last executing test programs: 3.472191802s ago: executing program 3 (id=1888): r0 = socket$inet_sctp(0x2, 0x1, 0x84) listen(r0, 0xda90) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4, 0x0) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) 3.283313086s ago: executing program 2 (id=1892): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x52, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.208545967s ago: executing program 3 (id=1893): r0 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2, 0x0, 0x6}, 0x18) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 3.105223309s ago: executing program 2 (id=1895): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_ext_remove_space_done\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x18000, &(0x7f0000000000), 0x80, 0x62d, &(0x7f0000000c40)="$eJzs3c9rHNcdAPDvzEqyZauVXUqpTUsFPdhQvJZcU7c92e6hPhhqqA8h5GBhSY7w+geWDLZjsAw5JJBACLmG4Ev+gZBr0DXkFgKJbzkHnBCc5JAEb5jZWWuz2rU3kla78Xw+MDNv3szue98dvZ03MzuaAEprKhulEfsi4lwSMdmybCIaC6eK9R5+fft8NiRRr///qySSIq+5/qNiujsbJY3XfHwy4neV9eUu3bx1cbZWb7gTcXj50tXDSzdvHVq8NHth/sL85Zkj/zx6bPpfMx9uTZy7i+mp0//70+svv/iPhU9qh5I4HmdHX5qLtji2ylTj040sxNb8kYg4liU6fC6wnSrF3+NoRPwhJqOSzzVMxuJrA60c0Ff1SmP/VB+rA6WTxKBrAAxGsx/QPLbvx3HwMHtwIhvf6BD/SHH0vjM/Ntr1MGk5MspyI/ZsQfkrEfHj7f1vZ0N0OQ8xsgXldC3/bkT8sdP2T/L49+SRZvGnkba8LktPF+c2svr9ZxN1SFrSvf393dlEaT/3S+Jv3Q5Z/MeLaZZ/ssv7P+0Uz1TbfNnaHwCDsXqi2JFnHZFY2/9lPcNm/yfa+z/19/NrQ+37ro3ovv9Lt+Ddny7v/4102v839/c783142tYPS2Ll2zOd33K0PePzV0+92a38qZb+XzZk5Tf7gj3YdNfwwd2I/W3xv5J/9Mnj7Z906P9mq5zrsYz/fvrlqW7LNhn/ptXvRRzoePyz1ivNUm3XJ5NoXp88OnN4YbE2P90Ydyzjg49eeLdb+YOOP9v+u7rE/6Ttn+Vd7bGM987cu9RI7Vi3bOKp8adfjCVn89RYPl5rXmPJ6WKVxuTG7PLytSNPrktznXw604j/4F87t/8u8ecHH+PNr8weXH3u4sNuyza5/R/Ve1yxmyz+uQ1u/zd6LOO756//uduy9fGvnZMY32hQAAAAAAAAUFJpfg02SauP02laLS68/T52pbUrS8t/W7hy/fJcxMH895CjafNK92RjPsnmZ4rfwzbnj7TN/z0i9kbEW5XxfL56/kptbtDBAwAAAAAAAAAAAAAAAAAAwJDYXdz//6h4Htg3lTStVgddK2Db9PMBc8Bw0/6hvPL2vz3PWwOGjP0/lFfH9u9LAUpBU4fy0v6hvLR/KC/tH8pL+4fy6t7+1y252++6AAAAAABbZu9fVu+PRMTKv8fzITNWLBsdaM2AftPGobwqg64AMDCPL/C7/R9Kp6f+//fFPwfsf3WAAUg6Zeadg/qTG/9qx1cCAAAAAAAAAAAAAH1wYN/q/cT9/1BKbvuD8trY/f+Vjb8UGBqd/vW/x4FAOTjGh5Lr4STAzm4L3P8PAAAAAAAAAAAAANtmIh+StFr8DHgi0rRajfhNROyJ0WRhsTY/HRG/jYjPKqM7svmZQVcaAAAAAAAAAAAAAAAAAAAAnjFLN29dnK3V5q+1Jn5Yl/NsJ5pPPB2W+rQmIul7EWm05YxHxDDE3p/ESEtOErGSbfmteOdk838/MQyfT5EY8BcTAAAAAAAAAAAAAAAAAACUUMu9x53tf2ebawQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA22/t+f/9Sww6RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg1+mnAAAA//+EYjvS") 2.992247651s ago: executing program 0 (id=1897): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r0, &(0x7f0000000340)=ANY=[], 0xff2e) r1 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$TCXONC(r0, 0x540a, 0x3) r2 = getpid() r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, 0x0, 0x20800) getuid() setsockopt$bt_BT_CHANNEL_POLICY(r3, 0x112, 0xa, 0x0, 0x0) r5 = socket(0x2, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f00000001c0)=[{0x30, 0x3, 0x4d, 0xfffff034}, {0x6, 0x4, 0x2, 0x6}]}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) syz_emit_ethernet(0x86, &(0x7f00000005c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500007800000000000190780a0101020e5014aa0b009078010000004700000000000000001110007f000001e0000002440c0001ac1414bb4e210000"], 0x0) r6 = syz_pidfd_open(r2, 0x0) setns(r6, 0x20000) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r7, 0x29, 0x42, &(0x7f0000000040)=0xf2b, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kmem_cache_free\x00', r8, 0x0, 0x20000}, 0x18) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r8, @ANYRESOCT=r4, @ANYBLOB="0000000000000004b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000280)='mm_page_free\x00', r9, 0x0, 0x800000000000002}, 0x18) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x4001, 0x0) getsockopt$inet6_buf(r7, 0x29, 0x6, &(0x7f0000001500)=""/17, &(0x7f0000000180)=0x11) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) ppoll(&(0x7f0000000040)=[{r6, 0x24}, {r7, 0x4000}, {r0, 0x1001}], 0x3, &(0x7f0000000100)={r10, r11+10000000}, &(0x7f0000000140)={[0x1]}, 0x8) 2.872341834s ago: executing program 3 (id=1898): r0 = socket(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES64=r0], 0x40}, 0x1, 0x0, 0x0, 0x4004010}, 0x4000) readv(r1, &(0x7f0000001340)=[{&(0x7f0000000100)=""/142, 0x8e}, {0x0}], 0x2) 2.856616854s ago: executing program 1 (id=1899): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_getevents(r1, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0) io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0}]) 2.738787786s ago: executing program 2 (id=1900): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0100000008000000010000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r2, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) 2.604364449s ago: executing program 3 (id=1901): r0 = socket$inet_sctp(0x2, 0x1, 0x84) listen(r0, 0xda90) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4, 0x0) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) 2.52079854s ago: executing program 2 (id=1902): socket$netlink(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) mknodat(0xffffffffffffff9c, 0x0, 0x21c0, 0x103) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) r5 = socket$netlink(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)=""/196, 0xc4}], 0x1, 0x200000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000181200", @ANYRES32, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x20d41, 0x0) syz_clone(0x63081180, 0x0, 0x0, 0x0, 0x0, 0x0) 2.383482143s ago: executing program 3 (id=1903): r0 = syz_io_uring_setup(0x10c, &(0x7f0000000580)={0x0, 0xd736, 0x8, 0x3, 0x281}, &(0x7f00000003c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f00000002c0)=0x2, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80, 0x6000}) io_uring_enter(r0, 0x1c3a, 0xe176, 0x22, 0x0, 0x0) 2.260238115s ago: executing program 3 (id=1904): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bc00d08e36655c00"}) socket$nl_generic(0x10, 0x3, 0x10) 1.365629303s ago: executing program 0 (id=1905): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000008"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000080), &(0x7f0000000240)=r2}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) unshare(0x22020600) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000001b40), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x47, 0x0}}, 0x10) bind$rds(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet(0x2, 0x1, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='inet_sock_set_state\x00', r4, 0x0, 0x100000001}, 0x18) listen(r3, 0x0) 1.096444068s ago: executing program 0 (id=1906): r0 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2, 0x0, 0x6}, 0x18) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 1.096347548s ago: executing program 1 (id=1907): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x2, 0x0, 0x0, 0xe, 0x2}, @volatile={0x0, 0x0, 0x0, 0x2}]}, {0x0, [0x0, 0x2e]}}, 0x0, 0x38}, 0x28) 912.350462ms ago: executing program 1 (id=1908): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x14, &(0x7f00000007c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xf7}, 0x18) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) connect$can_bcm(r2, &(0x7f0000000140)={0x1d, r3}, 0x10) sendmsg$can_bcm(r2, &(0x7f0000003b00)={0x0, 0x0, &(0x7f0000003a00)={&(0x7f0000001000)=ANY=[@ANYBLOB="01000000020800000100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0300004001000000020000004002000033a773533664928ec6b4f2922f34a3c5148573abd6baf982138eb87222318feaf5c5d75215aaf181b56881366b84e72216"], 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x200060d0) 758.735095ms ago: executing program 1 (id=1909): r0 = socket(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES64=r0], 0x40}, 0x1, 0x0, 0x0, 0x4004010}, 0x4000) readv(r1, &(0x7f0000001340)=[{&(0x7f0000000100)=""/142, 0x8e}, {0x0}], 0x2) 745.777835ms ago: executing program 0 (id=1910): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0100000008000000010000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa1", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r2, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) 494.24985ms ago: executing program 0 (id=1911): r0 = socket$inet_sctp(0x2, 0x1, 0x84) listen(r0, 0xda90) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4, 0x0) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) 436.315181ms ago: executing program 1 (id=1912): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001980)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0) 262.354325ms ago: executing program 0 (id=1913): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r0, &(0x7f0000000340)=ANY=[], 0xff2e) r1 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$TCXONC(r0, 0x540a, 0x3) r2 = getpid() r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, 0x0, 0x20800) getuid() setsockopt$bt_BT_CHANNEL_POLICY(r3, 0x112, 0xa, 0x0, 0x0) r4 = socket(0x2, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f00000001c0)=[{0x30, 0x3, 0x4d, 0xfffff034}, {0x6, 0x4, 0x2, 0x6}]}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) syz_emit_ethernet(0x86, &(0x7f00000005c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500007800000000000190780a0101020e5014aa0b009078010000004700000000000000001110007f000001e0000002440c0001ac1414bb4e210000"], 0x0) r5 = syz_pidfd_open(r2, 0x0) setns(r5, 0x20000) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r6, 0x29, 0x42, &(0x7f0000000040)=0xf2b, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kmem_cache_free\x00', r7, 0x0, 0x20000}, 0x18) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r7, @ANYRESOCT, @ANYBLOB="0000000000000004b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000280)='mm_page_free\x00', r8, 0x0, 0x800000000000002}, 0x18) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x4001, 0x0) getsockopt$inet6_buf(r6, 0x29, 0x6, &(0x7f0000001500)=""/17, &(0x7f0000000180)=0x11) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) ppoll(&(0x7f0000000040)=[{r5, 0x24}, {r6, 0x4000}, {r0, 0x1001}], 0x3, &(0x7f0000000100)={r9, r10+10000000}, &(0x7f0000000140)={[0x1]}, 0x8) 240.077295ms ago: executing program 2 (id=1914): socket$packet(0x11, 0x2, 0x300) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="71b42490200001032abd7000c17b12486a0a6d94f100000000000000080018004e254e248ff7027feb4c222903a717fbbb8fb7c8998d05461b9dcc07e4655c4892b4fe2733"], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = getpgrp(0x0) set_mempolicy(0x3, &(0x7f0000000240)=0x1, 0x9) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000001100)=@req3={0x8000, 0x200, 0x80, 0x7, 0x0, 0x7ffffd, 0x6}, 0x1c) r3 = syz_pidfd_open(r1, 0x0) fsetxattr$trusted_overlay_nlink(r3, &(0x7f00000018c0), 0x0, 0x0, 0x3) 132.307577ms ago: executing program 1 (id=1915): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x40c42, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000300)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000001300)=0xffff0002) socket$inet_sctp(0x2, 0x400000000001, 0x84) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='cgroup\x00') preadv(r1, 0x0, 0x0, 0x12e, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000380), &(0x7f0000000280)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f00000014c0)=0x3) keyctl$reject(0x13, 0x0, 0x0, 0x202, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs281rHGUYAPBnJh9t7UdirR+tVaNFCIpJk1btwYuiIKIo6KEeY7ItodtGmii2FpuKeBKkoGfxKPoXeBNB1JPg1ZMnKRTtpa2nyMzOpJttNrFmk4nd3w82+74z7+48T+br3ffdDaBrDWV/kogdEfFbRAw0qksbDDWerl05N3n9yrnJJBYWXv8zydtdvXJusmxavm57URlOI9KPkmIjS82eOXtiol6vnS7qo3Mn3x6dPXP2iXdPThyvHa+dGj9y5PChsaefGn+yI3lmeV3d98HM/r0vvnnxlcmjF9/66Zss3h3F+uY8OmUoS/yvhVzrukc7vbGK7WwqJ70VBsIt6YmIbHf15ef/QPTEjZ03EC98WGlwwLrK7k1b2q+eXwBuY0lUHQFQjfJGn33+LR8b1PXYFC4/2/gAlOV9rXg01vRGWrTpa/l820lDEXF0/u8vskes0zgEAECzTyY/fzl7fv/61y9lfY+BxTVp3JM//57/3VXMoQxGxJ0RsTsi7oqIPRFxd0Te9t6IuG+N8dzc/0kvrfEtV5T1/54p5raW9v/K3l8M9hS1nXn+fcmx6XrtYPE/GY6+LVl9bIVtfPf8r5+2W9fc/8se2fbLvmARx6XelgG6qYm5ibxT2gGXL0Ts610u/2RxJiCJiL0Rse/W3npXWZh+7Kv97Rqtnv8KOjDPtPBllt58lv98tORfSprnJ6dvmp8c3Rr12sHR8qi42c+/fPxau+2vKf8OuFxrPDft/9Ymg0nzfO1sZ7f/H4//tD95I59n7i+WvTcxN3d6LKI/yS9nS5eP33htWS/bZ8f/8IHlz//dxWuy/O+PiOwgfiAiHoyIh4rYH46IRyLiwAo5/vjc6vlHWtH+vxAxtez1b/H4b9n/t17oOfHDt+22/+/2/+G8NFwsya9/q1gunOxy0RrgWv53AAAA8H+R5t+BT9KRxXKajow0vsO/J+5I6zOzc48fm3nn1FTju/KD0ZeWI10DxXhofbpeG0vmi3dsjI+OF2PF5XjpoWLc+LOebXl9ZHKmPlVx7tDttrc5/zN/9FQdHbDOti27dLx/wwMBKtA6j54urZ5/NVwM4Hbl99rQvVY5/9ONigPYeO7/0L2WO//Pt9TNBcDtyf0fupfzH7pU+n3VEQAVcv+HrrSW3/WvY2Hr5gijmsJm3Sl5IaIspJsiHoV1KlR9ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiMfwIAAP//2wzmew==") socket$pppl2tp(0x18, 0x1, 0x1) 0s ago: executing program 2 (id=1916): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r2}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x1ff, 0x5c, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x50) kernel console output (not intermixed with test programs): ing Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 557.165792][T10961] syz.1.1209[10961] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 557.166204][T10961] syz.1.1209[10961] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 557.316006][ T27] audit: type=1326 audit(1757789617.714:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10962 comm="syz.1.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 557.426066][ T27] audit: type=1326 audit(1757789617.714:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10962 comm="syz.1.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 557.498481][ T27] audit: type=1326 audit(1757789617.714:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10962 comm="syz.1.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 557.876295][T10973] random: crng reseeded on system resumption [ 558.343615][T10967] loop3: detected capacity change from 0 to 32768 [ 558.371975][T10967] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.1214 (10967) [ 558.374694][T10978] loop1: detected capacity change from 0 to 512 [ 558.402305][T10967] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 558.426074][T10967] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 558.426282][T10978] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 558.434830][T10967] BTRFS info (device loop3): setting nodatacow, compression disabled [ 558.434916][T10967] BTRFS info (device loop3): max_inline at 0 [ 558.474400][T10978] EXT4-fs (loop1): 1 truncate cleaned up [ 558.484778][T10967] BTRFS info (device loop3): using free space tree [ 558.498201][T10978] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 558.591643][T10967] BTRFS info (device loop3): auto enabling async discard [ 558.646422][T10978] EXT4-fs error (device loop1): ext4_ext_precache:627: inode #15: comm syz.1.1218: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964) [ 558.751812][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 558.917703][ T5788] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 560.857047][T11027] hub 9-0:1.0: USB hub found [ 560.863366][T11027] hub 9-0:1.0: 1 port detected [ 561.733683][T10689] Bluetooth: hci1: command 0x0406 tx timeout [ 561.839028][T11029] geneve2: entered promiscuous mode [ 561.844309][T11029] geneve2: entered allmulticast mode [ 561.900060][T11032] loop0: detected capacity change from 0 to 128 [ 561.962089][T11032] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 562.036158][T11032] ext4 filesystem being mounted at /305/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 562.054642][T11037] random: crng reseeded on system resumption [ 562.356178][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 562.396736][T11044] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1232'. [ 562.583912][T11008] warn_alloc: 1 callbacks suppressed [ 562.583928][T11008] syz.2.1222: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 562.607787][T11008] CPU: 0 PID: 11008 Comm: syz.2.1222 Not tainted syzkaller #0 [ 562.615285][T11008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 562.625373][T11008] Call Trace: [ 562.628677][T11008] [ 562.631634][T11008] dump_stack_lvl+0x16c/0x230 [ 562.636349][T11008] ? show_regs_print_info+0x20/0x20 [ 562.641570][T11008] ? load_image+0x3b0/0x3b0 [ 562.646091][T11008] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 562.652527][T11008] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 562.659052][T11008] warn_alloc+0x210/0x300 [ 562.663417][T11008] ? zone_watermark_ok_safe+0x230/0x230 [ 562.668999][T11008] ? _raw_spin_unlock+0x28/0x40 [ 562.673872][T11008] __vmalloc_node_range+0x662/0x1320 [ 562.679200][T11008] ? free_vm_area+0x50/0x50 [ 562.683729][T11008] ? _raw_spin_unlock+0x28/0x40 [ 562.688594][T11008] ? __kasan_kmalloc+0x8f/0xa0 [ 562.693374][T11008] __vmalloc_node_range+0x568/0x1320 [ 562.698683][T11008] ? hash_netiface_create+0x361/0xff0 [ 562.704069][T11008] ? __asan_memset+0x22/0x40 [ 562.708701][T11008] ? free_vm_area+0x50/0x50 [ 562.713219][T11008] ? kvmalloc_node+0x70/0x180 [ 562.717915][T11008] ? rcu_is_watching+0x15/0xb0 [ 562.722696][T11008] ? kvmalloc_node+0x70/0x180 [ 562.727388][T11008] ? trace_kmalloc+0x1f/0xa0 [ 562.732000][T11008] kvmalloc_node+0x13f/0x180 [ 562.736606][T11008] ? hash_netiface_create+0x361/0xff0 [ 562.741999][T11008] hash_netiface_create+0x361/0xff0 [ 562.747224][T11008] ? __nla_parse+0x40/0x50 [ 562.751656][T11008] ? hash_netport6_gc+0x570/0x570 [ 562.756691][T11008] ip_set_create+0xa87/0x18e0 [ 562.761384][T11008] ? ip_set_create+0x4b2/0x18e0 [ 562.766264][T11008] ? ip_set_protocol+0x5d0/0x5d0 [ 562.771220][T11008] ? trace_contention_end+0x39/0xe0 [ 562.776479][T11008] nfnetlink_rcv_msg+0xb49/0x1130 [ 562.781530][T11008] ? nfnetlink_rcv_msg+0x20e/0x1130 [ 562.786760][T11008] ? nfnetlink_unbind+0x160/0x160 [ 562.791810][T11008] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 562.797829][T11008] ? __schedule+0x14da/0x44d0 [ 562.802532][T11008] ? mark_lock+0x94/0x320 [ 562.806887][T11008] netlink_rcv_skb+0x216/0x480 [ 562.811669][T11008] ? nfnetlink_unbind+0x160/0x160 [ 562.816716][T11008] ? netlink_ack+0x1110/0x1110 [ 562.821513][T11008] ? apparmor_capable+0x137/0x1a0 [ 562.826561][T11008] ? bpf_lsm_capable+0x9/0x10 [ 562.831256][T11008] ? security_capable+0x89/0xb0 [ 562.836130][T11008] nfnetlink_rcv+0x274/0x2180 [ 562.840835][T11008] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 562.846832][T11008] ? lock_chain_count+0x20/0x20 [ 562.851703][T11008] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 562.857626][T11008] ? lockdep_hardirqs_on+0x98/0x150 [ 562.862844][T11008] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 562.868413][T11008] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 562.874328][T11008] ? _raw_spin_unlock+0x40/0x40 [ 562.879198][T11008] ? rcu_preempt_deferred_qs_irqrestore+0x86a/0xcc0 [ 562.885826][T11008] ? rcu_read_unlock_special+0x460/0x460 [ 562.891504][T11008] ? __netlink_deliver_tap+0x7e8/0x830 [ 562.897070][T11008] ? netlink_deliver_tap+0x2e/0x1b0 [ 562.902285][T11008] ? __lock_acquire+0x7c80/0x7c80 [ 562.907329][T11008] ? __rcu_read_unlock+0x7c/0xd0 [ 562.912282][T11008] ? netlink_deliver_tap+0x2e/0x1b0 [ 562.917512][T11008] netlink_unicast+0x751/0x8d0 [ 562.922312][T11008] netlink_sendmsg+0x8c1/0xbe0 [ 562.927104][T11008] ? netlink_getsockopt+0x580/0x580 [ 562.932326][T11008] ? aa_sock_msg_perm+0x94/0x150 [ 562.937369][T11008] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 562.942670][T11008] ? security_socket_sendmsg+0x80/0xa0 [ 562.948201][T11008] ? netlink_getsockopt+0x580/0x580 [ 562.953443][T11008] ____sys_sendmsg+0x5bf/0x950 [ 562.958254][T11008] ? __asan_memset+0x22/0x40 [ 562.962899][T11008] ? __sys_sendmsg_sock+0x30/0x30 [ 562.967952][T11008] ? __import_iovec+0x5f2/0x860 [ 562.972855][T11008] ? import_iovec+0x73/0xa0 [ 562.977385][T11008] ___sys_sendmsg+0x220/0x290 [ 562.982087][T11008] ? __sys_sendmsg+0x270/0x270 [ 562.986914][T11008] __se_sys_sendmsg+0x1a5/0x270 [ 562.991793][T11008] ? __x64_sys_sendmsg+0x80/0x80 [ 562.996768][T11008] ? lockdep_hardirqs_on+0x98/0x150 [ 563.001988][T11008] do_syscall_64+0x55/0xb0 [ 563.006426][T11008] ? clear_bhb_loop+0x40/0x90 [ 563.011121][T11008] ? clear_bhb_loop+0x40/0x90 [ 563.015810][T11008] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 563.021729][T11008] RIP: 0033:0x7f56a858eba9 [ 563.026157][T11008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 563.045781][T11008] RSP: 002b:00007f56a9456038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 563.054212][T11008] RAX: ffffffffffffffda RBX: 00007f56a87d5fa0 RCX: 00007f56a858eba9 [ 563.062204][T11008] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006 [ 563.070189][T11008] RBP: 00007f56a8611e19 R08: 0000000000000000 R09: 0000000000000000 [ 563.078179][T11008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 563.086174][T11008] R13: 00007f56a87d6038 R14: 00007f56a87d5fa0 R15: 00007ffe8108ff28 [ 563.094176][T11008] [ 563.114588][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.123149][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.140089][T11008] Mem-Info: [ 563.141410][T11051] loop1: detected capacity change from 0 to 164 [ 563.143244][T11008] active_anon:4283 inactive_anon:0 isolated_anon:0 [ 563.143244][T11008] active_file:9435 inactive_file:40191 isolated_file:0 [ 563.143244][T11008] unevictable:768 dirty:94 writeback:0 [ 563.143244][T11008] slab_reclaimable:11233 slab_unreclaimable:96161 [ 563.143244][T11008] mapped:25280 shmem:1361 pagetables:495 [ 563.143244][T11008] sec_pagetables:0 bounce:0 [ 563.143244][T11008] kernel_misc_reclaimable:0 [ 563.143244][T11008] free:1318304 free_pcp:10797 free_cma:0 [ 563.220453][T11008] Node 0 active_anon:17332kB inactive_anon:0kB active_file:37740kB inactive_file:160560kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101120kB dirty:376kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11148kB pagetables:1980kB sec_pagetables:0kB all_unreclaimable? no [ 563.283178][T11051] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 563.291692][T11008] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 563.386145][T11008] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 563.422325][T11008] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 563.428365][T11008] Node 0 DMA32 free:1364832kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:16988kB inactive_anon:0kB active_file:37740kB inactive_file:159224kB unevictable:1536kB writepending:376kB present:3129332kB managed:2589592kB mlocked:0kB bounce:0kB free_pcp:23320kB local_pcp:8924kB free_cma:0kB [ 563.515710][T11008] lowmem_reserve[]: 0 0 1 1 1 [ 563.527595][T11008] Node 0 Normal free:4kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1336kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 563.561994][T11060] loop3: detected capacity change from 0 to 512 [ 563.568437][T11008] lowmem_reserve[]: 0 0 0 0 0 [ 563.573221][T11008] Node 1 Normal free:3893020kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20760kB local_pcp:11488kB free_cma:0kB [ 563.626725][T11008] lowmem_reserve[]: 0 0 0 0 0 [ 563.631540][T11008] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 563.676372][T11060] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 563.702106][T11008] Node 0 DMA32: 3*4kB (ME) 43*8kB (E) 394*16kB (UME) 323*32kB (ME) 236*64kB (UME) 60*128kB (ME) 9*256kB (UM) 7*512kB (UME) 2*1024kB (UM) 3*2048kB (UM) 320*4096kB (M) = 1364580kB [ 563.721574][T11008] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 563.725711][T11060] ext4 filesystem being mounted at /297/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 563.733568][T11008] Node 1 Normal: 167*4kB (UME) 62*8kB (UME) 47*16kB (UME) 51*32kB (UME) 11*64kB (UME) 5*128kB (UE) 0*256kB 2*512kB (UM) 0*1024kB 0*2048kB 949*4096kB (M) = 3893020kB [ 563.767711][T11008] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 563.777597][T11008] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 563.787084][T11008] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 563.796939][T11008] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 563.806710][T11008] 50885 total pagecache pages [ 563.811705][T11008] 0 pages in swap cache [ 563.815969][T11008] Free swap = 124728kB [ 563.820151][T11008] Total swap = 124996kB [ 563.824345][T11008] 2097051 pages RAM [ 563.828340][T11008] 0 pages HighMem/MovableOnly [ 563.833050][T11008] 416139 pages reserved [ 563.837363][T11008] 0 pages cma reserved [ 563.985152][T11075] syz.1.1244[11075] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 563.985292][T11075] syz.1.1244[11075] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 564.046945][T11070] loop0: detected capacity change from 0 to 8192 [ 564.091830][T11077] netlink: 'syz.1.1244': attribute type 13 has an invalid length. [ 564.894390][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 565.328327][T11087] random: crng reseeded on system resumption [ 565.713609][T11077] bridge0: port 2(bridge_slave_1) entered disabled state [ 565.722456][T11077] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.333298][T11094] loop0: detected capacity change from 0 to 1024 [ 566.415652][T11094] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 566.463337][ T27] audit: type=1800 audit(1757789626.864:197): pid=11094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1250" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 566.523074][T11094] EXT4-fs error (device loop0): mb_free_blocks:1938: group 0, inode 18: block 113:freeing already freed block (bit 7); block bitmap corrupt. [ 566.678907][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 566.751840][T11077] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 567.277346][T11077] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 567.321278][T11101] syz.0.1251[11101] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 567.321419][T11101] syz.0.1251[11101] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 567.527939][T11107] atomic_op ffff888024269998 conn xmit_atomic 0000000000000000 [ 567.830179][T11116] loop2: detected capacity change from 0 to 764 [ 567.877112][ T27] audit: type=1326 audit(1757789628.284:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11117 comm="syz.3.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 567.946009][ T27] audit: type=1326 audit(1757789628.284:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11117 comm="syz.3.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 567.979294][ T27] audit: type=1326 audit(1757789628.314:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11117 comm="syz.3.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 568.039333][ T27] audit: type=1326 audit(1757789628.314:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11117 comm="syz.3.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 568.087395][ T27] audit: type=1326 audit(1757789628.314:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11117 comm="syz.3.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 568.138370][ T27] audit: type=1326 audit(1757789628.314:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11117 comm="syz.3.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 568.229442][ T27] audit: type=1326 audit(1757789628.324:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11117 comm="syz.3.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 568.241830][T11130] loop2: detected capacity change from 0 to 764 [ 568.274637][T11125] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1263'. [ 568.290512][ T27] audit: type=1326 audit(1757789628.324:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11117 comm="syz.3.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 568.315376][ T27] audit: type=1326 audit(1757789628.324:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11117 comm="syz.3.1260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 568.627977][T11077] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.647179][T11077] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.666074][T11077] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.684116][T11133] loop2: detected capacity change from 0 to 2048 [ 568.690816][T11077] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.757382][T11133] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 568.926262][T11137] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 568.968807][T11140] loop3: detected capacity change from 0 to 512 [ 568.977026][T11140] ext3: Unknown parameter 'rootcontext' [ 568.992451][T11137] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 276 with error 28 [ 569.006926][T11137] EXT4-fs (loop2): This should not happen!! Data will be lost [ 569.006926][T11137] [ 569.017034][T11137] EXT4-fs (loop2): Total free blocks count 0 [ 569.023286][T11137] EXT4-fs (loop2): Free/Dirty block details [ 569.029969][T11137] EXT4-fs (loop2): free_blocks=2415919104 [ 569.037186][T11137] EXT4-fs (loop2): dirty_blocks=288 [ 569.042700][T11137] EXT4-fs (loop2): Block reservation details [ 569.048843][T11137] EXT4-fs (loop2): i_reserved_data_blocks=18 [ 569.130521][T11143] atomic_op ffff88805da4c198 conn xmit_atomic 0000000000000000 [ 569.235492][ T59] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 569.342978][T11149] loop3: detected capacity change from 0 to 256 [ 570.843874][T11173] loop0: detected capacity change from 0 to 512 [ 570.853130][T11172] loop3: detected capacity change from 0 to 1024 [ 570.880858][T11172] EXT4-fs: Ignoring removed nomblk_io_submit option [ 570.894356][T11172] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 570.924324][T11173] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 570.947308][T11172] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 570.962769][T11173] ext4 filesystem being mounted at /321/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 570.973660][T11172] System zones: 0-1, 3-36 [ 570.991182][T11172] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 571.409379][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 571.436972][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 571.447565][T11175] atomic_op ffff88805d8fc198 conn xmit_atomic 0000000000000000 [ 571.844888][T11187] loop1: detected capacity change from 0 to 1024 [ 571.905688][T11187] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 571.977326][T11187] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 572.031727][ T27] kauditd_printk_skb: 175 callbacks suppressed [ 572.031744][ T27] audit: type=1800 audit(1757789632.424:382): pid=11187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1283" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 572.085767][T11187] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.1283: bg 0: block 494: padding at end of block bitmap is not set [ 572.107455][T11187] EXT4-fs (loop1): Remounting filesystem read-only [ 572.107845][T11187] EXT4-fs (loop1): error restoring inline_data for inode -- potential data loss! (inode 15, error -5) [ 572.851593][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 574.033830][T11218] syz.0.1292 (11218) used greatest stack depth: 16408 bytes left [ 575.777199][T11234] loop1: detected capacity change from 0 to 128 [ 575.879807][T11234] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 575.914148][T11234] ext4 filesystem being mounted at /338/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 576.073220][T11242] loop3: detected capacity change from 0 to 256 [ 577.063223][T11249] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1305'. [ 577.071340][ T5790] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 577.166527][T11249] netlink: 'syz.3.1305': attribute type 10 has an invalid length. [ 577.206058][T11249] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1305'. [ 577.246574][T11249] batman_adv: batadv0: Adding interface: virt_wifi0 [ 577.253246][T11249] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 577.309600][T11256] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1307'. [ 577.361654][T11256] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1307'. [ 577.385163][T11249] batman_adv: batadv0: Interface activated: virt_wifi0 [ 577.606122][ T787] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 577.793050][T11266] loop2: detected capacity change from 0 to 1024 [ 577.796303][ T787] usb 1-1: Using ep0 maxpacket: 8 [ 577.812928][ T787] usb 1-1: no configurations [ 577.817198][T11266] EXT4-fs: Ignoring removed mblk_io_submit option [ 577.830170][ T787] usb 1-1: can't read configurations, error -22 [ 577.834345][T11266] EXT4-fs: Ignoring removed orlov option [ 577.845591][T11266] ext4: Unknown parameter 'func' [ 577.996113][ T787] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 578.052663][T11272] loop2: detected capacity change from 0 to 128 [ 578.081249][T11272] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 578.144334][T11272] ext4 filesystem being mounted at /323/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 578.195990][ T787] usb 1-1: Using ep0 maxpacket: 8 [ 578.207005][ T787] usb 1-1: no configurations [ 578.215954][ T787] usb 1-1: can't read configurations, error -22 [ 578.230057][ T787] usb usb1-port1: attempt power cycle [ 578.336085][ T5787] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 578.487766][T11281] loop2: detected capacity change from 0 to 1024 [ 578.510130][T11281] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 578.567542][T11281] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 578.637447][ T27] audit: type=1800 audit(1757789639.044:383): pid=11281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1319" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 578.645989][ T787] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 578.680429][T11281] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.1319: bg 0: block 494: padding at end of block bitmap is not set [ 578.697071][ T787] usb 1-1: Using ep0 maxpacket: 8 [ 578.708575][ T787] usb 1-1: no configurations [ 578.716600][ T787] usb 1-1: can't read configurations, error -22 [ 578.723204][T11281] EXT4-fs (loop2): Remounting filesystem read-only [ 578.745747][T11281] EXT4-fs (loop2): error restoring inline_data for inode -- potential data loss! (inode 15, error -5) [ 578.876001][ T787] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 578.926687][ T787] usb 1-1: Using ep0 maxpacket: 8 [ 578.935572][ T787] usb 1-1: no configurations [ 578.946095][ T787] usb 1-1: can't read configurations, error -22 [ 578.966165][ T787] usb usb1-port1: unable to enumerate USB device [ 579.079187][ T27] audit: type=1326 audit(1757789639.474:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.3.1322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 579.132180][ T27] audit: type=1326 audit(1757789639.474:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.3.1322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 579.156233][ T27] audit: type=1326 audit(1757789639.484:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.3.1322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 579.180936][ T27] audit: type=1326 audit(1757789639.484:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.3.1322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 579.204346][ T27] audit: type=1326 audit(1757789639.484:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.3.1322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 579.228440][ T27] audit: type=1326 audit(1757789639.484:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.3.1322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 579.252301][ T27] audit: type=1326 audit(1757789639.484:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.3.1322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 579.326170][ T27] audit: type=1326 audit(1757789639.484:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.3.1322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 579.377887][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 579.442570][ T27] audit: type=1326 audit(1757789639.504:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11290 comm="syz.3.1322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 579.621331][T11302] loop3: detected capacity change from 0 to 128 [ 579.663992][T11302] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 579.686179][T11302] ext4 filesystem being mounted at /325/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 579.831961][ T5788] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 580.228076][T11315] loop1: detected capacity change from 0 to 2048 [ 580.264911][T11317] loop3: detected capacity change from 0 to 1024 [ 580.284216][T11315] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 580.328307][T11317] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 580.401859][T11317] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 580.444323][T11315] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 580.469320][T11317] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.1333: bg 0: block 494: padding at end of block bitmap is not set [ 580.475167][T11315] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 580.500381][T11315] EXT4-fs (loop1): This should not happen!! Data will be lost [ 580.500381][T11315] [ 580.510363][T11315] EXT4-fs (loop1): Total free blocks count 0 [ 580.517979][T11315] EXT4-fs (loop1): Free/Dirty block details [ 580.524035][T11315] EXT4-fs (loop1): free_blocks=66060288 [ 580.529909][T11317] EXT4-fs (loop3): Remounting filesystem read-only [ 580.534695][T11315] EXT4-fs (loop1): dirty_blocks=16 [ 580.548946][T11317] EXT4-fs (loop3): error restoring inline_data for inode -- potential data loss! (inode 15, error -5) [ 580.551777][T11315] EXT4-fs (loop1): Block reservation details [ 580.585408][T11315] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 580.784083][T11329] 9p: Unknown access argument ¿z: -22 [ 580.963597][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 581.008804][T11331] syzkaller1: entered promiscuous mode [ 581.020884][T11331] syzkaller1: entered allmulticast mode [ 581.202100][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 581.636757][T11349] loop3: detected capacity change from 0 to 128 [ 581.792148][T11355] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 581.805048][T11355] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 582.101505][T11369] netlink: 180 bytes leftover after parsing attributes in process `syz.1.1357'. [ 582.118267][T11367] loop2: detected capacity change from 0 to 512 [ 582.127741][T11369] loop1: detected capacity change from 0 to 1024 [ 582.134811][T11369] EXT4-fs: Ignoring removed bh option [ 582.142336][T11369] EXT4-fs: inline encryption not supported [ 582.150588][T11369] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 582.160856][T11367] EXT4-fs (loop2): orphan cleanup on readonly fs [ 582.169647][T11367] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.1356: bad orphan inode 13 [ 582.180615][T11369] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 582.199634][T11367] ext4_test_bit(bit=12, block=18) = 1 [ 582.206835][T11367] is_bad_inode(inode)=0 [ 582.216139][T11367] NEXT_ORPHAN(inode)=2130706432 [ 582.249079][T11367] max_ino=32 [ 582.252356][T11367] i_nlink=1 [ 582.260975][T11369] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 2: comm syz.1.1357: lblock 2 mapped to illegal pblock 2 (length 1) [ 582.287270][T11367] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 582.318952][T11369] EXT4-fs (loop1): Remounting filesystem read-only [ 582.331923][T11369] EXT4-fs (loop1): 1 orphan inode deleted [ 582.352725][T11369] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 582.372068][T11367] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 582.394536][T11369] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 582.454594][T11367] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.1356: bg 0: block 248: padding at end of block bitmap is not set [ 582.516936][T11367] EXT4-fs error (device loop2): ext4_acquire_dquot:6940: comm syz.2.1356: Failed to acquire dquot type 1 [ 582.543155][T11369] loop1: detected capacity change from 0 to 2048 [ 582.567280][T11367] EXT4-fs warning (device loop2): ext4_enable_quotas:7175: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 582.611940][T11369] Alternate GPT is invalid, using primary GPT. [ 582.619222][T11369] loop1: p2 p3 p7 [ 582.762532][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 582.815446][T11388] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1364'. [ 583.247258][T11401] loop1: detected capacity change from 0 to 128 [ 583.274059][T11401] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 583.295335][T11401] ext4 filesystem being mounted at /358/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 583.488629][ T5790] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 583.924698][T11423] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1380'. [ 583.933995][T11423] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 584.027961][T11427] loop1: detected capacity change from 0 to 128 [ 584.063246][T11427] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 584.080985][T11423] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 584.096481][T11427] ext4 filesystem being mounted at /361/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 584.290606][ T5790] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 584.429062][T11439] loop1: detected capacity change from 0 to 128 [ 584.488844][T11439] syz.1.1386: attempt to access beyond end of device [ 584.488844][T11439] loop1: rw=2049, sector=145, nr_sectors = 89 limit=128 [ 584.606849][T11446] warn_alloc: 3 callbacks suppressed [ 584.606866][T11446] syz.3.1390: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 584.668791][T11446] CPU: 1 PID: 11446 Comm: syz.3.1390 Not tainted syzkaller #0 [ 584.676323][T11446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 584.686424][T11446] Call Trace: [ 584.689753][T11446] [ 584.692712][T11446] dump_stack_lvl+0x16c/0x230 [ 584.697454][T11446] ? show_regs_print_info+0x20/0x20 [ 584.702688][T11446] ? load_image+0x3b0/0x3b0 [ 584.707213][T11446] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 584.713653][T11446] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 584.720270][T11446] warn_alloc+0x210/0x300 [ 584.724637][T11446] ? stack_trace_save+0x9c/0xe0 [ 584.729541][T11446] ? zone_watermark_ok_safe+0x230/0x230 [ 584.735118][T11446] ? kasan_set_track+0x5f/0x70 [ 584.739903][T11446] ? kasan_set_track+0x4e/0x70 [ 584.744677][T11446] ? __kasan_kmalloc+0x8f/0xa0 [ 584.749470][T11446] ? xsk_init_queue+0xb0/0x110 [ 584.754245][T11446] ? xsk_setsockopt+0x4db/0x6f0 [ 584.759123][T11446] ? do_sock_setsockopt+0x175/0x1a0 [ 584.764341][T11446] ? __x64_sys_setsockopt+0x184/0x200 [ 584.769859][T11446] __vmalloc_node_range+0x126/0x1320 [ 584.775185][T11446] ? free_vm_area+0x50/0x50 [ 584.779731][T11446] vmalloc_user+0x74/0x80 [ 584.784083][T11446] ? xskq_create+0xbf/0x170 [ 584.788604][T11446] xskq_create+0xbf/0x170 [ 584.792948][T11446] xsk_init_queue+0xb0/0x110 [ 584.797551][T11446] xsk_setsockopt+0x4db/0x6f0 [ 584.802244][T11446] ? xsk_poll+0x670/0x670 [ 584.806600][T11446] ? __fget_files+0x28/0x4d0 [ 584.811216][T11446] ? aa_sock_opt_perm+0x74/0x100 [ 584.816173][T11446] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 584.821729][T11446] ? security_socket_setsockopt+0x7e/0xa0 [ 584.827463][T11446] ? xsk_poll+0x670/0x670 [ 584.831808][T11446] do_sock_setsockopt+0x175/0x1a0 [ 584.836882][T11446] ? __fdget+0x180/0x210 [ 584.841147][T11446] __x64_sys_setsockopt+0x184/0x200 [ 584.846369][T11446] do_syscall_64+0x55/0xb0 [ 584.850892][T11446] ? clear_bhb_loop+0x40/0x90 [ 584.855585][T11446] ? clear_bhb_loop+0x40/0x90 [ 584.860284][T11446] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 584.866253][T11446] RIP: 0033:0x7f2280f8eba9 [ 584.870685][T11446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.890326][T11446] RSP: 002b:00007f2281eb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 584.898759][T11446] RAX: ffffffffffffffda RBX: 00007f22811d5fa0 RCX: 00007f2280f8eba9 [ 584.906750][T11446] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006 [ 584.914754][T11446] RBP: 00007f2281011e19 R08: 0000000000000004 R09: 0000000000000000 [ 584.922826][T11446] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 584.930810][T11446] R13: 00007f22811d6038 R14: 00007f22811d5fa0 R15: 00007fff171a9398 [ 584.938820][T11446] [ 584.962610][T11446] Mem-Info: [ 584.966571][T11446] active_anon:4181 inactive_anon:0 isolated_anon:0 [ 584.966571][T11446] active_file:9435 inactive_file:40207 isolated_file:0 [ 584.966571][T11446] unevictable:768 dirty:24 writeback:0 [ 584.966571][T11446] slab_reclaimable:11260 slab_unreclaimable:111892 [ 584.966571][T11446] mapped:24241 shmem:1361 pagetables:463 [ 584.966571][T11446] sec_pagetables:0 bounce:0 [ 584.966571][T11446] kernel_misc_reclaimable:0 [ 584.966571][T11446] free:1339417 free_pcp:6771 free_cma:0 [ 585.067508][T11453] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1393'. [ 585.111286][T11453] netlink: 'syz.1.1393': attribute type 10 has an invalid length. [ 585.126118][T11446] Node 0 active_anon:22124kB inactive_anon:0kB active_file:37740kB inactive_file:160624kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102264kB dirty:96kB writeback:0kB shmem:9108kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11116kB pagetables:1852kB sec_pagetables:0kB all_unreclaimable? no [ 585.220654][T11453] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1393'. [ 585.239289][T11456] loop2: detected capacity change from 0 to 128 [ 585.252140][T11446] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 585.290798][T11456] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 585.294481][T11446] Node 0 [ 585.304362][T11456] ext4 filesystem being mounted at /341/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 585.317553][T11453] batman_adv: batadv0: Adding interface: virt_wifi0 [ 585.323762][T11446] DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 585.381283][T11453] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 585.415363][T11446] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 585.437613][T11446] Node 0 DMA32 free:1367480kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:28480kB inactive_anon:0kB active_file:37740kB inactive_file:159288kB unevictable:1536kB writepending:96kB present:3129332kB managed:2589592kB mlocked:0kB bounce:0kB free_pcp:7732kB local_pcp:2252kB free_cma:0kB [ 585.505485][T11453] batman_adv: batadv0: Interface activated: virt_wifi0 [ 585.525483][T11446] lowmem_reserve[]: 0 0 1 1 1 [ 585.542133][T11446] Node 0 Normal free:4kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1336kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 585.545767][ T5787] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 585.618508][T11446] lowmem_reserve[]: 0 0 0 0 0 [ 585.635739][T11446] Node 1 Normal free:3893476kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20224kB local_pcp:8992kB free_cma:0kB [ 585.697375][T11446] lowmem_reserve[]: 0 0 0 0 0 [ 585.704223][T11446] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 585.744656][T11446] Node 0 DMA32: 0*4kB 246*8kB (UE) 463*16kB (UME) 991*32kB (UME) 493*64kB (UME) 153*128kB (UME) 73*256kB (UM) 71*512kB (UME) 47*1024kB (UM) 2*2048kB (M) 280*4096kB (M) = 1346368kB [ 585.792117][T11446] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 585.793284][T11461] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1396'. [ 585.845946][T11446] Node 1 Normal: 229*4kB (UME) 62*8kB (UME) 47*16kB (UME) 56*32kB (UME) 13*64kB (UME) 5*128kB (UE) 0*256kB 2*512kB (UM) 0*1024kB 0*2048kB 949*4096kB (M) = 3893556kB [ 585.903808][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 585.946165][T11446] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 585.966941][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 585.989439][T11446] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 586.014738][T11446] 53721 total pagecache pages [ 586.025933][T11446] 0 pages in swap cache [ 586.036036][T11446] Free swap = 124728kB [ 586.040250][T11446] Total swap = 124996kB [ 586.044512][T11446] 2097051 pages RAM [ 586.073111][T11446] 0 pages HighMem/MovableOnly [ 586.086303][T11446] 416139 pages reserved [ 586.090532][T11446] 0 pages cma reserved [ 586.849437][T11480] random: crng reseeded on system resumption [ 587.531252][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 587.531268][ T27] audit: type=1326 audit(1757789647.934:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.3.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 587.604550][ T27] audit: type=1326 audit(1757789647.964:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.3.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 587.675980][ T27] audit: type=1326 audit(1757789647.974:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.3.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 587.755951][ T27] audit: type=1326 audit(1757789647.974:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.3.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 587.810750][ T27] audit: type=1326 audit(1757789647.974:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.3.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 587.898391][ T27] audit: type=1326 audit(1757789647.974:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.3.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 587.945473][T11501] loop1: detected capacity change from 0 to 1024 [ 587.953020][T11501] EXT4-fs: Ignoring removed orlov option [ 587.956368][ T27] audit: type=1326 audit(1757789647.984:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.3.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 587.958750][T11501] EXT4-fs: Ignoring removed nomblk_io_submit option [ 588.006731][ T27] audit: type=1326 audit(1757789647.984:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.3.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 588.037730][T11501] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 588.065813][T11507] loop2: detected capacity change from 0 to 512 [ 588.066013][ T27] audit: type=1326 audit(1757789647.984:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.3.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 588.066062][ T27] audit: type=1326 audit(1757789647.984:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.3.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 588.149147][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 588.192658][T11507] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 588.235033][T11507] ext4 filesystem being mounted at /348/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 588.643128][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 588.948510][T11526] random: crng reseeded on system resumption [ 589.510763][T11533] loop0: detected capacity change from 0 to 128 [ 589.532514][T11533] EXT4-fs: Ignoring removed nobh option [ 589.580403][T11533] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 589.620643][T11533] ext4 filesystem being mounted at /350/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 589.698462][T11539] loop2: detected capacity change from 0 to 8192 [ 589.737159][T11539] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 589.873097][T11542] loop3: detected capacity change from 0 to 128 [ 589.905357][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 589.908748][T11542] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 589.969674][T11546] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1426'. [ 590.000407][T11542] ext4 filesystem being mounted at /348/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 590.089684][T11546] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1426'. [ 590.096720][T11548] loop0: detected capacity change from 0 to 1024 [ 590.111096][T11548] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 590.155127][ T5788] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 590.168935][T11548] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 590.556185][T11565] random: crng reseeded on system resumption [ 590.594187][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 590.824303][T11576] loop1: detected capacity change from 0 to 128 [ 590.854233][T11576] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 590.877692][T11576] ext4 filesystem being mounted at /375/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 590.973299][T11575] loop2: detected capacity change from 0 to 764 [ 590.994790][T11580] loop0: detected capacity change from 0 to 512 [ 591.003059][T11580] EXT4-fs: Ignoring removed oldalloc option [ 591.073953][T11580] EXT4-fs error (device loop0): ext4_xattr_inode_iget:436: comm syz.0.1439: Parent and EA inode have the same ino 15 [ 591.098254][T11580] EXT4-fs (loop0): 1 orphan inode deleted [ 591.098984][ T5790] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 591.107790][T11580] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 591.142884][T11580] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1439'. [ 591.479299][T11594] loop3: detected capacity change from 0 to 1024 [ 591.493471][T11593] loop1: detected capacity change from 0 to 1024 [ 591.504142][T11594] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 591.523092][T11593] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 591.552013][T11594] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 591.552136][T11593] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 591.575943][T11593] EXT4-fs (loop1): orphan cleanup on readonly fs [ 591.591904][T11593] EXT4-fs error (device loop1): ext4_free_blocks:6676: comm syz.1.1445: Freeing blocks not in datazone - block = 0, count = 4096 [ 591.643457][T11593] EXT4-fs (loop1): 1 orphan inode deleted [ 591.657577][T11593] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 591.718779][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.738999][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.921986][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 592.117097][T11602] loop1: detected capacity change from 0 to 8192 [ 592.338526][T11615] loop1: detected capacity change from 0 to 256 [ 592.364722][T11616] random: crng reseeded on system resumption [ 592.393628][T11615] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 592.445973][T11615] FAT-fs (loop1): Filesystem has been set read-only [ 592.452760][T11615] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 592.496928][T11615] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 592.611694][T11622] loop0: detected capacity change from 0 to 1024 [ 592.629309][T11622] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 592.672443][T11622] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 592.709473][ T27] kauditd_printk_skb: 148 callbacks suppressed [ 592.709489][ T27] audit: type=1800 audit(1757789653.114:557): pid=11622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1455" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 592.899158][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 593.431990][T11651] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 593.459820][T11651] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 594.232905][T11654] loop2: detected capacity change from 0 to 1024 [ 594.274106][T11654] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 594.344593][T11654] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 594.435836][ T27] audit: type=1800 audit(1757789654.834:558): pid=11654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1466" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 594.494854][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 594.710527][T11673] random: crng reseeded on system resumption [ 594.845426][T11674] loop1: detected capacity change from 0 to 764 [ 594.902520][T11681] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1482'. [ 595.008862][T11679] loop3: detected capacity change from 0 to 764 [ 595.450560][T11693] loop2: detected capacity change from 0 to 128 [ 595.484456][T11693] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 595.502917][T11695] loop1: detected capacity change from 0 to 1024 [ 595.514627][T11693] ext4 filesystem being mounted at /369/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 595.529630][T11695] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 595.566156][ T27] audit: type=1326 audit(1757789655.964:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11697 comm="syz.0.1481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 595.594842][T11695] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 595.630475][ T27] audit: type=1326 audit(1757789655.994:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11697 comm="syz.0.1481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 595.669160][ T27] audit: type=1326 audit(1757789655.994:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11697 comm="syz.0.1481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 595.692453][ T27] audit: type=1326 audit(1757789655.994:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11697 comm="syz.0.1481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 595.718583][ T27] audit: type=1326 audit(1757789655.994:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11697 comm="syz.0.1481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f597178d65f code=0x7ffc0000 [ 595.742544][ T27] audit: type=1326 audit(1757789655.994:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11697 comm="syz.0.1481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 595.773557][ T27] audit: type=1326 audit(1757789655.994:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11697 comm="syz.0.1481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 595.802710][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 595.805185][ T27] audit: type=1326 audit(1757789656.014:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11697 comm="syz.0.1481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 595.863478][ T5787] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 596.158576][T11715] loop1: detected capacity change from 0 to 764 [ 596.447664][T11726] random: crng reseeded on system resumption [ 596.626776][T11732] loop3: detected capacity change from 0 to 128 [ 596.645403][T11732] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 596.665700][T11732] ext4 filesystem being mounted at /361/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 596.777765][ T5788] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 596.873822][T11736] loop3: detected capacity change from 0 to 1024 [ 596.904822][T11736] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 597.156502][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 597.465261][T11756] loop1: detected capacity change from 0 to 1024 [ 597.473961][T11756] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 597.515470][T11756] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 597.542950][T11756] EXT4-fs (loop1): orphan cleanup on readonly fs [ 597.553049][T11756] EXT4-fs error (device loop1): ext4_free_blocks:6676: comm syz.1.1502: Freeing blocks not in datazone - block = 0, count = 4096 [ 597.576086][T11756] EXT4-fs (loop1): 1 orphan inode deleted [ 597.597439][T11756] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 597.622883][T11759] loop0: detected capacity change from 0 to 4096 [ 597.654835][T11759] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 597.782774][ T27] kauditd_printk_skb: 14 callbacks suppressed [ 597.782789][ T27] audit: type=1326 audit(1757789658.184:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11766 comm="syz.2.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56a858eba9 code=0x7ffc0000 [ 597.787092][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 597.795049][ T27] audit: type=1326 audit(1757789658.194:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11766 comm="syz.2.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56a858eba9 code=0x7ffc0000 [ 597.891444][ T27] audit: type=1326 audit(1757789658.194:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11766 comm="syz.2.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f56a858eba9 code=0x7ffc0000 [ 597.918152][ T27] audit: type=1326 audit(1757789658.194:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11766 comm="syz.2.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56a858eba9 code=0x7ffc0000 [ 597.937611][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 597.945135][ T27] audit: type=1326 audit(1757789658.194:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11766 comm="syz.2.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56a858eba9 code=0x7ffc0000 [ 597.984308][ T27] audit: type=1326 audit(1757789658.194:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11766 comm="syz.2.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f56a858eba9 code=0x7ffc0000 [ 597.984369][ T27] audit: type=1326 audit(1757789658.194:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11766 comm="syz.2.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56a858eba9 code=0x7ffc0000 [ 597.984414][ T27] audit: type=1326 audit(1757789658.194:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11766 comm="syz.2.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56a858eba9 code=0x7ffc0000 [ 597.984461][ T27] audit: type=1326 audit(1757789658.244:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11766 comm="syz.2.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f56a858eba9 code=0x7ffc0000 [ 597.984507][ T27] audit: type=1326 audit(1757789658.254:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11766 comm="syz.2.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56a858eba9 code=0x7ffc0000 [ 598.007147][T11769] loop1: detected capacity change from 0 to 1024 [ 598.192302][T11769] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 598.192424][T11769] ext4 filesystem being mounted at /396/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 598.395519][T11780] random: crng reseeded on system resumption [ 598.405233][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 598.667786][T11788] loop1: detected capacity change from 0 to 512 [ 598.693698][T11788] EXT4-fs: Mount option(s) incompatible with ext3 [ 598.815444][T11790] loop3: detected capacity change from 0 to 2048 [ 598.832817][T11790] EXT4-fs: Ignoring removed mblk_io_submit option [ 598.865825][T11790] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 598.944876][T11790] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 598.977965][T11790] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 599.026709][T11788] random: crng reseeded on system resumption [ 599.078671][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 599.649188][T11812] loop0: detected capacity change from 0 to 1024 [ 599.688361][T11812] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 599.955292][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 599.978547][T11826] random: crng reseeded on system resumption [ 600.274748][T11834] loop1: detected capacity change from 0 to 512 [ 600.305518][T11834] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.1529: bad orphan inode 11862016 [ 600.333034][T11834] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 600.352376][T11834] ext4 filesystem being mounted at /401/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 600.404371][T11834] IPVS: set_ctl: invalid protocol: 58 172.20.20.24:20004 [ 600.809128][T11847] loop3: detected capacity change from 0 to 1024 [ 600.818040][T11847] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 600.831306][T11847] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 600.843814][T11847] EXT4-fs (loop3): orphan cleanup on readonly fs [ 600.850977][T11847] EXT4-fs error (device loop3): ext4_free_blocks:6676: comm syz.3.1533: Freeing blocks not in datazone - block = 0, count = 4096 [ 600.870437][T11847] EXT4-fs (loop3): 1 orphan inode deleted [ 600.879392][T11847] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 601.193473][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 601.560103][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 601.742202][T11855] tipc: Started in network mode [ 601.764005][T11855] tipc: Node identity 1aa5c0996da4, cluster identity 4711 [ 601.844022][T11855] tipc: Enabled bearer , priority 0 [ 602.019663][T11859] syzkaller0: entered promiscuous mode [ 602.266651][T11859] syzkaller0: entered allmulticast mode [ 602.397029][T11859] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 602.519326][T11855] loop3: detected capacity change from 0 to 1024 [ 602.550329][T11855] EXT4-fs: Ignoring removed bh option [ 602.555825][T11855] ext4: Unknown parameter 'nouser_xattr' [ 602.604032][T11870] loop2: detected capacity change from 0 to 128 [ 602.623863][T11870] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 602.636832][T11854] tipc: Resetting bearer [ 602.653076][T11870] ext4 filesystem being mounted at /388/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 602.690079][ T5858] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 602.738362][T11854] tipc: Disabling bearer [ 602.830147][T11876] random: crng reseeded on system resumption [ 602.898315][ T5858] usb 1-1: device descriptor read/64, error -71 [ 602.906588][ T5787] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 603.185985][ T5858] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 603.346316][ T5858] usb 1-1: device descriptor read/64, error -71 [ 603.389360][T11892] loop3: detected capacity change from 0 to 512 [ 603.400020][T11892] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 603.426768][T11892] EXT4-fs (loop3): 1 orphan inode deleted [ 603.432707][T11892] EXT4-fs (loop3): 1 truncate cleaned up [ 603.440755][T11893] loop2: detected capacity change from 0 to 1024 [ 603.441645][T11892] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 603.461199][T11893] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 603.476613][T11892] EXT4-fs error (device loop3): ext4_inlinedir_to_tree:1412: inode #12: block 7: comm syz.3.1550: path /374/file0/file0: bad entry in directory: directory entry overrun - offset=788, inode=13, rec_len=784, size=60 fake=0 [ 603.478064][ T5858] usb usb1-port1: attempt power cycle [ 603.512368][T11893] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 603.522354][T11893] EXT4-fs (loop2): orphan cleanup on readonly fs [ 603.531806][T11893] EXT4-fs error (device loop2): ext4_free_blocks:6676: comm syz.2.1549: Freeing blocks not in datazone - block = 0, count = 4096 [ 603.543693][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 603.555224][T11893] EXT4-fs (loop2): 1 orphan inode deleted [ 603.571084][T11893] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 603.701093][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 603.709652][T11899] loop3: detected capacity change from 0 to 1024 [ 603.724374][T11899] EXT4-fs: Ignoring removed orlov option [ 603.760605][T11899] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 603.815062][T11899] ext4 filesystem being mounted at /375/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 603.894881][T11905] loop2: detected capacity change from 0 to 1024 [ 603.902386][ T27] kauditd_printk_skb: 9 callbacks suppressed [ 603.902400][ T27] audit: type=1800 audit(1757789664.294:600): pid=11899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1551" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 603.936039][T11905] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 603.943368][T11907] tipc: Started in network mode [ 603.947730][ T5858] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 603.953877][T11907] tipc: Node identity 36074eeba0b6, cluster identity 4711 [ 603.969420][T11907] tipc: Enabled bearer , priority 0 [ 603.973122][T11908] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #15: comm syz.3.1551: lblock 0 mapped to illegal pblock 0 (length 1) [ 603.989993][T11907] syzkaller0: entered promiscuous mode [ 603.999315][ T5858] usb 1-1: device descriptor read/8, error -71 [ 604.004145][T11907] syzkaller0: entered allmulticast mode [ 604.007057][T11908] EXT4-fs error (device loop3): ext4_ext_remove_space:2929: inode #15: comm syz.3.1551: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 604.058237][T11907] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 604.058799][T11905] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 604.086695][T11907] tipc: Resetting bearer [ 604.093233][ T27] audit: type=1800 audit(1757789664.494:601): pid=11905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1555" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 604.139826][T11907] loop1: detected capacity change from 0 to 1024 [ 604.147289][T11907] EXT4-fs: Ignoring removed bh option [ 604.152962][T11907] ext4: Unknown parameter 'nouser_xattr' [ 604.216684][T11906] tipc: Resetting bearer [ 604.217145][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 604.275525][T11906] tipc: Disabling bearer [ 604.282162][ T5858] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 604.320659][ T5858] usb 1-1: device descriptor read/8, error -71 [ 604.324899][T11913] loop2: detected capacity change from 0 to 1024 [ 604.343263][T11913] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 604.373099][ T27] audit: type=1800 audit(1757789664.774:602): pid=11913 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1556" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 604.446279][ T5858] usb usb1-port1: unable to enumerate USB device [ 604.459075][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 604.553700][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 604.847303][T11930] loop2: detected capacity change from 0 to 1024 [ 604.864194][T11930] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 604.887105][T11930] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 604.895467][T11930] EXT4-fs (loop2): orphan cleanup on readonly fs [ 604.897443][T11931] random: crng reseeded on system resumption [ 604.915521][T11930] EXT4-fs error (device loop2): ext4_free_blocks:6676: comm syz.2.1562: Freeing blocks not in datazone - block = 0, count = 4096 [ 604.940882][T11930] EXT4-fs (loop2): 1 orphan inode deleted [ 604.953331][T11930] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 605.010724][T11934] loop1: detected capacity change from 0 to 1024 [ 605.020904][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 605.030421][T11934] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 605.118455][T11934] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 605.170104][ T27] audit: type=1800 audit(1757789665.574:603): pid=11934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1564" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 605.338566][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 605.523528][T11944] tipc: Enabled bearer , priority 0 [ 605.532391][T11944] syzkaller0: entered promiscuous mode [ 605.550645][T11944] syzkaller0: entered allmulticast mode [ 605.631127][T11944] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 605.659386][T11944] tipc: Resetting bearer [ 605.719930][T11944] loop0: detected capacity change from 0 to 1024 [ 605.736895][T11944] EXT4-fs: Ignoring removed bh option [ 605.742472][T11944] ext4: Unknown parameter 'nouser_xattr' [ 605.834095][T11943] tipc: Resetting bearer [ 605.863962][T11951] syz.3.1570[11951] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 605.864085][T11951] syz.3.1570[11951] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 605.904713][T11943] tipc: Disabling bearer [ 606.157111][T11961] loop2: detected capacity change from 0 to 1024 [ 606.190187][T11961] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 606.232078][ T27] audit: type=1800 audit(1757789666.634:604): pid=11961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1573" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 606.251249][T11967] loop0: detected capacity change from 0 to 1024 [ 606.268434][T11967] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 606.308135][T11967] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 606.323255][T11969] loop3: detected capacity change from 0 to 1024 [ 606.342307][T11969] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 606.354519][ T27] audit: type=1800 audit(1757789666.754:605): pid=11967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1574" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 606.384705][T11969] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 606.393473][T11969] EXT4-fs (loop3): orphan cleanup on readonly fs [ 606.400638][T11969] EXT4-fs error (device loop3): ext4_free_blocks:6676: comm syz.3.1575: Freeing blocks not in datazone - block = 0, count = 4096 [ 606.418331][T11969] EXT4-fs (loop3): 1 orphan inode deleted [ 606.457544][T11969] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 606.532394][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 606.654420][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 606.815244][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 606.940964][T11978] random: crng reseeded on system resumption [ 607.036142][T11984] capability: warning: `syz.3.1580' uses 32-bit capabilities (legacy support in use) [ 607.087946][T11982] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 607.792314][T11994] tipc: Enabled bearer , priority 0 [ 607.843562][T11994] syzkaller0: entered promiscuous mode [ 607.854645][T11998] loop1: detected capacity change from 0 to 1024 [ 607.881440][T11994] syzkaller0: entered allmulticast mode [ 607.892301][T12000] random: crng reseeded on system resumption [ 607.923872][T11998] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 608.235626][T11995] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 608.416895][ T27] audit: type=1800 audit(1757789668.724:606): pid=11998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1584" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 608.899165][T12004] tipc: Resetting bearer [ 608.950975][T11994] loop2: detected capacity change from 0 to 1024 [ 608.970833][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 608.997225][T11994] EXT4-fs: Ignoring removed bh option [ 609.026725][T11994] ext4: Unknown parameter 'nouser_xattr' [ 609.110798][T11993] tipc: Resetting bearer [ 609.195521][T11993] tipc: Disabling bearer [ 609.491603][T12008] loop2: detected capacity change from 0 to 1024 [ 609.522659][T12008] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 609.597208][T12008] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 609.630529][T12008] EXT4-fs (loop2): orphan cleanup on readonly fs [ 609.657602][T12008] EXT4-fs error (device loop2): ext4_free_blocks:6676: comm syz.2.1586: Freeing blocks not in datazone - block = 0, count = 4096 [ 609.691536][T12008] EXT4-fs (loop2): 1 orphan inode deleted [ 609.709231][T12008] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 609.739098][T12011] loop0: detected capacity change from 0 to 1024 [ 610.036156][T12011] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 610.709376][T12011] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 610.723527][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 610.875919][ T27] audit: type=1800 audit(1757789671.264:607): pid=12011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1587" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 610.939333][T12027] loop2: detected capacity change from 0 to 256 [ 610.994001][T12027] netlink: 'syz.2.1590': attribute type 10 has an invalid length. [ 611.009208][T12027] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1590'. [ 611.033577][T12027] batman_adv: batadv0: Adding interface: virt_wifi0 [ 611.059024][T12027] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 611.097822][T12027] batman_adv: batadv0: Interface activated: virt_wifi0 [ 611.335344][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 611.483744][T12037] loop2: detected capacity change from 0 to 4096 [ 611.501150][T12037] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 611.521559][T12041] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1595'. [ 611.522130][T12037] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 611.534021][T12041] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1595'. [ 611.574794][ T27] audit: type=1326 audit(1757789671.974:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 611.602044][ T27] audit: type=1326 audit(1757789672.004:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 611.612455][T12037] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 611.624711][ T27] audit: type=1326 audit(1757789672.004:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 611.658346][ T27] audit: type=1326 audit(1757789672.004:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12040 comm="syz.3.1595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 611.755759][T12048] random: crng reseeded on system resumption [ 611.973668][T12051] loop3: detected capacity change from 0 to 512 [ 612.101797][ T27] audit: type=1326 audit(1757789672.504:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12050 comm="syz.3.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 612.200896][ T27] audit: type=1326 audit(1757789672.524:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12050 comm="syz.3.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 612.224096][ T27] audit: type=1326 audit(1757789672.524:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12050 comm="syz.3.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2280f8eba9 code=0x7ffc0000 [ 613.251828][T12061] loop3: detected capacity change from 0 to 1024 [ 613.297893][T12061] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 613.355792][T12061] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 613.420917][ T27] audit: type=1800 audit(1757789673.824:615): pid=12061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1601" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 613.537253][T12066] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 494: padding at end of block bitmap is not set [ 613.613396][T12066] EXT4-fs (loop3): Remounting filesystem read-only [ 614.152996][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 614.541539][T12075] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1605'. [ 614.552341][T12075] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1605'. [ 614.622159][ T27] audit: type=1326 audit(1757789675.024:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12074 comm="syz.1.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 614.741695][T12083] syz.2.1616 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 614.832951][T12084] loop3: detected capacity change from 0 to 4096 [ 614.870087][T12084] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 614.917552][T12084] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 614.944600][T12084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 615.140472][T12098] random: crng reseeded on system resumption [ 616.117618][T12108] random: crng reseeded on system resumption [ 616.217094][ T27] kauditd_printk_skb: 24 callbacks suppressed [ 616.217110][ T27] audit: type=1326 audit(1757789676.624:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12107 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 616.504268][ T27] audit: type=1326 audit(1757789676.764:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12107 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 617.194318][ T27] audit: type=1326 audit(1757789676.764:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12107 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 617.332901][ T27] audit: type=1326 audit(1757789676.794:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12107 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 617.415310][ T27] audit: type=1326 audit(1757789676.794:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12107 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 617.469382][T12119] loop0: detected capacity change from 0 to 512 [ 617.522539][T12119] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 617.558175][ T27] audit: type=1326 audit(1757789676.794:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12107 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 617.613759][T12119] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 617.663079][T12118] loop3: detected capacity change from 0 to 1024 [ 617.673130][ T27] audit: type=1326 audit(1757789676.814:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12107 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 617.794412][T12119] EXT4-fs (loop0): 1 truncate cleaned up [ 617.800597][T12118] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 617.811309][ T27] audit: type=1326 audit(1757789676.854:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12107 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 617.897202][T12119] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 617.897248][ T27] audit: type=1326 audit(1757789676.854:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12107 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 617.995174][ T27] audit: type=1326 audit(1757789676.934:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12107 comm="syz.0.1618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 618.163541][T12118] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 618.251734][T12118] EXT4-fs (loop3): orphan cleanup on readonly fs [ 618.316244][T12119] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 618.356689][T12118] EXT4-fs error (device loop3): ext4_free_blocks:6676: comm syz.3.1619: Freeing blocks not in datazone - block = 0, count = 4096 [ 618.516021][T12118] EXT4-fs (loop3): 1 orphan inode deleted [ 618.523149][T12118] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 618.752644][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 618.953145][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 619.049371][T12134] loop2: detected capacity change from 0 to 1024 [ 619.085368][T12134] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 619.267425][T12143] random: crng reseeded on system resumption [ 619.537543][T12154] loop3: detected capacity change from 0 to 128 [ 619.648354][T12154] ext4 filesystem being mounted at /396/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 619.773583][T12158] loop0: detected capacity change from 0 to 512 [ 619.810078][T12158] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.1634: casefold flag without casefold feature [ 619.844537][T12158] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.1634: couldn't read orphan inode 15 (err -117) [ 619.878467][T12158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1634'. [ 619.887831][T12158] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 619.895559][T12158] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 620.439674][T12171] loop1: detected capacity change from 0 to 128 [ 620.486168][T12171] ext4 filesystem being mounted at /425/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 620.827879][T12182] loop1: detected capacity change from 0 to 1024 [ 620.855316][T12182] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 621.236571][T12194] random: crng reseeded on system resumption [ 622.249872][T12206] loop3: detected capacity change from 0 to 1024 [ 622.287792][ T27] kauditd_printk_skb: 51 callbacks suppressed [ 622.287808][ T27] audit: type=1326 audit(1757789682.694:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12209 comm="syz.1.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 622.321548][ T27] audit: type=1326 audit(1757789682.694:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12209 comm="syz.1.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 622.346433][ T27] audit: type=1326 audit(1757789682.724:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12209 comm="syz.1.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 622.416202][ T27] audit: type=1326 audit(1757789682.724:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12209 comm="syz.1.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 622.473069][ T27] audit: type=1326 audit(1757789682.724:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12209 comm="syz.1.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 622.507500][ T27] audit: type=1326 audit(1757789682.724:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12209 comm="syz.1.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 622.537166][ T27] audit: type=1326 audit(1757789682.724:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12209 comm="syz.1.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 622.580931][ T27] audit: type=1326 audit(1757789682.724:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12209 comm="syz.1.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 622.632604][T12215] loop1: detected capacity change from 0 to 512 [ 622.649890][T12215] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 622.663828][T12215] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 622.672312][ T27] audit: type=1326 audit(1757789682.724:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12209 comm="syz.1.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 622.721442][T12215] EXT4-fs (loop1): 1 truncate cleaned up [ 622.727346][T12218] loop0: detected capacity change from 0 to 1024 [ 622.747511][T12215] EXT4-fs mount: 12 callbacks suppressed [ 622.747531][T12215] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 622.827416][T12218] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 622.881505][T12215] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 622.998937][ T27] audit: type=1326 audit(1757789683.404:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12209 comm="syz.1.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 623.203039][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 623.370421][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 623.482364][T12234] loop2: detected capacity change from 0 to 1024 [ 623.506145][T12234] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 623.756092][T12248] loop3: detected capacity change from 0 to 1024 [ 623.764561][T12248] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 623.778892][T12248] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 623.794394][T12248] EXT4-fs (loop3): orphan cleanup on readonly fs [ 623.801593][T12248] EXT4-fs error (device loop3): ext4_free_blocks:6676: comm syz.3.1670: Freeing blocks not in datazone - block = 0, count = 4096 [ 623.820905][T12248] EXT4-fs (loop3): 1 orphan inode deleted [ 623.825465][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 623.829075][T12248] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 623.958681][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 624.035198][T12254] loop1: detected capacity change from 0 to 1024 [ 624.109570][T12254] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 624.342591][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.349128][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.608571][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 624.686479][T12272] 9pnet_fd: Insufficient options for proto=fd [ 624.779125][T12277] loop1: detected capacity change from 0 to 128 [ 624.815372][T12277] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 624.853817][T12281] loop3: detected capacity change from 0 to 1024 [ 624.862804][T12277] ext4 filesystem being mounted at /435/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 624.866426][T12281] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 624.888912][T12281] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 624.902760][T12281] EXT4-fs (loop3): orphan cleanup on readonly fs [ 624.911191][T12281] EXT4-fs error (device loop3): ext4_free_blocks:6676: comm syz.3.1682: Freeing blocks not in datazone - block = 0, count = 4096 [ 624.931546][T12281] EXT4-fs (loop3): 1 orphan inode deleted [ 624.938920][T12281] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 624.994095][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 625.027275][ T5790] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 625.445517][T12301] loop0: detected capacity change from 0 to 128 [ 625.485182][T12301] FAT-fs (loop0): Invalid FSINFO signature: 0x41610000, 0x61417272 (sector = 1) [ 625.529906][T12301] FAT-fs (loop0): Directory bread(block 162) failed [ 625.554731][T12301] FAT-fs (loop0): Directory bread(block 163) failed [ 625.566025][T12301] FAT-fs (loop0): Directory bread(block 164) failed [ 625.573245][T12301] FAT-fs (loop0): Directory bread(block 165) failed [ 625.585191][T12301] FAT-fs (loop0): Directory bread(block 166) failed [ 625.600918][T12301] FAT-fs (loop0): Directory bread(block 167) failed [ 625.612283][T12301] FAT-fs (loop0): Directory bread(block 168) failed [ 625.624352][T12301] FAT-fs (loop0): Directory bread(block 169) failed [ 625.648837][T12307] loop3: detected capacity change from 0 to 128 [ 625.659304][T12301] FAT-fs (loop0): Directory bread(block 162) failed [ 625.686959][T12301] FAT-fs (loop0): Directory bread(block 163) failed [ 625.695740][T12301] syz.0.1690: attempt to access beyond end of device [ 625.695740][T12301] loop0: rw=3, sector=210, nr_sectors = 6 limit=128 [ 625.721627][T12309] loop1: detected capacity change from 0 to 1024 [ 625.728430][T12307] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 625.737258][T12309] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 625.751179][T12301] syz.0.1690: attempt to access beyond end of device [ 625.751179][T12301] loop0: rw=2051, sector=216, nr_sectors = 2 limit=128 [ 625.773950][T12307] ext4 filesystem being mounted at /413/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 625.792320][ T11] FAT-fs (loop0): Invalid FSINFO signature: 0x41610000, 0x61417272 (sector = 1) [ 625.803924][T12309] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 625.814925][T12313] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1695'. [ 625.824825][T12309] EXT4-fs (loop1): orphan cleanup on readonly fs [ 625.853949][T12309] EXT4-fs error (device loop1): ext4_free_blocks:6676: comm syz.1.1694: Freeing blocks not in datazone - block = 0, count = 4096 [ 625.906520][T12309] EXT4-fs (loop1): 1 orphan inode deleted [ 625.920299][T12309] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 625.934968][ T5788] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 626.023753][T12321] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1697'. [ 626.034446][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 626.240688][T12327] loop2: detected capacity change from 0 to 1024 [ 626.265627][T12327] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 626.319755][T12327] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 626.377321][T12337] syz.1.1703[12337] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 626.377456][T12337] syz.1.1703[12337] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 626.397122][T12337] loop1: detected capacity change from 0 to 128 [ 626.426801][T12338] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1705'. [ 626.797488][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 626.979920][T12356] loop1: detected capacity change from 0 to 128 [ 627.000113][T12356] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 627.016080][T12356] ext4 filesystem being mounted at /445/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 627.128712][ T5790] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 627.256870][T12365] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1716'. [ 627.378780][T12372] loop3: detected capacity change from 0 to 1024 [ 627.387208][T12372] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 627.445767][T12372] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 627.920233][T12378] loop0: detected capacity change from 0 to 128 [ 627.950189][T12378] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 627.978467][T12378] ext4 filesystem being mounted at /414/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 628.177600][T12382] loop2: detected capacity change from 0 to 1024 [ 628.201260][T12382] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 628.227808][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 628.243137][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 628.276136][T12382] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 628.284621][T12382] EXT4-fs (loop2): orphan cleanup on readonly fs [ 628.359501][T12382] EXT4-fs error (device loop2): ext4_free_blocks:6676: comm syz.2.1723: Freeing blocks not in datazone - block = 0, count = 4096 [ 628.400257][T12382] EXT4-fs (loop2): 1 orphan inode deleted [ 628.415081][T12382] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 628.510139][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 628.703006][T12399] loop2: detected capacity change from 0 to 512 [ 628.710385][T12399] ext4: Unknown parameter 'audit' [ 628.782701][T12399] netlink: 'syz.2.1730': attribute type 13 has an invalid length. [ 629.302006][T12399] bridge0: port 2(bridge_slave_1) entered disabled state [ 629.309712][T12399] bridge0: port 1(bridge_slave_0) entered disabled state [ 629.371541][T12416] loop1: detected capacity change from 0 to 1024 [ 629.387251][T12416] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 629.426171][T12416] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 630.034208][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 630.139976][T12429] loop3: detected capacity change from 0 to 1024 [ 630.170836][T12429] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 630.237417][T12399] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 630.373520][T12399] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 630.384332][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 630.691563][T12399] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 631.043273][T12399] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.052820][T12399] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.062527][T12399] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.071980][T12399] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.176698][T12440] netlink: 272 bytes leftover after parsing attributes in process `syz.3.1740'. [ 631.365749][T12461] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1744'. [ 631.486621][T12465] loop3: detected capacity change from 0 to 1024 [ 631.503901][T12465] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 631.539862][T12465] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 631.595332][ T27] kauditd_printk_skb: 50 callbacks suppressed [ 631.595348][ T27] audit: type=1800 audit(1757789691.994:762): pid=12465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1746" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 631.895549][T12472] loop2: detected capacity change from 0 to 1024 [ 631.897378][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 631.962730][T12472] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 632.038248][T12477] netlink: 'syz.1.1751': attribute type 1 has an invalid length. [ 632.052930][T12477] netlink: 'syz.1.1751': attribute type 4 has an invalid length. [ 632.060933][T12477] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1751'. [ 632.072067][T12477] netlink: 'syz.1.1751': attribute type 1 has an invalid length. [ 632.085715][T12477] netlink: 'syz.1.1751': attribute type 4 has an invalid length. [ 632.093664][T12477] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1751'. [ 632.481144][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 632.740793][T12494] loop3: detected capacity change from 0 to 1024 [ 632.763385][T12494] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 632.775384][T12496] loop0: detected capacity change from 0 to 1024 [ 632.784602][T12496] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 632.811834][T12494] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 632.832764][T12496] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 632.841469][T12496] EXT4-fs (loop0): orphan cleanup on readonly fs [ 632.860242][T12496] EXT4-fs error (device loop0): ext4_free_blocks:6676: comm syz.0.1759: Freeing blocks not in datazone - block = 0, count = 4096 [ 632.885935][ T27] audit: type=1800 audit(1757789693.284:763): pid=12494 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1758" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 632.916963][T12496] EXT4-fs (loop0): 1 orphan inode deleted [ 632.924142][T12496] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 633.034142][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 633.075581][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 633.341843][T12503] syz.0.1760[12503] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 633.342012][T12503] syz.0.1760[12503] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 633.641604][T12511] loop3: detected capacity change from 0 to 1024 [ 633.749987][T12511] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 633.827357][T12519] loop1: detected capacity change from 0 to 1024 [ 633.835553][T12519] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 633.915085][T12519] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 633.970973][ T27] audit: type=1800 audit(1757789694.374:764): pid=12519 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1769" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 634.131352][T12529] 9pnet_fd: Insufficient options for proto=fd [ 634.209802][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 634.232065][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 634.371408][T12535] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1777'. [ 634.488007][T12535] 8021q: adding VLAN 0 to HW filter on device bond1 [ 634.531966][T12538] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1777'. [ 635.724421][T12538] bond1 (unregistering): Released all slaves [ 635.738914][T12555] loop1: detected capacity change from 0 to 1024 [ 635.792450][T12557] loop3: detected capacity change from 0 to 1024 [ 635.798692][T12555] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 635.842674][T12557] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 635.875789][ T27] audit: type=1800 audit(1757789696.274:765): pid=12555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1783" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 635.913356][T12563] 9pnet_fd: Insufficient options for proto=fd [ 635.945517][T12557] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 635.962067][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 635.981672][ T27] audit: type=1800 audit(1757789696.384:766): pid=12557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1784" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 636.034679][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 636.412192][T12580] loop1: detected capacity change from 0 to 1024 [ 636.467593][T12580] Quota error (device loop1): do_check_range: Getting block 64 out of range 1-5 [ 636.498643][T12580] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 636.499481][T12585] loop3: detected capacity change from 0 to 1024 [ 636.516660][T12580] EXT4-fs error (device loop1): ext4_acquire_dquot:6940: comm syz.1.1793: Failed to acquire dquot type 0 [ 636.532728][T12580] EXT4-fs error (device loop1): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 636.558630][T12580] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #13: comm syz.1.1793: corrupted inode contents [ 636.574526][T12580] EXT4-fs error (device loop1): ext4_dirty_inode:6106: inode #13: comm syz.1.1793: mark_inode_dirty error [ 636.579243][T12585] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 636.602965][T12580] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #13: comm syz.1.1793: corrupted inode contents [ 636.608881][ T27] audit: type=1800 audit(1757789697.004:767): pid=12585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1795" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 636.655761][T12580] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #13: comm syz.1.1793: mark_inode_dirty error [ 636.674101][T12580] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #13: comm syz.1.1793: corrupted inode contents [ 636.697228][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 636.701408][T12580] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 636.715289][T12580] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #13: comm syz.1.1793: corrupted inode contents [ 636.729211][T12580] EXT4-fs error (device loop1): ext4_truncate:4288: inode #13: comm syz.1.1793: mark_inode_dirty error [ 636.755228][T12580] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 636.778125][T12580] EXT4-fs (loop1): 1 truncate cleaned up [ 636.785254][T12580] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 636.859581][T12591] loop3: detected capacity change from 0 to 1024 [ 636.876251][T12591] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 636.900603][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 636.950266][T12591] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 637.018400][ T27] audit: type=1800 audit(1757789697.424:768): pid=12591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1797" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 637.118050][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 637.178097][T12605] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1803'. [ 637.260569][T12607] loop0: detected capacity change from 0 to 1024 [ 637.314848][T12607] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 637.353939][ T27] audit: type=1800 audit(1757789697.754:769): pid=12607 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1805" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 637.422607][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 637.668479][T12626] loop0: detected capacity change from 0 to 1024 [ 637.687370][T12626] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 637.738532][T12626] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 637.772300][T12630] loop3: detected capacity change from 0 to 512 [ 637.792173][ T27] audit: type=1800 audit(1757789698.194:770): pid=12626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1812" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 637.848647][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 637.850667][ T27] audit: type=1326 audit(1757789698.254:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12617 comm="syz.1.1808" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x0 [ 637.866206][T12630] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 637.921359][ T27] audit: type=1804 audit(1757789698.324:772): pid=12630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="+}[@" name="/newroot/449/file2/bus" dev="loop3" ino=18 res=1 errno=0 [ 637.985316][T12634] 9pnet_fd: Insufficient options for proto=fd [ 638.123856][T12637] loop0: detected capacity change from 0 to 1024 [ 638.132657][T12637] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 638.145380][T12637] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 638.154424][T12637] EXT4-fs (loop0): orphan cleanup on readonly fs [ 638.161601][T12637] EXT4-fs error (device loop0): ext4_free_blocks:6676: comm syz.0.1815: Freeing blocks not in datazone - block = 0, count = 4096 [ 638.176963][T12637] EXT4-fs (loop0): 1 orphan inode deleted [ 638.184392][T12637] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 638.235264][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 638.298431][T12640] binfmt_misc: register: failed to install interpreter file ./file2 [ 638.515083][T12644] loop0: detected capacity change from 0 to 1024 [ 638.533750][T12644] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 638.574749][ T27] audit: type=1800 audit(1757789698.974:773): pid=12644 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1818" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 638.667482][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 638.720206][ T27] audit: type=1326 audit(1757789699.124:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12651 comm="syz.1.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 638.747758][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 638.785952][ T27] audit: type=1326 audit(1757789699.124:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12651 comm="syz.1.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 638.876094][ T27] audit: type=1326 audit(1757789699.144:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12651 comm="syz.1.1820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fa88c58eba9 code=0x7ffc0000 [ 639.092817][T12668] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1829'. [ 639.266507][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1830'. [ 639.322357][T12676] loop3: detected capacity change from 0 to 1024 [ 639.416190][T12682] hub 9-0:1.0: USB hub found [ 639.439841][T12682] hub 9-0:1.0: 1 port detected [ 639.490851][T12684] netlink: 'syz.2.1834': attribute type 4 has an invalid length. [ 639.755329][T12688] atomic_op ffff88807cf28998 conn xmit_atomic 0000000000000000 [ 639.768723][T12690] loop3: detected capacity change from 0 to 128 [ 639.831499][T12690] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 639.858040][T12690] FAT-fs (loop3): Filesystem has been set read-only [ 639.879331][T12690] syz.3.1837: attempt to access beyond end of device [ 639.879331][T12690] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 639.941153][T12692] 9pnet_fd: Insufficient options for proto=fd [ 639.958935][T12694] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1839'. [ 640.320513][T12704] loop2: detected capacity change from 0 to 1024 [ 640.336653][T12704] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 640.354935][T12704] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 640.363580][T12704] EXT4-fs (loop2): orphan cleanup on readonly fs [ 640.376431][T12704] EXT4-fs error (device loop2): ext4_free_blocks:6676: comm syz.2.1843: Freeing blocks not in datazone - block = 0, count = 4096 [ 640.396843][T12704] EXT4-fs (loop2): 1 orphan inode deleted [ 640.512831][T12711] loop1: detected capacity change from 0 to 512 [ 640.572629][T12711] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 640.620816][T12711] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #16: comm syz.1.1844: invalid indirect mapped block 4294967295 (level 0) [ 640.650504][T12711] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #16: comm syz.1.1844: invalid indirect mapped block 4294967295 (level 1) [ 640.678038][T12711] EXT4-fs (loop1): 1 orphan inode deleted [ 640.695177][T12711] EXT4-fs (loop1): 1 truncate cleaned up [ 640.804255][T12720] loop2: detected capacity change from 0 to 1024 [ 640.832892][T12720] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 640.862447][T12722] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1849'. [ 640.950841][T12730] loop8: detected capacity change from 0 to 7 [ 640.988122][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 640.997467][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 641.054986][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 641.064444][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 641.073798][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 641.083049][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 641.099774][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 641.109019][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 641.124809][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 641.134071][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 641.142522][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 641.151751][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 641.165359][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 641.174696][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 641.182676][T12730] ldm_validate_partition_table(): Disk read failed. [ 641.195400][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 641.204667][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 641.224436][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 641.233702][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 641.257116][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 641.266457][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 641.274704][T12730] Dev loop8: unable to read RDB block 0 [ 641.289597][T12736] loop3: detected capacity change from 0 to 1024 [ 641.293463][T12730] loop8: unable to read partition table [ 641.307168][T12730] loop8: partition table beyond EOD, truncated [ 641.321489][T12730] loop_reread_partitions: partition scan of loop8 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ â·û [ 641.321489][T12730] ) failed (rc=-5) [ 641.347286][T12736] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 641.367422][T12736] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 641.394374][T12736] EXT4-fs (loop3): orphan cleanup on readonly fs [ 641.417351][T12736] EXT4-fs error (device loop3): ext4_free_blocks:6676: comm syz.3.1855: Freeing blocks not in datazone - block = 0, count = 4096 [ 641.457970][T12743] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1858'. [ 641.478760][T12736] EXT4-fs (loop3): 1 orphan inode deleted [ 641.526546][T12745] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1860'. [ 641.610036][T12747] loop0: detected capacity change from 0 to 128 [ 641.753823][T12747] syz.0.1859: attempt to access beyond end of device [ 641.753823][T12747] loop0: rw=2049, sector=138, nr_sectors = 14 limit=128 [ 641.768991][T12754] loop3: detected capacity change from 0 to 512 [ 641.801680][T12756] random: crng reseeded on system resumption [ 641.812217][T12754] EXT4-fs (loop3): too many log groups per flexible block group [ 641.836146][T12754] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 641.845279][T12754] EXT4-fs (loop3): mount failed [ 641.888175][T12760] loop2: detected capacity change from 0 to 128 [ 642.009787][T12762] syz.2.1864: attempt to access beyond end of device [ 642.009787][T12762] loop2: rw=2049, sector=145, nr_sectors = 344 limit=128 [ 642.368345][ T27] kauditd_printk_skb: 18 callbacks suppressed [ 642.368359][ T27] audit: type=1326 audit(1757789702.774:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12772 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 642.423591][ T27] audit: type=1326 audit(1757789702.814:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12772 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 642.431610][T12776] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1869'. [ 642.518092][ T27] audit: type=1326 audit(1757789702.814:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12772 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 642.577769][ T27] audit: type=1326 audit(1757789702.814:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12772 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 642.603334][ T27] audit: type=1326 audit(1757789702.814:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12772 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 642.604825][ T59] kworker/u4:4: attempt to access beyond end of device [ 642.604825][ T59] loop2: rw=1, sector=489, nr_sectors = 552 limit=128 [ 642.635961][ T27] audit: type=1326 audit(1757789702.814:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12772 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 642.730853][ T27] audit: type=1326 audit(1757789702.914:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12772 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 642.765219][T12781] loop1: detected capacity change from 0 to 1024 [ 642.784503][ T27] audit: type=1326 audit(1757789702.914:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12772 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 642.807229][T12781] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 642.818453][ T27] audit: type=1326 audit(1757789702.914:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12777 comm="syz.0.1868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f59717c1465 code=0x7ffc0000 [ 642.866079][T12781] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 642.874494][T12781] EXT4-fs (loop1): orphan cleanup on readonly fs [ 642.882191][T12781] EXT4-fs error (device loop1): ext4_free_blocks:6676: comm syz.1.1872: Freeing blocks not in datazone - block = 0, count = 4096 [ 642.903100][T12781] EXT4-fs (loop1): 1 orphan inode deleted [ 643.021216][ T27] audit: type=1326 audit(1757789703.424:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12789 comm="syz.0.1875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f597178eba9 code=0x7ffc0000 [ 643.083196][T12793] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1878'. [ 643.289504][T12804] loop1: detected capacity change from 0 to 128 [ 643.354649][T12807] random: crng reseeded on system resumption [ 643.366576][T12809] syz.1.1881: attempt to access beyond end of device [ 643.366576][T12809] loop1: rw=2049, sector=145, nr_sectors = 696 limit=128 [ 643.608220][ T41] kworker/u4:2: attempt to access beyond end of device [ 643.608220][ T41] loop1: rw=1, sector=841, nr_sectors = 200 limit=128 [ 643.952178][T12823] loop0: detected capacity change from 0 to 1024 [ 643.961578][T12823] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 643.980690][T12823] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 643.993416][T12823] EXT4-fs (loop0): orphan cleanup on readonly fs [ 644.004145][T12823] EXT4-fs error (device loop0): ext4_free_blocks:6676: comm syz.0.1885: Freeing blocks not in datazone - block = 0, count = 4096 [ 644.025332][T12823] EXT4-fs (loop0): 1 orphan inode deleted [ 644.201049][T12831] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1887'. [ 644.640895][T12850] loop2: detected capacity change from 0 to 1024 [ 644.659237][T12850] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 644.688056][T12850] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 644.712139][T12850] EXT4-fs (loop2): orphan cleanup on readonly fs [ 644.732331][T12850] EXT4-fs error (device loop2): ext4_free_blocks:6676: comm syz.2.1895: Freeing blocks not in datazone - block = 0, count = 4096 [ 644.772040][T12850] EXT4-fs (loop2): 1 orphan inode deleted [ 644.887572][T12858] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1898'. [ 644.912611][T12859] random: crng reseeded on system resumption [ 645.196576][T12870] loop2: detected capacity change from 0 to 512 [ 645.207016][T12870] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 645.250362][T12870] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 645.277727][T12870] EXT4-fs (loop2): 1 truncate cleaned up [ 647.043012][T12894] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1909'. [ 647.608985][T12907] random: crng reseeded on system resumption [ 647.725117][T12906] loop1: detected capacity change from 0 to 512 [ 647.771148][T12906] EXT4-fs warning (device loop1): ext4_xattr_inode_get:545: inode #11: comm syz.1.1915: ea_inode file size=0 entry size=6 [ 647.788782][T12906] ------------[ cut here ]------------ [ 647.794727][T12906] EA inode 11 i_nlink=2 [ 647.795024][T12906] WARNING: CPU: 1 PID: 12906 at fs/ext4/xattr.c:1070 ext4_xattr_inode_update_ref+0x521/0x580 [ 647.809815][T12906] Modules linked in: [ 647.813753][T12906] CPU: 1 PID: 12906 Comm: syz.1.1915 Not tainted syzkaller #0 [ 647.821334][T12906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 647.831544][T12906] RIP: 0010:ext4_xattr_inode_update_ref+0x521/0x580 [ 647.838498][T12906] Code: 24 50 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 31 43 9a ff 49 8b 37 48 c7 c7 00 d1 be 8a 44 89 f2 e8 cf 73 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 1f fe ff ff [ 647.858328][T12906] RSP: 0018:ffffc90005257340 EFLAGS: 00010246 [ 647.864447][T12906] RAX: 2e7623043e4be500 RBX: 0000000000000001 RCX: 0000000000080000 [ 647.872553][T12906] RDX: ffffc9000cf0a000 RSI: 00000000000241bb RDI: 00000000000241bc [ 647.880920][T12906] RBP: ffffc90005257430 R08: ffffc90005256f47 R09: 1ffff92000a4ade8 [ 647.889328][T12906] R10: dffffc0000000000 R11: fffff52000a4ade9 R12: ffff88805df348b0 [ 647.897483][T12906] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff88805df34900 [ 647.905513][T12906] FS: 00007fa88d35a6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 647.914562][T12906] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 647.921360][T12906] CR2: 00007fa88c571fe0 CR3: 000000002496b000 CR4: 00000000003506e0 [ 647.929482][T12906] DR0: 0000000000000000 DR1: 0000000000000b5f DR2: 0000000000003706 [ 647.937659][T12906] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 647.945695][T12906] Call Trace: [ 647.949116][T12906] [ 647.952131][T12906] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 647.957893][T12906] ? __ext4_journal_ensure_credits+0x30/0x450 [ 647.964045][T12906] ext4_xattr_inode_dec_ref_all+0xa2b/0xf90 [ 647.970095][T12906] ? ext4_xattr_delete_inode+0xc00/0xc00 [ 647.975794][T12906] ? __ext4_journal_ensure_credits+0x450/0x450 [ 647.982373][T12906] ext4_xattr_delete_inode+0xa45/0xc00 [ 647.988032][T12906] ? ext4_truncate+0xc12/0x1060 [ 647.992995][T12906] ? ext4_expand_extra_isize_ea+0x19e0/0x19e0 [ 647.999212][T12906] ext4_evict_inode+0xaa3/0xea0 [ 648.004126][T12906] ? _raw_spin_unlock+0x28/0x40 [ 648.009121][T12906] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 648.015076][T12906] ? do_raw_spin_unlock+0x121/0x230 [ 648.020380][T12906] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 648.026403][T12906] evict+0x486/0x870 [ 648.030359][T12906] ? __lock_acquire+0x7c80/0x7c80 [ 648.035451][T12906] ? proc_nr_inodes+0x230/0x230 [ 648.040392][T12906] ? do_raw_spin_unlock+0x121/0x230 [ 648.045653][T12906] ? _raw_spin_unlock+0x28/0x40 [ 648.050705][T12906] ? iput+0x70a/0x920 [ 648.054766][T12906] ext4_orphan_cleanup+0xbd4/0x1400 [ 648.060133][T12906] ? ext4_orphan_del+0xba0/0xba0 [ 648.065605][T12906] ? ext4_register_li_request+0x183/0x940 [ 648.071512][T12906] ? errseq_check_and_advance+0x66/0x120 [ 648.077266][T12906] ext4_fill_super+0x5de7/0x66c0 [ 648.082293][T12906] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 648.088924][T12906] ? vscnprintf+0x80/0x80 [ 648.093322][T12906] ? down_read_killable+0x340/0x340 [ 648.098682][T12906] ? setup_bdev_super+0x56b/0x660 [ 648.103769][T12906] get_tree_bdev+0x3e4/0x510 [ 648.108495][T12906] ? vfs_parse_fs_string+0x160/0x160 [ 648.113833][T12906] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 648.120190][T12906] ? setup_bdev_super+0x660/0x660 [ 648.125268][T12906] ? apparmor_capable+0x137/0x1a0 [ 648.130442][T12906] ? bpf_lsm_capable+0x9/0x10 [ 648.135186][T12906] ? security_capable+0x89/0xb0 [ 648.140242][T12906] vfs_get_tree+0x8c/0x280 [ 648.144719][T12906] do_new_mount+0x24b/0xa40 [ 648.149370][T12906] __se_sys_mount+0x2da/0x3c0 [ 648.154121][T12906] ? __x64_sys_mount+0xc0/0xc0 [ 648.159032][T12906] ? lockdep_hardirqs_on+0x98/0x150 [ 648.164291][T12906] ? __x64_sys_mount+0x20/0xc0 [ 648.169179][T12906] do_syscall_64+0x55/0xb0 [ 648.173653][T12906] ? clear_bhb_loop+0x40/0x90 [ 648.178418][T12906] ? clear_bhb_loop+0x40/0x90 [ 648.183153][T12906] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 648.189388][T12906] RIP: 0033:0x7fa88c59034a [ 648.193859][T12906] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 648.213654][T12906] RSP: 002b:00007fa88d359e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 648.222261][T12906] RAX: ffffffffffffffda RBX: 00007fa88d359ef0 RCX: 00007fa88c59034a [ 648.230351][T12906] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fa88d359eb0 [ 648.238430][T12906] RBP: 0000200000000180 R08: 00007fa88d359ef0 R09: 0000000000800700 [ 648.246528][T12906] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 648.254554][T12906] R13: 00007fa88d359eb0 R14: 0000000000000473 R15: 0000200000000680 [ 648.262671][T12906] [ 648.265740][T12906] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 648.273054][T12906] CPU: 1 PID: 12906 Comm: syz.1.1915 Not tainted syzkaller #0 [ 648.280549][T12906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 648.290661][T12906] Call Trace: [ 648.293975][T12906] [ 648.296938][T12906] dump_stack_lvl+0x16c/0x230 [ 648.301736][T12906] ? show_regs_print_info+0x20/0x20 [ 648.306975][T12906] ? load_image+0x3b0/0x3b0 [ 648.311510][T12906] panic+0x2c0/0x710 [ 648.315440][T12906] ? bpf_jit_dump+0xd0/0xd0 [ 648.319985][T12906] __warn+0x2e0/0x470 [ 648.323988][T12906] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 648.329994][T12906] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 648.336085][T12906] report_bug+0x2be/0x4f0 [ 648.340624][T12906] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 648.346718][T12906] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 648.352721][T12906] ? ext4_xattr_inode_update_ref+0x523/0x580 [ 648.358725][T12906] handle_bug+0xcf/0x120 [ 648.362987][T12906] exc_invalid_op+0x1a/0x50 [ 648.367508][T12906] asm_exc_invalid_op+0x1a/0x20 [ 648.372369][T12906] RIP: 0010:ext4_xattr_inode_update_ref+0x521/0x580 [ 648.378981][T12906] Code: 24 50 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 31 43 9a ff 49 8b 37 48 c7 c7 00 d1 be 8a 44 89 f2 e8 cf 73 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 1f fe ff ff [ 648.398621][T12906] RSP: 0018:ffffc90005257340 EFLAGS: 00010246 [ 648.404715][T12906] RAX: 2e7623043e4be500 RBX: 0000000000000001 RCX: 0000000000080000 [ 648.412716][T12906] RDX: ffffc9000cf0a000 RSI: 00000000000241bb RDI: 00000000000241bc [ 648.420791][T12906] RBP: ffffc90005257430 R08: ffffc90005256f47 R09: 1ffff92000a4ade8 [ 648.428778][T12906] R10: dffffc0000000000 R11: fffff52000a4ade9 R12: ffff88805df348b0 [ 648.436766][T12906] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff88805df34900 [ 648.444815][T12906] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 648.450484][T12906] ? __ext4_journal_ensure_credits+0x30/0x450 [ 648.456578][T12906] ext4_xattr_inode_dec_ref_all+0xa2b/0xf90 [ 648.462503][T12906] ? ext4_xattr_delete_inode+0xc00/0xc00 [ 648.468162][T12906] ? __ext4_journal_ensure_credits+0x450/0x450 [ 648.474347][T12906] ext4_xattr_delete_inode+0xa45/0xc00 [ 648.479832][T12906] ? ext4_truncate+0xc12/0x1060 [ 648.484705][T12906] ? ext4_expand_extra_isize_ea+0x19e0/0x19e0 [ 648.490817][T12906] ext4_evict_inode+0xaa3/0xea0 [ 648.495683][T12906] ? _raw_spin_unlock+0x28/0x40 [ 648.500561][T12906] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 648.506513][T12906] ? do_raw_spin_unlock+0x121/0x230 [ 648.511730][T12906] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 648.517640][T12906] evict+0x486/0x870 [ 648.521559][T12906] ? __lock_acquire+0x7c80/0x7c80 [ 648.526605][T12906] ? proc_nr_inodes+0x230/0x230 [ 648.531471][T12906] ? do_raw_spin_unlock+0x121/0x230 [ 648.536691][T12906] ? _raw_spin_unlock+0x28/0x40 [ 648.541552][T12906] ? iput+0x70a/0x920 [ 648.545552][T12906] ext4_orphan_cleanup+0xbd4/0x1400 [ 648.550794][T12906] ? ext4_orphan_del+0xba0/0xba0 [ 648.555756][T12906] ? ext4_register_li_request+0x183/0x940 [ 648.561509][T12906] ? errseq_check_and_advance+0x66/0x120 [ 648.567212][T12906] ext4_fill_super+0x5de7/0x66c0 [ 648.572199][T12906] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 648.578466][T12906] ? vscnprintf+0x80/0x80 [ 648.582819][T12906] ? down_read_killable+0x340/0x340 [ 648.588057][T12906] ? setup_bdev_super+0x56b/0x660 [ 648.593097][T12906] get_tree_bdev+0x3e4/0x510 [ 648.597702][T12906] ? vfs_parse_fs_string+0x160/0x160 [ 648.603006][T12906] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 648.609262][T12906] ? setup_bdev_super+0x660/0x660 [ 648.614320][T12906] ? apparmor_capable+0x137/0x1a0 [ 648.619358][T12906] ? bpf_lsm_capable+0x9/0x10 [ 648.624051][T12906] ? security_capable+0x89/0xb0 [ 648.628933][T12906] vfs_get_tree+0x8c/0x280 [ 648.633406][T12906] do_new_mount+0x24b/0xa40 [ 648.637935][T12906] __se_sys_mount+0x2da/0x3c0 [ 648.642634][T12906] ? __x64_sys_mount+0xc0/0xc0 [ 648.647411][T12906] ? lockdep_hardirqs_on+0x98/0x150 [ 648.652634][T12906] ? __x64_sys_mount+0x20/0xc0 [ 648.657411][T12906] do_syscall_64+0x55/0xb0 [ 648.661855][T12906] ? clear_bhb_loop+0x40/0x90 [ 648.666631][T12906] ? clear_bhb_loop+0x40/0x90 [ 648.671320][T12906] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 648.677233][T12906] RIP: 0033:0x7fa88c59034a [ 648.681688][T12906] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 648.701324][T12906] RSP: 002b:00007fa88d359e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 648.709774][T12906] RAX: ffffffffffffffda RBX: 00007fa88d359ef0 RCX: 00007fa88c59034a [ 648.717771][T12906] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fa88d359eb0 [ 648.725778][T12906] RBP: 0000200000000180 R08: 00007fa88d359ef0 R09: 0000000000800700 [ 648.733762][T12906] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 648.741773][T12906] R13: 00007fa88d359eb0 R14: 0000000000000473 R15: 0000200000000680 [ 648.749775][T12906] [ 648.753150][T12906] Kernel Offset: disabled [ 648.757597][T12906] Rebooting in 86400 seconds..