last executing test programs: 3.546206547s ago: executing program 1 (id=2859): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r4}, &(0x7f0000000540), &(0x7f0000000580)=r5}, 0x20) 2.559104352s ago: executing program 1 (id=2866): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_NAME(0xf, &(0x7f00000001c0)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xd6\xd1\x98<\xc8\x18E/\x8c\x1a\xe3\xbd') r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4c1, &(0x7f0000000b80)="$eJzs3d9rW9cdAPDvle3ESZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX9AofQX7VOf+lLocymU/AmlEGjfSyktoU3Shz60VZF81SSubMvEshLr84Hje8+9V/5+j4SOdO656AbQsU5FxFhEdEXE2YjoT7dn0hJr66V63IP7tyarJYlK5dqXSSTptvr/StLlkfRhvRHxr39E/Df5adzSyurcRKGQX0rrufL8Yq60snpudn5iJj+TXxgbGb44emn0wujQrrX18t8+e+WFt/5++f0/3vhk/Isz/6um1Zfue7wdzVhr8rj1pvfUnou67ohY2kmwZ1hX2p6edicCAEBTqt/xfx4Rv42Ih6+3OxsAAACgFSp/6Ytvk4gKAAAAsG9latfAJplsei1AX2Qy2ez6Nby/jMOZQrFU/sN0cXlhav1a2YHoyUzPFvJD6bXCA9GTVOvDtfVH9fMb6iMRcSwiXuo/VKtnJ4uFqXaf/AAAAIAOcWTD+P/r/vXxPwAAALDPDLQ7AQAAAKDljP8BAABg/9t0/J90720iAAAAQCv888qVaqnU7389dX1lea54/dxUvjSXnV+ezE4WlxazM8XiTO03++a3+3+FYnHxT7GwfDNXzpfKudLK6vh8cXmhPF67r/d43n2iAQAAYO8d+82dj5OIWPvzoVqpOpDua2KsPtba7IBWyuzs8KRVeQB7r6vdCQBt4wJf6Fzm44FtBvYvb6jv8LQBAADwLBj81VPN/5sPhOeYgTx0LvP/0LnM/0PnMv8PHe7g9of0brbjg13OBQAAaJm+Wkky2XQusC8ymWw24mjttgA9yfRsIT8UET+LiI/6ew5W68PtThoAAAAAAAAAAAAAAAAAAAAAAAAAnjOVShIVAAAAYF+LyHyepDfyH+w/3bfx/MCB5Jv+2jIibrxx7dWbE+Xy0nB1+1c/bi+/lm4/344zGAAAAMBG9XF6fRwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALvpwf1bk/Wyl3Hv/TUiBhrF747e2rL33f6IOPwwie7HHpdERNcuxF+7HRHHG8VPqmnFQJrFxviZiDjU5vhHdiE+dLI71f5nrNH7LxOnasvG77/utDyte6c26/8y9f6v1s816v+ONhnjxN13cpvGvx1xortx/1OPnzxl//uff6+ubrav8mbEYMPPn+SJWLny/GKutLJ6bnZ+YiY/k18YGRm+OHpp9MLoUG56tpBP/zaM8eKv3/t+q/Yf3iT+wDbtP91k+7+7e/P+L7aIf+Z3jV//41vErz73v08/B6r7B+vra+vrjzv59ocnt2r/1Cbt3+71P9Nk+89e/f+nTR4KAOyB0srq3EShkF+yYsXK/lu5mr7Rd/zwNndMAADArnv0pb/dmQAAAAAAAAAAAAAAAAAAAEDnavmPkB188pcFetvXVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALf0QAAD//9sy0wA=") write$P9_RUNLINKAT(0xffffffffffffffff, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) socket$inet6_tcp(0xa, 0x1, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="2e9b5b0007e03dd65193dfb6c575963f86dd606712e9001c0400000000000000eaebfd26d4eef2", 0x27}, {&(0x7f0000000100)="054d5e46cc4dabb4e7dab16c", 0xc}, {&(0x7f0000000600)="377eba2a0a29d4f8fc000000972bef63842ee3b291da39d1977010", 0x2c}], 0x3) 2.498169193s ago: executing program 2 (id=2868): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 2.497775443s ago: executing program 3 (id=2869): socket$inet6(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) socket$inet(0x2, 0x2, 0x1) sendmsg$key(0xffffffffffffffff, 0x0, 0x40) dup(0xffffffffffffffff) mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000380)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000040), 0x12) 2.417951474s ago: executing program 2 (id=2870): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) llistxattr(0x0, 0x0, 0x0) 2.356091645s ago: executing program 3 (id=2871): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000300)=""/180}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) rt_sigsuspend(0x0, 0x0) 2.302025216s ago: executing program 2 (id=2873): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000001280)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=") bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) truncate(&(0x7f0000000040)='./file2\x00', 0x8000c00) 2.192861308s ago: executing program 3 (id=2874): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r2}, &(0x7f0000000540), &(0x7f0000000580)=r3}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r2, 0x0}, 0x20) 2.164009418s ago: executing program 1 (id=2876): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70500000800000085"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r3 = dup(r2) write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94) write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) r4 = creat(&(0x7f00000003c0)='./file0\x00', 0x36) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000700)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x1900) 1.511014127s ago: executing program 3 (id=2877): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) setitimer(0x2, 0x0, 0x0) 1.070774384s ago: executing program 2 (id=2879): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e60435e6d62b9d270433b220ed9ff1ff042b8d3d8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000200)="d8000000210081044e81f782db44b9040200000000806c01000015000a001800feffffff09000d2000000401a80018000a000e4006000000036010fab94dcf5c0468c1d67f6f94007134cf6ee062e1c547cbc7225e6756cfb39b0590b4800089e408e8d8ef52b49816277cf4090000001fb791643a5ee4ce1b14d6d930dfe1d9db22fe7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db701000000eafad95667e006dcdf969b3ef35ce3bb9ad809d561cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d939acd92637429397f632838", 0xd8}], 0x1}, 0x0) 1.070274334s ago: executing program 3 (id=2880): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) unshare(0x6a040000) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82) syz_open_dev$sg(&(0x7f0000000280), 0x80000000002, 0x1) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) modify_ldt$read(0x0, 0x0, 0x0) modify_ldt$read(0x0, &(0x7f0000000080)=""/213, 0xd5) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000000), &(0x7f0000000040)=0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r5}, 0x10) socket$kcm(0x29, 0x4, 0x0) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x14}, 0x1c) connect$pppl2tp(r3, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) r6 = accept$inet(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)=0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000000300)=[@in6={0xa, 0x4e20, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xf1}, @in6={0xa, 0x4e23, 0x4000000, @local}, @in6={0xa, 0x4e20, 0x8, @local, 0x7}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e23, @multicast2}, @in6={0xa, 0x4e23, 0x6, @mcast1, 0x5}, @in6={0xa, 0x4e24, 0x401, @private2, 0x3}, @in6={0xa, 0x4e23, 0x1, @mcast2, 0x7}], 0xc8) modify_ldt$read(0x0, &(0x7f0000000200)=""/61, 0x3d) 1.027709595s ago: executing program 1 (id=2881): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000004c0)='kmem_cache_free\x00', r0}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) 957.154606ms ago: executing program 0 (id=2882): r0 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x18, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0xfc00) 842.766247ms ago: executing program 0 (id=2883): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) time(0x0) 842.515778ms ago: executing program 1 (id=2884): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000800), 0x8000, 0x0) r1 = dup(r0) ioctl$GIO_UNISCRNMAP(r1, 0x43403d0e, 0x0) 766.761498ms ago: executing program 2 (id=2885): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r2}, &(0x7f0000000540), &(0x7f0000000580)=r3}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r2, 0x0}, 0x20) 702.499129ms ago: executing program 1 (id=2886): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x4, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x11, 0x60}, [@exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = dup(0xffffffffffffffff) r2 = syz_io_uring_setup(0x3e, &(0x7f0000000640)={0x0, 0xaddc, 0x10100, 0x1, 0x203, 0x0, r1}, &(0x7f0000000380)=0x0, &(0x7f00000003c0)=0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r5, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x80002101}) io_uring_enter(r2, 0xd81, 0x0, 0x0, 0x0, 0x0) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x400e, &(0x7f0000000300)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@sysvgroups}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f0000001f00)=ANY=[], 0xe00f, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x242, 0x0) ioctl$TIOCMIWAIT(r7, 0x545c, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r6) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="b80000002800010004000000f8dbdf2507"], 0xb8}], 0x1, 0x0, 0x0, 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) semtimedop(0x0, 0x0, 0x0, 0x0) unshare(0x2c040000) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040800}, 0x0) getegid() 614.643371ms ago: executing program 0 (id=2887): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x1170, 0x1170, 0x1398, 0x0, 0x1170, 0x1398, 0x1398, 0x1398, 0x1398, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast2, 'netpci0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)) ptrace$getregset(0x4205, r0, 0x1, &(0x7f0000000080)={&(0x7f00000000c0)=""/120, 0x78}) 452.702463ms ago: executing program 3 (id=2888): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB='\v\x00\x00\x00\b\x00\x00\x00\f\x00'], 0x48) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18) r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) capset(0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) pread64(r3, 0x0, 0x0, 0x1000000000) ftruncate(r2, 0x2007ffc) sendfile(r2, r2, 0x0, 0x800000009) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, 0x0, 0x400c000) 237.470137ms ago: executing program 2 (id=2889): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000001140)={[{@errors_continue}, {@data_err_abort}, {@init_itable}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b0}}, {@noblock_validity}, {@grpquota}, {@nobh}, {@user_xattr}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4}}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f00000004c0)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000000)='ext4_da_write_pages_extent\x00', r0, 0x0, 0xd6c}, 0x18) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x400ec) 182.809527ms ago: executing program 0 (id=2890): creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000003c0)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18) truncate(&(0x7f0000000040)='./file0\x00', 0x0) 54.737129ms ago: executing program 0 (id=2891): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000480)={0x28, 0x0, 0x1ffffcb66, @local}, 0x10) 0s ago: executing program 0 (id=2892): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, 0x0, 0x0) clock_gettime(0x7, 0x0) syz_clone3(0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x4) clock_settime(0x0, &(0x7f0000009ac0)) inotify_init() openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d2140000000000000000001400"], 0x68}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f28000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[], 0xe8}}, 0x0) kernel console output (not intermixed with test programs): sbfs: interface 0 claimed by hub while 'syz.2.1901' sets config #0 [ 277.731634][T11203] loop1: detected capacity change from 0 to 512 [ 277.765927][T11203] EXT4-fs: user quota file already specified [ 277.813309][T11210] loop3: detected capacity change from 0 to 512 [ 277.908527][T11210] ext4 filesystem being mounted at /498/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 277.951469][T11214] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1906'. [ 278.488830][T11233] loop2: detected capacity change from 0 to 1024 [ 278.501343][ T28] audit: type=1326 audit(1751982621.270:2734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11232 comm="syz.1.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 278.536280][T11233] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 278.563968][ T28] audit: type=1326 audit(1751982621.270:2735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11232 comm="syz.1.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 278.646027][T11233] EXT4-fs error (device loop2): ext4_xattr_inode_iget:440: comm syz.2.1912: inode #1600285996: comm syz.2.1912: iget: illegal inode # [ 278.664755][ T28] audit: type=1326 audit(1751982621.270:2736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11232 comm="syz.1.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 278.688400][ T28] audit: type=1326 audit(1751982621.270:2737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11232 comm="syz.1.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 278.695272][T11233] EXT4-fs error (device loop2): ext4_xattr_inode_iget:445: comm syz.2.1912: error while reading EA inode 1600285996 err=-117 [ 278.711250][ T28] audit: type=1326 audit(1751982621.270:2738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11232 comm="syz.1.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 278.747209][ T28] audit: type=1326 audit(1751982621.300:2739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11232 comm="syz.1.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 279.012296][T11247] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1919'. [ 279.177735][T11251] loop3: detected capacity change from 0 to 512 [ 279.204489][T11251] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 279.238803][T11251] EXT4-fs (loop3): 1 truncate cleaned up [ 279.651311][T11263] loop2: detected capacity change from 0 to 1024 [ 279.672882][T11263] EXT4-fs: Ignoring removed orlov option [ 279.685634][T11263] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 279.694606][T11263] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 279.711877][T11263] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e800e01c, mo2=0000] [ 279.723455][T11263] System zones: 0-1, 3-12 [ 279.760737][T11263] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #3: block 1: comm syz.2.1924: lblock 1 mapped to illegal pblock 1 (length 1) [ 279.793267][T11263] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.1924: Failed to acquire dquot type 0 [ 279.806609][T11269] loop1: detected capacity change from 0 to 1024 [ 279.815825][T11269] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 279.833752][T11263] EXT4-fs error (device loop2): ext4_free_blocks:6681: comm syz.2.1924: Freeing blocks not in datazone - block = 0, count = 4096 [ 279.849400][ T28] kauditd_printk_skb: 56 callbacks suppressed [ 279.849414][ T28] audit: type=1326 audit(1751982622.600:2794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11270 comm="syz.0.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 279.894597][T11263] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.1924: Invalid inode bitmap blk 0 in block_group 0 [ 279.900496][T11269] EXT4-fs error (device loop1): ext4_xattr_inode_iget:440: comm syz.1.1927: inode #1600285996: comm syz.1.1927: iget: illegal inode # [ 279.926633][T11263] EXT4-fs error (device loop2) in ext4_free_inode:363: Corrupt filesystem [ 279.935794][ T28] audit: type=1326 audit(1751982622.650:2795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11270 comm="syz.0.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 279.976380][T11263] EXT4-fs (loop2): 1 orphan inode deleted [ 279.988473][T11269] EXT4-fs error (device loop1): ext4_xattr_inode_iget:445: comm syz.1.1927: error while reading EA inode 1600285996 err=-117 [ 280.017337][ T28] audit: type=1326 audit(1751982622.650:2796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11270 comm="syz.0.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 280.082408][T11277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1929'. [ 280.097019][ T28] audit: type=1326 audit(1751982622.650:2797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11270 comm="syz.0.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 280.097624][ T7267] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:50: lblock 1 mapped to illegal pblock 1 (length 1) [ 280.120089][ T28] audit: type=1326 audit(1751982622.650:2798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11270 comm="syz.0.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 280.157044][ T28] audit: type=1326 audit(1751982622.650:2799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11270 comm="syz.0.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 280.181147][ T28] audit: type=1326 audit(1751982622.650:2800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11270 comm="syz.0.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 280.205885][ T7267] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 280.214557][ T28] audit: type=1326 audit(1751982622.650:2801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11270 comm="syz.0.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 280.237191][ T7267] EXT4-fs error (device loop2): ext4_release_dquot:6974: comm kworker/u4:50: Failed to release dquot type 0 [ 280.251348][ T28] audit: type=1326 audit(1751982622.650:2802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11270 comm="syz.0.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 280.391271][T11263] loop2: detected capacity change from 0 to 512 [ 280.412564][T11263] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.1924: Failed to acquire dquot type 1 [ 280.416144][T11286] syz.1.1930[11286] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 280.424054][T11286] syz.1.1930[11286] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 280.438203][T11263] EXT4-fs (loop2): 1 truncate cleaned up [ 280.464356][T11263] ext4 filesystem being mounted at /491/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 280.712492][T11300] loop2: detected capacity change from 0 to 1024 [ 280.727946][T11300] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 280.780254][T11300] EXT4-fs error (device loop2): ext4_xattr_inode_iget:440: comm syz.2.1938: inode #1600285996: comm syz.2.1938: iget: illegal inode # [ 280.796940][T11300] EXT4-fs error (device loop2): ext4_xattr_inode_iget:445: comm syz.2.1938: error while reading EA inode 1600285996 err=-117 [ 280.881638][ T5779] EXT4-fs unmount: 30 callbacks suppressed [ 280.881654][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.926963][T11306] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1939'. [ 281.468295][T11329] loop1: detected capacity change from 0 to 1024 [ 281.483129][T11329] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 281.502825][T11331] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1950'. [ 281.534701][T11329] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 281.597245][T11329] EXT4-fs error (device loop1): ext4_xattr_inode_iget:440: comm syz.1.1949: inode #1600285996: comm syz.1.1949: iget: illegal inode # [ 281.632196][T11329] EXT4-fs error (device loop1): ext4_xattr_inode_iget:445: comm syz.1.1949: error while reading EA inode 1600285996 err=-117 [ 281.694540][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.164341][T11363] loop1: detected capacity change from 0 to 512 [ 283.178681][T11362] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1962'. [ 283.267162][T11363] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 283.294517][T11363] ext4 filesystem being mounted at /478/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 283.308353][T11369] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1964'. [ 283.323764][T11369] netlink: 312 bytes leftover after parsing attributes in process `syz.3.1964'. [ 283.333024][T11369] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1964'. [ 284.238092][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 284.264536][T11383] netlink: 'syz.0.1968': attribute type 4 has an invalid length. [ 284.615506][T11402] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1976'. [ 285.721486][T11416] loop3: detected capacity change from 0 to 1024 [ 285.729103][T11416] EXT4-fs: Ignoring removed orlov option [ 285.742793][T11416] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 285.751886][T11416] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 285.775176][T11416] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e800e01c, mo2=0000] [ 285.794096][T11416] System zones: 0-1, 3-12 [ 285.840774][T11416] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #3: block 1: comm syz.3.1981: lblock 1 mapped to illegal pblock 1 (length 1) [ 285.892742][T11416] __quota_error: 16 callbacks suppressed [ 285.892759][T11416] Quota error (device loop3): write_blk: dquota write failed [ 285.911767][T11424] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1984'. [ 285.931328][T11416] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 285.965115][T11416] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.1981: Failed to acquire dquot type 0 [ 285.997287][T11416] EXT4-fs error (device loop3): ext4_free_blocks:6681: comm syz.3.1981: Freeing blocks not in datazone - block = 0, count = 4096 [ 286.026098][T11416] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.1981: Invalid inode bitmap blk 0 in block_group 0 [ 286.050160][ T7272] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:55: lblock 1 mapped to illegal pblock 1 (length 1) [ 286.070418][T11416] EXT4-fs error (device loop3) in ext4_free_inode:363: Corrupt filesystem [ 286.075120][ T7272] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 286.089263][ T7272] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:55: Failed to release dquot type 0 [ 286.095561][T11416] EXT4-fs (loop3): 1 orphan inode deleted [ 286.130638][T11416] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 286.156751][T11416] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.457766][T11416] loop3: detected capacity change from 0 to 512 [ 286.480394][T11439] loop2: detected capacity change from 0 to 512 [ 286.501536][T11416] Quota error (device loop3): do_check_range: Getting block 67108867 out of range 1-5 [ 286.518246][T11416] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 286.547505][T11416] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.1981: Failed to acquire dquot type 1 [ 286.586198][T11439] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 286.593427][T11416] EXT4-fs (loop3): 1 truncate cleaned up [ 286.616495][T11416] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 286.626422][T11439] ext4 filesystem being mounted at /503/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 286.629317][T11416] ext4 filesystem being mounted at /526/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 286.661817][T11416] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.912563][T11449] loop0: detected capacity change from 0 to 1024 [ 286.973513][T11449] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 287.116824][T11449] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 287.247063][T11449] EXT4-fs error (device loop0): ext4_xattr_inode_iget:440: comm syz.0.1993: inode #1785687596: comm syz.0.1993: iget: illegal inode # [ 287.284645][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.300475][T11449] EXT4-fs error (device loop0): ext4_xattr_inode_iget:445: comm syz.0.1993: error while reading EA inode 1785687596 err=-117 [ 287.376564][T10247] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.614293][T11460] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1994'. [ 287.788013][T11469] loop3: detected capacity change from 0 to 512 [ 288.031814][T11469] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 288.055663][T11469] ext4 filesystem being mounted at /527/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 288.093346][T11477] loop2: detected capacity change from 0 to 1024 [ 288.102993][T11477] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 288.146965][T11477] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 288.204029][T11477] EXT4-fs error (device loop2): ext4_xattr_inode_iget:440: comm syz.2.2004: inode #1785687596: comm syz.2.2004: iget: illegal inode # [ 288.243312][T11477] EXT4-fs error (device loop2): ext4_xattr_inode_iget:445: comm syz.2.2004: error while reading EA inode 1785687596 err=-117 [ 288.351948][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.383130][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.196545][T11493] Illegal XDP return value 4294967274 on prog (id 907) dev N/A, expect packet loss! [ 289.254698][T11497] syz.3.2011[11497] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 289.254826][T11497] syz.3.2011[11497] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 289.294602][T11497] loop3: detected capacity change from 0 to 512 [ 289.318288][T11501] loop0: detected capacity change from 0 to 1024 [ 289.328040][T11501] EXT4-fs: Ignoring removed orlov option [ 289.335299][T11501] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 289.344753][T11501] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 289.357887][T11501] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e800e01c, mo2=0000] [ 289.367567][T11501] System zones: 0-1, 3-12 [ 289.384798][T11501] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #3: block 1: comm syz.0.2013: lblock 1 mapped to illegal pblock 1 (length 1) [ 289.404103][T11501] Quota error (device loop0): write_blk: dquota write failed [ 289.412123][T11501] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 289.422638][T11501] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.2013: Failed to acquire dquot type 0 [ 289.438517][T11501] EXT4-fs error (device loop0): ext4_free_blocks:6681: comm syz.0.2013: Freeing blocks not in datazone - block = 0, count = 4096 [ 289.461313][T11497] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 289.481443][T11501] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.2013: Invalid inode bitmap blk 0 in block_group 0 [ 289.496707][ T7267] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:50: lblock 1 mapped to illegal pblock 1 (length 1) [ 289.516508][T11501] EXT4-fs error (device loop0) in ext4_free_inode:363: Corrupt filesystem [ 289.528815][ T7267] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 289.529144][T11497] ext4 filesystem being mounted at /529/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 289.540052][T11501] EXT4-fs (loop0): 1 orphan inode deleted [ 289.554869][ T7267] EXT4-fs error (device loop0): ext4_release_dquot:6974: comm kworker/u4:50: Failed to release dquot type 0 [ 289.571612][ T28] audit: type=1800 audit(1751982632.343:2817): pid=11497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2011" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 289.598286][T11501] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 289.620217][T11501] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.694913][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.725436][T11512] loop1: detected capacity change from 0 to 512 [ 289.765591][T11501] loop0: detected capacity change from 0 to 512 [ 289.779747][T11512] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 289.787128][T11516] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2016'. [ 289.797960][T11512] ext4 filesystem being mounted at /498/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 289.809404][T11501] Quota error (device loop0): do_check_range: Getting block 67108867 out of range 1-5 [ 289.831465][T11501] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.2013: Failed to acquire dquot type 1 [ 289.846269][T11501] EXT4-fs (loop0): 1 truncate cleaned up [ 289.859118][T11501] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 289.861318][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.873003][T11501] ext4 filesystem being mounted at /101/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 289.897815][T11501] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.927513][T11520] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2018'. [ 290.107035][T11526] loop3: detected capacity change from 0 to 1024 [ 290.131160][T11526] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 290.309779][T11526] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 290.423324][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 290.712771][T11539] lo speed is unknown, defaulting to 1000 [ 290.718657][T11542] loop2: detected capacity change from 0 to 512 [ 290.743967][T11542] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 290.768415][T11542] ext4 filesystem being mounted at /512/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 290.791115][T11546] loop1: detected capacity change from 0 to 256 [ 290.820335][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 290.861401][T11546] loop1: detected capacity change from 0 to 1764 [ 290.927354][T11546] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2026'. [ 290.937271][T11546] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.993255][T11546] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 291.078239][T11551] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2028'. [ 291.290755][T11561] loop2: detected capacity change from 0 to 1024 [ 291.298899][T11561] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 291.345411][T11561] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 291.413897][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.748642][T11572] loop2: detected capacity change from 0 to 512 [ 291.793941][T11572] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 291.830761][T11572] ext4 filesystem being mounted at /517/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 292.818110][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.928634][T11585] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2039'. [ 293.210219][T11595] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2042'. [ 293.214293][T11597] loop3: detected capacity change from 0 to 256 [ 293.312487][T11597] loop3: detected capacity change from 0 to 1764 [ 293.391053][T11605] loop0: detected capacity change from 0 to 512 [ 293.395848][T11597] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2043'. [ 293.428015][T11605] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.467210][T11605] ext4 filesystem being mounted at /108/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 293.469458][T11610] loop1: detected capacity change from 0 to 1024 [ 293.487084][T11610] EXT4-fs: Ignoring removed oldalloc option [ 293.493357][T11610] EXT4-fs: Ignoring removed orlov option [ 293.501434][T11610] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 293.541291][T10247] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.542766][T11610] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.589217][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 293.589232][ T28] audit: type=1800 audit(1751982636.362:2818): pid=11610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2047" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 293.637713][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.068294][T11627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2049'. [ 294.078069][T11627] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2049'. [ 294.318521][T11627] wireguard0: entered promiscuous mode [ 294.941277][T11639] loop0: detected capacity change from 0 to 512 [ 294.996024][T11639] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 295.039763][T11639] ext4 filesystem being mounted at /111/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 295.107457][T11648] loop1: detected capacity change from 0 to 1024 [ 295.178884][T11648] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 295.279942][T11648] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 295.327041][T10247] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.552045][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.702613][T11668] loop1: detected capacity change from 0 to 2048 [ 295.743215][T11668] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 295.795946][T11668] EXT4-fs (loop1): shut down requested (0) [ 295.862259][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.928758][T11680] loop2: detected capacity change from 0 to 1024 [ 295.937320][T11680] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 295.967680][T11680] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 296.062922][T11687] loop1: detected capacity change from 0 to 512 [ 296.102366][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.123815][T11687] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 296.143064][T11687] ext4 filesystem being mounted at /514/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 296.210481][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.695172][ T28] audit: type=1326 audit(1751982639.462:2819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11703 comm="syz.1.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 296.785178][ T28] audit: type=1326 audit(1751982639.462:2820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11703 comm="syz.1.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 296.875110][ T28] audit: type=1326 audit(1751982639.462:2821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11703 comm="syz.1.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 296.983762][ T28] audit: type=1326 audit(1751982639.462:2822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11703 comm="syz.1.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 297.007315][ T28] audit: type=1326 audit(1751982639.462:2823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11703 comm="syz.1.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 297.030005][ T28] audit: type=1326 audit(1751982639.472:2824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11703 comm="syz.1.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 297.066918][ T28] audit: type=1326 audit(1751982639.472:2825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11703 comm="syz.1.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 297.084739][T11716] loop3: detected capacity change from 0 to 512 [ 297.095045][ T28] audit: type=1326 audit(1751982639.472:2826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11703 comm="syz.1.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 297.120497][ T28] audit: type=1326 audit(1751982639.472:2827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11703 comm="syz.1.2073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 297.160134][T11716] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.2078: corrupted in-inode xattr: invalid ea_ino [ 297.194912][T11716] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.2078: couldn't read orphan inode 15 (err -117) [ 297.214038][T11716] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 297.227818][T11719] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2079'. [ 297.295657][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.365876][T11724] loop0: detected capacity change from 0 to 512 [ 297.400330][T11724] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 297.415211][T11724] ext4 filesystem being mounted at /116/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 297.472837][T10247] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.953870][T11750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2089'. [ 297.980534][T11753] sch_fq: defrate 0 ignored. [ 298.079121][T11757] loop0: detected capacity change from 0 to 1764 [ 298.090321][T11756] loop1: detected capacity change from 0 to 512 [ 298.138119][T11756] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 298.158610][T11756] ext4 filesystem being mounted at /521/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 298.255886][T11762] loop0: detected capacity change from 0 to 512 [ 298.264035][T11762] EXT4-fs: Ignoring removed nobh option [ 298.297675][T11762] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 298.326567][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.353058][T11762] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 298.396538][T11762] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.2094: Corrupt directory, running e2fsck is recommended [ 298.414823][T11762] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 298.423845][T11762] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #15: comm syz.0.2094: corrupted in-inode xattr: invalid ea_ino [ 298.455443][T11762] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.2094: couldn't read orphan inode 15 (err -117) [ 298.479957][T11762] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 298.584578][T10247] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.922536][ T28] kauditd_printk_skb: 17 callbacks suppressed [ 298.922550][ T28] audit: type=1326 audit(1751982641.684:2845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11777 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 299.008997][ T28] audit: type=1326 audit(1751982641.724:2846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11777 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 299.063516][T11784] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2101'. [ 299.087723][ T28] audit: type=1326 audit(1751982641.734:2847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11777 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 299.129510][ T28] audit: type=1326 audit(1751982641.734:2848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11777 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 299.177187][ T28] audit: type=1326 audit(1751982641.734:2849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11777 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 299.454295][ T28] audit: type=1326 audit(1751982642.214:2850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11799 comm="syz.3.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2d9f8e929 code=0x7ffc0000 [ 299.481827][ T28] audit: type=1326 audit(1751982642.214:2851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11799 comm="syz.3.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2d9f8e929 code=0x7ffc0000 [ 299.515488][ T28] audit: type=1326 audit(1751982642.214:2852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11799 comm="syz.3.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fd2d9f8e929 code=0x7ffc0000 [ 299.542828][ T28] audit: type=1326 audit(1751982642.214:2853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11799 comm="syz.3.2109" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd2d9f8e929 code=0x0 [ 299.664313][T11807] netlink: 'syz.0.2111': attribute type 25 has an invalid length. [ 299.673030][T11807] netlink: 'syz.0.2111': attribute type 1 has an invalid length. [ 299.681481][T11807] bridge0: port 1(bridge_slave_0) entered learning state [ 299.711941][T11809] loop1: detected capacity change from 0 to 1024 [ 299.720681][T11809] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 299.749484][T11809] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 299.758582][T11813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2113'. [ 299.827291][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 299.978764][T11823] loop0: detected capacity change from 0 to 512 [ 299.988769][T11823] journal_path: Lookup failure for './file0/../file0' [ 299.997639][T11823] EXT4-fs: error: could not find journal device path [ 300.104706][ T28] audit: type=1326 audit(1751982642.864:2854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11824 comm="syz.2.2119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17dd78e929 code=0x7ffc0000 [ 300.456522][T11833] netlink: 'syz.3.2121': attribute type 10 has an invalid length. [ 300.487694][T11833] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 300.537539][T11835] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2121'. [ 300.663202][T11835] bond0: (slave bridge0): Releasing backup interface [ 301.068295][T11838] syz.2.2122[11838] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 301.068444][T11838] syz.2.2122[11838] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 301.107549][T11838] loop2: detected capacity change from 0 to 512 [ 301.187796][T11838] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 301.225264][T11838] ext4 filesystem being mounted at /536/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 301.362671][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 301.555490][T11847] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2123'. [ 301.730857][T11858] lo speed is unknown, defaulting to 1000 [ 302.550526][T11881] netlink: '+}[@': attribute type 1 has an invalid length. [ 302.573221][T11881] netlink: 224 bytes leftover after parsing attributes in process `+}[@'. [ 302.705652][T11883] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2138'. [ 303.531982][T11911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2149'. [ 303.544690][T11913] loop1: detected capacity change from 0 to 1024 [ 303.555118][T11913] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 303.590729][T11913] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 303.629752][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.975893][ T5834] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 304.109614][T11927] block device autoloading is deprecated and will be removed. [ 304.126444][T11927] syz.1.2155: attempt to access beyond end of device [ 304.126444][T11927] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 304.316988][ T28] kauditd_printk_skb: 76 callbacks suppressed [ 304.317021][ T28] audit: type=1326 audit(1751982647.085:2931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17dd78e52b code=0x7ffc0000 [ 304.349926][ T28] audit: type=1326 audit(1751982647.115:2932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17dd78e52b code=0x7ffc0000 [ 304.505224][ T5834] usb 3-1: device descriptor read/64, error -71 [ 304.815268][ T5834] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 304.842020][ T28] audit: type=1326 audit(1751982647.605:2933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17dd78e52b code=0x7ffc0000 [ 304.876134][T11938] netlink: 'syz.3.2168': attribute type 1 has an invalid length. [ 304.884087][ T28] audit: type=1326 audit(1751982647.625:2934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17dd78e52b code=0x7ffc0000 [ 304.928805][T11940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2160'. [ 304.950849][T11938] 8021q: adding VLAN 0 to HW filter on device bond1 [ 305.015265][ T5834] usb 3-1: device descriptor read/64, error -71 [ 305.142384][ T5834] usb usb3-port1: attempt power cycle [ 305.294080][T11942] bond1 (unregistering): Released all slaves [ 305.555349][ T5834] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 305.594081][T11963] loop3: detected capacity change from 0 to 1024 [ 305.602126][T11963] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 305.654079][T11963] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 305.719948][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 305.774068][ T5834] usb 3-1: device descriptor read/8, error -71 [ 305.774201][ T28] audit: type=1326 audit(1751982648.534:2935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17dd78e52b code=0x7ffc0000 [ 305.809207][ T28] audit: type=1326 audit(1751982648.534:2936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17dd78e52b code=0x7ffc0000 [ 305.889983][T11974] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2173'. [ 306.055247][ T5834] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 306.097060][ T28] audit: type=1326 audit(1751982648.866:2937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17dd78e52b code=0x7ffc0000 [ 306.119429][ T5834] usb 3-1: device descriptor read/8, error -71 [ 306.119791][ T28] audit: type=1326 audit(1751982648.896:2938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17dd78e52b code=0x7ffc0000 [ 306.245294][ T5834] usb usb3-port1: unable to enumerate USB device [ 306.450607][T11981] netlink: 'syz.1.2175': attribute type 10 has an invalid length. [ 306.475477][T11981] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.483166][T11981] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.513163][T11981] bridge0: port 2(bridge_slave_1) entered blocking state [ 306.520435][T11981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 306.528008][T11981] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.535185][T11981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 306.556638][T11981] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 306.579863][T11985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2175'. [ 306.607540][T11985] bridge_slave_1: left allmulticast mode [ 306.620030][T11985] bridge_slave_1: left promiscuous mode [ 306.637921][T11985] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.656595][T11985] bridge_slave_0: left allmulticast mode [ 306.662295][T11985] bridge_slave_0: left promiscuous mode [ 306.698219][T11985] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.707599][T11989] binfmt_misc: register: failed to install interpreter file ./file0 [ 306.773493][T11985] bond0: (slave bridge0): Releasing backup interface [ 306.902837][T11996] netlink: 172 bytes leftover after parsing attributes in process `syz.0.2179'. [ 307.894654][T12032] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2195'. [ 307.987934][T12037] loop0: detected capacity change from 0 to 1024 [ 308.001339][T12037] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 308.042164][T12037] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 308.069610][T12039] netem: change failed [ 308.075286][ T28] audit: type=1326 audit(1751982650.826:2939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12041 comm="syz.3.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2d9f8e929 code=0x7ffc0000 [ 308.113769][ T28] audit: type=1326 audit(1751982650.826:2940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12041 comm="syz.3.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2d9f8e929 code=0x7ffc0000 [ 308.914671][T12078] loop1: detected capacity change from 0 to 1024 [ 308.938564][T12078] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 309.631872][ T28] kauditd_printk_skb: 15 callbacks suppressed [ 309.631886][ T28] audit: type=1326 audit(1751982652.396:2956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12099 comm="syz.1.2220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 309.720565][ T28] audit: type=1326 audit(1751982652.396:2957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12099 comm="syz.1.2220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 309.766812][ T28] audit: type=1326 audit(1751982652.396:2958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12099 comm="syz.1.2220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 309.804644][T12111] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2222'. [ 309.820707][ T28] audit: type=1326 audit(1751982652.396:2959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12099 comm="syz.1.2220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 309.853547][T12110] loop1: detected capacity change from 0 to 128 [ 309.860102][ T28] audit: type=1326 audit(1751982652.396:2960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12099 comm="syz.1.2220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 309.911514][ T28] audit: type=1800 audit(1751982652.656:2961): pid=12110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="+}[@" name="file1" dev="loop1" ino=1048618 res=0 errno=0 [ 310.086613][T12121] loop1: detected capacity change from 0 to 1024 [ 310.100628][T12121] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 310.853550][ T28] audit: type=1326 audit(1751982653.616:2962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12145 comm="syz.0.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 310.883232][ T28] audit: type=1326 audit(1751982653.616:2963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12145 comm="syz.0.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 310.911927][ T28] audit: type=1326 audit(1751982653.646:2964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12145 comm="syz.0.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 310.939969][ T28] audit: type=1326 audit(1751982653.646:2965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12145 comm="syz.0.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 311.120047][T12153] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2234'. [ 311.200222][T12156] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2236'. [ 311.334940][T12162] loop2: detected capacity change from 0 to 1024 [ 311.345263][T12162] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 311.394902][T12162] EXT4-fs mount: 5 callbacks suppressed [ 311.394918][T12162] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 311.523168][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 311.749273][T12186] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2247'. [ 311.867984][T12192] loop2: detected capacity change from 0 to 1024 [ 311.882996][T12192] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 311.925397][T12192] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 312.011449][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 312.272727][T12208] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2258'. [ 312.627888][T12214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2261'. [ 312.676080][T12216] loop3: detected capacity change from 0 to 1024 [ 312.712216][T12216] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 312.754278][T12216] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 312.793564][T12221] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2263'. [ 312.918330][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.422753][T12244] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2272'. [ 313.440154][T12246] loop3: detected capacity change from 0 to 1024 [ 313.448371][T12246] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 313.480618][T12246] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 313.536744][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.695277][T12254] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2275'. [ 314.049970][T12272] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2280'. [ 314.075223][T12272] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2280'. [ 314.092306][T12273] loop3: detected capacity change from 0 to 1024 [ 314.102262][T12273] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 314.141115][T12273] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 314.179277][T12278] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2284'. [ 314.204326][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 314.299702][T12283] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2285'. [ 314.440398][T12288] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2287'. [ 314.711016][T12300] loop3: detected capacity change from 0 to 1024 [ 314.719199][T12300] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 314.751270][T12300] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 314.803043][ T5789] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.006104][T12315] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2296'. [ 315.025427][T12315] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2296'. [ 315.114375][T12317] loop0: detected capacity change from 0 to 512 [ 315.136635][T12317] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 315.244194][ T28] kauditd_printk_skb: 20 callbacks suppressed [ 315.244209][ T28] audit: type=1326 audit(1751982658.005:2986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12319 comm="syz.1.2301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 315.275484][T12317] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #17: comm syz.0.2297: corrupted in-inode xattr: invalid ea_ino [ 315.325463][ T28] audit: type=1326 audit(1751982658.005:2987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12319 comm="syz.1.2301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 315.359798][T12328] loop2: detected capacity change from 0 to 512 [ 315.365342][T12317] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.2297: couldn't read orphan inode 17 (err -117) [ 315.388028][ T28] audit: type=1326 audit(1751982658.075:2988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12319 comm="syz.1.2301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 315.405774][T12330] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2304'. [ 315.413995][T12317] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 315.436108][T12328] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 315.452009][ T28] audit: type=1326 audit(1751982658.075:2989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12319 comm="syz.1.2301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 315.485587][T12328] ext4 filesystem being mounted at /580/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 315.509431][ T28] audit: type=1326 audit(1751982658.075:2990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12319 comm="syz.1.2301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 315.523000][T12328] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 315.559919][T12328] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28 [ 315.572755][ T28] audit: type=1326 audit(1751982658.085:2991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12319 comm="syz.1.2301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 315.605670][T12328] EXT4-fs (loop2): This should not happen!! Data will be lost [ 315.605670][T12328] [ 315.643711][T10247] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.670784][T12328] EXT4-fs (loop2): Total free blocks count 0 [ 315.715254][ T28] audit: type=1326 audit(1751982658.085:2992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12319 comm="syz.1.2301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 315.737908][T12328] EXT4-fs (loop2): Free/Dirty block details [ 315.772361][T12328] EXT4-fs (loop2): free_blocks=65280 [ 315.778369][T12328] EXT4-fs (loop2): dirty_blocks=33 [ 315.785114][T12328] EXT4-fs (loop2): Block reservation details [ 315.792826][T12328] EXT4-fs (loop2): i_reserved_data_blocks=33 [ 315.810330][T12337] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28 [ 315.824337][ T28] audit: type=1326 audit(1751982658.085:2993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12319 comm="syz.1.2301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 315.873650][T12342] loop1: detected capacity change from 0 to 512 [ 315.876132][ T28] audit: type=1326 audit(1751982658.085:2994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12319 comm="syz.1.2301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 315.965168][T12342] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.2308: bg 0: block 248: padding at end of block bitmap is not set [ 316.005112][ T28] audit: type=1326 audit(1751982658.085:2995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12319 comm="syz.1.2301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86da38e929 code=0x7ffc0000 [ 316.070742][T12342] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.2308: Failed to acquire dquot type 1 [ 316.082829][ T5787] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 316.094604][ T5787] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 316.104651][T12351] bridge0: entered promiscuous mode [ 316.113424][ T5787] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 316.129468][ T5787] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 316.131040][T12342] EXT4-fs (loop1): 1 truncate cleaned up [ 316.147730][T12342] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 316.161984][T12342] ext4 filesystem being mounted at /578/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 316.172763][ T5787] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 316.191874][ T5787] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 316.230721][T12342] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.2308: Failed to acquire dquot type 1 [ 316.362547][T12347] lo speed is unknown, defaulting to 1000 [ 316.427760][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 316.640818][T12363] loop1: detected capacity change from 0 to 128 [ 316.708987][T12363] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 316.758639][T12363] ext4 filesystem being mounted at /579/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 316.821402][ T5785] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 317.038773][T12347] chnl_net:caif_netlink_parms(): no params data found [ 317.039081][T12385] 9pnet: p9_errstr2errno: server reported unknown error [ 317.337131][T12347] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.344341][T12347] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.352145][T12347] bridge_slave_0: entered allmulticast mode [ 317.360761][T12347] bridge_slave_0: entered promiscuous mode [ 317.370076][T12347] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.377582][T12347] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.384799][T12347] bridge_slave_1: entered allmulticast mode [ 317.401230][T12347] bridge_slave_1: entered promiscuous mode [ 317.402281][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.413574][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.471318][T12401] bridge0: entered promiscuous mode [ 317.487583][T12347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 317.605610][T12347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 317.637206][T12409] loop2: detected capacity change from 0 to 1024 [ 317.669429][T12409] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 317.740690][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.758399][T12347] team0: Port device team_slave_0 added [ 317.769699][T12347] team0: Port device team_slave_1 added [ 317.849865][T12347] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 317.858107][T12347] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 317.884900][T12347] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 317.949682][T12347] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 317.965855][T12347] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 318.007482][T12422] loop1: detected capacity change from 0 to 128 [ 318.040117][T12347] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 318.041419][T12422] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 318.092874][T12422] ext4 filesystem being mounted at /587/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 318.204164][T12347] hsr_slave_0: entered promiscuous mode [ 318.211397][T12347] hsr_slave_1: entered promiscuous mode [ 318.229393][T12347] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 318.255056][T12347] Cannot create hsr debugfs directory [ 318.263689][ T5785] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 318.293448][ T5787] Bluetooth: hci4: command tx timeout [ 318.918498][T12453] __nla_validate_parse: 11 callbacks suppressed [ 318.918515][T12453] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2352'. [ 319.046066][T12457] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2355'. [ 319.188528][ T7223] hsr_slave_0: left promiscuous mode [ 319.202406][ T7223] hsr_slave_1: left promiscuous mode [ 319.290930][T12467] sg_write: data in/out 2012/14 bytes for SCSI command 0x0-- guessing data in; [ 319.290930][T12467] program syz.2.2360 not setting count and/or reply_len properly [ 319.371666][ T7223] team0: left allmulticast mode [ 319.398171][ T7223] team0: left promiscuous mode [ 320.251711][ T28] kauditd_printk_skb: 269 callbacks suppressed [ 320.251725][ T28] audit: type=1326 audit(1751982663.022:3261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f17dd7858e7 code=0x7ffc0000 [ 320.282300][ T28] audit: type=1326 audit(1751982663.032:3262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f17dd72ab19 code=0x7ffc0000 [ 320.305282][ T28] audit: type=1326 audit(1751982663.032:3263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f17dd78e929 code=0x7ffc0000 [ 320.328015][ T28] audit: type=1326 audit(1751982663.062:3264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f17dd7858e7 code=0x7ffc0000 [ 320.350608][ T28] audit: type=1326 audit(1751982663.062:3265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f17dd72ab19 code=0x7ffc0000 [ 320.367888][ T5787] Bluetooth: hci4: command tx timeout [ 320.373245][ T28] audit: type=1326 audit(1751982663.062:3266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12469 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f17dd78e929 code=0x7ffc0000 [ 320.426200][ T28] audit: type=1326 audit(1751982663.192:3267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.0.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 320.505302][ T28] audit: type=1326 audit(1751982663.192:3268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.0.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 320.520239][T12481] loop2: detected capacity change from 0 to 164 [ 320.544770][ T28] audit: type=1326 audit(1751982663.232:3269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.0.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=198 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 320.595615][ T28] audit: type=1326 audit(1751982663.232:3270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.0.2365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 320.639224][T12481] syz.2.2366: attempt to access beyond end of device [ 320.639224][T12481] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 320.666842][T12481] syz.2.2366: attempt to access beyond end of device [ 320.666842][T12481] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 320.845139][T12488] netlink: 'syz.2.2369': attribute type 1 has an invalid length. [ 320.859750][T12488] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2369'. [ 321.120507][ T7223] bond0 (unregistering): Released all slaves [ 321.162906][T12476] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2364'. [ 321.179645][T12490] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2370'. [ 321.346730][ T9] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 321.368896][ T9] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 321.393534][ T9] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 321.421665][ T9] hid-generic 0003:0004:0000.0007: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 321.600164][T12503] loop2: detected capacity change from 0 to 1024 [ 321.614432][T12347] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 321.632900][T12503] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 321.634708][T12347] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 321.657534][T12347] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 321.670385][T12347] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 321.888150][T12518] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2378'. [ 321.930449][T12347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 322.525385][ T5787] Bluetooth: hci4: command tx timeout [ 322.578248][T12347] 8021q: adding VLAN 0 to HW filter on device team0 [ 322.668729][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 322.693632][ T7219] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.700840][ T7219] bridge0: port 1(bridge_slave_0) entered forwarding state [ 322.736493][ T7219] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.743694][ T7219] bridge0: port 2(bridge_slave_1) entered forwarding state [ 322.819695][T12527] netlink: 268 bytes leftover after parsing attributes in process `syz.2.2381'. [ 322.854079][T12527] unsupported nla_type 65024 [ 323.374460][T12347] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 323.421368][T12551] netlink: 'syz.0.2389': attribute type 1 has an invalid length. [ 323.429321][T12551] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2389'. [ 323.463855][T12347] veth0_vlan: entered promiscuous mode [ 323.489030][T12347] veth1_vlan: entered promiscuous mode [ 323.579615][T12347] veth0_macvtap: entered promiscuous mode [ 323.587861][T12555] syz.0.2392[12555] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 323.587982][T12555] syz.0.2392[12555] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 323.592135][T12347] veth1_macvtap: entered promiscuous mode [ 323.632703][T12347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 323.648503][T12347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.650054][T12555] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2392'. [ 323.661511][T12347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 323.703236][T12347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.733131][T12347] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 323.801472][T12347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 323.813484][T12347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.825065][T12347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 323.838245][T12347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.852277][T12347] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 323.878054][T12347] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.887117][T12347] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.896715][T12347] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.908434][T12347] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 323.997897][T12564] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2396'. [ 324.028953][ T7267] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 324.051046][ T7267] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.088312][ T7223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 324.097322][ T7223] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.205289][T12571] loop3: detected capacity change from 0 to 2048 [ 324.223207][T12571] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 324.322267][T12347] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 324.597768][ T5787] Bluetooth: hci4: command tx timeout [ 324.683037][ T5102] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 324.695751][ T5102] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 324.704640][ T5102] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 324.723949][ T5102] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 324.732152][ T5102] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 324.740903][ T5102] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 324.743238][ T7232] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.809004][T12579] lo speed is unknown, defaulting to 1000 [ 324.847369][ T7232] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.913224][ T7232] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.006373][ T7232] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.071867][T12588] loop1: detected capacity change from 0 to 256 [ 325.234172][T12579] chnl_net:caif_netlink_parms(): no params data found [ 325.258679][ T28] kauditd_printk_skb: 187 callbacks suppressed [ 325.258691][ T28] audit: type=1326 audit(1751982668.032:3458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff09f3858e7 code=0x7ffc0000 [ 325.307745][T12591] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2405'. [ 325.308251][ T28] audit: type=1326 audit(1751982668.062:3459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff09f32ab19 code=0x7ffc0000 [ 325.330467][T12591] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2405'. [ 325.345403][ T28] audit: type=1326 audit(1751982668.062:3460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff09f3858e7 code=0x7ffc0000 [ 325.371579][ T28] audit: type=1326 audit(1751982668.062:3461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff09f32ab19 code=0x7ffc0000 [ 325.579631][ T28] audit: type=1326 audit(1751982668.062:3462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff09f3858e7 code=0x7ffc0000 [ 325.682594][ T28] audit: type=1326 audit(1751982668.062:3463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff09f32ab19 code=0x7ffc0000 [ 325.747670][ T28] audit: type=1326 audit(1751982668.062:3464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 325.995325][ T2131] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 326.113672][ T28] audit: type=1326 audit(1751982668.072:3465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff09f3858e7 code=0x7ffc0000 [ 326.257417][T12579] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.325611][ T2131] usb 2-1: config 0 has an invalid interface number: 230 but max is 0 [ 326.340710][T12579] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.349394][ T2131] usb 2-1: config 0 has no interface number 0 [ 326.365136][ T28] audit: type=1326 audit(1751982668.072:3466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff09f32ab19 code=0x7ffc0000 [ 326.388393][T12579] bridge_slave_0: entered allmulticast mode [ 326.398391][ T2131] usb 2-1: config 0 interface 230 has no altsetting 0 [ 326.426807][T12579] bridge_slave_0: entered promiscuous mode [ 326.434667][ T2131] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 326.441668][T12579] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.456864][ T28] audit: type=1326 audit(1751982668.072:3467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12581 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 326.469843][ T2131] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.479722][T12579] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.500205][T12579] bridge_slave_1: entered allmulticast mode [ 326.510478][T12579] bridge_slave_1: entered promiscuous mode [ 326.515423][ T2131] usb 2-1: Product: syz [ 326.521187][ T2131] usb 2-1: Manufacturer: syz [ 326.534003][ T2131] usb 2-1: SerialNumber: syz [ 326.550794][ T2131] usb 2-1: config 0 descriptor?? [ 326.577591][ T2131] ums-usbat 2-1:0.230: USB Mass Storage device detected [ 326.607553][ T2131] ums-usbat 2-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 326.674718][T12579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 326.701648][T12579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 326.738209][T12579] team0: Port device team_slave_0 added [ 326.796130][T12579] team0: Port device team_slave_1 added [ 326.826441][ T5849] usb 2-1: USB disconnect, device number 2 [ 326.843820][ T5787] Bluetooth: hci0: command tx timeout [ 326.912957][T12579] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 326.925344][T12579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 326.986547][T12579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 327.037823][T12579] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 327.053383][T12579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 327.091602][T12579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 327.254653][T12579] hsr_slave_0: entered promiscuous mode [ 327.263011][T12579] hsr_slave_1: entered promiscuous mode [ 327.393116][T12614] loop0: detected capacity change from 0 to 512 [ 327.412669][T12614] EXT4-fs (loop0): orphan cleanup on readonly fs [ 327.431163][T12614] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.2412: bg 0: block 248: padding at end of block bitmap is not set [ 327.447945][T12614] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.2412: Failed to acquire dquot type 1 [ 327.461564][T12614] EXT4-fs (loop0): 1 truncate cleaned up [ 327.481939][T12614] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000001 ro without journal. Quota mode: writeback. [ 327.511938][T12614] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 327.547606][T12614] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000001 r/w. [ 327.710605][T10247] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000001. [ 327.748363][ T7232] hsr_slave_0: left promiscuous mode [ 327.785282][ T7232] hsr_slave_1: left promiscuous mode [ 327.803691][ T7232] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 327.813351][ T7232] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 327.822614][ T7232] bridge_slave_0: left allmulticast mode [ 327.828978][ T7232] bridge_slave_0: left promiscuous mode [ 327.839316][ T7232] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.865937][ T7232] bridge0: left promiscuous mode [ 327.872266][ T7232] veth1_macvtap: left promiscuous mode [ 327.878866][ T7232] veth0_macvtap: left promiscuous mode [ 327.884630][ T7232] veth1_vlan: left promiscuous mode [ 327.890018][ T7232] veth0_vlan: left promiscuous mode [ 328.824004][T12632] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2418'. [ 328.917186][ T5787] Bluetooth: hci0: command tx timeout [ 329.292446][ T7232] team0 (unregistering): Port device team_slave_1 removed [ 329.342030][ T7232] team0 (unregistering): Port device team_slave_0 removed [ 329.387836][ T7232] $Hÿ (unregistering): (slave bond_slave_1): Releasing backup interface [ 329.400474][ T7232] bond_slave_1 (unregistering): left promiscuous mode [ 329.454070][ T7232] $Hÿ (unregistering): (slave bond_slave_0): Releasing backup interface [ 329.464524][ T7232] bond_slave_0 (unregistering): left promiscuous mode [ 330.113630][ T7232] $Hÿ (unregistering): Released all slaves [ 330.222203][T12626] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2415'. [ 330.232053][T12626] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2415'. [ 330.995844][ T5787] Bluetooth: hci0: command tx timeout [ 331.513558][T12579] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 331.529807][T12579] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 331.552824][T12579] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 331.583827][T12579] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 331.684535][T12681] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2434'. [ 331.699676][T12681] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2434'. [ 331.743912][T12579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 331.803444][T12579] 8021q: adding VLAN 0 to HW filter on device team0 [ 331.842301][ T7253] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.849536][ T7253] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.886832][ T7223] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.894045][ T7223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.894819][T12579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 333.040248][T12579] veth0_vlan: entered promiscuous mode [ 333.078385][ T5787] Bluetooth: hci0: command tx timeout [ 333.111857][T12579] veth1_vlan: entered promiscuous mode [ 333.215964][T12579] veth0_macvtap: entered promiscuous mode [ 333.249326][T12579] veth1_macvtap: entered promiscuous mode [ 333.293562][T12579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 333.310454][ T28] kauditd_printk_skb: 60 callbacks suppressed [ 333.310468][ T28] audit: type=1326 audit(1751982676.082:3526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12700 comm="syz.3.2440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 333.315196][T12701] loop1: detected capacity change from 0 to 1024 [ 333.320472][ T28] audit: type=1326 audit(1751982676.082:3527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12700 comm="syz.3.2440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 333.355417][T12579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.378349][ T28] audit: type=1326 audit(1751982676.082:3528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12700 comm="syz.3.2440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 333.379736][T12579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 333.412434][T12579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.426436][T12579] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 333.438699][T12579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.449343][T12579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.460803][T12579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.472008][ T28] audit: type=1326 audit(1751982676.082:3529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12700 comm="syz.3.2440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 333.473181][T12701] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 333.503216][T12579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.545105][ T28] audit: type=1326 audit(1751982676.082:3530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12700 comm="syz.3.2440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 333.555182][T12579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.567917][ T28] audit: type=1326 audit(1751982676.082:3531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12700 comm="syz.3.2440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 333.601948][ T28] audit: type=1326 audit(1751982676.082:3532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12700 comm="syz.3.2440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 333.606575][T12579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.624634][ T28] audit: type=1326 audit(1751982676.082:3533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12700 comm="syz.3.2440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 333.668797][T12579] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 333.689513][ T28] audit: type=1800 audit(1751982676.362:3534): pid=12701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2441" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 333.733162][T12709] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2443'. [ 333.871176][T12579] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.882794][T12579] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.894581][T12579] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.906242][T12579] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.798845][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 335.946536][ T7253] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.978404][ T7253] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.085985][ T7219] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.115089][ T7219] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.244429][T12730] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2451'. [ 336.270361][T12730] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2451'. [ 336.294354][T12731] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2452'. [ 336.380032][T12736] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2399'. [ 336.439051][T12739] loop0: detected capacity change from 0 to 2048 [ 336.497427][T12739] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 336.656135][T10247] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.835808][T12752] loop2: detected capacity change from 0 to 512 [ 336.929570][T12752] EXT4-fs (loop2): 1 orphan inode deleted [ 336.951875][ T7267] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 336.966752][T12752] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 336.973522][ T7267] EXT4-fs error (device loop2): ext4_release_dquot:6974: comm kworker/u4:50: Failed to release dquot type 1 [ 337.001052][T12752] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 337.059381][T12761] loop3: detected capacity change from 0 to 1024 [ 337.067466][T12761] EXT4-fs: Ignoring removed nomblk_io_submit option [ 337.112410][T12761] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 337.137568][T12579] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 337.256681][T12347] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 337.273546][T12765] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2463'. [ 337.315590][T12765] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2463'. [ 337.366732][T12768] Cannot find del_set index 4 as target [ 337.453027][T12770] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2465'. [ 337.947875][ T5102] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 337.959648][ T5102] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 337.970039][ T5102] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 337.978330][ T5102] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 337.986862][ T5102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 337.994351][ T5102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 338.529418][ T28] audit: type=1326 audit(1751982681.286:3535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 338.589582][T12803] loop3: detected capacity change from 0 to 128 [ 338.643867][ T28] audit: type=1326 audit(1751982681.286:3536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 338.726025][ T7219] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.755239][ T28] audit: type=1326 audit(1751982681.296:3537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 338.844464][ T28] audit: type=1326 audit(1751982681.296:3538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 338.881653][ T28] audit: type=1326 audit(1751982681.356:3539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 338.906794][ T7219] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.917961][ T28] audit: type=1326 audit(1751982681.356:3540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff09f38e963 code=0x7ffc0000 [ 338.946055][ T28] audit: type=1326 audit(1751982681.356:3541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff09f38d3df code=0x7ffc0000 [ 338.973679][T12787] chnl_net:caif_netlink_parms(): no params data found [ 338.987971][ T28] audit: type=1326 audit(1751982681.356:3542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7ff09f38e9b7 code=0x7ffc0000 [ 339.031622][T12809] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2476'. [ 339.063430][ T28] audit: type=1326 audit(1751982681.356:3543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff09f38d290 code=0x7ffc0000 [ 339.088237][ T28] audit: type=1326 audit(1751982681.356:3544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12801 comm="syz.3.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff09f38e52b code=0x7ffc0000 [ 339.116847][ T7219] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.190195][T12812] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2477'. [ 339.228984][ T7219] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.609428][T12787] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.621215][T12787] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.631253][T12787] bridge_slave_0: entered allmulticast mode [ 339.647910][T12787] bridge_slave_0: entered promiscuous mode [ 339.657281][T12787] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.664628][T12787] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.679046][T12787] bridge_slave_1: entered allmulticast mode [ 339.699587][T12787] bridge_slave_1: entered promiscuous mode [ 339.847346][T12787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 339.873695][T12787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 340.085475][ T5102] Bluetooth: hci2: command tx timeout [ 340.135332][T12787] team0: Port device team_slave_0 added [ 340.144551][T12787] team0: Port device team_slave_1 added [ 341.204691][T12787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 341.211810][T12787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.238213][T12787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 341.290232][T12787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 341.744539][T12787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.815156][T12787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 342.090730][T12787] hsr_slave_0: entered promiscuous mode [ 342.099048][T12787] hsr_slave_1: entered promiscuous mode [ 342.105733][T12787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 342.113357][T12787] Cannot create hsr debugfs directory [ 342.125302][ T5102] Bluetooth: hci2: command tx timeout [ 343.001494][T12787] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 343.109323][ T7219] hsr_slave_0: left promiscuous mode [ 343.143326][ T7219] hsr_slave_1: left promiscuous mode [ 343.210606][ T7219] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 343.223285][ T7219] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 343.266112][ T7219] bridge0: left promiscuous mode [ 343.273448][ T7219] veth1_macvtap: left promiscuous mode [ 343.291270][ T7219] veth0_macvtap: left promiscuous mode [ 343.301654][ T7219] veth1_vlan: left promiscuous mode [ 343.308466][ T7219] veth0_vlan: left promiscuous mode [ 344.195752][ T5102] Bluetooth: hci2: command tx timeout [ 344.731004][ T7219] team0 (unregistering): Port device team_slave_1 removed [ 344.778437][ T7219] team0 (unregistering): Port device team_slave_0 removed [ 344.824297][ T7219] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 344.875192][ T7219] bond0 (unregistering): (slave 30): Releasing backup interface [ 345.385742][ T7219] bond0 (unregistering): Released all slaves [ 345.420333][T12787] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 345.430317][T12869] vcan0: entered allmulticast mode [ 345.441930][T12872] vcan0: left allmulticast mode [ 345.472088][T12787] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 345.497192][T12787] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 345.718730][T12905] loop3: detected capacity change from 0 to 128 [ 345.750349][T12905] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 345.868233][T12787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 345.921062][T12787] 8021q: adding VLAN 0 to HW filter on device team0 [ 345.944418][ T7253] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.951690][ T7253] bridge0: port 1(bridge_slave_0) entered forwarding state [ 345.994357][ T7259] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.001623][ T7259] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.012143][ T7259] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 346.275599][ T5102] Bluetooth: hci2: command tx timeout [ 346.687171][T12916] program syz.2.2507 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 347.262365][T12787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 347.448705][T12787] veth0_vlan: entered promiscuous mode [ 347.491124][T12787] veth1_vlan: entered promiscuous mode [ 347.601465][ T28] kauditd_printk_skb: 15 callbacks suppressed [ 347.601479][ T28] audit: type=1107 audit(1751982690.367:3560): pid=12935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' |þkØü' [ 347.684087][T12787] veth0_macvtap: entered promiscuous mode [ 347.731170][T12787] veth1_macvtap: entered promiscuous mode [ 347.990545][T12787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 348.001203][T12787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.075756][T12787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 348.172198][T12787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.287375][T12787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 348.427484][T12787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.615844][T12787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 348.659241][T12787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 348.710925][T12787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.742989][T12944] syz.2.2517[12944] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 348.743118][T12944] syz.2.2517[12944] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 348.757228][T12787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 348.801859][T12787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.845981][T12787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 348.870643][T12787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.882696][T12787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 348.958694][T12952] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2520'. [ 349.035645][T12787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.044389][T12787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.063697][T12787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.078461][T12787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.099180][T12962] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2524'. [ 349.318766][ T7251] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.352548][ T7251] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.389939][T12969] loop3: detected capacity change from 0 to 512 [ 349.792931][T12969] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 349.885696][ T7251] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.906991][T12969] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 349.926911][ T7251] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.951797][T12969] ext4 filesystem being mounted at /44/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 350.118966][T12977] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2464'. [ 350.143025][T12347] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 350.443181][T12988] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2531'. [ 351.843568][T13012] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2542'. [ 351.974878][T13017] loop3: detected capacity change from 0 to 1024 [ 351.984283][T13015] batadv_slave_1: entered promiscuous mode [ 351.993135][T13014] batadv_slave_1: left promiscuous mode [ 352.016450][T13017] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 352.050516][T13017] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4036: comm syz.3.2545: Allocating blocks 385-513 which overlap fs metadata [ 352.306272][T13017] EXT4-fs (loop3): pa ffff88807725f570: logic 16, phys. 129, len 24 [ 352.314727][T13017] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 8 [ 353.038286][T13033] loop1: detected capacity change from 0 to 512 [ 353.118699][T13033] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 353.134788][T13033] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 353.167628][T12347] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 353.365215][ T28] audit: type=1326 audit(1751982696.125:3561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13041 comm="syz.3.2552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 353.403611][ T28] audit: type=1326 audit(1751982696.135:3562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13041 comm="syz.3.2552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 353.489509][ T28] audit: type=1326 audit(1751982696.135:3563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13041 comm="syz.3.2552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 353.524561][T12787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 353.528903][T13047] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2554'. [ 353.542693][ T28] audit: type=1326 audit(1751982696.135:3564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13041 comm="syz.3.2552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 353.567161][ T28] audit: type=1326 audit(1751982696.135:3565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13041 comm="syz.3.2552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 353.627312][ T28] audit: type=1326 audit(1751982696.135:3566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13041 comm="syz.3.2552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 353.655274][ T28] audit: type=1326 audit(1751982696.135:3567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13041 comm="syz.3.2552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 353.680069][ T28] audit: type=1326 audit(1751982696.135:3568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13041 comm="syz.3.2552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 353.708931][ T28] audit: type=1326 audit(1751982696.135:3569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13041 comm="syz.3.2552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 353.818686][ T28] audit: type=1326 audit(1751982696.135:3570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13041 comm="syz.3.2552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 354.494890][T13093] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2576'. [ 354.512890][T13092] loop3: detected capacity change from 0 to 2048 [ 354.550427][T13092] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 354.601808][T13092] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 354.619812][T13092] EXT4-fs (loop3): Remounting filesystem read-only [ 354.664828][T12347] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 355.466098][T13147] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2596'. [ 355.519002][T13154] syz.0.2599[13154] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 355.519123][T13154] syz.0.2599[13154] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 355.590719][T13156] loop1: detected capacity change from 0 to 1024 [ 355.640251][T13156] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 355.728989][T13156] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4036: comm syz.1.2600: Allocating blocks 385-513 which overlap fs metadata [ 355.780974][T13156] EXT4-fs (loop1): pa ffff88805b1ec570: logic 16, phys. 129, len 24 [ 355.789731][T13156] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 8 [ 356.000045][T13180] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2610'. [ 356.194442][T13189] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2614'. [ 356.238085][T12787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 356.285400][T13192] loop0: detected capacity change from 0 to 1024 [ 356.306476][T13192] EXT4-fs: Ignoring removed nomblk_io_submit option [ 356.371392][T13192] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 356.409809][T13202] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2619'. [ 356.479998][T10247] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 356.782703][T13217] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2622'. [ 357.708254][T13229] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2627'. [ 357.757989][T13224] loop0: detected capacity change from 0 to 8192 [ 357.784032][T13224] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 357.894040][T13232] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2629'. [ 358.212807][T13244] loop2: detected capacity change from 0 to 256 [ 358.510498][T13253] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2638'. [ 359.111269][T13263] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2642'. [ 359.355799][T13265] xt_CT: No such helper "snmp_trap" [ 359.506995][T13271] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2645'. [ 359.516373][ T28] kauditd_printk_skb: 25 callbacks suppressed [ 359.516386][ T28] audit: type=1326 audit(1751982702.282:3596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe632b8e929 code=0x7ffc0000 [ 359.626208][ T28] audit: type=1326 audit(1751982702.282:3597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe632b8e929 code=0x7ffc0000 [ 359.718128][ T28] audit: type=1326 audit(1751982702.282:3598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe632b8e929 code=0x7ffc0000 [ 359.765503][ T28] audit: type=1326 audit(1751982702.282:3599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe632b8e929 code=0x7ffc0000 [ 359.798558][T13276] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2648'. [ 359.834434][ T28] audit: type=1326 audit(1751982702.282:3600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe632b8e929 code=0x7ffc0000 [ 359.934138][ T28] audit: type=1326 audit(1751982702.292:3601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe632b8e929 code=0x7ffc0000 [ 360.022012][ T28] audit: type=1326 audit(1751982702.292:3602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe632b8e929 code=0x7ffc0000 [ 360.148671][ T28] audit: type=1326 audit(1751982702.292:3603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe632b8e929 code=0x7ffc0000 [ 360.181680][ T28] audit: type=1326 audit(1751982702.292:3604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe632b8e929 code=0x7ffc0000 [ 360.204393][ T28] audit: type=1326 audit(1751982702.292:3605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe632b8e929 code=0x7ffc0000 [ 360.439781][ T5787] Bluetooth: hci1: command 0x0406 tx timeout [ 360.469149][T13288] loop3: detected capacity change from 0 to 512 [ 360.492076][T13288] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 360.516397][T13288] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.2651: iget: bad extended attribute block 1 [ 360.617249][T13288] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.2651: couldn't read orphan inode 15 (err -117) [ 360.705164][T13288] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 361.214338][T12347] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 361.375249][T13311] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 361.389667][T13309] IPVS: stopping master sync thread 13311 ... [ 361.420619][T13312] loop3: detected capacity change from 0 to 512 [ 361.434194][T13312] journal_path: Lookup failure for './file0/../file0' [ 361.471479][T13312] EXT4-fs: error: could not find journal device path [ 361.819423][T13328] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2664'. [ 361.852254][T13330] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2665'. [ 362.493128][T13348] loop2: detected capacity change from 0 to 1024 [ 362.566463][T13348] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 362.615664][T13348] ext4 filesystem being mounted at /67/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 362.616284][T13356] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2675'. [ 362.648858][T13348] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2673'. [ 362.682284][T13348] netlink: 'syz.2.2673': attribute type 1 has an invalid length. [ 362.725304][T13348] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2673'. [ 362.811550][T12579] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 363.565340][T13380] usb usb1: check_ctrlrecip: process 13380 (syz.1.2685) requesting ep 01 but needs 81 [ 363.610544][T13385] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2686'. [ 363.733151][T13390] loop1: detected capacity change from 0 to 764 [ 363.749440][T13393] loop3: detected capacity change from 0 to 512 [ 363.773605][T13393] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.2689: casefold flag without casefold feature [ 363.789514][T13396] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2691'. [ 363.803393][T13393] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.2689: couldn't read orphan inode 15 (err -117) [ 363.819122][T13393] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 364.834630][T13417] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2698'. [ 365.030587][T13422] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2700'. [ 365.462867][T12347] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 365.924818][T13445] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2709'. [ 365.978535][T13447] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2710'. [ 367.213776][T13481] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 367.881204][T13504] syz.0.2734[13504] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 367.881326][T13504] syz.0.2734[13504] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 367.895823][T13503] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2733'. [ 367.925436][T13503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2733'. [ 368.074144][T13509] atomic_op ffff88807cde0198 conn xmit_atomic 0000000000000000 [ 368.141005][T13517] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2740'. [ 368.270325][T13519] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2741'. [ 370.100075][T13550] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 371.748647][T13589] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2767'. [ 371.776424][T13588] loop2: detected capacity change from 0 to 1024 [ 371.797713][T13588] EXT4-fs: Ignoring removed nomblk_io_submit option [ 371.825779][T13591] atomic_op ffff88805aa77198 conn xmit_atomic 0000000000000000 [ 371.825935][T13588] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 371.890640][T13588] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 371.918082][T13588] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 372.009346][T12579] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 372.132030][T13611] loop2: detected capacity change from 0 to 128 [ 372.935290][T13620] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2779'. [ 372.971190][T13623] syz.0.2780[13623] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 372.971312][T13623] syz.0.2780[13623] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 373.213016][T13634] loop1: detected capacity change from 0 to 512 [ 373.235167][T13634] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 373.257425][T13634] EXT4-fs (loop1): 1 truncate cleaned up [ 373.264387][T13634] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 373.269267][T13636] loop3: detected capacity change from 0 to 256 [ 373.321055][T12787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 373.369570][T13641] loop0: detected capacity change from 0 to 512 [ 373.397355][T13641] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 373.517647][T13648] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2791'. [ 373.601991][T13641] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 373.626975][T13641] ext4 filesystem being mounted at /298/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 374.027743][T13654] EXT4-fs error (device loop0): __ext4_new_inode:1284: comm syz.0.2789: failed to insert inode 16: doubly allocated? [ 374.388047][T10247] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 374.454305][T13660] loop3: detected capacity change from 0 to 256 [ 374.484815][T13660] FAT-fs (loop3): Directory bread(block 64) failed [ 374.502557][T13660] FAT-fs (loop3): Directory bread(block 65) failed [ 374.525253][T13660] FAT-fs (loop3): Directory bread(block 66) failed [ 374.545672][T13660] FAT-fs (loop3): Directory bread(block 67) failed [ 374.569927][T13660] FAT-fs (loop3): Directory bread(block 68) failed [ 374.588498][T13660] FAT-fs (loop3): Directory bread(block 69) failed [ 374.607223][T13660] FAT-fs (loop3): Directory bread(block 70) failed [ 374.616520][T13660] FAT-fs (loop3): Directory bread(block 71) failed [ 374.640008][T13660] FAT-fs (loop3): Directory bread(block 72) failed [ 374.651272][T13660] FAT-fs (loop3): Directory bread(block 73) failed [ 375.063589][T13681] loop1: detected capacity change from 0 to 1024 [ 375.169973][T13681] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 375.183513][T13681] ext4 filesystem being mounted at /63/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 375.201265][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 375.201279][ T28] audit: type=1800 audit(1751982717.972:3628): pid=13681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2804" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 375.290827][T12787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 376.028765][ T28] audit: type=1326 audit(1751982718.802:3629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz.3.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 376.070220][T13698] loop1: detected capacity change from 0 to 512 [ 376.083512][T13698] EXT4-fs: Ignoring removed mblk_io_submit option [ 376.090230][ T28] audit: type=1326 audit(1751982718.802:3630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz.3.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 376.123143][T13698] EXT4-fs: Ignoring removed nomblk_io_submit option [ 376.131338][T13698] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 376.144740][T13698] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 376.153902][ T28] audit: type=1326 audit(1751982718.802:3631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz.3.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 376.182988][ T28] audit: type=1326 audit(1751982718.802:3632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz.3.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 376.232790][T13698] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4036: comm syz.1.2806: Allocating blocks 41-42 which overlap fs metadata [ 376.259464][T13706] loop0: detected capacity change from 0 to 512 [ 376.271164][T13698] Quota error (device loop1): write_blk: dquota write failed [ 376.287585][ T28] audit: type=1326 audit(1751982718.822:3633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz.3.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 376.322614][T13698] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5 [ 376.343652][T13698] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4036: comm syz.1.2806: Allocating blocks 41-42 which overlap fs metadata [ 376.367082][ T28] audit: type=1326 audit(1751982718.822:3634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz.3.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 376.430656][ T28] audit: type=1326 audit(1751982718.822:3635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13694 comm="syz.3.2808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7ff09f38e929 code=0x7ffc0000 [ 376.470878][T13706] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 376.503333][T13706] ext4 filesystem being mounted at /bus supports timestamps until 2038-01-19 (0x7fffffff) [ 376.523978][T13698] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.2806: Failed to acquire dquot type 1 [ 376.539917][T13706] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 376.546382][T13698] EXT4-fs error (device loop1): mb_free_blocks:1943: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 376.588076][T13698] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #12: comm syz.1.2806: corrupted inode contents [ 376.616130][T13698] EXT4-fs error (device loop1): ext4_dirty_inode:6106: inode #12: comm syz.1.2806: mark_inode_dirty error [ 376.629570][T13698] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #12: comm syz.1.2806: corrupted inode contents [ 376.644550][T13698] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #12: comm syz.1.2806: mark_inode_dirty error [ 376.696097][T13698] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #12: comm syz.1.2806: corrupted inode contents [ 376.722158][T13698] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 376.734854][T13698] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #12: comm syz.1.2806: corrupted inode contents [ 376.752767][T13698] EXT4-fs error (device loop1): ext4_truncate:4288: inode #12: comm syz.1.2806: mark_inode_dirty error [ 376.764525][T13698] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 376.779100][T13698] EXT4-fs (loop1): 1 truncate cleaned up [ 376.790462][T13698] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 376.914338][T12787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 376.978380][T13725] syz.3.2820[13725] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 376.978503][T13725] syz.3.2820[13725] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 377.776792][T13734] syz.1.2823[13734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 377.798162][T13734] syz.1.2823[13734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 377.830980][T13734] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 378.081449][T13747] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2827'. [ 378.189183][T13751] loop2: detected capacity change from 0 to 128 [ 378.197777][T13751] EXT4-fs: Ignoring removed nobh option [ 378.220637][T13751] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 378.236278][T13751] ext4 filesystem being mounted at /101/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 378.285218][T13751] syz.2.2831[13751] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 378.285344][T13751] syz.2.2831[13751] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 378.388473][T13751] EXT4-fs (loop2): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 ro. [ 378.463664][T12579] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 378.912611][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.933666][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.468082][T13776] Falling back ldisc for ttyS3. [ 379.529581][T13781] loop1: detected capacity change from 0 to 256 [ 379.555529][T13781] FAT-fs (loop1): bogus number of FAT sectors [ 379.562856][T13781] FAT-fs (loop1): Can't find a valid FAT filesystem [ 379.893381][T13792] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.704103][T13792] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.084654][T13792] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.120967][T13807] random: crng reseeded on system resumption [ 381.303283][T13792] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.493206][T13792] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.589076][T13822] loop3: detected capacity change from 0 to 512 [ 381.596592][T13822] EXT4-fs: Ignoring removed orlov option [ 381.602888][T13822] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 381.605671][T13792] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.642734][T13822] EXT4-fs (loop3): 1 orphan inode deleted [ 381.653138][T13822] EXT4-fs (loop3): 1 truncate cleaned up [ 381.660494][T13822] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 381.729729][T13830] program syz.0.2861 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 381.771563][T13792] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.843371][T13792] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.888923][T12347] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 382.670980][T13844] loop1: detected capacity change from 0 to 512 [ 382.719526][T13844] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 382.736705][T13844] ext4 filesystem being mounted at /78/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 382.918510][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 382.918523][ T28] audit: type=1326 audit(1751982725.692:3640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13856 comm="syz.0.2872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 383.001245][ T28] audit: type=1326 audit(1751982725.692:3641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13856 comm="syz.0.2872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 383.029058][T12787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 383.036921][T13860] loop2: detected capacity change from 0 to 8192 [ 383.275361][T13860] syz.2.2873: attempt to access beyond end of device [ 383.275361][T13860] loop2: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 383.308496][T13860] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1) [ 383.734814][T13860] FAT-fs (loop2): Filesystem has been set read-only [ 383.886258][T13860] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1) [ 383.945761][T13860] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1) [ 384.300197][T13880] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2879'. [ 384.409055][ T28] audit: type=1326 audit(1751982727.182:3642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13885 comm="syz.0.2883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 384.475092][ T28] audit: type=1326 audit(1751982727.212:3643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13885 comm="syz.0.2883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 384.589274][ T28] audit: type=1326 audit(1751982727.212:3644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13885 comm="syz.0.2883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 384.739645][ T28] audit: type=1326 audit(1751982727.212:3645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13885 comm="syz.0.2883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 384.852683][T13894] loop1: detected capacity change from 0 to 512 [ 384.901407][ T28] audit: type=1326 audit(1751982727.212:3646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13885 comm="syz.0.2883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f898778e929 code=0x7ffc0000 [ 384.916175][T13894] EXT4-fs: Ignoring removed i_version option [ 384.940852][T13894] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 385.002142][T13894] EXT4-fs (loop1): 1 truncate cleaned up [ 385.009156][T13904] loop2: detected capacity change from 0 to 1024 [ 385.017178][T13894] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 385.025936][T13904] EXT4-fs: Ignoring removed nobh option [ 385.073927][T13904] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 385.112410][T13894] [ 385.114784][T13894] ====================================================== [ 385.121807][T13894] WARNING: possible circular locking dependency detected [ 385.128842][T13894] 6.6.96-syzkaller #0 Not tainted [ 385.133868][T13894] ------------------------------------------------------ [ 385.140887][T13894] syz.1.2886/13894 is trying to acquire lock: [ 385.146952][T13894] ffff88805b394010 (&sb->s_type->i_mutex_key#8/1){+.+.}-{3:3}, at: ext4_xattr_inode_lookup_create+0x1917/0x1d80 [ 385.158832][T13894] [ 385.158832][T13894] but task is already holding lock: [ 385.166203][T13894] ffff88805b318288 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x15fa/0x1c90 [ 385.175546][T13894] [ 385.175546][T13894] which lock already depends on the new lock. [ 385.175546][T13894] [ 385.185962][T13894] [ 385.185962][T13894] the existing dependency chain (in reverse order) is: [ 385.194983][T13894] [ 385.194983][T13894] -> #1 (&ei->i_data_sem/3){++++}-{3:3}: [ 385.202840][T13894] down_write+0x97/0x1f0 [ 385.207619][T13894] ext4_xattr_inode_lookup_create+0x15fe/0x1d80 [ 385.214407][T13894] ext4_xattr_ibody_set+0x202/0x6a0 [ 385.220161][T13894] ext4_xattr_set_handle+0xaad/0x1290 [ 385.226084][T13894] ext4_xattr_set+0x22d/0x320 [ 385.231297][T13894] __vfs_setxattr+0x431/0x470 [ 385.236515][T13894] __vfs_setxattr_noperm+0x12d/0x5e0 [ 385.242340][T13894] vfs_setxattr+0x16c/0x2f0 [ 385.247379][T13894] path_setxattr+0x362/0x550 [ 385.252504][T13894] __x64_sys_setxattr+0xbb/0xd0 [ 385.257894][T13894] do_syscall_64+0x55/0xb0 [ 385.262846][T13894] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 385.269276][T13894] [ 385.269276][T13894] -> #0 (&sb->s_type->i_mutex_key#8/1){+.+.}-{3:3}: [ 385.278170][T13894] __lock_acquire+0x2ddb/0x7c80 [ 385.283562][T13894] lock_acquire+0x197/0x410 [ 385.288602][T13894] down_write+0x97/0x1f0 [ 385.293379][T13894] ext4_xattr_inode_lookup_create+0x1917/0x1d80 [ 385.300272][T13894] ext4_xattr_block_set+0x23e/0x32a0 [ 385.306091][T13894] ext4_expand_extra_isize_ea+0x10ea/0x19e0 [ 385.312519][T13894] __ext4_expand_extra_isize+0x306/0x400 [ 385.318699][T13894] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 385.324700][T13894] ext4_setattr+0x1673/0x1c90 [ 385.329915][T13894] notify_change+0xb0d/0xe10 [ 385.335046][T13894] do_truncate+0x19b/0x220 [ 385.339994][T13894] path_openat+0x298c/0x3190 [ 385.345203][T13894] do_filp_open+0x1c5/0x3d0 [ 385.350241][T13894] do_sys_openat2+0x12c/0x1c0 [ 385.355459][T13894] __x64_sys_openat+0x139/0x160 [ 385.360850][T13894] do_syscall_64+0x55/0xb0 [ 385.365802][T13894] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 385.372228][T13894] [ 385.372228][T13894] other info that might help us debug this: [ 385.372228][T13894] [ 385.375319][T13913] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2892'. [ 385.382444][T13894] Possible unsafe locking scenario: [ 385.382444][T13894] [ 385.382452][T13894] CPU0 CPU1 [ 385.382456][T13894] ---- ---- [ 385.382459][T13894] lock(&ei->i_data_sem/3); [ 385.382478][T13894] lock(&sb->s_type->i_mutex_key#8/1); [ 385.382499][T13894] lock(&ei->i_data_sem/3); [ 385.429243][T13894] lock(&sb->s_type->i_mutex_key#8/1); [ 385.434824][T13894] [ 385.434824][T13894] *** DEADLOCK *** [ 385.434824][T13894] [ 385.442977][T13894] 5 locks held by syz.1.2886/13894: [ 385.448180][T13894] #0: ffff88802cc6a418 (sb_writers#4){++++}-{0:0}, at: mnt_want_write+0x41/0x90 [ 385.457347][T13894] #1: ffff88805b318410 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: do_truncate+0x187/0x220 [ 385.467655][T13894] #2: ffff88805b3185a0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_setattr+0xef3/0x1c90 [ 385.469246][T13904] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 385.477842][T13894] #3: ffff88805b318288 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x15fa/0x1c90 [ 385.477894][T13894] #4: ffff88805b3180c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3dc/0x6e0 [ 385.477936][T13894] [ 385.477936][T13894] stack backtrace: [ 385.516235][T13894] CPU: 1 PID: 13894 Comm: syz.1.2886 Not tainted 6.6.96-syzkaller #0 [ 385.524316][T13894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 385.534387][T13894] Call Trace: [ 385.537688][T13894] [ 385.540633][T13894] dump_stack_lvl+0x16c/0x230 [ 385.545335][T13894] ? load_image+0x3b0/0x3b0 [ 385.549853][T13894] ? show_regs_print_info+0x20/0x20 [ 385.555076][T13894] ? print_circular_bug+0x12b/0x1a0 [ 385.560293][T13894] check_noncircular+0x2bd/0x3c0 [ 385.565253][T13894] ? print_deadlock_bug+0x5d0/0x5d0 [ 385.570478][T13894] ? lockdep_lock+0xe0/0x220 [ 385.575175][T13894] __lock_acquire+0x2ddb/0x7c80 [ 385.580061][T13894] ? verify_lock_unused+0x140/0x140 [ 385.585307][T13894] lock_acquire+0x197/0x410 [ 385.589825][T13894] ? ext4_xattr_inode_lookup_create+0x1917/0x1d80 [ 385.596270][T13894] ? __might_sleep+0xe0/0xe0 [ 385.600879][T13894] ? read_lock_is_recursive+0x20/0x20 [ 385.606271][T13894] ? dquot_free_inode+0x871/0xa00 [ 385.611316][T13894] ? ext4_mark_iloc_dirty+0x67c/0x1ca0 [ 385.616788][T13894] down_write+0x97/0x1f0 [ 385.621048][T13894] ? ext4_xattr_inode_lookup_create+0x1917/0x1d80 [ 385.627493][T13894] ? down_read_killable+0x340/0x340 [ 385.632727][T13894] ? ext4_get_dquots+0xd/0x20 [ 385.637423][T13894] ? dquot_drop+0x135/0x160 [ 385.641951][T13894] ext4_xattr_inode_lookup_create+0x1917/0x1d80 [ 385.648227][T13894] ? mark_lock+0x94/0x320 [ 385.652584][T13894] ? ext4_xattr_ibody_set+0x6a0/0x6a0 [ 385.657978][T13894] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 385.663976][T13894] ? lock_chain_count+0x20/0x20 [ 385.668850][T13894] ? ext4_xattr_block_set+0xd6/0x32a0 [ 385.674240][T13894] ext4_xattr_block_set+0x23e/0x32a0 [ 385.679545][T13894] ? __might_sleep+0xe0/0xe0 [ 385.684157][T13894] ? ext4_xattr_inode_get+0x1a9/0x310 [ 385.689560][T13894] ? __getblk_gfp+0x54/0x660 [ 385.694168][T13894] ? ext4_xattr_block_find+0x350/0x350 [ 385.699654][T13894] ? ext4_xattr_block_find+0x2d4/0x350 [ 385.705131][T13894] ext4_expand_extra_isize_ea+0x10ea/0x19e0 [ 385.711064][T13894] __ext4_expand_extra_isize+0x306/0x400 [ 385.716744][T13894] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 385.722231][T13894] ext4_setattr+0x1673/0x1c90 [ 385.726932][T13894] ? ext4_write_inode+0x550/0x550 [ 385.731971][T13894] notify_change+0xb0d/0xe10 [ 385.736585][T13894] do_truncate+0x19b/0x220 [ 385.741019][T13894] ? put_page_bootmem+0x2c0/0x2c0 [ 385.746063][T13894] ? apparmor_file_truncate+0x23f/0x2d0 [ 385.751634][T13894] ? ima_bprm_check+0x1f0/0x1f0 [ 385.756513][T13894] path_openat+0x298c/0x3190 [ 385.761130][T13894] ? do_filp_open+0x3d0/0x3d0 [ 385.765832][T13894] do_filp_open+0x1c5/0x3d0 [ 385.770365][T13894] ? vfs_tmpfile+0x490/0x490 [ 385.774989][T13894] ? _raw_spin_unlock+0x28/0x40 [ 385.779858][T13894] ? alloc_fd+0x58f/0x630 [ 385.784229][T13894] do_sys_openat2+0x12c/0x1c0 [ 385.788928][T13894] ? do_sys_open+0xe0/0xe0 [ 385.793582][T13894] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 385.799598][T13894] ? lock_chain_count+0x20/0x20 [ 385.804481][T13894] __x64_sys_openat+0x139/0x160 [ 385.809365][T13894] do_syscall_64+0x55/0xb0 [ 385.813804][T13894] ? clear_bhb_loop+0x40/0x90 [ 385.818501][T13894] ? clear_bhb_loop+0x40/0x90 [ 385.823196][T13894] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 385.829111][T13894] RIP: 0033:0x7fe632b8e929 [ 385.833545][T13894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.853153][T13894] RSP: 002b:00007fe6329ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 385.861555][T13894] RAX: ffffffffffffffda RBX: 00007fe632db5fa0 RCX: 00007fe632b8e929 [ 385.869518][T13894] RDX: 0000000000000242 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 385.877565][T13894] RBP: 00007fe632c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 385.885530][T13894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 385.893488][T13894] R13: 0000000000000000 R14: 00007fe632db5fa0 R15: 00007ffcfe421478 [ 385.901467][T13894] [ 385.919592][T12579] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 386.150573][T12787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.