fa0 R15: 00007ffdb706b798 [ 801.323643][ T29] [ 801.327184][ T29] INFO: task syz-executor:21166 blocked for more than 144 seconds. [ 801.335438][ T29] Not tainted 6.6.93-syzkaller #0 [ 801.341007][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 801.349963][ T29] task:syz-executor state:D stack:27688 pid:21166 ppid:1 flags:0x00004000 [ 801.359408][ T29] Call Trace: [ 801.362707][ T29] [ 801.365801][ T29] __schedule+0x14e2/0x4580 [ 801.370358][ T29] ? asan.module_dtor+0x20/0x20 [ 801.375302][ T29] ? __mutex_lock+0x6b2/0xcc0 [ 801.379996][ T29] ? __mutex_trylock_common+0x84/0x250 [ 801.385618][ T29] ? trace_raw_output_contention_end+0xd0/0xd0 [ 801.391798][ T29] schedule+0xbd/0x170 [ 801.396126][ T29] schedule_preempt_disabled+0x13/0x20 [ 801.401599][ T29] __mutex_lock+0x6b7/0xcc0 [ 801.406257][ T29] ? __mutex_lock+0x4e8/0xcc0 [ 801.410947][ T29] ? rfkill_register+0x37/0x8e0 [ 801.415867][ T29] ? mutex_lock_nested+0x20/0x20 [ 801.420830][ T29] ? device_initialize+0x24b/0x440 [ 801.426036][ T29] rfkill_register+0x37/0x8e0 [ 801.430737][ T29] hci_register_dev+0x3f5/0x890 [ 801.435711][ T29] vhci_create_device+0x38b/0x6e0 [ 801.440755][ T29] vhci_write+0x3b5/0x470 [ 801.445206][ T29] vfs_write+0x43b/0x940 [ 801.449463][ T29] ? file_end_write+0x250/0x250 [ 801.454416][ T29] ? __fdget_pos+0x1d8/0x330 [ 801.459021][ T29] ksys_write+0x147/0x250 [ 801.463347][ T29] ? __ia32_sys_read+0x90/0x90 [ 801.468175][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 801.473382][ T29] do_syscall_64+0x55/0xb0 [ 801.477877][ T29] ? clear_bhb_loop+0x40/0x90 [ 801.482555][ T29] ? clear_bhb_loop+0x40/0x90 [ 801.487317][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 801.493232][ T29] RIP: 0033:0x7f471398d3a0 [ 801.497736][ T29] RSP: 002b:00007ffdd2424eb8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 801.506212][ T29] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f471398d3a0 [ 801.514324][ T29] RDX: 0000000000000002 RSI: 00007ffdd2424eca RDI: 00000000000000ca [ 801.522301][ T29] RBP: 00007f4713bb6738 R08: 0000000000000000 R09: 00007f47146ed6c0 [ 801.530312][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 801.538344][ T29] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 801.546408][ T29] [ 801.549452][ T29] INFO: task syz-executor:21167 blocked for more than 144 seconds. [ 801.557398][ T29] Not tainted 6.6.93-syzkaller #0 [ 801.562923][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 801.571648][ T29] task:syz-executor state:D stack:27816 pid:21167 ppid:1 flags:0x00004000 [ 801.580937][ T29] Call Trace: [ 801.584289][ T29] [ 801.587232][ T29] __schedule+0x14e2/0x4580 [ 801.591747][ T29] ? __lock_acquire+0x7c80/0x7c80 [ 801.596869][ T29] ? asan.module_dtor+0x20/0x20 [ 801.601727][ T29] ? __mutex_lock+0x6b2/0xcc0 [ 801.606476][ T29] ? __mutex_trylock_common+0x84/0x250 [ 801.611967][ T29] ? trace_raw_output_contention_end+0xd0/0xd0 [ 801.618228][ T29] schedule+0xbd/0x170 [ 801.622482][ T29] schedule_preempt_disabled+0x13/0x20 [ 801.628080][ T29] __mutex_lock+0x6b7/0xcc0 [ 801.632596][ T29] ? __mutex_lock+0x4e8/0xcc0 [ 801.637339][ T29] ? rfkill_register+0x37/0x8e0 [ 801.642192][ T29] ? mutex_lock_nested+0x20/0x20 [ 801.647185][ T29] ? device_initialize+0x24b/0x440 [ 801.652302][ T29] rfkill_register+0x37/0x8e0 [ 801.657065][ T29] hci_register_dev+0x3f5/0x890 [ 801.661941][ T29] vhci_create_device+0x38b/0x6e0 [ 801.667957][ T29] vhci_write+0x3b5/0x470 [ 801.672329][ T29] vfs_write+0x43b/0x940 [ 801.676694][ T29] ? file_end_write+0x250/0x250 [ 801.681576][ T29] ? __fdget_pos+0x1d8/0x330 [ 801.686236][ T29] ksys_write+0x147/0x250 [ 801.690581][ T29] ? __ia32_sys_read+0x90/0x90 [ 801.695446][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 801.700654][ T29] do_syscall_64+0x55/0xb0 [ 801.705152][ T29] ? clear_bhb_loop+0x40/0x90 [ 801.709849][ T29] ? clear_bhb_loop+0x40/0x90 [ 801.714655][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 801.720583][ T29] RIP: 0033:0x7fc25518d3a0 [ 801.725119][ T29] RSP: 002b:00007ffe22540088 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 801.733563][ T29] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc25518d3a0 [ 801.741771][ T29] RDX: 0000000000000002 RSI: 00007ffe2254009a RDI: 00000000000000ca [ 801.749795][ T29] RBP: 00007fc2553b6738 R08: 0000000000000000 R09: 00007fc255eed6c0 [ 801.757848][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 801.765857][ T29] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 801.773826][ T29] [ 801.777000][ T29] [ 801.777000][ T29] Showing all locks held in the system: [ 801.784998][ T29] 1 lock held by khungtaskd/29: [ 801.789846][ T29] #0: ffffffff8cd2f760 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 801.799847][ T29] 5 locks held by kworker/u4:9/3456: [ 801.805202][ T29] 2 locks held by getty/5534: [ 801.809884][ T29] #0: ffff88823bcce8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 801.819824][ T29] #1: ffffc9000326b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x425/0x1380 [ 801.829998][ T29] 3 locks held by kworker/1:5/5841: [ 801.835255][ T29] #0: ffff888017870938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 801.846332][ T29] #1: ffffc9000488fd00 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 801.859882][ T29] #2: ffffffff8e289a88 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 801.871264][ T29] 2 locks held by syz.0.5540/20901: [ 801.876641][ T29] #0: ffffffff8e289a88 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a2/0x570 [ 801.886822][ T29] #1: ffff88801cbfe100 (&dev->mutex){....}-{3:3}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 801.896589][ T29] 2 locks held by syz.3.5541/20903: [ 801.901785][ T29] #0: ffff88801cbfe100 (&dev->mutex){....}-{3:3}, at: nfc_unregister_device+0x63/0x2a0 [ 801.911581][ T29] #1: ffffffff8e289a88 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xc8/0x220 [ 801.921953][ T29] 2 locks held by syz-executor/21166: [ 801.927369][ T29] #0: ffff88805dd5f918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6e0 [ 801.937532][ T29] #1: ffffffff8e289a88 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x37/0x8e0 [ 801.947574][ T29] 2 locks held by syz-executor/21167: [ 801.952956][ T29] #0: ffff888076d94118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_create_device+0x34/0x6e0 [ 801.963133][ T29] #1: ffffffff8e289a88 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x37/0x8e0 [ 801.973131][ T29] 3 locks held by syz.2.5899/21845: [ 801.978392][ T29] #0: ffffffff8d4c42a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 801.986902][ T29] #1: ffff888022fbe100 (&dev->mutex){....}-{3:3}, at: nfc_register_device+0xa1/0x320 [ 801.996582][ T29] #2: ffffffff8e289a88 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x37/0x8e0 [ 802.006585][ T29] 1 lock held by syz.1.5912/21882: [ 802.011692][ T29] #0: ffffffff8d4c42a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 802.020203][ T29] 1 lock held by syz-executor/21885: [ 802.025545][ T29] #0: ffffffff8d4c42a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 802.034227][ T29] 1 lock held by syz-executor/21887: [ 802.039516][ T29] #0: ffffffff8d4c42a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 802.048014][ T29] 1 lock held by syz-executor/21890: [ 802.053293][ T29] #0: ffffffff8d4c42a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 802.061803][ T29] 1 lock held by syz-executor/21891: [ 802.067218][ T29] #0: ffffffff8d4c42a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 802.075945][ T29] 1 lock held by syz-executor/21898: [ 802.081258][ T29] #0: ffffffff8d4c42a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 802.089772][ T29] 1 lock held by syz-executor/21900: [ 802.095146][ T29] #0: ffffffff8d4c42a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 802.103623][ T29] 1 lock held by syz-executor/21903: [ 802.108972][ T29] #0: ffffffff8d4c42a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 802.117507][ T29] 1 lock held by syz-executor/21904: [ 802.122772][ T29] #0: ffffffff8d4c42a8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x5a/0x370 [ 802.131427][ T29] [ 802.133758][ T29] ============================================= [ 802.133758][ T29] [ 802.142236][ T29] NMI backtrace for cpu 0 [ 802.146573][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.6.93-syzkaller #0 [ 802.154376][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 802.164415][ T29] Call Trace: [ 802.167680][ T29] [ 802.170596][ T29] dump_stack_lvl+0x16c/0x230 [ 802.175350][ T29] ? preempt_count_add+0x91/0x1a0 [ 802.180709][ T29] ? show_regs_print_info+0x20/0x20 [ 802.185894][ T29] ? load_image+0x3b0/0x3b0 [ 802.190382][ T29] nmi_cpu_backtrace+0x39b/0x3d0 [ 802.195318][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 802.201476][ T29] ? _printk+0xd0/0x110 [ 802.205627][ T29] ? load_image+0x3b0/0x3b0 [ 802.210127][ T29] ? load_image+0x3b0/0x3b0 [ 802.214622][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 802.220686][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 802.226665][ T29] watchdog+0xf41/0xf80 [ 802.230816][ T29] ? watchdog+0x1e1/0xf80 [ 802.235140][ T29] kthread+0x2fa/0x390 [ 802.239194][ T29] ? hungtask_pm_notify+0x90/0x90 [ 802.244220][ T29] ? kthread_blkcg+0xd0/0xd0 [ 802.248805][ T29] ret_from_fork+0x48/0x80 [ 802.253220][ T29] ? kthread_blkcg+0xd0/0xd0 [ 802.257797][ T29] ret_from_fork_asm+0x11/0x20 [ 802.262567][ T29] [ 802.265791][ T29] Sending NMI from CPU 0 to CPUs 1: [ 802.271015][ C1] NMI backtrace for cpu 1 [ 802.271037][ C1] CPU: 1 PID: 3456 Comm: kworker/u4:9 Not tainted 6.6.93-syzkaller #0 [ 802.271053][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 802.271063][ C1] Workqueue: bat_events batadv_nc_worker [ 802.271089][ C1] RIP: 0010:__lock_acquire+0x681/0x7c80 [ 802.271109][ C1] Code: 83 3d 22 b0 81 15 00 0f 84 ad 01 00 00 31 db 48 81 c3 c9 00 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 00 84 c0 0f 85 b4 62 00 00 <45> 84 f6 0f 84 76 05 00 00 0f b6 1b 48 8b 44 24 48 42 0f b6 04 00 [ 802.271123][ C1] RSP: 0018:ffffc9000c7477c0 EFLAGS: 00000046 [ 802.271135][ C1] RAX: 0000000000000000 RBX: ffffffff906edf79 RCX: ffffffff81670411 [ 802.271147][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff90d84520 [ 802.271157][ C1] RBP: ffffc9000c747a08 R08: dffffc0000000000 R09: 1ffffffff21b08a4 [ 802.271168][ C1] R10: dffffc0000000000 R11: fffffbfff21b08a5 R12: ffff88802d6264c4 [ 802.271180][ C1] R13: ffff88802d625a00 R14: 0000000000000002 R15: ffff88802d626550 [ 802.271191][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 802.271204][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 802.271215][ C1] CR2: 0000558c962cd000 CR3: 000000000cb30000 CR4: 00000000003506e0 [ 802.271228][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 802.271238][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 802.271247][ C1] Call Trace: [ 802.271252][ C1] [ 802.271270][ C1] ? verify_lock_unused+0x140/0x140 [ 802.271290][ C1] ? verify_lock_unused+0x140/0x140 [ 802.271311][ C1] lock_acquire+0x197/0x410 [ 802.271327][ C1] ? batadv_nc_worker+0xd2/0x610 [ 802.271350][ C1] ? batadv_nc_worker+0xd2/0x610 [ 802.271371][ C1] ? read_lock_is_recursive+0x20/0x20 [ 802.271388][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 802.271407][ C1] ? batadv_nc_worker+0xd2/0x610 [ 802.271427][ C1] batadv_nc_worker+0xef/0x610 [ 802.271448][ C1] ? batadv_nc_worker+0xd2/0x610 [ 802.271470][ C1] ? process_scheduled_works+0x957/0x15b0 [ 802.271488][ C1] process_scheduled_works+0xa45/0x15b0 [ 802.271516][ C1] ? assign_work+0x400/0x400 [ 802.271536][ C1] ? assign_work+0x39e/0x400 [ 802.271554][ C1] worker_thread+0xa55/0xfc0 [ 802.271581][ C1] kthread+0x2fa/0x390 [ 802.271595][ C1] ? pr_cont_work+0x560/0x560 [ 802.271611][ C1] ? kthread_blkcg+0xd0/0xd0 [ 802.271625][ C1] ret_from_fork+0x48/0x80 [ 802.271641][ C1] ? kthread_blkcg+0xd0/0xd0 [ 802.271655][ C1] ret_from_fork_asm+0x11/0x20 [ 802.271680][ C1] [ 802.272067][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 802.528683][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.6.93-syzkaller #0 [ 802.536475][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 802.546517][ T29] Call Trace: [ 802.549793][ T29] [ 802.552717][ T29] dump_stack_lvl+0x16c/0x230 [ 802.557392][ T29] ? show_regs_print_info+0x20/0x20 [ 802.562583][ T29] ? load_image+0x3b0/0x3b0 [ 802.567093][ T29] panic+0x2c0/0x710 [ 802.570981][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 802.576614][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 802.581108][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 802.586645][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 802.592799][ T29] watchdog+0xf80/0xf80 [ 802.596947][ T29] ? watchdog+0x1e1/0xf80 [ 802.601353][ T29] kthread+0x2fa/0x390 [ 802.605409][ T29] ? hungtask_pm_notify+0x90/0x90 [ 802.610423][ T29] ? kthread_blkcg+0xd0/0xd0 [ 802.615026][ T29] ret_from_fork+0x48/0x80 [ 802.619430][ T29] ? kthread_blkcg+0xd0/0xd0 [ 802.624008][ T29] ret_from_fork_asm+0x11/0x20 [ 802.628852][ T29] [ 802.632143][ T29] Kernel Offset: disabled [ 802.636453][ T29] Rebooting in 86400 seconds..