last executing test programs: 54.637689085s ago: executing program 1 (id=62): r0 = socket(0x10, 0x803, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) (async) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x3c, 0x0, 0x0) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000106a053103000000000001090224000100008000090400101c0300010009210000000122f80409058103"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_connect$uac2(0x4, 0x8b, &(0x7f00000004c0)=ANY=[@ANYBLOB="120110010000002099045c1040000102030109027900030104c00a080b000201012007090400000001012000092401010004090009090401000001022000090401010101022000102401064a0202100000c30100010001090501094000080106082501820308a7060904020000010220000904020101010220001e058209ff03070cff0825010130400900c344dafa31c21598243b2fcb505f1b3e9f403a0391c008bd77c429514e6b307d5b84834f369de63d5a445dd25c08454f1756ee48aeb3b4392a678bf51bc2c94a12f882b01da2a4b69fd21638b8776384841db2"], 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) (async) ioctl$int_in(r1, 0x40000000af01, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PANTHOR_VM_CREATE(r4, 0xc0106441, &(0x7f0000000080)={0x0, 0x0, 0xfffffffffffffff8}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000600)) (async) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000600)) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockname$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000200)=0x1c) sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x401, 0x1, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x4}, @IFLA_BOND_DOWNDELAY={0x8, 0x5, 0x3}]}}}]}, 0x44}}, 0x800) (async) sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x401, 0x1, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x4}, @IFLA_BOND_DOWNDELAY={0x8, 0x5, 0x3}]}}}]}, 0x44}}, 0x800) r6 = dup(r0) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x1, r6}) (async) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x1, r6}) 53.845510282s ago: executing program 1 (id=70): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x1bd) r1 = socket$inet(0xa, 0x801, 0x84) mount$9p_fd(0x200000000000000, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x9, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 53.724122854s ago: executing program 1 (id=73): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xc, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x100000}, [@ldst={0x3, 0x2, 0x3, 0x1, 0x0, 0x37}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 53.680056416s ago: executing program 1 (id=75): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000180)='./bus\x00', 0x2000804, &(0x7f00000011c0)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c726f6469722c73686f72746e616d653d77696e39352c73686f72746e616d653d77696ec6aa2c726f6469722c757466383d302c73686f72746e616d653d77696e6e742c73686f72746e616d653d77696e39352c636865636b3d6e6ff26d616c2c636f6465706167653d3836362c757466383d312c6e6f6e756d7461696c3d302c726f6469722c73686f72746e616d653d6c6f7765722c757466383d302c73686f72746e616d653d77696e6e742c008ad9ed384aa5a8f95937b36e2c5d5af036f55b33661dbf329138c803bc71b1a89fc2ea13b5dcd7ac1cc3cc45cfaa56b91dca6cfb0446d6e782ec10098a7b5c8ef3ce4fdf1d53d1f11903b5558eb393785b9f5a28ad3b3510a47ab7ce4d8583c96330ca3367f3f1831d4738f6c12e248089202ebd4f61f824058d828f03055fb3382fa6accb6c055b7601d6e88a700de8434910036debcdf0b83e3c327a9356f2b4c2b088c78097c4d8076c050000001af449f843428ecc9b8b06cff85de7ffe8730a9b8c7e5d6ceb97a6a88e01bf2d2f078e68b7cc70b7b40ff1d86add266f4732bdf88bbf5bfd4c64133f50b00b1495"], 0x1, 0x289, &(0x7f00000001c0)="$eJzs3c1qA1UUAOAzzaRJdJEsXInQAV24Kq1P0CIVxIKgZKEutNgUpAmFFgJVMXblE7hx6/O4EV/AB1Dc2YU4ks7kTyctkbQp+n2bHs69J/fM3KHtZm4+eWVwfnpxdXbz5c/RbCaxdRAHcZtEJ7Zi4uuo9NOv1XkA4Jm7zfP4LS80itT14oz6ksp069GbAwAexfzf/033AgA8jfc/+PCdw+Pjo/eyrBkx+GbYTaL4WYwfnsVn0Y9e7EU7/ojIp4r4rbePjyLNxjrx2mA07I4rBx//UH7+4S8Rd/X70Y5Odf1+VpirHw279XihXP+gH713v492vFRd/8as/jYv66O7Ha+/Otf/brTjx0/jIvpxGsX/OpP6r/az7M3829+/+GicHdcno2G3EacLdyqvPfXeAAAAAAAAAAAAAAAAAAAAAADw37WbTXUWz9+ZHPx/z/g95wON5s7n2cuyLE+K+bP6NF5OI93ktQMAAAAAAAAAAAAAAAAAAMBzcXX9+flJv9+7XGswea2/Yij+XMw0ImLJ56QPr7WzaodRK1vrJxGrXVc9GneVD0+urXjHWuN+epdJGuvbgmSaac0P7USx1jjTKoK5zGpLfPfPjWvGXTB5us5PkmWbOwmaVQ/JGoK84vGrLa3a/numVV5BxeTWPatvv/ives7bS4aSiKhPb2Y51KqeXF/vPXy630EAAAAAAAAAAAAAAAAAAEBh9tJvxeDNBhoCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA2Yff//CsGoLF42J6+NgzTKzIYvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+BvwIAAP//XAxp4w==") prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x3c5382, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(r1, 0x800454cf, 0x9030a04b7f0000) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x408) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, 0x0) syz_open_dev$ndb(0x0, 0x0, 0x200) socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x4000, &(0x7f0000002000)=ANY=[@ANYBLOB="757466383d312c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d77696e39352c000f3556feecb6412e00c80bdee16891f8bf67c9f201996782a86d4bab33b4f23383380e4ccafc9da9def41b05c1dfb2cfa24e43aedf5536d3bce06ddda97c586bc37fab5366b1ab6fee95cc224e56e681e82dd4dbbde3785fdd0fc4e7df753a0e2658aa5e88e1d38366c7908a7b2b678ee4b4bfc7aafa2101c157745926241af5ac30189eced78c1611b972d03bfef046f4adcada230ef0ac02ede79fb7d92a8354670c01cb80361c1fde2cef3204a182323c318e10ef11cb24c435d589b17a396377800f"], 0x1, 0x21b, &(0x7f0000000480)="$eJzs2j+LHGUcB/DfnJHEC5dd8R8JiA9aqM2Q3doihyQgLiiaFaIgmXizuuy4e+wsBytirtLWl2AtlnaCpLS5xldgYXfNlSnEkWRjcnesxSHein4+zXzhmS88D8/w8BSz/9rXn44GdT4oZrGWZbF2JXbjbhbtWIs/7carL9/46fl3b7z/5mavd/WdlK5tXu90U0oXXvjxg8+/e/HO7Px731/44WzstT/cP+j+uvfs3sX9369/MqzTsE7jySwV6dZkMituVWXaGtajPKW3q7KoyzQc1+X0yPigmmxvz1Mx3tpY356WdZ2K8TyNynmaTdJsOk/Fx8VwnPI8Txvrwd/R//Zu08RB8/jNaJrmiW/i/J3Y+CVakT2ZsqeuZM/czJ7bzS4eNE1r1VPlH2H//98OHernIqqvdvo7/cVzMb45iGFUUcblaMVvce8zeWCRr73Ru3o53deOL6vbD/q3d/qPHe13ohXt5f3Oop+O9s/G+uF+N1rx9PJ+d2n/XLzy0qF+Hq34+aOYRBVbca/7qP9FJ6XX3+od61+6/x4AwH9Nnh5aen/L878aX/RPcD88dr86E5fOrHbtRNTzz0ZFVZVTQRCEh2HVJxOn4dGmr3omAAAAAAAAAAAAnMRp/E646jUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/bn8EAAD//xrx1cI=") prlimit64(0x0, 0xc, &(0x7f0000001180)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x5, 0x0, 0x0) clock_gettime(0x0, &(0x7f00000005c0)={0x0, 0x0}) r4 = syz_io_uring_setup(0x832, &(0x7f00000001c0)={0x0, 0x0, 0x8, 0x1, 0x21f}, &(0x7f0000000140), &(0x7f0000000080), &(0x7f0000000000)) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="03", 0x1}], 0x1, 0x0, 0x0, 0x4008094}], 0x1, 0x40800) openat(r4, &(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x569882, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000040)=@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40084}, 0x1) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$setregset(0x4205, r5, 0x402, &(0x7f0000000000)={0x0}) ppoll(&(0x7f0000000580)=[{0xffffffffffffffff, 0x8}, {r0, 0x528}], 0x2, &(0x7f0000000600)={r2, r3+10000000}, 0x0, 0x0) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0) preadv(r6, &(0x7f00000041c0)=[{&(0x7f0000001040)=""/102, 0x5}], 0x2, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) r8 = dup(r7) write$UHID_INPUT(r8, &(0x7f0000000000)={0x17, {"a2e3ad214fc752f91b5d0a3087f70e06d038e7ff7fc6e5539b326d078b089b0708385d090890e0878f0e1ac6e70a9b334a959b689a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31320d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85824056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f5d6d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9ef6d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ca4d24ad92f243941ed274f12a29ff962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9b97474a5966a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741258c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a941f0000005f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39e3313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb9957697c9ede7885d94ffb0759be0daf60a842b09eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f49013a3a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0xfffffd93}}, 0x1006) 53.550806744s ago: executing program 1 (id=82): r0 = socket(0x400000000010, 0x3, 0x0) write(r0, &(0x7f0000000040)="0f03000019002551075c0165ff0ffc02802000030011000500e1000cee2003001a000000", 0x33a) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000940)={&(0x7f0000000000), 0xc, &(0x7f0000000900)={&(0x7f0000000d80)=ANY=[@ANYBLOB="00400400695c26cdeb6f35e2fb857fad22b88f4ad9f2dcbb7af0e48241b2bb3f686e7df7b17ac0b65bfea448c196075b0dba8e926861663ef0e0023c4b2a643c03067234d5d2d85eabff0dc35ec5e7aeaf45efaa0591c86d7621cd9c12b4cf5ee7", @ANYRES16=0x0, @ANYBLOB="000326bd7000fddbdf2516000000800002804400038008000100000000000800010006000000080001000200000008000100dca0855f08000200010100000800010000000000080001000800000008000200070000000800020007000000040004002c000380080002000800000008000100ff030000080002008e080000080001000700000008000200ffff0000940004801c0007800800030093030000080003000100008008000400500900000900010073797a31000000001300010062726f6164636173742d6c696e6b00000900010073797a310000000034000780080001001000000008000100090000000800040005000000080001000f0000000800040000010000080001001f0000001300010062726f6164636173742d6c696e6b00004c0005801c0002800800040006000000080001001c0000000800030005000000080001007564700007000100696200001c000280080003000900000008000400ff07000008000200060000004000048024000780080001000f0000000800040000000000080003000900000008000200010000000c00078008000300010000000c00078008000400e54b465a34020680b5000300a4187e2cdc1f6f484b5b29fab8579b7dfcb12074f7376f5e061fc876cb287ab713189e1879cdd5b28510e42494b99003ce90f713b4e3546f20426a13026addb5142516dcdb4fc2a57d286a4842c5b8cdfbe8d05415d43f05c34168ba4c06dfd6dfe08f53e89c4af69d64859653cebadad0ba46284eb83b0177d19cbcf35b0e30196f07bf4daf2166c67f25d41c2cb284a681792d2a4ae48e464595a9d9523fa249418de954bf2c8f50627677dbc7c94adc0000004600040067636d28616573290000000000000000000000000000000000000000000000001e000000489e5a21f607dcbcb46cd7e44156c7e1b8ab4d3033809de7f67eb24f55a3000008000100ff0f00004700040067636d28616573290000000000000000000000000000000000000000000000001f0000005227dfed01157628a34b503dd6c6d3696035ee5f238e7b6475aec6d2ea33fe00d6000300bc7293a7170fd2c20e4ec57eb0627664014708c2b9fb6b8b388b37c8a19052e41637f4de8026e20d2f2027258b57f887cc197738d94b0107cfc97f2518decd35fa35cdb717714932285cc8a8874e9b4c5f5a5d7e2afb2023674b5600f2c63f3bcb1ab20567a63d70fec2214e2b63c5880ee06026d7d94594c6ed9766aff022ab2c9a6d875c1a99804fc204eda035cdb2b13ae73b3505b30f97e2748666b45f928e9c685e92236b64613fc22b4238a133ead44c4012ae02ee6931a08e36082dd2ed022d1584293d45398e9e8aa9bbfb2a9f6e000004000200040002000c000380080001000100000004000580"], 0x3f8}, 0x1, 0x0, 0x0, 0x800}, 0x80) socket$can_bcm(0x1d, 0x2, 0x2) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000009000000010001000900000001"], 0x50) socket$packet(0x11, 0x3, 0x300) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)={0x18, 0x7a, 0x601, 0x0, 0x1, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x00\x00\x00'}]}, 0x18}], 0x1}, 0x0) 53.217708345s ago: executing program 1 (id=91): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, r1, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x200400c4) r2 = memfd_create(&(0x7f0000000040)='\x02A\xbb\xcc\x96\x0e\x00\x00\x00\x00\x00\x00', 0x6) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000300)=0x14) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f0000000340)={0x1d, r4, 0x3, {0x1, 0xf0, 0x4}, 0xff}, 0x18, &(0x7f0000001380)={&(0x7f0000000380)="36f86b1489ed7e769db8bba6af11b962046c4fa706522ffd50acd8121afbd687ca002f30bd55d97dcee6f928ab2c6d47012f6cb41e11516040d07dcedbb6040de61e7fdb31eb95a355b07590f23e947ff1f6960cfc41a0c19e923642b55f955b68bf3271672a3c0b0ef685057308a9bb336d52c8e3643a4f13ce1ac6f4684035d2939c64558273aeb23fa4ce70af27ad751bbaf9e9d3c93b58c764654f7624d71e5c9cee3794e776b538f0e202fbdeb99f7d79334fad02fcc6cdce3ff3037dda1924ab5bb2d561ccd47da4a93be7d42f726f4077f1375c89c7ffe3feab7e64efab3a55dd6fb563cd3110d3a9f1479cf36da4cf1cb838b77950557f853bf2c570ffd433b205420ce57cd79affa35114e0efbc2c448974efd9a9c780974d5eb83dce887f642b0c83bc0e9a61ef7093647bfc90dfadaff6d8b813ade216aa005f8dac4f6199cc91188c95eba947aa194e600bf77dd3ab17dfa0f72d0903985e9cec196dbf83c42b3f2fa936f32bef517c5fb6f831c9896c048f81d83d5f8b2eb47f672569c7358b418aebb32d382d96250a13c8addf936378029ee24babfb75c6226f743436e4222dacc17226086a223af7413f793ebb16ecebf1fc40d828f5ce2d1087a84d279350599820f73b9485024da9eee7f204dbfbaad3499d9c49ac0ad4dbc8618d22f75d5925cb77f9d410a90a3a5d8013475c56eacf9767a4aabb63b2de4ebe11f60954c82cbacc1b240a514dd3030221c28b858374a76cf21b4a3e2c2bad80ee0f457c1f7fc68d1241c90a628c0bf35efa44361d586c0ec800fd65894318c5370bbcf5c1db847a27e154dcf36151921897f4471b9e80fa69ad80998559770c07c1298e7d59b2d3b81551c0a1586915c5d5f42890db81490e27c6d8465fe628ef1f63ead2767a00e98bf976b5afd4d988d886eb815a688109ee32a40c2992a4deca2906cdb213733eea90f4b8180681307884e3cb3ef7b5dc67007da2b773b1e068f821fbe27601b4e0d2b0029b634f8cb161e36428b3e6eca3d4bad5e045533c757889adea77170d4b705a7ff095c14b61eb33b5218931c66ff9e8c767d64cb8a82fd30b23bf7a699f8874032f57820ebff9061a96fbfabf1fa2e56b727e5eb4f724575a001850a7d9ef79b09c6b2572266bce431f62c53991a6b8b59ce2e863135d11672d2b16000f9df0d22d13357d6fc33646175b0ab519a7c4dbc89503975aa4d9c4f3397f9ebbc160884285bb957bb1033744da4a2117cd8f8f2ad7cd40d159b1372a3c71b9a28b42d4d73e93d8e6f71bfe805890abe9eb862205106da51af113816d03b02c223d92b003a6664ff6aacafdfbbc170c9c877c0d25d889465bb7b48c013223a42de35f349be93d3b4d6d87a2d41fd68de395521827052a8517f3ebce1856eb1482c8dfcd9d8e24e69fed7a2790362213821193c9f325cca66d8e98f52847919be8a9f12a06e01507ce941ac4086497a25f6eb6858bd8a5a9a10f539f3a8e368e4522ef8e595970628ff2ce2aa39eb59a54e3c45579fdf9476a83c5f30f965c994a3ab1f3131df62fbf6a48e0fe95cfc1bb7350cf21ec242b87c38b6200e3772fbf6af497decab6c623e0274e6b5f2b9be9f9ed8c36c273cbdbf7d082fdd1ed8bea22301c9a1d35c885087709a4390571b6071485ec9c759e95dbb9f783fa7f72ffc5dee8739728059a620cb102686d5dadbcc2eb2710ad2778842723b0ce752c5d5c28d4773b9e5f3a84488f0e4b414a6b062abe1bc3d95c9e373ffd1dd5086186594a01ed018e020b03744637995fda4627d50860426def10a6bb2d3b04740ca376caaccf7556442b515ad7ecdd24f99c664ca89db8c17efff090fc3b09197874107052e8da64560a84747b52217ada63fff7d0d3ac96e5db19a0b9a2bbab000aae63b5eb3a495a339e38e67d405ccb93320118ca60d69e5f92766c9f79fe6f4a30777f27a3fae3248ede225efba296d1a4d666163d7fadea7b3a2767bc06048b63aa89f75b359937a93bf0e4c30a7e32a3d8ccfe82804925966fa435ba39140ea7da4298211ae562cb21d0538db09919c3a0a67d772f83a9742600eb8206281f0d450471e3a628d87cbb6bfdfaef8cfaedec52ac457c70b9ecbb72cc7f04e3d5addb01fdae9cbf53ba36c056ae80f14c0c7b50115ba7a8f41f84e14ae8c58217d9d7d8afc6916399daa3b6e9521011942084ef8559bbb2fcdfdd5c09108252dcfb9be792daf30eeb8792651c1296fc0dc7289858125f7c4af5538cd13e35fda342cd955ef89335d3554131f0c5ce2e129e7856dab7e1b6e8cb93602e0fdc4575845c08f9df67a43379577ed0371b5edd00b50258cc4c9cf3772d18b09589e7b8c1332fc0869f0ea0b9a6dec51c565ae850b82387f0a2a01dfc9d4a86405d54b8e396eceaf4b240b36e776e3a057bf5885e77fb2fbd4da2a9ed2e22b3cabc70040e5b7f71333d5263d0c3915f161def220d997bc7e4af8120a9feb93dea86daaf2a098670e10d017830f55facd1f1bbeaea33c79e734d319a0cb1b9bbd6207fb72bf4efe73a61420a00d08749b746723edac5ffe95ced0ae8c1fd53855f7f6e6ebcf5fc2b23b9f536446eeca74a5aed5807b9b6ab6b3691462b84af3b25731c5558c8169ae6156b7fbe3c8b2531187b24784b2dd7cbe8a3db8e827c3564d272a5dc4b47cc31fb0d0742a2803e530878acc22dfac0ba5d6795c3769387e9b0906e4e539edcbd23572167f380392a6fece7b09106dc566c7a2840724899711c61094b05a35dd04bd63e55e31b8be20cf087bafb614cc09211d329da17e73974c625ffde9f9f29a1723187108c1d55608d14da7571bdf0e127cd9ef82a4d661ba853cc9791d7fd7ee62b5b99e37d4769b87e87f60708f12a3398e7d52b19e6e50062c52dcce9b958affdbcdc05476b6f3a4358d2716616bd0ab73101bb0950e0658083df36e38f85c686a42cfb4e75ec7a5c5a0fa141a79372e2f1b73a6bab2e309b3309b765482a8a4c7debdb5ebb17c029d1a8d972418f0a8a04a08673ebb33055fc51faf4682f827e7f446ccf467666932accd0a187e3f7ece59eac91c1a5e57347aabfd4b4c949ee272993a51ee5be5797e7abb13c396d4c74f4c5be6f27132fb446efff708c3fd06971620d68a02fff81a2e05a3f8733a1d2b6112a67288274e4c2f540b365c58b2ba8ab4f039752c6db01376becc594ea5ea0c022a73d194e470a36f85cff82e0737cbe47a4c004f90bef1e827a9d9be2c8a62023da9c229b1473e1fcba32dea10f550f3095db6d5edac05c89375c029d2bdf90cf03db73499ed843a5a36921db7ac360d2264003721affa71b9211a56f845d6ae6d44f9ba465e080834ea80ca3d850640c5d66181acefba72ab279c597fe36a6b17e3bcfec1ec09014d3849a0a5b8bea3eb95ef20b1afc3b57e27317437cd3c9cc4fb5e4228826f7f35a7d193c5bd146f6ebaffeed2dfe562a0b46107473d764b9193b3b1720ad8192c6a8b92c88ff1af6d6eb4c8b7be21ebbe71468cd53e5a7c7dfdb450b4bc96e11564c8f764453f56533e0d444a1de83b09e1afa8902be3094009406a01a7adef48f43e7fcdddedaea929324cae04ee78c65d727c253bc16306405c94ffeae4defcd50dcf1c5e3310330ca24dc9775c0a18fcc05087c273c48a55b016d3d7960862aa98d8aadb8fce62f91f04ebf10953387cb37c0d4a411c6eecf93cf0aabd7a599783c010967dbb2508dcd229b6de971ae8140f478036a4af15dc9dd489ae5618362768174037d1120b97f27be8f26a7d2dd3bcb0c17953b1f1fdf76eb50e0cadca8f9bc7077223eb8c9113f3229679e87cd5f0af3963df1241c4a31f6e5639e5595928d5f4e3520d1da650cc0fa20c221d132bdcd0f7305aa074048dd75d787ea6992e712bfb4ee3e456e6fd81b6af5f44e397515f0e4b60a19541cef61b33779e80922b295644e7abfeb9d87c52b1b2dfc905bf1a39c4a12a5c3d910d04d5718a4a89034b5c97fd093054bf2de098c7600f2aea8d70e992bb23f089f8db67406555731b0277640e0f722dd6e74e54c4cbf94eb2b6ddaa32349e03758f508f23309abab3d93ecb587f2c89ebf292e5142355b04a7298bb54e7229e2967c69a4a48c2250498834ff265fbba39ea4241cbd86ffa26104d281ed94031eff0135ca10f4b9b58e6ce9bb7b2292f976936b72dc81187d19da5ef78e536d7620b2acb5479370375a57a29a583d37192d9e0f15181a2c90c406ffb45ba0c683cc500ef346bbdc8e49b84d2c649d125a4518ccb9fa02ad0ebbdc8c03a32368f695cf0fc5720d8a95465be7cf650806821a468cbe7d8a5c7cf9164f7e8ab6d60c4b0957f2c3e629195b0b9a73355e313ebc2f8b356b8172fb75dc7da95a169f501460f05fd9067736029d3c427afff7e1e7223d558f00df59f0e0bc77d4e6983d574d69748f33bc72ca05586c374813c0863f826dca5accff6754c350ba5142c74d0c18fba11f2721e8d92cbb80734fc158571df971aa949f7886d1d95b27cdf91cff2b4fc64a10ad5a5dea0213dde2c32e9435bd9648b48e5a9f33d88b0ef29ca54d3805eb188221e5f58cae845c7608e30a245a368887e93ac5a294f7211b7fb413ff93778f9ca0934117206edbc78513f3f7e0d18286e8a5def36c4c4313feab25e3a962f3be1d85de1a44ccb5629b1ffd6e9692d2187e2c844d0cebb03afd677de4e1530f17bcca2f362058efc296066bcc79c3f6a4f628cf11457a76a70fb393b6769efd6885bb2acabcefc885776b7e56e4ae137b8c27e654475bce1ce6429a5ab73d982291ef542f3736c083200282689671208fad15664f6b12fa212490d4979b1272ea01b531d394e3bf9c34a656998ffc94cecff9f773576ebf7cee4e0fcb244ec8db44c6eec6b1d17e053b6d014b770e5a363b1a35010e4bf3153ab8378668c742f4f2214655baca54adb1c5d39e7b3b471d2a4a70aadb20ad3e0d854daec8e759d9d1716ec5c8f4b3c4ba24d82fbd197731fda466c304b472f9c78748be08d48a3715548f9a6e8fde3d89911698bf2b7a71d8f8e4d5a9973a2c834dccb2b62a020973d6ce1fa54a22c9689b7793fdfc80a0dbc2c9e492c01f738fe6145e12349f84edae76fc75e28dd0ec27804db1784b0b2461472e6ddf58bf1b477a43c9f238a8c2e80eb5b9506250362ccf58d84199141ca83fd2b9ed0ccccf295a752b7d9a39ebb8afda85ca4438de531c09021c856e60dd32db2dab830fb09596b6739573cbd06d3539ed5765a163118b645a252d22cb2583659a976abb5c88d676dbaacbcc004173a239565fb49b7a3ba550c393415b46e5960f0b0c1cfbbedecf409a62680504762c2a4f6f6f9764a3461f727bf85158434820efc1ade1b94f28f6082a248c5b8f68d6e19635285bbc065551891991b58767267d817be3d7c91c83d7ae9b56cd849259050e430f8d7226e93eb2ec4438786317c665a27e7b9b0a0b8c9920341ddae9536d88a48683def52f95bb8729cca1e248b9f68b7c120a2aafa5376991027c8bfb2341f3df18b611d59b0ab7d447351ba16a8a5fb8b411b0ace85855de4cdf5f2ba9b0a2d23af5d43821229061bac9f454fb7153ec710a92a8ff850a298aa7efcaf631fb7b2fec7b64861100f2b6c17d94bc734ce4fe6b42a2f248bf122054ba9b5a1b8bbedff06de7fb3978e26790deb4347884457011d6b7c3ae95f68d197a7acfa841c251586dcbd4683161fc77ce9aeacb5ebda62fc795e84dc0bf3f1ff41a9ef4fd1be305c6", 0x1000}, 0x1, 0x0, 0x0, 0x4000014}, 0x20000000) pwritev(r2, &(0x7f00000001c0)=[{&(0x7f0000000080)}, {&(0x7f00000000c0)="861e3532cac862d75f4e72f3b6513bf1d67d8814b1ee7caa2adcee83678d52356c28aaaabd1bd57c67de0cba9c485784e751479106147ea690b8878557f4b92d7591ccc0cf3de0e5ecbb73ff8f06a104d6ceb40776384b7ce08c669c7e080083e0596b526c5c146fadfac623415f0cc38a0dbcc5d588149490ae0a6f8533d974ea025a3229c7dca6afa6846c8313148405318c1149b5175d7868a474c5de7d7e3883de95dffb1d8254331f644e312c1772073b35abd8cadc3d975bfe115e53cfe6f30b53d7588e076b5e579a7cc9ecb82efe8fe89761f5ac9b1cc95b8f72971705d95276ca47da86baabd5acf1fb746da8dc4f9c9f5e1d", 0xf7}], 0x2, 0x0, 0x5) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="240000001800010600000000000000001c140000fe000001000000000800010000000a007b4608e845f3d34f57e72bd3f344a2579c5a296c5492ffcfced4c346a9292549067420f7a0712200ac56f24daa0525fd9c037716d5652aa54bb246bd6aeda186026657d001ca1c15ebe01a41d9511b10b369769b9ece5f8862032dee108543768f2b94571ca7ec184b"], 0x24}, 0x1, 0x0, 0x0, 0x4009}, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3000002, 0x4004012, r2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000016000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000001680), 0x80, 0x0) ioctl$TIOCGSERIAL(r6, 0x541e, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=""/164}) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001840), r0) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000001900)={&(0x7f0000001800)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000018c0)={&(0x7f0000001880)={0x38, r7, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x22}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000050) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100febffffffcdbdf250100"], 0x48}, 0x1, 0x0, 0x0, 0x40040000}, 0x20000000) socketpair(0x3, 0x800, 0x35, &(0x7f0000001480)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000014c0)={0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001500)={0xffffffffffffffff}) r12 = pidfd_getfd(r2, r10, 0x0) sendmsg$NBD_CMD_STATUS(r5, &(0x7f0000001640)={&(0x7f0000001540)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001600)={&(0x7f0000001940)={0xa0, r9, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_SOCKETS={0x28, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r12}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r10}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r11}}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x800000000000004}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x3}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x101}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1000}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x101c00000000000}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4040080}, 0x40001) 53.172382387s ago: executing program 32 (id=91): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, r1, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x200400c4) r2 = memfd_create(&(0x7f0000000040)='\x02A\xbb\xcc\x96\x0e\x00\x00\x00\x00\x00\x00', 0x6) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000300)=0x14) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f0000000340)={0x1d, r4, 0x3, {0x1, 0xf0, 0x4}, 0xff}, 0x18, &(0x7f0000001380)={&(0x7f0000000380)="36f86b1489ed7e769db8bba6af11b962046c4fa706522ffd50acd8121afbd687ca002f30bd55d97dcee6f928ab2c6d47012f6cb41e11516040d07dcedbb6040de61e7fdb31eb95a355b07590f23e947ff1f6960cfc41a0c19e923642b55f955b68bf3271672a3c0b0ef685057308a9bb336d52c8e3643a4f13ce1ac6f4684035d2939c64558273aeb23fa4ce70af27ad751bbaf9e9d3c93b58c764654f7624d71e5c9cee3794e776b538f0e202fbdeb99f7d79334fad02fcc6cdce3ff3037dda1924ab5bb2d561ccd47da4a93be7d42f726f4077f1375c89c7ffe3feab7e64efab3a55dd6fb563cd3110d3a9f1479cf36da4cf1cb838b77950557f853bf2c570ffd433b205420ce57cd79affa35114e0efbc2c448974efd9a9c780974d5eb83dce887f642b0c83bc0e9a61ef7093647bfc90dfadaff6d8b813ade216aa005f8dac4f6199cc91188c95eba947aa194e600bf77dd3ab17dfa0f72d0903985e9cec196dbf83c42b3f2fa936f32bef517c5fb6f831c9896c048f81d83d5f8b2eb47f672569c7358b418aebb32d382d96250a13c8addf936378029ee24babfb75c6226f743436e4222dacc17226086a223af7413f793ebb16ecebf1fc40d828f5ce2d1087a84d279350599820f73b9485024da9eee7f204dbfbaad3499d9c49ac0ad4dbc8618d22f75d5925cb77f9d410a90a3a5d8013475c56eacf9767a4aabb63b2de4ebe11f60954c82cbacc1b240a514dd3030221c28b858374a76cf21b4a3e2c2bad80ee0f457c1f7fc68d1241c90a628c0bf35efa44361d586c0ec800fd65894318c5370bbcf5c1db847a27e154dcf36151921897f4471b9e80fa69ad80998559770c07c1298e7d59b2d3b81551c0a1586915c5d5f42890db81490e27c6d8465fe628ef1f63ead2767a00e98bf976b5afd4d988d886eb815a688109ee32a40c2992a4deca2906cdb213733eea90f4b8180681307884e3cb3ef7b5dc67007da2b773b1e068f821fbe27601b4e0d2b0029b634f8cb161e36428b3e6eca3d4bad5e045533c757889adea77170d4b705a7ff095c14b61eb33b5218931c66ff9e8c767d64cb8a82fd30b23bf7a699f8874032f57820ebff9061a96fbfabf1fa2e56b727e5eb4f724575a001850a7d9ef79b09c6b2572266bce431f62c53991a6b8b59ce2e863135d11672d2b16000f9df0d22d13357d6fc33646175b0ab519a7c4dbc89503975aa4d9c4f3397f9ebbc160884285bb957bb1033744da4a2117cd8f8f2ad7cd40d159b1372a3c71b9a28b42d4d73e93d8e6f71bfe805890abe9eb862205106da51af113816d03b02c223d92b003a6664ff6aacafdfbbc170c9c877c0d25d889465bb7b48c013223a42de35f349be93d3b4d6d87a2d41fd68de395521827052a8517f3ebce1856eb1482c8dfcd9d8e24e69fed7a2790362213821193c9f325cca66d8e98f52847919be8a9f12a06e01507ce941ac4086497a25f6eb6858bd8a5a9a10f539f3a8e368e4522ef8e595970628ff2ce2aa39eb59a54e3c45579fdf9476a83c5f30f965c994a3ab1f3131df62fbf6a48e0fe95cfc1bb7350cf21ec242b87c38b6200e3772fbf6af497decab6c623e0274e6b5f2b9be9f9ed8c36c273cbdbf7d082fdd1ed8bea22301c9a1d35c885087709a4390571b6071485ec9c759e95dbb9f783fa7f72ffc5dee8739728059a620cb102686d5dadbcc2eb2710ad2778842723b0ce752c5d5c28d4773b9e5f3a84488f0e4b414a6b062abe1bc3d95c9e373ffd1dd5086186594a01ed018e020b03744637995fda4627d50860426def10a6bb2d3b04740ca376caaccf7556442b515ad7ecdd24f99c664ca89db8c17efff090fc3b09197874107052e8da64560a84747b52217ada63fff7d0d3ac96e5db19a0b9a2bbab000aae63b5eb3a495a339e38e67d405ccb93320118ca60d69e5f92766c9f79fe6f4a30777f27a3fae3248ede225efba296d1a4d666163d7fadea7b3a2767bc06048b63aa89f75b359937a93bf0e4c30a7e32a3d8ccfe82804925966fa435ba39140ea7da4298211ae562cb21d0538db09919c3a0a67d772f83a9742600eb8206281f0d450471e3a628d87cbb6bfdfaef8cfaedec52ac457c70b9ecbb72cc7f04e3d5addb01fdae9cbf53ba36c056ae80f14c0c7b50115ba7a8f41f84e14ae8c58217d9d7d8afc6916399daa3b6e9521011942084ef8559bbb2fcdfdd5c09108252dcfb9be792daf30eeb8792651c1296fc0dc7289858125f7c4af5538cd13e35fda342cd955ef89335d3554131f0c5ce2e129e7856dab7e1b6e8cb93602e0fdc4575845c08f9df67a43379577ed0371b5edd00b50258cc4c9cf3772d18b09589e7b8c1332fc0869f0ea0b9a6dec51c565ae850b82387f0a2a01dfc9d4a86405d54b8e396eceaf4b240b36e776e3a057bf5885e77fb2fbd4da2a9ed2e22b3cabc70040e5b7f71333d5263d0c3915f161def220d997bc7e4af8120a9feb93dea86daaf2a098670e10d017830f55facd1f1bbeaea33c79e734d319a0cb1b9bbd6207fb72bf4efe73a61420a00d08749b746723edac5ffe95ced0ae8c1fd53855f7f6e6ebcf5fc2b23b9f536446eeca74a5aed5807b9b6ab6b3691462b84af3b25731c5558c8169ae6156b7fbe3c8b2531187b24784b2dd7cbe8a3db8e827c3564d272a5dc4b47cc31fb0d0742a2803e530878acc22dfac0ba5d6795c3769387e9b0906e4e539edcbd23572167f380392a6fece7b09106dc566c7a2840724899711c61094b05a35dd04bd63e55e31b8be20cf087bafb614cc09211d329da17e73974c625ffde9f9f29a1723187108c1d55608d14da7571bdf0e127cd9ef82a4d661ba853cc9791d7fd7ee62b5b99e37d4769b87e87f60708f12a3398e7d52b19e6e50062c52dcce9b958affdbcdc05476b6f3a4358d2716616bd0ab73101bb0950e0658083df36e38f85c686a42cfb4e75ec7a5c5a0fa141a79372e2f1b73a6bab2e309b3309b765482a8a4c7debdb5ebb17c029d1a8d972418f0a8a04a08673ebb33055fc51faf4682f827e7f446ccf467666932accd0a187e3f7ece59eac91c1a5e57347aabfd4b4c949ee272993a51ee5be5797e7abb13c396d4c74f4c5be6f27132fb446efff708c3fd06971620d68a02fff81a2e05a3f8733a1d2b6112a67288274e4c2f540b365c58b2ba8ab4f039752c6db01376becc594ea5ea0c022a73d194e470a36f85cff82e0737cbe47a4c004f90bef1e827a9d9be2c8a62023da9c229b1473e1fcba32dea10f550f3095db6d5edac05c89375c029d2bdf90cf03db73499ed843a5a36921db7ac360d2264003721affa71b9211a56f845d6ae6d44f9ba465e080834ea80ca3d850640c5d66181acefba72ab279c597fe36a6b17e3bcfec1ec09014d3849a0a5b8bea3eb95ef20b1afc3b57e27317437cd3c9cc4fb5e4228826f7f35a7d193c5bd146f6ebaffeed2dfe562a0b46107473d764b9193b3b1720ad8192c6a8b92c88ff1af6d6eb4c8b7be21ebbe71468cd53e5a7c7dfdb450b4bc96e11564c8f764453f56533e0d444a1de83b09e1afa8902be3094009406a01a7adef48f43e7fcdddedaea929324cae04ee78c65d727c253bc16306405c94ffeae4defcd50dcf1c5e3310330ca24dc9775c0a18fcc05087c273c48a55b016d3d7960862aa98d8aadb8fce62f91f04ebf10953387cb37c0d4a411c6eecf93cf0aabd7a599783c010967dbb2508dcd229b6de971ae8140f478036a4af15dc9dd489ae5618362768174037d1120b97f27be8f26a7d2dd3bcb0c17953b1f1fdf76eb50e0cadca8f9bc7077223eb8c9113f3229679e87cd5f0af3963df1241c4a31f6e5639e5595928d5f4e3520d1da650cc0fa20c221d132bdcd0f7305aa074048dd75d787ea6992e712bfb4ee3e456e6fd81b6af5f44e397515f0e4b60a19541cef61b33779e80922b295644e7abfeb9d87c52b1b2dfc905bf1a39c4a12a5c3d910d04d5718a4a89034b5c97fd093054bf2de098c7600f2aea8d70e992bb23f089f8db67406555731b0277640e0f722dd6e74e54c4cbf94eb2b6ddaa32349e03758f508f23309abab3d93ecb587f2c89ebf292e5142355b04a7298bb54e7229e2967c69a4a48c2250498834ff265fbba39ea4241cbd86ffa26104d281ed94031eff0135ca10f4b9b58e6ce9bb7b2292f976936b72dc81187d19da5ef78e536d7620b2acb5479370375a57a29a583d37192d9e0f15181a2c90c406ffb45ba0c683cc500ef346bbdc8e49b84d2c649d125a4518ccb9fa02ad0ebbdc8c03a32368f695cf0fc5720d8a95465be7cf650806821a468cbe7d8a5c7cf9164f7e8ab6d60c4b0957f2c3e629195b0b9a73355e313ebc2f8b356b8172fb75dc7da95a169f501460f05fd9067736029d3c427afff7e1e7223d558f00df59f0e0bc77d4e6983d574d69748f33bc72ca05586c374813c0863f826dca5accff6754c350ba5142c74d0c18fba11f2721e8d92cbb80734fc158571df971aa949f7886d1d95b27cdf91cff2b4fc64a10ad5a5dea0213dde2c32e9435bd9648b48e5a9f33d88b0ef29ca54d3805eb188221e5f58cae845c7608e30a245a368887e93ac5a294f7211b7fb413ff93778f9ca0934117206edbc78513f3f7e0d18286e8a5def36c4c4313feab25e3a962f3be1d85de1a44ccb5629b1ffd6e9692d2187e2c844d0cebb03afd677de4e1530f17bcca2f362058efc296066bcc79c3f6a4f628cf11457a76a70fb393b6769efd6885bb2acabcefc885776b7e56e4ae137b8c27e654475bce1ce6429a5ab73d982291ef542f3736c083200282689671208fad15664f6b12fa212490d4979b1272ea01b531d394e3bf9c34a656998ffc94cecff9f773576ebf7cee4e0fcb244ec8db44c6eec6b1d17e053b6d014b770e5a363b1a35010e4bf3153ab8378668c742f4f2214655baca54adb1c5d39e7b3b471d2a4a70aadb20ad3e0d854daec8e759d9d1716ec5c8f4b3c4ba24d82fbd197731fda466c304b472f9c78748be08d48a3715548f9a6e8fde3d89911698bf2b7a71d8f8e4d5a9973a2c834dccb2b62a020973d6ce1fa54a22c9689b7793fdfc80a0dbc2c9e492c01f738fe6145e12349f84edae76fc75e28dd0ec27804db1784b0b2461472e6ddf58bf1b477a43c9f238a8c2e80eb5b9506250362ccf58d84199141ca83fd2b9ed0ccccf295a752b7d9a39ebb8afda85ca4438de531c09021c856e60dd32db2dab830fb09596b6739573cbd06d3539ed5765a163118b645a252d22cb2583659a976abb5c88d676dbaacbcc004173a239565fb49b7a3ba550c393415b46e5960f0b0c1cfbbedecf409a62680504762c2a4f6f6f9764a3461f727bf85158434820efc1ade1b94f28f6082a248c5b8f68d6e19635285bbc065551891991b58767267d817be3d7c91c83d7ae9b56cd849259050e430f8d7226e93eb2ec4438786317c665a27e7b9b0a0b8c9920341ddae9536d88a48683def52f95bb8729cca1e248b9f68b7c120a2aafa5376991027c8bfb2341f3df18b611d59b0ab7d447351ba16a8a5fb8b411b0ace85855de4cdf5f2ba9b0a2d23af5d43821229061bac9f454fb7153ec710a92a8ff850a298aa7efcaf631fb7b2fec7b64861100f2b6c17d94bc734ce4fe6b42a2f248bf122054ba9b5a1b8bbedff06de7fb3978e26790deb4347884457011d6b7c3ae95f68d197a7acfa841c251586dcbd4683161fc77ce9aeacb5ebda62fc795e84dc0bf3f1ff41a9ef4fd1be305c6", 0x1000}, 0x1, 0x0, 0x0, 0x4000014}, 0x20000000) pwritev(r2, &(0x7f00000001c0)=[{&(0x7f0000000080)}, {&(0x7f00000000c0)="861e3532cac862d75f4e72f3b6513bf1d67d8814b1ee7caa2adcee83678d52356c28aaaabd1bd57c67de0cba9c485784e751479106147ea690b8878557f4b92d7591ccc0cf3de0e5ecbb73ff8f06a104d6ceb40776384b7ce08c669c7e080083e0596b526c5c146fadfac623415f0cc38a0dbcc5d588149490ae0a6f8533d974ea025a3229c7dca6afa6846c8313148405318c1149b5175d7868a474c5de7d7e3883de95dffb1d8254331f644e312c1772073b35abd8cadc3d975bfe115e53cfe6f30b53d7588e076b5e579a7cc9ecb82efe8fe89761f5ac9b1cc95b8f72971705d95276ca47da86baabd5acf1fb746da8dc4f9c9f5e1d", 0xf7}], 0x2, 0x0, 0x5) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="240000001800010600000000000000001c140000fe000001000000000800010000000a007b4608e845f3d34f57e72bd3f344a2579c5a296c5492ffcfced4c346a9292549067420f7a0712200ac56f24daa0525fd9c037716d5652aa54bb246bd6aeda186026657d001ca1c15ebe01a41d9511b10b369769b9ece5f8862032dee108543768f2b94571ca7ec184b"], 0x24}, 0x1, 0x0, 0x0, 0x4009}, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3000002, 0x4004012, r2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000016000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000001680), 0x80, 0x0) ioctl$TIOCGSERIAL(r6, 0x541e, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=""/164}) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001840), r0) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000001900)={&(0x7f0000001800)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000018c0)={&(0x7f0000001880)={0x38, r7, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x22}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000050) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100febffffffcdbdf250100"], 0x48}, 0x1, 0x0, 0x0, 0x40040000}, 0x20000000) socketpair(0x3, 0x800, 0x35, &(0x7f0000001480)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000014c0)={0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001500)={0xffffffffffffffff}) r12 = pidfd_getfd(r2, r10, 0x0) sendmsg$NBD_CMD_STATUS(r5, &(0x7f0000001640)={&(0x7f0000001540)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001600)={&(0x7f0000001940)={0xa0, r9, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_SOCKETS={0x28, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r12}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r10}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r11}}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x800000000000004}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x3}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x101}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1000}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x101c00000000000}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4040080}, 0x40001) 3.76306037s ago: executing program 2 (id=584): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) writev(r1, &(0x7f0000000500)=[{&(0x7f0000000100)="fe3469862d4d2263d0983ab8ce2edd958520073a7ecffad65a33476f9aefe19f3fefce9f0150ad9f337b1b222af86cbf79979ab4f16cef94db96fc57537bd5b593fa7f52e9beddfe91ef29c907d116476059a0b8ffc0ab54aaf0a181526b679f", 0x60}, {&(0x7f0000000340)="bc20daf4902ebfa88ad98415d0be1611217fced35d3783d4a2e1a98c9e1f6a9e0e4dfcc31d179caf509da1b4825604cf49bb7f3e2640d8f85b57793cce9f6d9363ae7cf01dee9d16e2ff9b078b2c016adb8cae6eee6baf7b494d63b64cb8a8286c32687efb341580a2c0aded134c3c3e5d97f478821f2686e8c0268b6eecddd6dd0f0a84f6886adcce83a673731e17fa27c0294c13e719c41cfee7e5bf6d564f82fc8d3712b6356f", 0xa8}, {&(0x7f0000000400)="0b0123f12019741f6321890437b61b310a20ce24447f3fcceb4291235274f8eef11970b7f5ad249aa0e2cf1d473e0df1182a512b", 0x34}, {&(0x7f0000000480)="7036f8f7c63b21890050c5437dce75043947ce20b68dd36c340f8567f5ec4eb20ea93f2ce1487d4db1751116aa123c0459094e8cb9544e33dc", 0x39}, {&(0x7f00000004c0)="cd9cb124", 0x4}], 0x5) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/sync_on_suspend', 0x169a82, 0x4c) write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000400)={0x16, 0x98, 0xfa00, {0x0, 0x0, 0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x2, 0x3, {"5d61675632375acc6d499d4086caa673"}, 0x8, 0x30000000000000, 0x8}}}, 0xa0) write$uinput_user_dev(r1, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x3, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80400000, 0x0, 0x8, 0x0, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfdfffffb, 0x2004, 0x3, 0x0, 0xf250, 0x82, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8003, 0x0, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x4, 0x200, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x8001, 0x6, 0x2, 0x9, 0xfffc0000, 0x4, 0x6, 0x1001, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x1, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x1, 0xf, 0xc89, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x8, 0x800, 0x7, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x411, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x4d, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x6, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x7, 0x4, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2007, 0x400, 0x4, 0xea, 0x9, 0x20000005, 0x0, 0xd9, 0x0, 0x7d, 0x5d7, 0x7], [0x108e, 0xffff, 0x7, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x4c, 0x2, 0x763, 0xb, 0x402, 0x1, 0x9, 0x4001000, 0x7f, 0x5, 0x3fa6, 0x8, 0x0, 0x5, 0x6, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x2, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20006, 0x8a5, 0x400, 0x44, 0x409, 0x3, 0x4, 0x4, 0x10, 0xe, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff9, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x7fffffff]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) readv(r1, &(0x7f0000000440)=[{&(0x7f0000000200)=""/236, 0xec}], 0x1) 3.643519009s ago: executing program 0 (id=585): connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc) syz_emit_ethernet(0x0, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty=0x1400, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0) 3.548009857s ago: executing program 0 (id=586): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f00000002c0)="a7", 0x1, 0x8295, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x36}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="178d048604bf0bfb1945d7430008", 0x0, 0x501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) shutdown(r0, 0x1) r2 = syz_open_procfs(0x0, &(0x7f0000001380)) getdents64(r2, &(0x7f0000002000)=""/4096, 0xff00) recvfrom$inet(r0, 0x0, 0x0, 0x1, 0x0, 0x0) 3.402887789s ago: executing program 0 (id=587): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000180)={0xfffc, [0x5, 0xffffffff], 0x1000}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r2, 0x4004662b, &(0x7f0000000040)=0x7) mkdirat(r2, &(0x7f0000000000)='./file0\x00', 0x118) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB="80a5f4e8ad06e864488ba88bbef8aa9cfced6f07ea35904a02437aa82ddd065a76a2d75a5040968b8f80fa23a7fd548ca2d15f", @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x2320004, &(0x7f0000000040)) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x141000, 0x120) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r3, 0xc0089364, &(0x7f00000000c0)=0x4) utimensat(r3, &(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={{0x0, 0x2710}, {0x77359400}}, 0x0) 2.767006713s ago: executing program 3 (id=593): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x1bd) r1 = socket$inet(0xa, 0x801, 0x84) mount$9p_fd(0xfffffffffffffe00, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x9, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 2.720052154s ago: executing program 2 (id=594): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x14b442, 0x82) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000140)={0x17c04, r0, 0x6, 0x973f, 0x81, 0x100000001}) 2.719796217s ago: executing program 3 (id=595): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000180)={[{@grpid}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x4, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0xfe}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) getdents64(0xffffffffffffffff, &(0x7f0000000f80)=""/4096, 0x1000) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x121542, 0x60) 2.685360925s ago: executing program 2 (id=596): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x5, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xc, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x2a, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000b50102008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$revoke(0x3, r2) keyctl$read(0xb, r2, &(0x7f0000001300)=""/4084, 0xff4) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f00000002c0)=0xffffffdf, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, 0x0) syz_open_dev$vim2m(0x0, 0x7, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xde57}}, './file0\x00'}) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ptp0(0xffffffffffffff9c, 0x0, 0x141000, 0x0) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e04fd0a20"], 0x7) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @broadcast}, 0x10) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000200)={[{@nouid32}, {@nodioread_nolock}, {@noquota}, {@delalloc}, {@journal_dev={'journal_dev', 0x3d, 0x8}}, {@nodioread_nolock}]}, 0x1, 0x5b7, &(0x7f0000001380)="$eJzs3U1oHNcdAPD/zGot2ZYrF1poiw+mLbhgvPqw3bo9yddSg8GHQi+tWK2F0UprtKvWEoLKdxPiQ0iCL84tOeSYkEMOIZccc80lH+eAiUUClg/Jhv2SZXnlrGTtbqz9/WC0783M7v//duY9zQwzbAAD63TtTxrx24i4mkSMbVs2FM2FpxvrbW6s5R9vrOWTqFavfZNEEhGPNtbyrfWT5uvxiFiPiN9ExMfZiLPp1kceaRXKK6vzM8ViYalZH68s3Bwvr6yeu7EwM1eYKyye/8tfL166cHFyanJ7uo+r22vZvbX1zhd3X7nz6d/v333n3VPr+ddmkpiO0eay7e04SI3vJBvTO+Zf6EawPkr6nQD7kmn281pX+nWMRabZ69upbh8chnuSHtBF1eGI6pZtRWAAJC/Q6VuDCPAyah0H1M5/W1Mvjz8eXG6cgNTibm6s5f8frfhDjWsTMVI/Nzn2bfLUmUntfPNkLxPlUFq/HRETQ0PP7v9Jc//bv4mDSJCu+uhyY0M9u/3TrfEn2ow/o61rpy+oNf5tNse/zTbxM7uMf1c7jPH9v756c9f4t4fjd23jJ1vxkzbx04j4T4fx7/3zg0u7Lau+FXEm2sdvSZ5/fXj8+o1iYaLxt22MD8+c+tvu7Y84tkv8xjXbkXoi29t/pJlT2mH73//kvd+vPyf+n/7w/O3f7vs/GhGvdhj/l4/e/sduyx7cTh7WjgL2uv2TyMb9DuP/efr0582iq4YAAAAAAAAAAHCA0vq9bEma2yqnaS7XeIb3V3EsLZbKlbPXS8uLs4173k5GNm3daTXWqCe1+mTzftxWfWpH/XymGTBztF7P5UvF2T63HQAAAAAAAAAAAAAAAAAAAH4uju94/v+7TP35/+mIqRP9zg3ogd1/8hs47PR/GFxP9/+kb3kAvef/Pwysqv4Pg0v/h8Gl/8Pg0v9hcLXt/0d7nwfQe8/0/5H+5AH0nuN/AAAAAAAAAAAAAAAAAAAAAAAAAADoiqtXrtSm6uONtXytPju0sjxf+u+52UJ5PrewnM/lS0s3c3Ol0lyxkMuXFn7q85JS6eZELC7fGq8UypXx8srqvxdKy4ut3xQtZLveIgAAAAAAAAAAAAAAAAAAAHj5jNanJM1FZBv1NM3lIk5ExMkkkus3ioWJiPhFRHyWyQ7X6pP9ThoAAAAAAAAAAAAAAAAAAAAOmfLK6vxMsVhY6l5hqBmqs3d9WelqPkN7WTki1g82jdon7vld2eYXWJ8z0vXtdbgLmQ73w4Ev9HFQAgAAAAAAAAAAAAAAAACAAfXkod9O3/FDdxMCAAAAAAAAAAAAAAAAAACAgZR+nUREbToz9sfRnUuPJJuZ+mtE/O/etddvzVQqS5O1+Q+35lfeaM6f6kf+QKda/TSNiFo/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4or6zOzxSLhaV9FoY7WKffbQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYjx8DAAD//95Mx5c=") r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x183042, 0x25) pwrite64(r5, &(0x7f0000000140)='2', 0xfdef, 0xe7c) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42402, 0x14a) fallocate(r6, 0x8, 0x0, 0x8000) 2.21673544s ago: executing program 4 (id=598): r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, 0x0, &(0x7f00000000c0)=0x18) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000000)=0x8) r4 = syz_open_dev$vcsa(&(0x7f0000000080), 0x2, 0x210000) close_range(r4, r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x8}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f00000003c0)={r3}, 0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={r3, 0x6}, &(0x7f0000000040)=0x8) 2.169023155s ago: executing program 4 (id=599): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@acquire], 0xffffffffffffff47, 0x0, 0x0}) dup3(r1, r0, 0x0) r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x6) fchdir(r3) syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x2a0000a, 0x0, 0x0, 0x0, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) mknodat(r5, &(0x7f0000000100)='./file0/file0\x00', 0x8910, 0x20004) getdents64(r4, &(0x7f0000000000)=""/49, 0x31) unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0) getdents64(r4, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x10, 0x0, &(0x7f00000000c0)=[@request_death], 0x50, 0x0, &(0x7f0000000680)="3bb5431dae4f4dfe7a6542cbcd71b56c7f3744a7ada8d8cdc7f6e0f62479dad8e3a73166b070072af8e949d54373130ff38bfafcacc7d41d154750d75045cf12cad871486b8b918f0de20dde2128d4de"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000007c0)={0xc, 0x0, &(0x7f00000005c0)=[@dead_binder_done={0x40086310, 0xfc}], 0x0, 0x0, 0x0}) 2.168135445s ago: executing program 5 (id=600): mlockall(0x7) setuid(0xee01) r0 = socket$netlink(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001cc0)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in=@loopback}, @in6=@remote, {@in=@remote, @in=@broadcast, 0x4e21, 0x0, 0x0, 0x0, 0xa, 0x0, 0x56befe125658cb64, 0x62}, {{@in=@private=0xa010102, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2}, 0xfffffff9}, [@tmpl={0x84, 0x5, [{{@in=@broadcast, 0x4d3, 0x3c}, 0xa, @in6=@local, 0x3505, 0x2, 0x0, 0xaa, 0x3, 0x1, 0x9}, {{@in6=@loopback, 0x4d5, 0x6c}, 0xa, @in=@remote, 0x3505, 0x3, 0x1, 0xf9, 0x2000009, 0x800, 0x200}]}]}, 0x1ac}}, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x1000003a, [0x8000, 0xc95a, 0xc, 0x8, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x4d, 0x6, 0x800003, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x8, 0xfffffffc, 0x5, 0x9, 0x2, 0x7, 0x3c5a, 0x80000001, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x0, 0x5, 0xe, 0x8, 0x8000806a, 0x7, 0x17, 0x0, 0x7, 0x200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x7, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x5, 0x2000077, 0xea4, 0xd2f5, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0x1b, 0x1, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0xfe000000, 0xfffc, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc47, 0x48c93690, 0x43, 0x20000009], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x106, 0x5, 0x1, 0x82, 0x6, 0x303c, 0x3e7, 0x8, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x2, 0x6d03, 0x7, 0x34, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x4, 0x6, 0xac8, 0xc2, 0x0, 0x3, 0x7fd, 0x10012b, 0x4, 0x1, 0x1000000a, 0x0, 0xf, 0x1c, 0x120000, 0x3, 0x802006, 0x80a2f0, 0x4, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x40, 0x40, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0x13ffe, 0x7f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x1, 0xc8, 0x1, 0x7, 0x10080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x1, 0x30b1d693, 0xa1f, 0xf42, 0x7, 0x1, 0x6c3b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000002300)='ns/ipc\x00') setns(r2, 0x8000000) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) io_setup(0x1015, &(0x7f0000000080)) 2.092079396s ago: executing program 4 (id=601): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4c050}, 0x44004000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000b40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x10, 0x3, "709c897c82b1095a67232d63"}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_NAME={0x9, 0x1, 'mark\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_COMPAT={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x24}}, 0x94}, 0x1, 0x0, 0x0, 0x400c854}, 0x24000840) 2.091866429s ago: executing program 5 (id=602): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000002a40)={&(0x7f0000005140)={0x1c, 0xd, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xffffffffffffff88, 0x3, 0x0, 0x1, [{0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x700}, 0x0) 2.087896474s ago: executing program 5 (id=603): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xc, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x100000}, [@ldst={0x3, 0x2, 0x3, 0x1, 0x0, 0x37}]}, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.085313692s ago: executing program 5 (id=604): openat$nullb(0xffffffffffffff9c, 0x0, 0x169802, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x101002) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r4, 0x0) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r6 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = accept(r3, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(r5, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) 2.007258808s ago: executing program 4 (id=605): r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x6400, 0x0, 0x61, 0x14, 0x98}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = fsmount(0xffffffffffffffff, 0x0, 0x8) sendmsg$netlink(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="2800000010000100000000000000000085ff000034000000000000000000000008001c00c9"], 0x28}], 0x1, 0x0, 0x60000, 0xb305e06d8ab48277}, 0x0) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r4) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000240)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x29, 0x61, 0x3, 0x6, 0x40, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x40, 0x7810, 0xfffffffb, 0xe}}) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0xfffffffffffffdbc, 0x2, {{0x1, 0xd, 0x0, 0x9, 0x8}, 0x6, 0x1, 0x1, 0x4, 0x8, 0xe, 0x7, 0x1d, 0x3, 0x9, {0xa2d6, 0x200, 0xb, 0x40, 0x2, 0x1ff}}}}]}, 0x78}}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r4, 0x58, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r11 = socket$packet(0x11, 0x3, 0x300) r12 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r12, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r12, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x5c, 0x10, 0x439, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r13, 0xb881}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @mcast2}]}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24008006}, 0x4040844) sendto$packet(r11, &(0x7f0000000640)="e8b77052a9", 0x28, 0x40, &(0x7f0000000200)={0x11, 0x86dd, r13, 0x1, 0x0, 0x6, @local}, 0x14) getsockopt$inet6_mreq(r4, 0x29, 0x1c, &(0x7f0000000340)={@private0, 0x0}, &(0x7f0000000380)=0x14) getsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f00000003c0)={@multicast2, @local, 0x0}, &(0x7f0000000400)=0xc) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000600)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x42840}, 0xc, &(0x7f00000005c0)={&(0x7f0000000440)={0x16c, r5, 0x0, 0x70bd27, 0x25dfdbfd, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) 1.565164972s ago: executing program 3 (id=606): syz_emit_ethernet(0x76, &(0x7f0000000080)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tipc={{0xf, 0x4, 0x0, 0x3c, 0x68, 0x65, 0x0, 0x3, 0x6, 0x0, @rand_addr=0x64010104, @empty, {[@timestamp_addr={0x44, 0x1c, 0x7, 0x1, 0xd, [{@local, 0x10000}, {@multicast1, 0xae3d}, {@multicast1, 0x80000000}]}, @ssrr={0x89, 0x7, 0xc5, [@rand_addr=0x64010101]}, @lsrr={0x83, 0x3, 0x93}]}}, @payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x2, 0x5, 0x0, 0x1, 0x1, 0x0, 0x1, 0x800, 0x1, 0x1, 0x4e21, 0x4e21}, 0x1}, 0x1}, 0x2000001}}}}}}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)) (async) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000010025bd7000fedbdf2500000000", @ANYRESDEC=r0, @ANYBLOB="10080400220002001c002b80080003001100000008000100", @ANYRES32, @ANYBLOB="08000800a9"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) 1.451838285s ago: executing program 3 (id=607): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0xc, 0x0, 0x0}) ioctl$XFS_IOC_FD_TO_HANDLE(r0, 0xc038586a, &(0x7f0000000240)={r0, &(0x7f00000000c0)='veth0_to_bond\x00', 0x100000, &(0x7f0000000100)={@align=0xffff, {0x3ff, 0xf, 0x10001}}, 0x1, &(0x7f0000000140)={@_ha_fsid}, &(0x7f00000001c0)=0x4}) ioctl$IOMMU_VFIO_IOAS$SET(r2, 0x3b88, &(0x7f00000002c0)={0xc, r1}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340), 0x20) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) ioctl$IOMMU_DESTROY$ioas(r0, 0x3b80, &(0x7f0000000280)={0x8, r1}) sendmsg$NFT_BATCH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x7, 0x7, 0x1, 0x0, "50111e"}]}], {0x14}}, 0x5c}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)={0x38, 0x7, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x9}}, [@TCA_RATE={0x6, 0x5, {0x6, 0x46}}, @qdisc_kind_options=@q_qfg={0x8}]}, 0x34}}, 0x100) syz_emit_ethernet(0x3a, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@ra={0x94, 0x4, 0x1}]}}, {{0x4e22, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}, 0x0) r7 = syz_open_dev$video(&(0x7f00000000c0), 0x7, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r7, 0x80845663, 0x0) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x3) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r8, 0x112, 0xa, &(0x7f0000000000)=0x1, 0x4) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r9 = getpid() sched_setscheduler(r9, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r10, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) 1.422547039s ago: executing program 2 (id=608): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000080)={0x2c, r1, 0x1, 0x0, 0x800000, {}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x11, 0x1, @l2={'eth', 0x3a, 'macvlan0\x00'}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x0, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004000}, 0x80) 1.412198691s ago: executing program 3 (id=609): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@ipv6_getaddrlabel={0x24, 0x1e, 0x492dfc465ae32a8d, 0x10000, 0x0, {}, [@IFAL_LABEL={0x8, 0x2, 0xc}]}, 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000016c0)=@newlink={0x48, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GENEVE_COLLECT_METADATA={0x4}, @IFLA_GENEVE_PORT={0x6, 0x5, 0x4e22}, @IFLA_GENEVE_UDP_CSUM={0x5}]}}}]}, 0x48}}, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) (async) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) (async) bind$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) (async) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="840000000002010400000000000000000a00000004000180300003802c00018014000300fc00000000000000000000100000000014004400fe800000001f610000000000000000bb3c0002800c00028005000100000000002c00018014000300fc0200000000000000000000000000001400"], 0x84}}, 0x0) (async) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x38, r3, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000001}, 0x40000) (async) socket(0x10, 0x803, 0x0) (async) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) (async) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0x9, 0x4, 0xb47e, 0xb, 0x3, 0xd, 0xf, 0x1ff}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r7) sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) (async) r9 = socket$unix(0x1, 0x1, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async) r10 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x208802, 0x0) close(r10) socket(0x400000000010, 0x3, 0x0) (async) ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) 1.271917934s ago: executing program 2 (id=610): munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) r0 = socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000100)={0x0, 'veth1_to_batadv\x00', {0x4}, 0x26}) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) ptrace$ARCH_MAP_VDSO_32(0x1e, 0x0, 0x6a, 0x2002) close(r0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000000b8e8f864b1b274fe05", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000102c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x8, 0x1c, &(0x7f00000103c0)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe20}, {0x6, 0x0, 0xb, 0x9, 0x0, 0x8, 0xffffff90}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r5}, {}, {0x15, 0x0, 0x0, 0xffffff86}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000200)={0x60, 0x0, 0x0, {{0x4, 0x7, 0x2, 0xfff, 0x3, 0x1ff, 0x1, 0x80000000}}}, 0x60) socket$phonet_pipe(0x23, 0x5, 0x2) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x40800) 1.271766061s ago: executing program 3 (id=611): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1, 0x0, 0x0, 0x6000000}, 0x1f00) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) r5 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000000)='nicvf0\x00', 0x10) 570.973736ms ago: executing program 4 (id=612): socket$nl_route(0x10, 0x3, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) syz_emit_vhci(0x0, 0x0) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async, rerun: 64) r0 = socket$netlink(0x10, 0x3, 0xc) (rerun: 64) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) (async) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) (async, rerun: 32) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x14, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}}, 0x14}}, 0x4004080) (async, rerun: 32) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) (async) recvmmsg(r2, &(0x7f0000003940)=[{{0x0, 0x0, 0x0}, 0x400003ff}], 0x1, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async, rerun: 64) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2505000) (async) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 32) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) (async, rerun: 32) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ppoll(0x0, 0x0, &(0x7f0000000280), 0x0, 0x0) (async) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r4 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\x04\x00\x9194:\x05\xc1W\t\xa84\xf9?4ga\b\x00X\x0e\xa1\xcf\x1a\x98S7\xb1\x96\x88\xca\xb7b\b\xbe\xa2\x11[\xef\x9d9Wn\xd4S\xa5g!/+\x9d\xeb\xecs\x92\xb73\"\xd0\xc8\x9e\x02\xc7s\xc9\x00!\xd4aS\xcbU\x02\xfe\xc7>D\xc1\x1dR~\xe9{H=\xd8-B\xeeH!~\r[\xceE\xc8\xcci\xfe>\x83z^\xc2\x87\x8a\\|\xf2\xfc\x90\x83\xa9#\x034\xe1\xc9\bZ\x95<^n\xa8\xa5\x19\xb7\x12P\x00\xf6\xb3\xe9\xce\x81\xf5|\xf8\xb5\x1e\x89\x1e\xf3\xe2}\xdf;p5\x14\x132', 0x0) ftruncate(r4, 0xffff) (async) fcntl$addseals(r4, 0x409, 0x7) 357.885388ms ago: executing program 0 (id=613): r0 = syz_open_dev$cec(&(0x7f00000001c0), 0xffffffffffffffff, 0x200) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000000)={"2f8a00", 0x0, 0x5, 0x2, 0x200000, 0x9, '\x00', "00004702", '\x00', "97ad3700", ["fdffffff84a438dfc5d5c010", "d7ff0bff00040020000500", "000000e9000000000900"]}) 276.059786ms ago: executing program 2 (id=614): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) eventfd2(0x4, 0x800) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) fsopen(&(0x7f0000000080)='binfmt_misc\x00', 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x80) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pivot_root(&(0x7f0000000340)='.\x00', &(0x7f0000000180)='.\x00') bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x36, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x6, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xf, 0x0, 0x0, 0x0, 0x8}, 0x94) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) socket$inet(0x2, 0x3, 0x8) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = syz_io_uring_setup(0xeff, &(0x7f0000000500)={0x0, 0x211c, 0x400, 0xfffffffd, 0x195}, &(0x7f0000000300)=0x0, &(0x7f0000000040)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, r7, &(0x7f0000000280)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x4110}, 0x1}) io_uring_enter(r4, 0x2000, 0xfffffffd, 0x9, 0x0, 0x0) r8 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r8, &(0x7f0000000040), 0x10) listen(r8, 0x0) r9 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r9, &(0x7f0000000080), 0x10) 275.849151ms ago: executing program 4 (id=615): openat$ppp(0xffffffffffffff9c, 0x0, 0x208001, 0x0) r0 = socket(0x200000000000011, 0x2, 0x0) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x4000) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb0800450026380000000000019078ac1e0001ac1414f6"], 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_TABLE(r1, 0x0, 0xcf, &(0x7f0000000040)=0xfc, 0x4) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x0, 0x0, 0xc, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r3, 0xa4ffffff, 0xd2, &(0x7f0000000180)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c5805000000451697efe42811ee1df0fa9264f7d866b19705487b00", 0xb2, 0xfffffff7, 0x4, 0xe}, 0x3c) bpf$MAP_CREATE(0x0, 0x0, 0x50) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x890b, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x890c, 0x0) 202.863209ms ago: executing program 0 (id=616): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, 0x0}, 0x94) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0x50, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@dev={0xfe, 0x80, '\x00', 0x20}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xa0, 0x2e}}}, 0x50}, 0x1, 0xffff86dd, 0x0, 0x40000}, 0x0) 164.874469ms ago: executing program 0 (id=617): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000180)={[{@grpid}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x4, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0xfe}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) getdents64(0xffffffffffffffff, &(0x7f0000000f80)=""/4096, 0x1000) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x121542, 0x60) 70.183324ms ago: executing program 5 (id=618): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, &(0x7f0000000000)=0x55) syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="040e0402030c", @ANYRES16=r0], 0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) 0s ago: executing program 5 (id=619): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfc}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) read$FUSE(0xffffffffffffffff, 0x0, 0x0) quotactl$Q_QUOTAOFF(0xffffffff80000301, &(0x7f0000000040)=@sr0, 0x0, 0x0) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f0000000080)={0x0, 0xffa1, &(0x7f0000000400)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="ad43000004000000000004"], 0x14}}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x80) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r5, r7, 0x16, 0x0, @void}, 0x10) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0b002200ff000000324900007f00000001000000", @ANYRES32=0x1, @ANYRES16=r7, @ANYRESHEX=r3, @ANYRES32, @ANYRES64=r5], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r8, 0xffffffffffffffff}, &(0x7f0000000100)=0x7d8, &(0x7f0000000140)='%pi6 \x00'}, 0x20) r10 = syz_open_dev$ttys(0xc, 0x2, 0x1) r11 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r11, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x5, 0x901, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d7c139a0d4fe372efa7e8cdba3417665ffb2b92af56c860b29402f8111302ae84c15b9dd43bda8847acbe40605b5ee1c8f0676814afc7e9f0413567e592c7c15"}}, 0x38}}, 0x0) ioctl$TIOCSPTLCK(r10, 0x40045431, &(0x7f00000000c0)=0x1) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000300), 0x800, r9}, 0x38) kernel console output (not intermixed with test programs): 4709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.097577][ T4709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.103807][ T4707] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.103838][ T4707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.103983][ T4707] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.104011][ T4707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.118158][ T4709] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.118182][ T4709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.118195][ T4709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.152899][ T4709] hsr_slave_0: entered promiscuous mode [ 30.153202][ T4709] hsr_slave_1: entered promiscuous mode [ 30.153421][ T4709] debugfs: 'hsr0' already exists in 'hsr' [ 30.153431][ T4709] Cannot create hsr debugfs directory [ 30.169922][ T4708] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 30.170936][ T4708] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 30.171188][ T4708] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 30.173354][ T4708] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 30.175634][ T4707] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.184588][ T4708] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 30.186669][ T4708] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 30.186946][ T4708] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 30.189460][ T4708] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 30.215223][ T4707] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.222625][ T15] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.224343][ T15] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.246628][ T4710] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 30.249291][ T4710] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 30.249601][ T4710] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 30.251362][ T4710] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 30.253338][ T4710] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 30.254359][ T4710] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 30.255597][ T2702] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.255624][ T2702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.255927][ T2702] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.255975][ T2702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.266372][ T4710] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 30.268998][ T4710] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 30.286582][ T4715] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 30.289398][ T4715] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 30.291156][ T4715] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 30.293224][ T4715] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 30.295703][ T4715] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 30.297823][ T4715] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 30.299383][ T4715] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 30.300447][ T4715] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 30.329903][ T4709] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 30.330847][ T4709] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 30.331106][ T4709] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 30.332082][ T4709] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 30.343121][ T4709] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 30.345635][ T4709] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 30.347748][ T4709] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 30.350513][ T4709] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 30.380149][ T4710] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.386091][ T4710] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.399893][ T4708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.411484][ T3812] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.411523][ T3812] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.415677][ T4708] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.417492][ T3812] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.417527][ T3812] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.421974][ T4715] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.433304][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.433338][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.441323][ T4709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.443597][ T4715] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.447905][ T4709] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.452890][ T1441] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.452927][ T1441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.453291][ T1441] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.453320][ T1441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.462818][ T3812] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.462858][ T3812] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.473250][ T2702] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.473299][ T2702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.473734][ T2702] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.473753][ T2702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.501151][ T4709] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.544389][ T4707] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.569902][ T4707] veth0_vlan: entered promiscuous mode [ 30.576485][ T4707] veth1_vlan: entered promiscuous mode [ 30.596879][ T4707] veth0_macvtap: entered promiscuous mode [ 30.605319][ T4707] veth1_macvtap: entered promiscuous mode [ 30.630630][ T4707] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.633184][ T4707] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.636777][ T39] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.637067][ T39] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.637132][ T39] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.637185][ T39] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.691856][ T15] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.691888][ T15] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.711273][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.711304][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.758122][ T4707] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 30.767684][ T4708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.789135][ T4708] veth0_vlan: entered promiscuous mode [ 30.793184][ T4709] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.802004][ T4715] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.826589][ T4708] veth1_vlan: entered promiscuous mode [ 30.832786][ T4710] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.835305][ T4715] veth0_vlan: entered promiscuous mode [ 30.857195][ T4715] veth1_vlan: entered promiscuous mode [ 30.867691][ T4708] veth0_macvtap: entered promiscuous mode [ 30.876656][ T4708] veth1_macvtap: entered promiscuous mode [ 30.886734][ T4710] veth0_vlan: entered promiscuous mode [ 30.896143][ T4715] veth0_macvtap: entered promiscuous mode [ 30.904905][ T4708] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.906971][ T4710] veth1_vlan: entered promiscuous mode [ 30.913865][ T4715] veth1_macvtap: entered promiscuous mode [ 30.915282][ T4708] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.936504][ T1441] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.936708][ T1441] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.936726][ T1441] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.936741][ T1441] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.937467][ T4710] veth0_macvtap: entered promiscuous mode [ 30.944782][ T4710] veth1_macvtap: entered promiscuous mode [ 30.945705][ T4715] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.958402][ T4710] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.968391][ T4715] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.972525][ T2702] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.972582][ T2702] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.972610][ T2702] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.972627][ T2702] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.977204][ T4710] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.980875][ T39] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.981018][ T39] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.981078][ T39] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.981175][ T39] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.986718][ T4709] veth0_vlan: entered promiscuous mode [ 30.988987][ T4709] veth1_vlan: entered promiscuous mode [ 31.002266][ T3812] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.002290][ T3812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.020706][ T4709] veth0_macvtap: entered promiscuous mode [ 31.035604][ T4709] veth1_macvtap: entered promiscuous mode [ 31.040825][ T3812] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.040846][ T3812] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.053028][ T4709] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.054454][ T3812] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.054465][ T3812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.059834][ T4709] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.067030][ T39] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.067083][ T39] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.067105][ T39] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.067122][ T39] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.080928][ T217] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.080954][ T217] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.095773][ T15] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.095799][ T15] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.120492][ T217] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.120522][ T217] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.132906][ T15] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.132927][ T15] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.144799][ T15] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 31.144826][ T15] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 31.214229][ T4898] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5'. [ 31.233355][ T4899] loop3: detected capacity change from 0 to 4096 [ 31.235448][ T4899] EXT4-fs: Ignoring removed mblk_io_submit option [ 31.239624][ T4899] EXT4-fs (loop3): Test dummy encryption mode enabled [ 31.269053][ T4899] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 31.285645][ T4899] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-ce" [ 31.297262][ T4899] fscrypt: AES-256-XTS using implementation "xts-aes-ce" [ 31.404213][ T4906] Zero length message leads to an empty skb [ 31.406093][ T4721] Bluetooth: hci1: command tx timeout [ 31.406357][ T4721] Bluetooth: hci2: command tx timeout [ 31.406563][ T4721] Bluetooth: hci0: command tx timeout [ 31.448989][ T4722] Bluetooth: hci3: command tx timeout [ 31.449228][ T4722] Bluetooth: hci4: command tx timeout [ 31.547252][ T4907] loop4: detected capacity change from 0 to 512 [ 31.549909][ T4907] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 31.549945][ T4907] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 31.562086][ T4907] EXT4-fs (loop4): 1 truncate cleaned up [ 31.562588][ T4907] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 31.588515][ T4709] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.487319][ T4935] loop1: detected capacity change from 0 to 4096 [ 32.500964][ T4935] EXT4-fs: Ignoring removed mblk_io_submit option [ 32.504201][ T4935] EXT4-fs (loop1): Test dummy encryption mode enabled [ 32.510255][ T4935] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.535429][ T4938] loop4: detected capacity change from 0 to 256 [ 32.537277][ T4938] ======================================================= [ 32.537277][ T4938] WARNING: The mand mount option has been deprecated and [ 32.537277][ T4938] and is ignored by this kernel. Remove the mand [ 32.537277][ T4938] option from the mount to silence this warning. [ 32.537277][ T4938] ======================================================= [ 32.585331][ T4938] FAT-fs (loop4): Directory bread(block 64) failed [ 32.587502][ T4938] FAT-fs (loop4): Directory bread(block 65) failed [ 32.600135][ T4938] FAT-fs (loop4): Directory bread(block 66) failed [ 32.600181][ T4938] FAT-fs (loop4): Directory bread(block 67) failed [ 32.600243][ T4938] FAT-fs (loop4): Directory bread(block 68) failed [ 32.600270][ T4938] FAT-fs (loop4): Directory bread(block 69) failed [ 32.600311][ T4938] FAT-fs (loop4): Directory bread(block 70) failed [ 32.600331][ T4938] FAT-fs (loop4): Directory bread(block 71) failed [ 32.600365][ T4938] FAT-fs (loop4): Directory bread(block 72) failed [ 32.600382][ T4938] FAT-fs (loop4): Directory bread(block 73) failed [ 32.625036][ T4938] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.059203][ T4951] netlink: 16 bytes leftover after parsing attributes in process `syz.0.15'. [ 33.061848][ T4951] FAULT_INJECTION: forcing a failure. [ 33.061848][ T4951] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 33.061903][ T4951] CPU: 0 UID: 0 PID: 4951 Comm: syz.0.15 Not tainted syzkaller #0 PREEMPT [ 33.061916][ T4951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 33.061922][ T4951] Call trace: [ 33.061925][ T4951] show_stack+0x2c/0x3c (C) [ 33.061944][ T4951] __dump_stack+0x30/0x40 [ 33.061954][ T4951] dump_stack_lvl+0xd8/0x12c [ 33.061963][ T4951] dump_stack+0x1c/0x28 [ 33.061973][ T4951] should_fail_ex+0x414/0x588 [ 33.061982][ T4951] should_fail+0x14/0x24 [ 33.061990][ T4951] should_fail_usercopy+0x20/0x30 [ 33.061999][ T4951] _inline_copy_from_user+0x40/0x180 [ 33.062007][ T4951] copy_msghdr_from_user+0xb8/0x194 [ 33.062015][ T4951] ___sys_recvmsg+0x11c/0x1f4 [ 33.062022][ T4951] do_recvmmsg+0x2a8/0x7e8 [ 33.062028][ T4951] __sys_recvmmsg+0x1e0/0x270 [ 33.062035][ T4951] __arm64_sys_recvmmsg+0xd0/0xf8 [ 33.062042][ T4951] invoke_syscall+0x98/0x244 [ 33.062052][ T4951] el0_svc_common+0xe8/0x23c [ 33.062062][ T4951] do_el0_svc+0x48/0x58 [ 33.062071][ T4951] el0_svc+0x64/0x260 [ 33.062079][ T4951] el0t_64_sync_handler+0x48/0x148 [ 33.062086][ T4951] el0t_64_sync+0x198/0x19c [ 33.225340][ T4952] netlink: 20 bytes leftover after parsing attributes in process `syz.2.18'. [ 33.412792][ T4956] binder: 4948:4956 ioctl c00c620f 0 returned -14 [ 33.568769][ T4712] Bluetooth: hci1: command tx timeout [ 33.568967][ T4712] Bluetooth: hci4: command tx timeout [ 33.569033][ T4712] Bluetooth: hci3: command tx timeout [ 33.569741][ T4722] Bluetooth: hci2: command tx timeout [ 33.587007][ T4721] Bluetooth: hci0: command tx timeout [ 33.600917][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.665801][ T4707] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.683151][ T4959] loop3: detected capacity change from 0 to 4096 [ 33.687769][ T4959] EXT4-fs (loop3): Test dummy encryption mode enabled [ 33.695081][ T4959] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.766067][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.055342][ T4721] Bluetooth: hci2: Malformed LE Event: 0x1d [ 34.134655][ T4981] loop3: detected capacity change from 0 to 4096 [ 34.137483][ T4981] EXT4-fs: Ignoring removed mblk_io_submit option [ 34.140721][ T4981] EXT4-fs (loop3): Test dummy encryption mode enabled [ 34.154045][ T4981] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.163268][ T4981] overlayfs: failed to resolve './bus': -2 [ 34.233167][ T4987] loop2: detected capacity change from 0 to 256 [ 34.999983][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.043509][ T5006] futex_wake_op: syz.3.34 tries to shift op by -1; fix this program [ 35.111010][ T5004] loop1: detected capacity change from 0 to 4096 [ 35.134055][ T5004] EXT4-fs (loop1): Test dummy encryption mode enabled [ 35.134201][ T5004] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 35.134210][ T5004] EXT4-fs (loop1): group descriptors corrupted! [ 35.143964][ T5004] netlink: 'syz.1.35': attribute type 1 has an invalid length. [ 35.143997][ T5004] netlink: 748 bytes leftover after parsing attributes in process `syz.1.35'. [ 35.144006][ T5004] netlink: 8 bytes leftover after parsing attributes in process `syz.1.35'. [ 35.263593][ T30] audit: type=1326 audit(35.250:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5013 comm="syz.1.38" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdf77aa8 code=0x7ffc0000 [ 35.263754][ T30] audit: type=1326 audit(35.250:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5013 comm="syz.1.38" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdf77aa8 code=0x7ffc0000 [ 35.264239][ T30] audit: type=1326 audit(35.250:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5013 comm="syz.1.38" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=216 compat=0 ip=0xffffbdf77aa8 code=0x7ffc0000 [ 35.264732][ T30] audit: type=1326 audit(35.250:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5013 comm="syz.1.38" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdf77aa8 code=0x7ffc0000 [ 35.265507][ T30] audit: type=1326 audit(35.250:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5013 comm="syz.1.38" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=40 compat=0 ip=0xffffbdf77aa8 code=0x7ffc0000 [ 35.265745][ T5014] tmpfs: Bad value for 'mpol' [ 35.265858][ T30] audit: type=1326 audit(35.250:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5013 comm="syz.1.38" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdf77aa8 code=0x7ffc0000 [ 35.745673][ T4721] Bluetooth: hci0: command tx timeout [ 35.749341][ T4721] Bluetooth: hci2: command tx timeout [ 35.749927][ T4721] Bluetooth: hci3: command tx timeout [ 35.750127][ T4721] Bluetooth: hci4: command tx timeout [ 35.750271][ T4721] Bluetooth: hci1: command tx timeout [ 35.991103][ T5033] netlink: 44 bytes leftover after parsing attributes in process `syz.3.43'. [ 35.994948][ T5033] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.995275][ T5033] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.127015][ T5043] Bluetooth: MGMT ver 1.23 [ 36.129293][ T5043] loop3: detected capacity change from 0 to 128 [ 36.136778][ T5043] EXT4-fs (loop3): Test dummy encryption mode enabled [ 36.149604][ T5043] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 36.195184][ T4715] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 36.219548][ T5053] loop3: detected capacity change from 0 to 1024 [ 36.221313][ T5053] EXT4-fs: Ignoring removed bh option [ 36.222829][ T5053] EXT4-fs: inline encryption not supported [ 36.225173][ T5053] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 36.234465][ T5053] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6840e018, mo2=0000] [ 36.234544][ T5053] System zones: 0-1, 3-12 [ 36.240338][ T5053] EXT4-fs error (device loop3): ext4_map_blocks:833: inode #3: block 1: comm syz.3.51: lblock 1 mapped to illegal pblock 1 (length 1) [ 36.240400][ T5053] loop3: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 36.243899][ T5053] Quota error (device loop3): write_blk: dquota write failed [ 36.243951][ T5053] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 36.243980][ T5053] EXT4-fs error (device loop3): ext4_acquire_dquot:7034: comm syz.3.51: Failed to acquire dquot type 0 [ 36.244025][ T5053] loop3: lost filesystem error report for type 5 error -117 [ 36.251241][ T5053] EXT4-fs error (device loop3): ext4_free_blocks:6718: comm syz.3.51: Freeing blocks not in datazone - block = 0, count = 4096 [ 36.251258][ T5053] loop3: lost filesystem error report for type 5 error -117 [ 36.252835][ T5056] syz.4.52 uses obsolete (PF_INET,SOCK_PACKET) [ 36.256208][ T5053] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.51: Invalid inode bitmap blk 0 in block_group 0 [ 36.256224][ T5053] loop3: lost filesystem error report for type 5 error -117 [ 36.257513][ T5053] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem [ 36.257534][ T5053] loop3: lost filesystem error report for type 5 error -117 [ 36.257674][ T5053] EXT4-fs (loop3): 1 orphan inode deleted [ 36.261214][ T5053] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.278892][ T15] EXT4-fs error (device loop3): ext4_map_blocks:791: inode #3: block 1: comm kworker/u8:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 36.280576][ T15] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 36.280595][ T15] EXT4-fs error (device loop3): ext4_release_dquot:7070: comm kworker/u8:1: Failed to release dquot type 0 [ 36.282617][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.348508][ T5060] loop4: detected capacity change from 0 to 4096 [ 36.352904][ T5060] EXT4-fs (loop4): Test dummy encryption mode enabled [ 36.352923][ T5060] EXT4-fs (loop4): bs(8192) > ps(4096) unsupported for encrypt [ 36.487855][ T5068] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 36.689454][ T5077] netlink: 32 bytes leftover after parsing attributes in process `syz.4.59'. [ 36.717129][ T5083] FAULT_INJECTION: forcing a failure. [ 36.717129][ T5083] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 36.717226][ T5083] CPU: 0 UID: 0 PID: 5083 Comm: syz.4.61 Not tainted syzkaller #0 PREEMPT [ 36.717236][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 36.717241][ T5083] Call trace: [ 36.717243][ T5083] show_stack+0x2c/0x3c (C) [ 36.717262][ T5083] __dump_stack+0x30/0x40 [ 36.717273][ T5083] dump_stack_lvl+0xd8/0x12c [ 36.717282][ T5083] dump_stack+0x1c/0x28 [ 36.717291][ T5083] should_fail_ex+0x414/0x588 [ 36.717301][ T5083] should_fail+0x14/0x24 [ 36.717309][ T5083] should_fail_usercopy+0x20/0x30 [ 36.717317][ T5083] simple_read_from_buffer+0xc4/0x240 [ 36.717327][ T5083] proc_fail_nth_read+0x1a8/0x248 [ 36.717335][ T5083] vfs_read+0x230/0x8e4 [ 36.717345][ T5083] ksys_read+0x12c/0x224 [ 36.717354][ T5083] __arm64_sys_read+0x7c/0x90 [ 36.717363][ T5083] invoke_syscall+0x98/0x244 [ 36.717373][ T5083] el0_svc_common+0xe8/0x23c [ 36.717383][ T5083] do_el0_svc+0x48/0x58 [ 36.717392][ T5083] el0_svc+0x64/0x260 [ 36.717400][ T5083] el0t_64_sync_handler+0x48/0x148 [ 36.717407][ T5083] el0t_64_sync+0x198/0x19c [ 36.795832][ T5087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.797198][ T5087] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 36.806394][ T5088] bond1: down delay (3) is not a multiple of miimon (4), value rounded to 0 ms [ 36.811435][ T5097] bond2: down delay (3) is not a multiple of miimon (4), value rounded to 0 ms [ 37.598286][ T5110] netlink: 755 bytes leftover after parsing attributes in process `syz.3.68'. [ 37.636766][ T5112] loop4: detected capacity change from 0 to 512 [ 37.647109][ T5112] EXT4-fs (loop4): #clusters per group too big: 270336 [ 37.757784][ T5123] loop2: detected capacity change from 0 to 512 [ 37.777701][ T5123] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.72: casefold flag without casefold feature [ 37.777732][ T5123] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 37.778079][ T5123] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.72: couldn't read orphan inode 15 (err -117) [ 37.778105][ T5123] loop2: lost filesystem error report for type 5 error -117 [ 37.793723][ T5123] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.796962][ T4722] Bluetooth: hci1: command tx timeout [ 37.796985][ T4722] Bluetooth: hci4: command tx timeout [ 37.796999][ T4722] Bluetooth: hci3: command tx timeout [ 37.797012][ T4722] Bluetooth: hci2: command tx timeout [ 37.797023][ T4722] Bluetooth: hci0: command tx timeout [ 37.854036][ T5128] loop1: detected capacity change from 0 to 256 [ 37.854372][ T5128] vfat: Bad value for 'shortname' [ 37.865438][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.874617][ T5128] loop1: detected capacity change from 0 to 128 [ 37.876653][ T5132] overlayfs: failed to resolve './file7': -2 [ 37.967797][ T5146] loop3: detected capacity change from 0 to 1024 [ 37.969832][ T5146] EXT4-fs: Ignoring removed orlov option [ 37.970999][ T5146] EXT4-fs: Ignoring removed bh option [ 37.972462][ T5146] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 38.032213][ T5146] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.058587][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.062160][ T5154] loop0: detected capacity change from 0 to 512 [ 38.074503][ T5154] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #11: comm syz.0.83: iget: bad extra_isize 58 (inode size 256) [ 38.074537][ T5154] loop0: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 38.078376][ T5154] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.83: error while reading EA inode 11 err=-117 [ 38.078406][ T5154] loop0: lost filesystem error report for type 5 error -117 [ 38.080126][ T5157] warning: `syz.3.84' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 38.080439][ C0] EXT4-fs (loop0): error count since last fsck: 2 [ 38.080453][ C0] EXT4-fs (loop0): initial error at time 38: ext4_xattr_inode_iget:441: inode 11 [ 38.080469][ C0] EXT4-fs (loop0): last error at time 38: ext4_xattr_inode_iget:446 [ 38.092863][ T5154] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 38.092995][ T5154] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #11: comm syz.0.83: iget: bad extra_isize 58 (inode size 256) [ 38.093026][ T5154] loop0: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 38.100014][ T5154] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.83: error while reading EA inode 11 err=-117 [ 38.100044][ T5154] loop0: lost filesystem error report for type 5 error -117 [ 38.106158][ T5154] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #18: comm syz.0.83: iget: bad extra_isize 58 (inode size 256) [ 38.106191][ T5154] loop0: lost file I/O error report for ino 18 type 5 pos 0x0 len 0x0 error -117 [ 38.109577][ T5154] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.83: error while reading EA inode 18 err=-117 [ 38.109595][ T5154] loop0: lost filesystem error report for type 5 error -117 [ 38.110699][ T5154] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #18: comm syz.0.83: iget: bad extra_isize 58 (inode size 256) [ 38.110721][ T5154] loop0: lost file I/O error report for ino 18 type 5 pos 0x0 len 0x0 error -117 [ 38.112040][ T5154] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.83: error while reading EA inode 18 err=-117 [ 38.112061][ T5154] loop0: lost filesystem error report for type 5 error -117 [ 38.112536][ T5154] EXT4-fs (loop0): 1 orphan inode deleted [ 38.116372][ T5154] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.126013][ T5154] EXT4-fs error (device loop0): __ext4_iget:5481: inode #14: block 1886221359: comm syz.0.83: invalid block [ 38.130543][ T5154] EXT4-fs error (device loop0): __ext4_iget:5481: inode #14: block 1886221359: comm syz.0.83: invalid block [ 38.134452][ T5154] EXT4-fs error (device loop0): __ext4_iget:5481: inode #14: block 1886221359: comm syz.0.83: invalid block [ 38.153575][ T5161] binder: 5160:5161 ioctl c0306201 20000080 returned -14 [ 38.154859][ T4710] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.158774][ T5161] binder: 5160:5161 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 38.161627][ T5161] binder: 5161 RLIMIT_NICE not set [ 38.163067][ T5161] binder: 5160:5161 BC_DEAD_BINDER_DONE 00000000000000fc not found [ 38.198628][ T5165] loop0: detected capacity change from 0 to 512 [ 38.204911][ T5167] capability: warning: `syz.3.88' uses deprecated v2 capabilities in a way that may be insecure [ 38.207452][ T5167] vhci_hcd vhci_hcd.2: invalid port number 96 [ 38.210789][ T5167] vhci_hcd vhci_hcd.2: default hub control req: 2000 vfffc i0060 l7 [ 38.213862][ T30] audit: type=1326 audit(38.200:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5166 comm="syz.3.88" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb2177aa8 code=0x0 [ 38.217260][ T5165] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.246952][ T4710] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.371824][ T4722] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 38.373856][ T4722] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 38.376163][ T4722] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 38.377084][ T4722] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 38.377336][ T4722] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 38.566010][ T5174] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.567805][ T5174] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.569452][ T5174] bridge_slave_0: entered allmulticast mode [ 38.569926][ T5174] bridge_slave_0: entered promiscuous mode [ 38.570603][ T5174] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.570626][ T5174] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.570676][ T5174] bridge_slave_1: entered allmulticast mode [ 38.571088][ T5174] bridge_slave_1: entered promiscuous mode [ 38.580494][ T5174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.583685][ T5174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.594292][ T5174] team0: Port device team_slave_0 added [ 38.596499][ T5174] team0: Port device team_slave_1 added [ 38.604700][ T5174] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.605803][ T5174] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.605830][ T5174] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.606444][ T5174] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.606451][ T5174] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.606461][ T5174] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.627560][ T5174] hsr_slave_0: entered promiscuous mode [ 38.629601][ T5174] hsr_slave_1: entered promiscuous mode [ 38.629793][ T5174] debugfs: 'hsr0' already exists in 'hsr' [ 38.629803][ T5174] Cannot create hsr debugfs directory [ 38.712245][ T5201] netlink: 4 bytes leftover after parsing attributes in process `syz.4.97'. [ 38.746121][ T5174] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 38.750282][ T5174] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 38.750708][ T5174] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 38.759351][ T5174] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 38.759765][ T5174] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 38.767945][ T5174] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 38.768364][ T5174] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 38.775495][ T5174] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 38.806776][ T5174] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.806826][ T5174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.806900][ T5174] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.806928][ T5174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.864529][ T5174] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.877006][ T5174] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.880705][ T217] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.882561][ T217] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.915392][ T5217] netlink: 755 bytes leftover after parsing attributes in process `syz.4.101'. [ 38.919309][ T217] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.919347][ T217] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.919999][ T217] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.920023][ T217] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.995670][ T5226] loop4: detected capacity change from 0 to 128 [ 39.004710][ T5226] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 39.024658][ T5226] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 39.132514][ T5174] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.148889][ T5240] loop2: detected capacity change from 0 to 4096 [ 39.150333][ T5240] EXT4-fs: inline encryption not supported [ 39.153347][ T5240] EXT4-fs: Ignoring removed bh option [ 39.155607][ T5240] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 39.155632][ T5240] EXT4-fs (loop2): Test dummy encryption mode enabled [ 39.158106][ T5240] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 39.158143][ T5240] System zones: 0-5 [ 39.160078][ T5240] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.162053][ T5240] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.446490][ T5255] netlink: 40 bytes leftover after parsing attributes in process `syz.0.108'. [ 39.521885][ T5174] veth0_vlan: entered promiscuous mode [ 39.550313][ T5264] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 39.605643][ T5174] veth1_vlan: entered promiscuous mode [ 39.632607][ T5270] netlink: 755 bytes leftover after parsing attributes in process `syz.0.112'. [ 39.652571][ T5174] veth0_macvtap: entered promiscuous mode [ 39.658370][ T5174] veth1_macvtap: entered promiscuous mode [ 39.672211][ T5174] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.677888][ T5174] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.688422][ T40] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.688532][ T40] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.688567][ T40] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.688595][ T40] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.753648][ T5275] netlink: 360 bytes leftover after parsing attributes in process `syz.0.115'. [ 39.753814][ T5275] netlink: 8 bytes leftover after parsing attributes in process `syz.0.115'. [ 39.774263][ T3812] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.776018][ T3812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.797061][ T3835] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.797083][ T3835] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.852093][ T5290] EXT4-fs: Ignoring removed bh option [ 39.867109][ T5290] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.903010][ T5298] netlink: 'syz.0.120': attribute type 1 has an invalid length. [ 39.904100][ T5298] netlink: 4 bytes leftover after parsing attributes in process `syz.0.120'. [ 39.949876][ T5287] netlink: 40 bytes leftover after parsing attributes in process `syz.5.92'. [ 39.966973][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.061260][ T5311] bridge1: port 1(veth0_to_bond) entered blocking state [ 40.061352][ T5311] bridge1: port 1(veth0_to_bond) entered disabled state [ 40.061438][ T5311] veth0_to_bond: entered allmulticast mode [ 40.062077][ T5311] veth0_to_bond: entered promiscuous mode [ 40.062402][ T5311] bridge1: port 1(veth0_to_bond) entered blocking state [ 40.062434][ T5311] bridge1: port 1(veth0_to_bond) entered forwarding state [ 40.347897][ T5323] EXT4-fs error (device loop3): ext4_iget_extra_inode:5128: inode #15: comm syz.3.129: corrupted in-inode xattr: invalid ea_ino [ 40.347927][ T5323] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 40.350869][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 40.350885][ C0] EXT4-fs (loop3): initial error at time 40: ext4_iget_extra_inode:5128: inode 15 [ 40.350902][ C0] EXT4-fs (loop3): last error at time 40: ext4_iget_extra_inode:5128: inode 15 [ 40.355468][ T5323] EXT4-fs (loop3): Remounting filesystem read-only [ 40.363119][ T5323] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.367516][ T5323] FAULT_INJECTION: forcing a failure. [ 40.367516][ T5323] name failslab, interval 1, probability 0, space 0, times 1 [ 40.369396][ T5323] CPU: 1 UID: 0 PID: 5323 Comm: syz.3.129 Not tainted syzkaller #0 PREEMPT [ 40.369411][ T5323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 40.369417][ T5323] Call trace: [ 40.369421][ T5323] show_stack+0x2c/0x3c (C) [ 40.369441][ T5323] __dump_stack+0x30/0x40 [ 40.369452][ T5323] dump_stack_lvl+0xd8/0x12c [ 40.369462][ T5323] dump_stack+0x1c/0x28 [ 40.369472][ T5323] should_fail_ex+0x414/0x588 [ 40.369481][ T5323] should_failslab+0xc4/0x124 [ 40.369489][ T5323] kmem_cache_alloc_noprof+0x8c/0x610 [ 40.369498][ T5323] alloc_empty_file+0x6c/0x1cc [ 40.369505][ T5323] path_openat+0xd4/0x2a6c [ 40.369512][ T5323] do_file_open+0x1c4/0x2e4 [ 40.369520][ T5323] do_sys_openat2+0x114/0x1e8 [ 40.369529][ T5323] do_sys_open+0xac/0xdc [ 40.369538][ T5323] __arm64_sys_openat+0x9c/0xb8 [ 40.369546][ T5323] invoke_syscall+0x98/0x244 [ 40.369556][ T5323] el0_svc_common+0xe8/0x23c [ 40.369565][ T5323] do_el0_svc+0x48/0x58 [ 40.369574][ T5323] el0_svc+0x64/0x260 [ 40.369582][ T5323] el0t_64_sync_handler+0x48/0x148 [ 40.369589][ T5323] el0t_64_sync+0x198/0x19c [ 40.396452][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.408826][ T4721] Bluetooth: hci0: command tx timeout [ 40.486617][ T5331] binder: 5330:5331 tried to acquire reference to desc 0, got 1 instead [ 40.486838][ T5331] binder: 5330:5331 got reply transaction with bad transaction stack, transaction 7 has target 5330:0 [ 40.487270][ T5331] binder: 5330:5331 transaction reply to 0:0 failed 8/29201/-71, code 0 size 0-0 line 3154 [ 40.487888][ T5331] binder: 5330:5331 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 40.487914][ T5331] binder: 5331 RLIMIT_NICE not set [ 40.487932][ T5331] binder: 5331 RLIMIT_NICE not set [ 40.490737][ T5331] binder: 5330:5331 got new transaction with bad transaction stack, transaction 7 has target 5330:5331 [ 40.490759][ T5331] binder: 5330:5331 transaction call to 5330:0 failed 9/29201/-71, code 0 size 0-0 line 3296 [ 40.492357][ T4954] binder: release 5330:5331 transaction 7 out, still active [ 40.492373][ T4954] binder: undelivered TRANSACTION_ERROR: 29201 [ 40.498276][ T5329] FAULT_INJECTION: forcing a failure. [ 40.498276][ T5329] name failslab, interval 1, probability 0, space 0, times 0 [ 40.498290][ T5329] CPU: 1 UID: 0 PID: 5329 Comm: syz.3.131 Not tainted syzkaller #0 PREEMPT [ 40.498299][ T5329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 40.498304][ T5329] Call trace: [ 40.498306][ T5329] show_stack+0x2c/0x3c (C) [ 40.498322][ T5329] __dump_stack+0x30/0x40 [ 40.498334][ T5329] dump_stack_lvl+0xd8/0x12c [ 40.498343][ T5329] dump_stack+0x1c/0x28 [ 40.498353][ T5329] should_fail_ex+0x414/0x588 [ 40.498366][ T5329] should_failslab+0xc4/0x124 [ 40.498374][ T5329] __kmalloc_node_track_caller_noprof+0x100/0x748 [ 40.498384][ T5329] kstrndup+0x84/0x154 [ 40.498393][ T5329] smk_import_valid_label+0x34/0x6c [ 40.498401][ T5329] do_setattr+0x1a0/0x3b8 [ 40.498411][ T5329] smack_setprocattr+0x10c/0x17c [ 40.498420][ T5329] security_setprocattr+0x180/0x1a4 [ 40.498431][ T5329] proc_pid_attr_write+0x56c/0x5c0 [ 40.498442][ T5329] do_loop_readv_writev+0x248/0x3d8 [ 40.498449][ T5329] vfs_writev+0x2e8/0x664 [ 40.498456][ T5329] do_writev+0x134/0x2a4 [ 40.498462][ T5329] __arm64_sys_writev+0x80/0x94 [ 40.498472][ T5329] invoke_syscall+0x98/0x244 [ 40.498481][ T5329] el0_svc_common+0xe8/0x23c [ 40.498490][ T5329] do_el0_svc+0x48/0x58 [ 40.498500][ T5329] el0_svc+0x64/0x260 [ 40.498507][ T5329] el0t_64_sync_handler+0x48/0x148 [ 40.498514][ T5329] el0t_64_sync+0x198/0x19c [ 40.505249][ T4954] binder: release 5330:5331 transaction 7 in, still active [ 40.505267][ T4954] binder: send failed reply for transaction 7, target dead [ 40.561444][ T5334] vfat: Unknown parameter 'utf8sÆ' [ 40.612488][ T5340] 0·: renamed from hsr0 (while UP) [ 40.615001][ T5340] 0·: entered allmulticast mode [ 40.616121][ T5340] hsr_slave_0: entered allmulticast mode [ 40.617342][ T5340] hsr_slave_1: entered allmulticast mode [ 40.621071][ T5340] A link change request failed with some changes committed already. Interface c0· may have been left with an inconsistent configuration, please check. [ 41.301267][ T5380] input: syz1 as /devices/virtual/input/input3 [ 41.313623][ T5380] tipc: Started in network mode [ 41.314784][ T5380] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 41.316643][ T5380] tipc: Enabled bearer , priority 10 [ 41.688960][ T4722] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 41.846776][ T5394] No such timeout policy "syz1" [ 41.990480][ T5403] set_capacity_and_notify: 3 callbacks suppressed [ 41.990691][ T5403] loop5: detected capacity change from 0 to 512 [ 42.044985][ T5403] syz.5.158: attempt to access beyond end of device [ 42.044985][ T5403] loop5: rw=0, sector=17179852714, nr_sectors = 1 limit=512 [ 42.048315][ T5403] FAT-fs (loop5): error, invalid access to FAT (entry 0x0fffff00) [ 42.048329][ T5403] FAT-fs (loop5): Filesystem has been set read-only [ 42.071682][ T5406] loop0: detected capacity change from 0 to 128 [ 42.430470][ T4717] tipc: Node number set to 10136234 [ 42.440058][ T217] kworker/u8:4: attempt to access beyond end of device [ 42.440058][ T217] loop0: rw=1, sector=145, nr_sectors = 8 limit=128 [ 42.440169][ T217] kworker/u8:4: attempt to access beyond end of device [ 42.440169][ T217] loop0: rw=1, sector=161, nr_sectors = 8 limit=128 [ 42.440201][ T217] kworker/u8:4: attempt to access beyond end of device [ 42.440201][ T217] loop0: rw=1, sector=177, nr_sectors = 8 limit=128 [ 42.440236][ T217] kworker/u8:4: attempt to access beyond end of device [ 42.440236][ T217] loop0: rw=1, sector=193, nr_sectors = 8 limit=128 [ 42.440270][ T217] kworker/u8:4: attempt to access beyond end of device [ 42.440270][ T217] loop0: rw=1, sector=209, nr_sectors = 8 limit=128 [ 42.440302][ T217] kworker/u8:4: attempt to access beyond end of device [ 42.440302][ T217] loop0: rw=1, sector=225, nr_sectors = 8 limit=128 [ 42.440331][ T217] kworker/u8:4: attempt to access beyond end of device [ 42.440331][ T217] loop0: rw=1, sector=241, nr_sectors = 8 limit=128 [ 42.440359][ T217] kworker/u8:4: attempt to access beyond end of device [ 42.440359][ T217] loop0: rw=1, sector=257, nr_sectors = 8 limit=128 [ 42.440388][ T217] kworker/u8:4: attempt to access beyond end of device [ 42.440388][ T217] loop0: rw=1, sector=273, nr_sectors = 8 limit=128 [ 42.481291][ T5422] loop2: detected capacity change from 0 to 4096 [ 42.483096][ T5422] EXT4-fs: Ignoring removed mblk_io_submit option [ 42.486271][ T5422] EXT4-fs (loop2): Test dummy encryption mode enabled [ 42.487999][ T5424] loop4: detected capacity change from 0 to 1024 [ 42.490482][ T4722] Bluetooth: hci0: command tx timeout [ 42.556788][ T5422] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.568949][ T5422] overlayfs: failed to resolve './bus': -2 [ 43.773042][ T5409] loop5: detected capacity change from 0 to 128 [ 44.324435][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.371091][ T5448] netlink: 'syz.0.171': attribute type 1 has an invalid length. [ 44.387316][ T5448] 8021q: adding VLAN 0 to HW filter on device bond2 [ 44.387952][ T5457] __nla_validate_parse: 4 callbacks suppressed [ 44.387971][ T5457] netlink: 12 bytes leftover after parsing attributes in process `syz.5.174'. [ 44.412851][ T5448] loop0: detected capacity change from 0 to 512 [ 44.419409][ T5448] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 44.424148][ T4700] udevd[4700]: incorrect ext4 checksum on /dev/loop0 [ 44.476016][ T5448] gretap1: entered promiscuous mode [ 44.478168][ T5448] netlink: 34 bytes leftover after parsing attributes in process `syz.0.171'. [ 44.568724][ T4722] Bluetooth: hci0: command tx timeout [ 44.728084][ T5457] netlink: 12 bytes leftover after parsing attributes in process `syz.5.174'. [ 44.735654][ T5464] 9pnet_fd: Insufficient options for proto=fd [ 44.810109][ T5475] netlink: 4 bytes leftover after parsing attributes in process `syz.0.181'. [ 44.848343][ T5479] loop4: detected capacity change from 0 to 4096 [ 44.848747][ T5479] EXT4-fs: Ignoring removed mblk_io_submit option [ 44.852180][ T5479] EXT4-fs (loop4): Test dummy encryption mode enabled [ 44.857423][ T5479] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.857568][ T5482] netlink: 'syz.5.184': attribute type 10 has an invalid length. [ 44.862431][ T5479] overlayfs: failed to resolve './bus': -2 [ 44.912268][ T5485] loop5: detected capacity change from 0 to 128 [ 44.925654][ T5485] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 44.937318][ T5174] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 45.255454][ T5497] fuse: Bad value for 'group_id' [ 45.255480][ T5497] fuse: Bad value for 'group_id' [ 45.313305][ T5498] loop2: detected capacity change from 0 to 512 [ 45.315130][ T5498] EXT4-fs (loop2): orphan cleanup on readonly fs [ 45.315445][ T5498] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.188: bg 0: block 63: padding at end of block bitmap is not set [ 45.315460][ T5498] loop2: lost filesystem error report for type 5 error -117 [ 45.315920][ T5498] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 45.315989][ T5498] EXT4-fs error (device loop2): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.2.188: EA inode 11 ref wraparound: ref_count=0 ref_change=-1 [ 45.316003][ T5498] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 45.317396][ T5498] EXT4-fs warning (device loop2): ext4_xattr_inode_dec_ref_all:1231: inode #11: comm syz.2.188: ea_inode dec ref err=-117 [ 45.317518][ T5498] EXT4-fs (loop2): 1 orphan inode deleted [ 45.317956][ T5498] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 46.364346][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.462294][ T5512] xt_TPROXY: Can be used only with -p tcp or -p udp [ 46.562489][ T5519] No control pipe specified [ 46.718737][ T4722] Bluetooth: hci0: command tx timeout [ 46.755792][ T4709] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.760883][ T5518] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 46.848559][ T5532] netlink: 24 bytes leftover after parsing attributes in process `syz.4.198'. [ 46.875586][ T5535] netlink: 8 bytes leftover after parsing attributes in process `syz.4.200'. [ 47.880588][ T5542] loop4: detected capacity change from 0 to 512 [ 47.890031][ T5542] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 47.892947][ T5542] EXT4-fs (loop4): orphan cleanup on readonly fs [ 47.894793][ T5542] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.201: inode #15: comm syz.4.201: iget: illegal inode # [ 47.894824][ T5542] loop4: lost filesystem error report for type 5 error -117 [ 47.897621][ T5542] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.201: couldn't read orphan inode 15 (err -117) [ 47.899106][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 47.899116][ C0] EXT4-fs (loop4): initial error at time 48: ext4_orphan_get:1397 [ 47.899130][ C0] EXT4-fs (loop4): last error at time 48: ext4_orphan_get:1397 [ 47.902390][ T5542] loop4: lost filesystem error report for type 5 error -117 [ 47.907252][ T5542] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 48.428768][ T5542] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 48.430922][ T5542] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 48.436516][ T5548] loop3: detected capacity change from 0 to 4096 [ 48.436828][ T5548] EXT4-fs: Ignoring removed mblk_io_submit option [ 48.440781][ T5548] EXT4-fs (loop3): Test dummy encryption mode enabled [ 48.442521][ T5548] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.448899][ T5548] overlayfs: failed to resolve './bus': -2 [ 48.532317][ T4709] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.544540][ T5555] loop2: detected capacity change from 0 to 128 [ 48.802012][ T5559] loop5: detected capacity change from 0 to 128 [ 48.804856][ T5559] Smack: duplicate mount options [ 48.850000][ T5559] loop5: detected capacity change from 0 to 4096 [ 48.851842][ T5559] EXT4-fs: Ignoring removed mblk_io_submit option [ 48.855594][ T5559] EXT4-fs (loop5): Test dummy encryption mode enabled [ 48.893223][ T5559] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.214275][ T5174] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.309968][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.315913][ T5583] loop4: detected capacity change from 0 to 512 [ 49.317765][ T5583] EXT4-fs: Ignoring removed bh option [ 49.354649][ T5583] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 49.354803][ T5583] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 49.360016][ T5580] loop5: detected capacity change from 0 to 128 [ 49.361139][ T5583] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 49.361552][ T5580] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 49.362092][ T5583] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 49.364421][ T5580] FAT-fs (loop5): bread failed, FSINFO block (sector = 148) [ 49.371078][ T5583] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.371465][ T5581] netlink: 20 bytes leftover after parsing attributes in process `syz.5.211'. [ 49.373077][ T5580] netlink: 20 bytes leftover after parsing attributes in process `syz.5.211'. [ 49.391974][ T5589] loop3: detected capacity change from 0 to 1024 [ 49.402057][ T5591] loop2: detected capacity change from 0 to 512 [ 49.411436][ T5591] loop2: detected capacity change from 0 to 512 [ 49.413653][ T5583] netlink: 'syz.4.213': attribute type 5 has an invalid length. [ 49.415707][ T5583] netlink: 24 bytes leftover after parsing attributes in process `syz.4.213'. [ 49.425544][ T5589] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 49.428369][ T5591] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 49.436818][ T5589] EXT4-fs error (device loop3): ext4_map_blocks:833: inode #15: block 3: comm syz.3.214: lblock 3 mapped to illegal pblock 3 (length 3) [ 49.439504][ T5589] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 49.439529][ T5589] EXT4-fs (loop3): This should not happen!! Data will be lost [ 49.439529][ T5589] [ 49.463723][ T5591] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.467569][ T15] EXT4-fs error (device loop3): ext4_map_blocks:833: inode #15: block 8: comm kworker/u8:1: lblock 8 mapped to illegal pblock 8 (length 4) [ 49.473923][ T15] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 4 with error 117 [ 49.473957][ T15] EXT4-fs (loop3): This should not happen!! Data will be lost [ 49.473957][ T15] [ 49.479282][ T4715] EXT4-fs warning (device loop3): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 49.514362][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 49.515410][ T4709] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.618683][ T4797] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 49.621044][ T5604] netlink: 4 bytes leftover after parsing attributes in process `syz.4.218'. [ 49.621352][ T5606] netlink: 4 bytes leftover after parsing attributes in process `syz.4.218'. [ 49.626983][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.929235][ T4892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 50.006518][ T5614] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.221: inode has both inline data and extents flags [ 50.006558][ T5614] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 50.009439][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 50.009451][ C0] EXT4-fs (loop0): initial error at time 50: ext4_orphan_get:1397: inode 15 [ 50.009466][ C0] EXT4-fs (loop0): last error at time 50: ext4_orphan_get:1397: inode 15 [ 50.016187][ T5614] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.221: couldn't read orphan inode 15 (err -117) [ 50.016213][ T5614] loop0: lost filesystem error report for type 5 error -117 [ 50.022770][ T5614] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.045115][ T5614] fscrypt (loop0, inode 18): Direct key flag not allowed with different contents and filenames modes [ 50.061660][ T5613] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 50.132806][ T4710] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.614986][ T5627] EXT4-fs: Ignoring removed mblk_io_submit option [ 50.618366][ T5627] EXT4-fs (loop3): Test dummy encryption mode enabled [ 50.633205][ T5627] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.970604][ T4892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 50.998725][ T5613] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 51.061798][ T5639] binder: 5638:5639 ioctl 4018620d 0 returned -22 [ 51.250561][ T5653] netlink: 24 bytes leftover after parsing attributes in process `syz.0.234'. [ 51.294207][ T5655] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.310180][ T5655] fscrypt (loop0, inode 15): Error -61 getting encryption context [ 51.318571][ T5655] netlink: 'syz.0.235': attribute type 10 has an invalid length. [ 51.328104][ T4710] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.491958][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.076880][ T4954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 52.132770][ T5687] netlink: 52 bytes leftover after parsing attributes in process `syz.2.245'. [ 52.145129][ T5687] EXT4-fs (loop2): filesystem is read-only [ 52.146478][ T5687] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 52.147166][ T5687] EXT4-fs (loop2): filesystem is read-only [ 52.147174][ T5687] EXT4-fs (loop2): orphan cleanup on readonly fs [ 52.147525][ T5687] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.245: bg 0: block 64: padding at end of block bitmap is not set [ 52.147541][ T5687] loop2: lost filesystem error report for type 5 error -117 [ 52.157928][ T5687] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6679: Corrupt filesystem [ 52.158649][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 52.158662][ C1] EXT4-fs (loop2): initial error at time 53: ext4_validate_block_bitmap:441 [ 52.158678][ C1] EXT4-fs (loop2): last error at time 53: ext4_validate_block_bitmap:441 [ 52.166992][ T5687] loop2: lost filesystem error report for type 5 error -117 [ 52.171467][ T5687] EXT4-fs (loop2): 1 orphan inode deleted [ 52.188022][ T5687] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 52.255391][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.283682][ T5692] 9p: Bad value for 'rfdno' [ 52.305578][ T5694] tipc: Started in network mode [ 52.306767][ T5694] tipc: Node identity 080211000001, cluster identity 4711 [ 52.308525][ T5694] tipc: Enabled bearer , priority 0 [ 52.353025][ T5696] FAT-fs (loop0): Directory bread(block 64) failed [ 52.353057][ T5696] FAT-fs (loop0): Directory bread(block 65) failed [ 52.353085][ T5696] FAT-fs (loop0): Directory bread(block 66) failed [ 52.353098][ T5696] FAT-fs (loop0): Directory bread(block 67) failed [ 52.353122][ T5696] FAT-fs (loop0): Directory bread(block 68) failed [ 52.353134][ T5696] FAT-fs (loop0): Directory bread(block 69) failed [ 52.353156][ T5696] FAT-fs (loop0): Directory bread(block 70) failed [ 52.353167][ T5696] FAT-fs (loop0): Directory bread(block 71) failed [ 52.353189][ T5696] FAT-fs (loop0): Directory bread(block 72) failed [ 52.353200][ T5696] FAT-fs (loop0): Directory bread(block 73) failed [ 52.363043][ T5696] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 52.473537][ T5710] tipc: Started in network mode [ 52.474695][ T5710] tipc: Node identity 2e7ebde1043f, cluster identity 4711 [ 52.474771][ T5710] tipc: Enabled bearer , priority 0 [ 52.483580][ T5706] EXT4-fs: Ignoring removed mblk_io_submit option [ 52.485124][ T5706] EXT4-fs (loop2): Test dummy encryption mode enabled [ 52.487492][ T5710] tipc: Disabling bearer [ 52.492065][ T5706] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.855293][ T4804] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 53.118365][ T5739] set_capacity_and_notify: 9 callbacks suppressed [ 53.118397][ T5739] loop5: detected capacity change from 0 to 256 [ 53.129339][ T4892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 53.147366][ T5739] FAT-fs (loop5): Directory bread(block 64) failed [ 53.147518][ T5739] FAT-fs (loop5): Directory bread(block 65) failed [ 53.147741][ T5739] FAT-fs (loop5): Directory bread(block 66) failed [ 53.147892][ T5739] FAT-fs (loop5): Directory bread(block 67) failed [ 53.148348][ T5739] FAT-fs (loop5): Directory bread(block 68) failed [ 53.148477][ T5739] FAT-fs (loop5): Directory bread(block 69) failed [ 53.154866][ T5739] FAT-fs (loop5): Directory bread(block 70) failed [ 53.222551][ T5740] can0: slcan on ptm0. [ 53.249185][ T5740] loop3: detected capacity change from 0 to 512 [ 53.260173][ T5740] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 53.410285][ T5739] FAT-fs (loop5): Directory bread(block 71) failed [ 53.410363][ T5739] FAT-fs (loop5): Directory bread(block 72) failed [ 53.410393][ T5739] FAT-fs (loop5): Directory bread(block 73) failed [ 53.417957][ T5740] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.262: invalid block [ 53.417996][ T5740] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 53.420582][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 53.420597][ C1] EXT4-fs (loop3): initial error at time 54: ext4_get_branch:178: inode 11: block 4294967295 [ 53.420621][ C1] EXT4-fs (loop3): last error at time 54: ext4_get_branch:178: inode 11: block 4294967295 [ 53.420747][ T5740] EXT4-fs (loop3): Remounting filesystem read-only [ 53.420943][ T5740] EXT4-fs (loop3): 2 truncates cleaned up [ 53.421425][ T5740] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.424669][ T4797] tipc: Node number set to 134418688 [ 53.425016][ T5739] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 53.427065][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.592968][ T5745] loop4: detected capacity change from 0 to 4096 [ 53.610267][ T4804] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 53.611500][ T5745] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.254352][ T5771] lo speed is unknown, defaulting to 1000 [ 54.254571][ T5771] lo speed is unknown, defaulting to 1000 [ 54.258576][ T5771] lo speed is unknown, defaulting to 1000 [ 54.264191][ T5771] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 54.272905][ T5771] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 54.334308][ T5734] can0 (unregistered): slcan off ptm0. [ 54.348064][ T5771] lo speed is unknown, defaulting to 1000 [ 54.352879][ T5771] lo speed is unknown, defaulting to 1000 [ 54.356737][ T5771] lo speed is unknown, defaulting to 1000 [ 54.360893][ T5771] lo speed is unknown, defaulting to 1000 [ 54.365106][ T5771] lo speed is unknown, defaulting to 1000 [ 54.369335][ T5771] lo speed is unknown, defaulting to 1000 [ 55.101830][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.223866][ T4797] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 55.226952][ T4954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 55.375114][ T4709] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.392649][ T5785] loop0: detected capacity change from 0 to 4096 [ 55.393400][ T5785] EXT4-fs: inline encryption not supported [ 55.406445][ T5785] EXT4-fs (loop0): Test dummy encryption mode enabled [ 55.414176][ T5788] loop3: detected capacity change from 0 to 256 [ 55.422863][ T5785] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.488566][ T5794] FAULT_INJECTION: forcing a failure. [ 55.488566][ T5794] name failslab, interval 1, probability 0, space 0, times 0 [ 55.489121][ T5794] CPU: 1 UID: 0 PID: 5794 Comm: syz.5.270 Not tainted syzkaller #0 PREEMPT [ 55.489140][ T5794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 55.489147][ T5794] Call trace: [ 55.489151][ T5794] show_stack+0x2c/0x3c (C) [ 55.489173][ T5794] __dump_stack+0x30/0x40 [ 55.489184][ T5794] dump_stack_lvl+0xd8/0x12c [ 55.489194][ T5794] dump_stack+0x1c/0x28 [ 55.489203][ T5794] should_fail_ex+0x414/0x588 [ 55.489213][ T5794] should_failslab+0xc4/0x124 [ 55.489221][ T5794] __kmalloc_noprof+0x100/0x6f0 [ 55.489236][ T5794] ethnl_default_start+0xf8/0x384 [ 55.489246][ T5794] genl_start+0x430/0x608 [ 55.489253][ T5794] __netlink_dump_start+0x390/0x708 [ 55.489264][ T5794] genl_family_rcv_msg_dumpit+0x1a0/0x284 [ 55.489271][ T5794] genl_rcv_msg+0x40c/0x620 [ 55.489278][ T5794] netlink_rcv_skb+0x22c/0x410 [ 55.489288][ T5794] genl_rcv+0x38/0x50 [ 55.489294][ T5794] netlink_unicast+0x610/0x800 [ 55.489304][ T5794] netlink_sendmsg+0x63c/0x920 [ 55.489313][ T5794] __sock_sendmsg+0xc8/0x138 [ 55.489323][ T5794] ____sys_sendmsg+0x418/0x70c [ 55.489330][ T5794] ___sys_sendmsg+0x198/0x224 [ 55.489337][ T5794] __sys_sendmsg+0x160/0x214 [ 55.489343][ T5794] __arm64_sys_sendmsg+0x80/0x94 [ 55.489350][ T5794] invoke_syscall+0x98/0x244 [ 55.489360][ T5794] el0_svc_common+0xe8/0x23c [ 55.489370][ T5794] do_el0_svc+0x48/0x58 [ 55.489379][ T5794] el0_svc+0x64/0x260 [ 55.489387][ T5794] el0t_64_sync_handler+0x48/0x148 [ 55.489394][ T5794] el0t_64_sync+0x198/0x19c [ 55.647022][ T5788] FAT-fs (loop3): Directory bread(block 64) failed [ 55.647055][ T5788] FAT-fs (loop3): Directory bread(block 65) failed [ 55.647094][ T5788] FAT-fs (loop3): Directory bread(block 66) failed [ 55.647110][ T5788] FAT-fs (loop3): Directory bread(block 67) failed [ 55.647136][ T5788] FAT-fs (loop3): Directory bread(block 68) failed [ 55.647151][ T5788] FAT-fs (loop3): Directory bread(block 69) failed [ 55.647175][ T5788] FAT-fs (loop3): Directory bread(block 70) failed [ 55.647189][ T5788] FAT-fs (loop3): Directory bread(block 71) failed [ 55.647214][ T5788] FAT-fs (loop3): Directory bread(block 72) failed [ 55.647227][ T5788] FAT-fs (loop3): Directory bread(block 73) failed [ 55.671919][ T5759] netlink: 4 bytes leftover after parsing attributes in process `syz.2.264'. [ 55.694888][ T4710] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.757465][ T5806] bpf setsockopt: ignoring program buffer with optlen=536871720 (max_optlen=4096) [ 55.858369][ T5815] binder: 5814:5815 ioctl c0306201 0 returned -14 [ 55.876015][ T5815] loop0: detected capacity change from 0 to 512 [ 55.877835][ T5815] EXT4-fs (loop0): Test dummy encryption mode enabled [ 55.920350][ T5815] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 55.921651][ T5815] EXT4-fs (loop0): Errors on filesystem, clearing orphan list. [ 55.922087][ T5815] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.938722][ T4717] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 56.189860][ T5825] FAULT_INJECTION: forcing a failure. [ 56.189860][ T5825] name failslab, interval 1, probability 0, space 0, times 0 [ 56.190183][ T5825] CPU: 1 UID: 0 PID: 5825 Comm: syz.0.279 Not tainted syzkaller #0 PREEMPT [ 56.190199][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 56.190205][ T5825] Call trace: [ 56.190208][ T5825] show_stack+0x2c/0x3c (C) [ 56.190234][ T5825] __dump_stack+0x30/0x40 [ 56.190252][ T5825] dump_stack_lvl+0xd8/0x12c [ 56.190267][ T5825] dump_stack+0x1c/0x28 [ 56.190277][ T5825] should_fail_ex+0x414/0x588 [ 56.190286][ T5825] should_failslab+0xc4/0x124 [ 56.190294][ T5825] __kmalloc_noprof+0x100/0x6f0 [ 56.190303][ T5825] tomoyo_realpath_from_path+0xbc/0x4cc [ 56.190314][ T5825] tomoyo_path_number_perm+0x1f4/0x514 [ 56.190324][ T5825] tomoyo_file_ioctl+0x2c/0x3c [ 56.190331][ T5825] security_file_ioctl+0xdc/0x2b0 [ 56.190341][ T5825] __arm64_sys_ioctl+0xa8/0x1c4 [ 56.190351][ T5825] invoke_syscall+0x98/0x244 [ 56.190361][ T5825] el0_svc_common+0xe8/0x23c [ 56.190370][ T5825] do_el0_svc+0x48/0x58 [ 56.190379][ T5825] el0_svc+0x64/0x260 [ 56.190387][ T5825] el0t_64_sync_handler+0x48/0x148 [ 56.190395][ T5825] el0t_64_sync+0x198/0x19c [ 56.190429][ T5825] ERROR: Out of memory at tomoyo_realpath_from_path. [ 56.190526][ T5825] binder: 5814:5825 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 56.190582][ T5825] binder: 5814:5825 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 56.190626][ T5825] binder: 5825 RLIMIT_NICE not set [ 56.249031][ T4954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 56.269276][ T5828] loop3: detected capacity change from 0 to 512 [ 56.269625][ T5828] EXT4-fs: Ignoring removed mblk_io_submit option [ 56.271597][ T5828] EXT4-fs (loop3): Test dummy encryption mode enabled [ 56.286333][ T5828] EXT4-fs (loop3): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.305363][ T5820] EXT4-fs error (device loop3): __ext4_add_entry:2412: inode #2: comm syz.3.280: Directory hole found for htree leaf block 0 [ 56.308461][ T5820] EXT4-fs (loop3): Remounting filesystem read-only [ 57.394909][ T4954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 57.395818][ T5841] netlink: 8 bytes leftover after parsing attributes in process `syz.5.284'. [ 57.395835][ T5841] netlink: 8 bytes leftover after parsing attributes in process `syz.5.284'. [ 57.528765][ T5433] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 57.823235][ T5845] netlink: 4 bytes leftover after parsing attributes in process `syz.5.286'. [ 57.984393][ T4715] EXT4-fs (loop3): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 58.005179][ T4710] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.414014][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 58.452889][ T5875] loop5: detected capacity change from 0 to 512 [ 58.477208][ T5875] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 58.482774][ T5880] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 58.482845][ T5880] xt_cluster: node mask cannot exceed total number of nodes [ 58.485264][ T5875] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28 [ 58.485280][ T5875] EXT4-fs (loop5): This should not happen!! Data will be lost [ 58.485280][ T5875] [ 58.485289][ T5875] EXT4-fs (loop5): Total free blocks count 0 [ 58.485296][ T5875] EXT4-fs (loop5): Free/Dirty block details [ 58.485311][ T5875] EXT4-fs (loop5): free_blocks=65280 [ 58.485327][ T5875] EXT4-fs (loop5): dirty_blocks=1 [ 58.485334][ T5875] EXT4-fs (loop5): Block reservation details [ 58.485340][ T5875] EXT4-fs (loop5): i_reserved_data_blocks=1 [ 58.523609][ T5884] loop4: detected capacity change from 0 to 256 [ 58.525487][ T5884] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 58.589677][ T39] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28 [ 58.589707][ T39] EXT4-fs (loop5): This should not happen!! Data will be lost [ 58.589707][ T39] [ 58.591161][ T5174] EXT4-fs warning (device loop5): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 58.655226][ T5893] netlink: 8 bytes leftover after parsing attributes in process `syz.5.302'. [ 58.946566][ T5899] netlink: 8 bytes leftover after parsing attributes in process `syz.4.303'. [ 58.946786][ T5899] netlink: 8 bytes leftover after parsing attributes in process `syz.4.303'. [ 58.968834][ T4804] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 59.021061][ T5909] netlink: 8 bytes leftover after parsing attributes in process `syz.5.308'. [ 59.241940][ T5913] virtio-fs: tag not found [ 59.451945][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 59.457357][ T5909] loop5: detected capacity change from 0 to 4096 [ 59.475780][ T5909] EXT4-fs (loop5): Online resizing not supported with bigalloc [ 59.653016][ T5929] overlayfs: statfs failed on './file0' [ 59.718060][ T5942] FAULT_INJECTION: forcing a failure. [ 59.718060][ T5942] name failslab, interval 1, probability 0, space 0, times 0 [ 59.721042][ T5942] CPU: 0 UID: 0 PID: 5942 Comm: syz.4.318 Not tainted syzkaller #0 PREEMPT [ 59.721064][ T5942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 59.721072][ T5942] Call trace: [ 59.721076][ T5942] show_stack+0x2c/0x3c (C) [ 59.721099][ T5942] __dump_stack+0x30/0x40 [ 59.721111][ T5942] dump_stack_lvl+0xd8/0x12c [ 59.721120][ T5942] dump_stack+0x1c/0x28 [ 59.721130][ T5942] should_fail_ex+0x414/0x588 [ 59.721140][ T5942] should_failslab+0xc4/0x124 [ 59.721148][ T5942] __kmalloc_node_track_caller_noprof+0x100/0x748 [ 59.721158][ T5942] kmemdup_nul+0x48/0xfc [ 59.721168][ T5942] vfs_parse_fs_qstr+0x100/0x1c8 [ 59.721179][ T5942] vfs_parse_monolithic_sep+0x1e8/0x26c [ 59.721189][ T5942] generic_parse_monolithic+0x30/0x40 [ 59.721199][ T5942] parse_monolithic_mount_data+0x78/0x8c [ 59.721206][ T5942] do_new_mount+0x270/0x540 [ 59.721218][ T5942] path_mount+0x5d0/0xa68 [ 59.721227][ T5942] do_mount+0xe8/0x148 [ 59.721235][ T5942] __arm64_sys_mount+0x334/0x380 [ 59.721243][ T5942] invoke_syscall+0x98/0x244 [ 59.721253][ T5942] el0_svc_common+0xe8/0x23c [ 59.721263][ T5942] do_el0_svc+0x48/0x58 [ 59.721272][ T5942] el0_svc+0x64/0x260 [ 59.721280][ T5942] el0t_64_sync_handler+0x48/0x148 [ 59.721288][ T5942] el0t_64_sync+0x198/0x19c [ 60.018959][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 60.490856][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 60.512054][ T5962] loop0: detected capacity change from 0 to 256 [ 60.514404][ T5962] vfat: Unknown parameter 'codeµ?ge' [ 60.591070][ T5966] Driver unsupported XDP return value 0 on prog (id 26) dev N/A, expect packet loss! [ 60.853421][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 60.887317][ T4804] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.153117][ T5977] netlink: 12 bytes leftover after parsing attributes in process `syz.5.329'. [ 61.237019][ T5982] netlink: 8 bytes leftover after parsing attributes in process `syz.0.328'. [ 61.529605][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.083226][ T4797] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.155902][ T5999] netlink: 8 bytes leftover after parsing attributes in process `syz.4.340'. [ 62.552645][ T6013] overlayfs: unescaped trailing colons in lowerdir mount option. [ 62.555002][ T6013] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.555140][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.555583][ T6013] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.555772][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.558111][ T6013] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.582573][ T6015] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 62.582592][ T6015] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 62.586005][ T6015] vhci_hcd vhci_hcd.0: Device attached [ 62.586910][ T6017] vhci_hcd: connection closed [ 62.589095][ T39] vhci_hcd vhci_hcd.2: stop threads [ 62.589364][ T39] vhci_hcd vhci_hcd.2: release socket [ 62.589397][ T39] vhci_hcd vhci_hcd.2: disconnect device [ 62.680029][ T6025] kernel profiling enabled (shift: 17) [ 62.683219][ T6025] netlink: 80 bytes leftover after parsing attributes in process `syz.4.347'. [ 62.934279][ T6035] syzkaller0: entered promiscuous mode [ 62.934311][ T6035] syzkaller0: entered allmulticast mode [ 63.033663][ T6039] syz_tun: entered allmulticast mode [ 63.241609][ T6049] netlink: 8 bytes leftover after parsing attributes in process `syz.0.352'. [ 63.958332][ T6053] FAULT_INJECTION: forcing a failure. [ 63.958332][ T6053] name failslab, interval 1, probability 0, space 0, times 0 [ 63.958368][ T6053] CPU: 1 UID: 0 PID: 6053 Comm: syz.3.357 Not tainted syzkaller #0 PREEMPT [ 63.958381][ T6053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 63.958388][ T6053] Call trace: [ 63.958392][ T6053] show_stack+0x2c/0x3c (C) [ 63.958412][ T6053] __dump_stack+0x30/0x40 [ 63.958423][ T6053] dump_stack_lvl+0xd8/0x12c [ 63.958433][ T6053] dump_stack+0x1c/0x28 [ 63.958442][ T6053] should_fail_ex+0x414/0x588 [ 63.958452][ T6053] should_failslab+0xc4/0x124 [ 63.958460][ T6053] __kmalloc_noprof+0x100/0x6f0 [ 63.958469][ T6053] tomoyo_encode2+0x10c/0x33c [ 63.958480][ T6053] tomoyo_encode+0x34/0x50 [ 63.958489][ T6053] tomoyo_realpath_from_path+0x478/0x4cc [ 63.958499][ T6053] tomoyo_check_open_permission+0x1cc/0x39c [ 63.958509][ T6053] tomoyo_file_open+0x78/0xcc [ 63.958515][ T6053] security_file_open+0xbc/0x258 [ 63.958525][ T6053] do_dentry_open+0x2ac/0xfc8 [ 63.958535][ T6053] vfs_open+0x44/0x2d4 [ 63.958543][ T6053] path_openat+0x2234/0x2a6c [ 63.958551][ T6053] do_file_open+0x1c4/0x2e4 [ 63.958559][ T6053] do_sys_openat2+0x114/0x1e8 [ 63.958567][ T6053] do_sys_open+0xac/0xdc [ 63.958576][ T6053] __arm64_sys_openat+0x9c/0xb8 [ 63.958585][ T6053] invoke_syscall+0x98/0x244 [ 63.958594][ T6053] el0_svc_common+0xe8/0x23c [ 63.958603][ T6053] do_el0_svc+0x48/0x58 [ 63.958612][ T6053] el0_svc+0x64/0x260 [ 63.958620][ T6053] el0t_64_sync_handler+0x48/0x148 [ 63.958630][ T6053] el0t_64_sync+0x198/0x19c [ 63.999032][ T6053] ERROR: Out of memory at tomoyo_realpath_from_path. [ 64.062345][ T6055] fuse: Unknown parameter ' á—p_id' [ 64.073197][ T6055] netlink: 12 bytes leftover after parsing attributes in process `syz.2.358'. [ 64.103433][ T6066] loop0: detected capacity change from 0 to 512 [ 64.159736][ T6074] nfs: Unknown parameter 'defcontext' [ 64.168251][ T6058] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.175886][ T6066] EXT4-fs error (device loop0): ext4_iget_extra_inode:5128: inode #15: comm syz.0.361: corrupted in-inode xattr: invalid ea_ino [ 64.175918][ T6066] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 64.178650][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 64.178674][ C1] EXT4-fs (loop0): initial error at time 65: ext4_iget_extra_inode:5128: inode 15 [ 64.178715][ C1] EXT4-fs (loop0): last error at time 65: ext4_iget_extra_inode:5128: inode 15 [ 64.185719][ T6066] EXT4-fs (loop0): Remounting filesystem read-only [ 64.187432][ T6066] EXT4-fs mount: 4 callbacks suppressed [ 64.187459][ T6066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.200200][ T30] audit: type=1400 audit(65.172:9): lsm=SMACK fn=smack_inode_permission action=denied subject="_" object="min_batch_time" requested=x pid=6061 comm="syz.0.361" name="/" dev="loop0" ino=2 [ 64.211515][ T6079] loop3: detected capacity change from 0 to 128 [ 64.445961][ T6079] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 64.452837][ T4710] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.491022][ T1594] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.491074][ T1594] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.492377][ T1093] cfg80211: failed to load regulatory.db [ 64.506996][ T4715] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 64.538240][ T6093] loop3: detected capacity change from 0 to 512 [ 64.552184][ T6093] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.575224][ T6093] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 64.577002][ T6093] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28 [ 64.577018][ T6093] EXT4-fs (loop3): This should not happen!! Data will be lost [ 64.577018][ T6093] [ 64.577026][ T6093] EXT4-fs (loop3): Total free blocks count 0 [ 64.577033][ T6093] EXT4-fs (loop3): Free/Dirty block details [ 64.577041][ T6093] EXT4-fs (loop3): free_blocks=65280 [ 64.577075][ T6093] EXT4-fs (loop3): dirty_blocks=33 [ 64.577081][ T6093] EXT4-fs (loop3): Block reservation details [ 64.577087][ T6093] EXT4-fs (loop3): i_reserved_data_blocks=33 [ 64.593379][ T6093] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28 [ 64.606742][ T4715] EXT4-fs warning (device loop3): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 64.795187][ T6107] netlink: 8 bytes leftover after parsing attributes in process `syz.3.371'. [ 65.568495][ T6109] netlink: 4 bytes leftover after parsing attributes in process `syz.0.373'. [ 65.692005][ T4954] net_ratelimit: 9 callbacks suppressed [ 65.692035][ T4954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 65.864377][ T6119] fuse: Unknown parameter '000000000000000000030x0000000000000003' [ 65.966790][ T6128] netlink: 24 bytes leftover after parsing attributes in process `syz.5.380'. [ 65.966835][ T6128] bond0: invalid ARP target 0.0.0.0 specified for addition [ 65.966849][ T6128] bond0: option arp_ip_target: invalid value (0) [ 66.100736][ T6133] netlink: 16 bytes leftover after parsing attributes in process `syz.0.383'. [ 66.318081][ T6137] process 'syz.2.384' launched './file1' with NULL argv: empty string added [ 66.524011][ T6139] loop5: detected capacity change from 0 to 512 [ 66.536680][ T6139] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities [ 66.646554][ T6129] mmap: syz.3.381 (6129) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 66.722156][ T6129] netlink: 4 bytes leftover after parsing attributes in process `syz.3.381'. [ 66.729060][ T4892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 66.876356][ T6146] loop5: detected capacity change from 0 to 512 [ 66.902155][ T6146] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz.5.387: casefold flag without casefold feature [ 66.902192][ T6146] loop5: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 66.905245][ T6146] EXT4-fs error (device loop5): ext4_orphan_get:1402: comm syz.5.387: couldn't read orphan inode 15 (err -117) [ 66.905286][ T6146] loop5: lost filesystem error report for type 5 error -117 [ 66.909868][ C0] EXT4-fs (loop5): error count since last fsck: 2 [ 66.909887][ C0] EXT4-fs (loop5): initial error at time 68: ext4_orphan_get:1397: inode 15 [ 66.909907][ C0] EXT4-fs (loop5): last error at time 68: ext4_orphan_get:1402 [ 66.916952][ T6146] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0009-000000000000 r/w without journal. Quota mode: none. [ 66.955218][ T6146] EXT4-fs error (device loop5): ext4_readdir:265: inode #2: block 3: comm syz.5.387: path /62/éq‰Y’3aK: bad entry in directory: directory entry overrun - offset=60, inode=458767, rec_len=4096, size=4096 fake=0 [ 67.019706][ T5174] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0009-000000000000. [ 67.058322][ T30] audit: type=1326 audit(69.032:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6156 comm="syz.0.394" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c777aa8 code=0x7ffc0000 [ 67.058362][ T30] audit: type=1326 audit(69.032:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6156 comm="syz.0.394" exe="/root/ci-upstream-gce-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c777aa8 code=0x7ffc0000 [ 67.122614][ T6167] loop2: detected capacity change from 0 to 1024 [ 67.127508][ T6167] EXT4-fs: Ignoring removed orlov option [ 67.129363][ T4717] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 67.132712][ T6157] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 67.154665][ T6167] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a042c118, mo2=0002] [ 67.154714][ T6167] System zones: 0-1, 3-12 [ 67.155278][ T6167] EXT4-fs (loop2): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 67.185210][ T6174] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 67.185249][ T6174] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 67.222627][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0500-0000-0000-000000000000. [ 67.322632][ T6187] netlink: 'syz.2.404': attribute type 10 has an invalid length. [ 67.327715][ T6187] syz_tun: entered promiscuous mode [ 67.328839][ T6187] syz_tun: entered allmulticast mode [ 67.340831][ T6189] netlink: 'syz.0.400': attribute type 1 has an invalid length. [ 67.340859][ T6189] netlink: 56 bytes leftover after parsing attributes in process `syz.0.400'. [ 67.363431][ T6187] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 67.769397][ T4954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 68.338240][ T6217] netlink: 12 bytes leftover after parsing attributes in process `syz.4.413'. [ 68.369099][ T6219] loop4: detected capacity change from 0 to 512 [ 68.388692][ T6219] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.423937][ T6223] loop3: detected capacity change from 0 to 512 [ 68.425642][ T6223] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 68.429912][ T6223] EXT4-fs (loop3): warning: maximal mount count reached, running e2fsck is recommended [ 68.432678][ T6223] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.415: inode #15: comm syz.3.415: iget: illegal inode # [ 68.432711][ T6223] loop3: lost filesystem error report for type 5 error -117 [ 68.436581][ T6223] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.415: couldn't read orphan inode 15 (err -117) [ 68.436623][ T6223] loop3: lost filesystem error report for type 5 error -117 [ 68.440856][ C0] EXT4-fs (loop3): error count since last fsck: 2 [ 68.440871][ C0] EXT4-fs (loop3): initial error at time 70: ext4_orphan_get:1397 [ 68.440883][ C0] EXT4-fs (loop3): last error at time 70: ext4_orphan_get:1402 [ 68.443263][ T6223] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.446512][ T6223] EXT4-fs error (device loop3): ext4_lookup:1785: comm syz.3.415: inode #15: comm syz.3.415: iget: illegal inode # [ 68.464375][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.545620][ T6239] ªªªªªª: renamed from veth1_to_team (while UP) [ 68.589795][ T6241] syzkaller0: entered promiscuous mode [ 68.589827][ T6241] syzkaller0: entered allmulticast mode [ 68.834338][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 68.891673][ T6252] loop2: detected capacity change from 0 to 1024 [ 68.903137][ T6252] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 69.006619][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 69.027454][ T6264] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode [ 69.030613][ T6264] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode [ 69.446538][ T6270] loop2: detected capacity change from 0 to 512 [ 69.446893][ T6270] EXT4-fs: Ignoring removed bh option [ 69.446926][ T6270] EXT4-fs: Ignoring removed oldalloc option [ 69.452449][ T6270] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 69.453018][ T4709] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.465018][ T6270] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 69.471384][ T6270] EXT4-fs (loop2): 1 truncate cleaned up [ 69.473032][ T6270] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.621068][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.834049][ T6287] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.834185][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.834309][ T6287] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.839338][ T6287] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.839441][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 70.046076][ T6306] loop3: detected capacity change from 0 to 1024 [ 70.047883][ T6306] EXT4-fs: Ignoring removed bh option [ 70.052451][ T6306] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 70.066330][ T6308] netlink: 40 bytes leftover after parsing attributes in process `syz.2.439'. [ 70.080921][ T6306] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.107505][ T6315] loop2: detected capacity change from 0 to 4096 [ 70.108843][ T6315] EXT4-fs: Ignoring removed mblk_io_submit option [ 70.110814][ T6315] EXT4-fs (loop2): Test dummy encryption mode enabled [ 70.118401][ T6315] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.120591][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.134010][ T6315] overlayfs: missing 'lowerdir' [ 70.224000][ T6321] loop3: detected capacity change from 0 to 512 [ 70.235802][ T6321] EXT4-fs (loop3): 1 truncate cleaned up [ 70.236356][ T6321] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.237732][ T6321] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.442: bg 0: block 465: padding at end of block bitmap is not set [ 70.544798][ T6326] binder: 6325:6326 tried to acquire reference to desc 0, got 1 instead [ 70.546873][ T6326] binder: 6325:6326 got transaction with invalid offset (24, min 24 max 32) or object. [ 70.549458][ T6326] binder: 6325:6326 transaction async to 6325:0 failed 15/29201/-22, code 0 size 32-24 line 3509 [ 70.553521][ T6327] netlink: 'syz.4.444': attribute type 1 has an invalid length. [ 70.553800][ T4892] binder: undelivered TRANSACTION_ERROR: 29201 [ 70.573737][ T6327] 8021q: adding VLAN 0 to HW filter on device bond1 [ 70.583746][ T6330] loop5: detected capacity change from 0 to 512 [ 70.585836][ T6330] EXT4-fs: Ignoring removed nobh option [ 70.590600][ T6330] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (24564!=0) [ 70.593164][ T6330] EXT4-fs (loop5): external journal device major/minor numbers have changed [ 70.597273][ T6330] EXT4-fs (loop5): external journal has bad superblock [ 70.621630][ T6327] macvlan2: entered promiscuous mode [ 70.623127][ T6327] macvlan2: entered allmulticast mode [ 70.626680][ T6327] bond1: entered promiscuous mode [ 70.630292][ T6327] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 70.651714][ T6327] bond1: left promiscuous mode [ 70.655406][ T6335] netlink: 4 bytes leftover after parsing attributes in process `syz.4.444'. [ 70.673130][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.688819][ T6335] bond1: (slave bridge1): Enslaving as an active interface with a down link [ 70.695051][ T6335] macvlan2: entered promiscuous mode [ 70.697346][ T6335] macvlan2: entered allmulticast mode [ 70.697747][ T6335] bond1: entered promiscuous mode [ 70.703078][ T6335] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 70.710482][ T6335] bond1: left promiscuous mode [ 70.796007][ T6342] net_ratelimit: 109 callbacks suppressed [ 70.796040][ T6342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 70.796142][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 70.815794][ T6338] loop3: detected capacity change from 0 to 512 [ 70.845536][ T6338] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.890982][ T4892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 70.893049][ T4954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 70.907958][ T6346] loop4: detected capacity change from 0 to 256 [ 70.966458][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.135580][ T6362] FAULT_INJECTION: forcing a failure. [ 71.135580][ T6362] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 71.135641][ T6362] CPU: 0 UID: 0 PID: 6362 Comm: syz.2.455 Not tainted syzkaller #0 PREEMPT [ 71.135657][ T6362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 71.135662][ T6362] Call trace: [ 71.135666][ T6362] show_stack+0x2c/0x3c (C) [ 71.135685][ T6362] __dump_stack+0x30/0x40 [ 71.135695][ T6362] dump_stack_lvl+0xd8/0x12c [ 71.135705][ T6362] dump_stack+0x1c/0x28 [ 71.135714][ T6362] should_fail_ex+0x414/0x588 [ 71.135723][ T6362] should_fail+0x14/0x24 [ 71.135731][ T6362] should_fail_usercopy+0x20/0x30 [ 71.135739][ T6362] rng_dev_read+0x300/0x650 [ 71.135749][ T6362] vfs_read+0x230/0x8e4 [ 71.135759][ T6362] ksys_read+0x12c/0x224 [ 71.135768][ T6362] __arm64_sys_read+0x7c/0x90 [ 71.135778][ T6362] invoke_syscall+0x98/0x244 [ 71.135787][ T6362] el0_svc_common+0xe8/0x23c [ 71.135796][ T6362] do_el0_svc+0x48/0x58 [ 71.135806][ T6362] el0_svc+0x64/0x260 [ 71.135814][ T6362] el0t_64_sync_handler+0x48/0x148 [ 71.135821][ T6362] el0t_64_sync+0x198/0x19c [ 71.136925][ T6357] loop2: detected capacity change from 0 to 128 [ 71.177655][ T6357] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 71.319025][ T6373] binder: 6363:6373 got transaction to invalid handle, 1 [ 71.319066][ T6373] binder: 6363:6373 cannot find target node [ 71.319153][ T6373] binder: 6363:6373 transaction call to 0:0 failed 18/29201/-22, code 0 size 0-0 line 3236 [ 71.530151][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.538827][ T4797] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 71.564235][ T6382] netlink: 'syz.5.465': attribute type 1 has an invalid length. [ 71.577536][ T6383] loop3: detected capacity change from 0 to 1024 [ 71.588397][ T6379] loop4: detected capacity change from 0 to 4096 [ 71.589400][ T6379] EXT4-fs: Ignoring removed mblk_io_submit option [ 71.592582][ T6379] EXT4-fs (loop4): Test dummy encryption mode enabled [ 71.594240][ T6379] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.604373][ T6379] overlayfs: missing 'lowerdir' [ 71.653494][ T6389] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 71.662196][ T6390] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 71.680711][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.713086][ T6396] futex_wake_op: syz.3.469 tries to shift op by -1; fix this program [ 72.072267][ T4892] binder: undelivered TRANSACTION_ERROR: 29201 [ 72.241732][ T4892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 72.263837][ T4708] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 72.351442][ T6409] binder: 6408:6409 tried to acquire reference to desc 0, got 1 instead [ 72.351637][ T6409] binder: 6408:6409 got transaction with invalid offset (48, min 48 max 72) or object. [ 72.351682][ T6409] binder: 6408:6409 transaction call to 6408:0 failed 23/29201/-22, code 0 size 72-24 line 3509 [ 72.353969][ T4892] binder: undelivered TRANSACTION_ERROR: 29201 [ 72.452401][ T4709] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.461146][ T6417] random: crng reseeded on system resumption [ 72.534033][ T4797] kernel read not supported for file /newroot/87 (pid: 4797 comm: kworker/0:5) [ 72.598612][ T6429] FAULT_INJECTION: forcing a failure. [ 72.598612][ T6429] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 72.602976][ T6429] CPU: 1 UID: 0 PID: 6429 Comm: syz.0.481 Not tainted syzkaller #0 PREEMPT [ 72.603003][ T6429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 72.603009][ T6429] Call trace: [ 72.603012][ T6429] show_stack+0x2c/0x3c (C) [ 72.603037][ T6429] __dump_stack+0x30/0x40 [ 72.603053][ T6429] dump_stack_lvl+0xd8/0x12c [ 72.603063][ T6429] dump_stack+0x1c/0x28 [ 72.603073][ T6429] should_fail_ex+0x414/0x588 [ 72.603082][ T6429] should_fail+0x14/0x24 [ 72.603090][ T6429] should_fail_usercopy+0x20/0x30 [ 72.603099][ T6429] _inline_copy_from_user+0x40/0x180 [ 72.603107][ T6429] copy_msghdr_from_user+0xb8/0x194 [ 72.603115][ T6429] ___sys_sendmsg+0x14c/0x224 [ 72.603122][ T6429] __sys_sendmsg+0x160/0x214 [ 72.603128][ T6429] __arm64_sys_sendmsg+0x80/0x94 [ 72.603135][ T6429] invoke_syscall+0x98/0x244 [ 72.603145][ T6429] el0_svc_common+0xe8/0x23c [ 72.603154][ T6429] do_el0_svc+0x48/0x58 [ 72.603163][ T6429] el0_svc+0x64/0x260 [ 72.603171][ T6429] el0t_64_sync_handler+0x48/0x148 [ 72.603179][ T6429] el0t_64_sync+0x198/0x19c [ 72.683540][ T6432] netlink: 12 bytes leftover after parsing attributes in process `syz.4.477'. [ 73.309489][ T4954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.418058][ T6428] netlink: 8 bytes leftover after parsing attributes in process `syz.3.482'. [ 73.612296][ T6446] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.487: inode has both inline data and extents flags [ 73.612328][ T6446] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 73.615237][ T6446] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.487: couldn't read orphan inode 15 (err -117) [ 73.615271][ T6446] loop2: lost filesystem error report for type 5 error -117 [ 73.619492][ C1] EXT4-fs (loop2): error count since last fsck: 2 [ 73.619510][ C1] EXT4-fs (loop2): initial error at time 75: ext4_orphan_get:1397: inode 15 [ 73.619533][ C1] EXT4-fs (loop2): last error at time 75: ext4_orphan_get:1402 [ 73.623084][ T6446] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.755414][ T6451] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0002] [ 73.755462][ T6451] System zones: 1-3, 19-19, 35-36 [ 73.756027][ T6451] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 73.887395][ T6461] futex_wake_op: syz.0.492 tries to shift op by -1; fix this program [ 73.923555][ T4715] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 73.949352][ T4717] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 74.869111][ T6465] netlink: 'syz.5.494': attribute type 4 has an invalid length. [ 74.934148][ T4954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 75.163292][ T6221] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters [ 76.042095][ T4892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 76.043336][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.513040][ T6498] netlink: 28 bytes leftover after parsing attributes in process `syz.3.504'. [ 76.513089][ T6498] netlink: 'syz.3.504': attribute type 7 has an invalid length. [ 76.513101][ T6498] netlink: 'syz.3.504': attribute type 8 has an invalid length. [ 76.513111][ T6498] netlink: 4 bytes leftover after parsing attributes in process `syz.3.504'. [ 76.514945][ T6498] ip6gretap0: entered promiscuous mode [ 76.515476][ T6498] syz_tun: entered promiscuous mode [ 76.515719][ T6498] erspan0: entered promiscuous mode [ 76.515969][ T6498] debugfs: 'hsr0' already exists in 'hsr' [ 76.515979][ T6498] Cannot create hsr debugfs directory [ 76.528467][ T6494] set_capacity_and_notify: 4 callbacks suppressed [ 76.528650][ T6496] FAULT_INJECTION: forcing a failure. [ 76.528650][ T6496] name failslab, interval 1, probability 0, space 0, times 0 [ 76.528668][ T6496] CPU: 1 UID: 0 PID: 6496 Comm: syz.0.499 Not tainted syzkaller #0 PREEMPT [ 76.528680][ T6496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 76.528687][ T6496] Call trace: [ 76.528691][ T6496] show_stack+0x2c/0x3c (C) [ 76.528710][ T6496] __dump_stack+0x30/0x40 [ 76.528720][ T6496] dump_stack_lvl+0xd8/0x12c [ 76.528730][ T6496] dump_stack+0x1c/0x28 [ 76.528739][ T6496] should_fail_ex+0x414/0x588 [ 76.528748][ T6496] should_failslab+0xc4/0x124 [ 76.528756][ T6496] __kmalloc_noprof+0x100/0x6f0 [ 76.528765][ T6496] fib6_info_alloc+0x38/0xf0 [ 76.528776][ T6496] ip6_route_info_create+0x11c/0x704 [ 76.528783][ T6496] addrconf_f6i_alloc+0x1bc/0x3b4 [ 76.528791][ T6496] __ipv6_dev_ac_inc+0x33c/0x87c [ 76.528798][ T6496] ipv6_sock_ac_join+0x414/0x6d4 [ 76.528805][ T6496] do_ipv6_setsockopt+0x18c0/0x29d4 [ 76.528815][ T6496] ipv6_setsockopt+0x68/0x16c [ 76.528825][ T6496] udpv6_setsockopt+0xa8/0xc0 [ 76.528832][ T6496] sock_common_setsockopt+0xb0/0xcc [ 76.528843][ T6496] do_sock_setsockopt+0x1f0/0x330 [ 76.528849][ T6496] __sys_setsockopt+0x104/0x170 [ 76.528856][ T6496] __arm64_sys_setsockopt+0xb8/0xd4 [ 76.528863][ T6496] invoke_syscall+0x98/0x244 [ 76.528872][ T6496] el0_svc_common+0xe8/0x23c [ 76.528881][ T6496] do_el0_svc+0x48/0x58 [ 76.528890][ T6496] el0_svc+0x64/0x260 [ 76.528898][ T6496] el0t_64_sync_handler+0x48/0x148 [ 76.528906][ T6496] el0t_64_sync+0x198/0x19c [ 76.568574][ T6494] loop2: detected capacity change from 0 to 128 [ 76.584434][ T6494] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 77.037762][ T4717] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 77.040627][ T6514] binder: BINDER_SET_CONTEXT_MGR already set [ 77.040651][ T6514] binder: 6513:6514 ioctl 4018620d 20004a80 returned -16 [ 77.041085][ T6514] binder: 6513:6514 BC_CLEAR_FREEZE_NOTIFICATION invalid ref 4 [ 77.041099][ T6514] binder: 6513:6514 ioctl c0306201 20000480 returned -22 [ 77.050082][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 77.179198][ T6522] loop5: detected capacity change from 0 to 512 [ 77.182559][ T6522] EXT4-fs: Ignoring removed nomblk_io_submit option [ 77.192058][ T6522] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.201404][ T6522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.434252][ T6522] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.451843][ T4708] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 77.604194][ T6540] netlink: 12 bytes leftover after parsing attributes in process `syz.2.518'. [ 77.615376][ T6540] netlink: 4 bytes leftover after parsing attributes in process `syz.2.518'. [ 77.628339][ T6540] bridge1: port 1(veth3) entered blocking state [ 77.628428][ T6540] bridge1: port 1(veth3) entered disabled state [ 77.628507][ T6540] veth3: entered allmulticast mode [ 77.633244][ T6540] veth3: entered promiscuous mode [ 77.634963][ T6542] netlink: 24 bytes leftover after parsing attributes in process `syz.3.519'. [ 77.664101][ T6544] loop4: detected capacity change from 0 to 512 [ 77.664680][ T6540] bridge1: port 2(veth0_to_bond) entered blocking state [ 77.664763][ T6540] bridge1: port 2(veth0_to_bond) entered disabled state [ 77.664859][ T6540] veth0_to_bond: entered allmulticast mode [ 77.668589][ T6544] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.520: inode has both inline data and extents flags [ 77.668605][ T6544] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 77.668654][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 77.668663][ C1] EXT4-fs (loop4): initial error at time 79: ext4_orphan_get:1397: inode 15 [ 77.668676][ C1] EXT4-fs (loop4): last error at time 79: ext4_orphan_get:1397: inode 15 [ 77.680017][ T6544] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.520: couldn't read orphan inode 15 (err -117) [ 77.680052][ T6544] loop4: lost filesystem error report for type 5 error -117 [ 77.682797][ T6540] veth0_to_bond: entered promiscuous mode [ 77.687097][ T6547] loop3: detected capacity change from 0 to 512 [ 77.691544][ T6544] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.701549][ T6547] EXT4-fs (loop3): orphan cleanup on readonly fs [ 77.703540][ T6547] EXT4-fs error (device loop3): ext4_iget_extra_inode:5128: inode #15: comm syz.3.521: corrupted in-inode xattr: invalid size in ea xattr [ 77.703574][ T6547] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 77.706917][ T6540] vlan2: entered allmulticast mode [ 77.706938][ T6540] veth1_to_team: entered allmulticast mode [ 77.707212][ T6540] bridge1: port 3(vlan2) entered blocking state [ 77.707689][ T6540] bridge1: port 3(vlan2) entered disabled state [ 77.708245][ T6540] vlan2: entered promiscuous mode [ 77.708376][ T6540] veth1_to_team: entered promiscuous mode [ 77.708660][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 77.708690][ C1] EXT4-fs (loop3): initial error at time 79: ext4_iget_extra_inode:5128: inode 15 [ 77.708726][ C1] EXT4-fs (loop3): last error at time 79: ext4_iget_extra_inode:5128: inode 15 [ 77.722443][ T6547] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.521: couldn't read orphan inode 15 (err -117) [ 77.722473][ T6547] loop3: lost filesystem error report for type 5 error -117 [ 77.762024][ T6547] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 77.776344][ T6551] loop2: detected capacity change from 0 to 512 [ 77.778598][ T6551] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.522: inode has both inline data and extents flags [ 77.778676][ T6551] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 77.778833][ T6551] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.522: couldn't read orphan inode 15 (err -117) [ 77.778857][ T6551] loop2: lost filesystem error report for type 5 error -117 [ 77.779405][ T6551] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.523035][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 78.538332][ T6558] netlink: 'syz.0.523': attribute type 21 has an invalid length. [ 78.539984][ T6558] netlink: 128 bytes leftover after parsing attributes in process `syz.0.523'. [ 78.542051][ T6558] netlink: 'syz.0.523': attribute type 5 has an invalid length. [ 78.543695][ T6558] netlink: 'syz.0.523': attribute type 6 has an invalid length. [ 78.545341][ T6558] netlink: 3 bytes leftover after parsing attributes in process `syz.0.523'. [ 78.560366][ T6556] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters [ 78.568274][ T5174] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.716204][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.897246][ T4709] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.487519][ T6582] loop5: detected capacity change from 0 to 2048 [ 79.490271][ T6582] EXT4-fs: Ignoring removed nomblk_io_submit option [ 79.502166][ T6584] tipc: Started in network mode [ 79.503261][ T6584] tipc: Node identity d29f648248f8, cluster identity 4711 [ 79.505019][ T6584] tipc: Enabled bearer , priority 0 [ 79.510892][ T6583] tipc: Disabling bearer [ 79.513268][ T6582] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.571621][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.648847][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.076612][ T6589] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 80.479431][ T6600] loop3: detected capacity change from 0 to 512 [ 80.511280][ T6600] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 80.566408][ T4717] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.618866][ T6600] EXT4-fs (loop3): orphan cleanup on readonly fs [ 80.625142][ T6600] Quota error (device loop3): v2_read_file_info: Can't read info structure [ 80.625203][ T6600] EXT4-fs warning (device loop3): ext4_enable_quotas:7269: Failed to enable quota tracking (type=1, err=-5, ino=4). Please run e2fsck to fix. [ 80.625361][ T6600] EXT4-fs (loop3): Cannot turn on quotas: error -5 [ 80.630071][ T6600] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.533: bg 0: block 64: padding at end of block bitmap is not set [ 80.630120][ T6600] loop3: lost filesystem error report for type 5 error -117 [ 80.633785][ T6600] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6679: Corrupt filesystem [ 80.633804][ T6600] loop3: lost filesystem error report for type 5 error -117 [ 80.634865][ T6600] EXT4-fs (loop3): 1 truncate cleaned up [ 80.635324][ T6600] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 80.752688][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.788291][ T6608] loop2: detected capacity change from 0 to 4096 [ 80.788611][ T6608] EXT4-fs: Ignoring removed mblk_io_submit option [ 80.792165][ T6608] EXT4-fs (loop2): Test dummy encryption mode enabled [ 80.796189][ T6608] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.811074][ T6608] overlayfs: missing 'workdir' [ 80.829576][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.896614][ T5174] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.916478][ T6614] FAULT_INJECTION: forcing a failure. [ 80.916478][ T6614] name failslab, interval 1, probability 0, space 0, times 0 [ 80.916511][ T6614] CPU: 0 UID: 0 PID: 6614 Comm: syz.3.539 Not tainted syzkaller #0 PREEMPT [ 80.916523][ T6614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 80.916528][ T6614] Call trace: [ 80.916530][ T6614] show_stack+0x2c/0x3c (C) [ 80.916548][ T6614] __dump_stack+0x30/0x40 [ 80.916559][ T6614] dump_stack_lvl+0xd8/0x12c [ 80.916569][ T6614] dump_stack+0x1c/0x28 [ 80.916578][ T6614] should_fail_ex+0x414/0x588 [ 80.916587][ T6614] should_failslab+0xc4/0x124 [ 80.916595][ T6614] __kmalloc_cache_noprof+0x8c/0x624 [ 80.916604][ T6614] alloc_fs_context+0x7c/0xbcc [ 80.916616][ T6614] fs_context_for_mount+0x34/0x44 [ 80.916625][ T6614] do_new_mount+0x158/0x540 [ 80.916634][ T6614] path_mount+0x5d0/0xa68 [ 80.916642][ T6614] do_mount+0xe8/0x148 [ 80.916650][ T6614] __arm64_sys_mount+0x334/0x380 [ 80.916658][ T6614] invoke_syscall+0x98/0x244 [ 80.916667][ T6614] el0_svc_common+0xe8/0x23c [ 80.916677][ T6614] do_el0_svc+0x48/0x58 [ 80.916686][ T6614] el0_svc+0x64/0x260 [ 80.916694][ T6614] el0t_64_sync_handler+0x48/0x148 [ 80.916701][ T6614] el0t_64_sync+0x198/0x19c [ 81.170634][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.218043][ T6618] loop5: detected capacity change from 0 to 256 [ 81.218426][ T6618] vfat: Unknown parameter 'ÿÿÿÿ' [ 81.336955][ T6630] syzkaller1: entered promiscuous mode [ 81.338327][ T6630] syzkaller1: entered allmulticast mode [ 81.947361][ T6634] netlink: 12 bytes leftover after parsing attributes in process `syz.0.544'. [ 82.075997][ T4892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 82.103109][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.124864][ T6644] loop5: detected capacity change from 0 to 512 [ 82.127149][ T6644] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 82.141998][ T6644] EXT4-fs (loop5): 1 truncate cleaned up [ 82.144807][ T6644] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.312919][ T5174] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.061834][ T6671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.062033][ T6671] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.110642][ T6667] syz.4.553 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 83.177896][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.620710][ T4804] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 84.774144][ T4892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 85.604772][ T4721] Bluetooth: hci0: link tx timeout [ 85.606606][ T4721] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa [ 85.609938][ T4721] Bluetooth: hci0: link tx timeout [ 85.609983][ T4721] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 86.576745][ T6726] loop5: detected capacity change from 0 to 512 [ 86.588332][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 86.590194][ T6724] can0: slcan on ptm0. [ 86.594557][ T6726] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 86.619517][ T6726] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.568: invalid indirect mapped block 4294967295 (level 1) [ 86.619548][ T6726] loop5: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 86.623321][ T6726] EXT4-fs (loop5): Remounting filesystem read-only [ 86.623453][ T6726] EXT4-fs (loop5): 2 truncates cleaned up [ 86.623905][ T6726] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.633946][ T6724] overlayfs: failed to resolve './bus': -2 [ 86.674619][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 86.697097][ T6741] FAULT_INJECTION: forcing a failure. [ 86.697097][ T6741] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 86.704481][ T6741] CPU: 1 UID: 0 PID: 6741 Comm: syz.4.571 Not tainted syzkaller #0 PREEMPT [ 86.704502][ T6741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 86.704507][ T6741] Call trace: [ 86.704511][ T6741] show_stack+0x2c/0x3c (C) [ 86.704536][ T6741] __dump_stack+0x30/0x40 [ 86.704552][ T6741] dump_stack_lvl+0xd8/0x12c [ 86.704562][ T6741] dump_stack+0x1c/0x28 [ 86.704572][ T6741] should_fail_ex+0x414/0x588 [ 86.704581][ T6741] should_fail+0x14/0x24 [ 86.704589][ T6741] should_fail_usercopy+0x20/0x30 [ 86.704598][ T6741] _inline_copy_from_user+0x3c/0x194 [ 86.704609][ T6741] do_sys_poll+0x1f8/0xc08 [ 86.704619][ T6741] __arm64_sys_ppoll+0x1e0/0x260 [ 86.704628][ T6741] invoke_syscall+0x98/0x244 [ 86.704638][ T6741] el0_svc_common+0xe8/0x23c [ 86.704647][ T6741] do_el0_svc+0x48/0x58 [ 86.704656][ T6741] el0_svc+0x64/0x260 [ 86.704665][ T6741] el0t_64_sync_handler+0x48/0x148 [ 86.704672][ T6741] el0t_64_sync+0x198/0x19c [ 86.745374][ T6744] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 86.775760][ T6753] capability: warning: `syz.2.576' uses 32-bit capabilities (legacy support in use) [ 86.839243][ T6748] loop4: detected capacity change from 0 to 128 [ 86.843359][ T6750] loop3: detected capacity change from 0 to 512 [ 86.845449][ T6748] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c028, mo2=0002] [ 86.845508][ T6748] System zones: 1-3, 19-19, 35-36 [ 86.846061][ T6748] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 86.848701][ T6750] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 86.860070][ T6750] EXT4-fs (loop3): 1 truncate cleaned up [ 86.860559][ T6750] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.889587][ T4709] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 86.933683][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.940316][ T6721] can0 (unregistered): slcan off ptm0. [ 86.991277][ T5174] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.299225][ T6778] FAULT_INJECTION: forcing a failure. [ 87.299225][ T6778] name failslab, interval 1, probability 0, space 0, times 0 [ 87.299262][ T6778] CPU: 0 UID: 0 PID: 6778 Comm: syz.3.579 Not tainted syzkaller #0 PREEMPT [ 87.299277][ T6778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 87.299284][ T6778] Call trace: [ 87.299288][ T6778] show_stack+0x2c/0x3c (C) [ 87.299305][ T6778] __dump_stack+0x30/0x40 [ 87.299316][ T6778] dump_stack_lvl+0xd8/0x12c [ 87.299326][ T6778] dump_stack+0x1c/0x28 [ 87.299335][ T6778] should_fail_ex+0x414/0x588 [ 87.299344][ T6778] should_failslab+0xc4/0x124 [ 87.299353][ T6778] kmem_cache_alloc_noprof+0x8c/0x610 [ 87.299362][ T6778] skb_clone+0x1a8/0x31c [ 87.299370][ T6778] __netlink_deliver_tap+0x36c/0x6f8 [ 87.299381][ T6778] netlink_deliver_tap+0x1d8/0x1dc [ 87.299391][ T6778] netlink_unicast+0x5e8/0x800 [ 87.299400][ T6778] netlink_sendmsg+0x63c/0x920 [ 87.299409][ T6778] __sock_sendmsg+0xc8/0x138 [ 87.299419][ T6778] ____sys_sendmsg+0x418/0x70c [ 87.299426][ T6778] ___sys_sendmsg+0x198/0x224 [ 87.299432][ T6778] __sys_sendmsg+0x160/0x214 [ 87.299439][ T6778] __arm64_sys_sendmsg+0x80/0x94 [ 87.299446][ T6778] invoke_syscall+0x98/0x244 [ 87.299455][ T6778] el0_svc_common+0xe8/0x23c [ 87.299464][ T6778] do_el0_svc+0x48/0x58 [ 87.299474][ T6778] el0_svc+0x64/0x260 [ 87.299482][ T6778] el0t_64_sync_handler+0x48/0x148 [ 87.299489][ T6778] el0t_64_sync+0x198/0x19c [ 87.609235][ T4954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.673636][ T6780] No control pipe specified [ 87.690007][ T4721] Bluetooth: hci0: command 0x0405 tx timeout [ 87.777391][ T6806] input: syz1 as /devices/virtual/input/input4 [ 88.712467][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 88.714445][ T6829] netlink: 16 bytes leftover after parsing attributes in process `syz.5.592'. [ 88.771781][ T6836] loop2: detected capacity change from 0 to 1024 [ 88.772160][ T6836] EXT4-fs: Ignoring removed bh option [ 88.772514][ T6836] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 88.785409][ T6836] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.804352][ T6841] loop3: detected capacity change from 0 to 4096 [ 88.806166][ T6841] EXT4-fs: Ignoring removed mblk_io_submit option [ 88.809886][ T6841] EXT4-fs (loop3): Test dummy encryption mode enabled [ 88.818128][ T6841] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.827650][ T6841] overlayfs: missing 'lowerdir' [ 88.831199][ T4708] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.246212][ T6847] loop2: detected capacity change from 0 to 1024 [ 89.313182][ T6847] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 89.315024][ T6847] EXT4-fs error (device loop2): ext4_map_blocks:833: inode #15: block 3: comm syz.2.596: lblock 3 mapped to illegal pblock 3 (length 3) [ 89.320292][ T6847] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 89.320342][ T6847] EXT4-fs (loop2): This should not happen!! Data will be lost [ 89.320342][ T6847] [ 89.321113][ T6847] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.596: bg 0: block 112: padding at end of block bitmap is not set [ 89.323328][ T6847] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 36 with error 28 [ 89.323344][ T6847] EXT4-fs (loop2): This should not happen!! Data will be lost [ 89.323344][ T6847] [ 89.323352][ T6847] EXT4-fs (loop2): Total free blocks count 0 [ 89.323359][ T6847] EXT4-fs (loop2): Free/Dirty block details [ 89.323399][ T6847] EXT4-fs (loop2): free_blocks=0 [ 89.323419][ T6847] EXT4-fs (loop2): dirty_blocks=64 [ 89.323425][ T6847] EXT4-fs (loop2): Block reservation details [ 89.361537][ T6857] binder: 6856:6857 ioctl c0306201 20000080 returned -14 [ 89.367197][ T6857] binder: 6856:6857 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 89.367247][ T6857] binder: 6857 RLIMIT_NICE not set [ 89.367728][ T6857] binder: 6856:6857 BC_DEAD_BINDER_DONE 00000000000000fc not found [ 89.394578][ T6861] netlink: 8 bytes leftover after parsing attributes in process `syz.5.602'. [ 89.448787][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 89.811825][ T6872] netlink: 76 bytes leftover after parsing attributes in process `syz.4.605'. [ 89.927693][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 89.931696][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 89.931972][ T4724] Bluetooth: hci0: command 0x0405 tx timeout [ 89.995469][ T6878] netlink: 28 bytes leftover after parsing attributes in process `syz.3.606'. [ 90.091903][ T15] EXT4-fs error (device loop2): ext4_map_blocks:833: inode #15: block 8: comm kworker/u8:1: lblock 8 mapped to illegal pblock 8 (length 8) [ 90.096017][ T4708] EXT4-fs warning (device loop2): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 90.144461][ T6888] tipc: Enabled bearer , priority 10 [ 90.282749][ T4721] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 90.772610][ T1093] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 91.000577][ T4892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 91.301635][ T6910] syz_tun: entered allmulticast mode [ 91.468772][ T4722] Bluetooth: hci0: unexpected event for opcode 0x0c03 [ 91.769806][ T2763] [ 91.770283][ T2763] ====================================================== [ 91.771717][ T2763] WARNING: possible circular locking dependency detected [ 91.773050][ T2763] syzkaller #0 Not tainted [ 91.773865][ T2763] ------------------------------------------------------ [ 91.775222][ T2763] kworker/u8:7/2763 is trying to acquire lock: [ 91.776440][ T2763] ffff0000d4bd4938 (jbd2_handle){++++}-{0:0}, at: wait_transaction_locked+0x170/0x220 [ 91.778488][ T2763] [ 91.778488][ T2763] but task is already holding lock: [ 91.779944][ T2763] ffff0000d4bd6c18 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x16c/0x2d8 [ 91.781943][ T2763] [ 91.781943][ T2763] which lock already depends on the new lock. [ 91.781943][ T2763] [ 91.784019][ T2763] [ 91.784019][ T2763] the existing dependency chain (in reverse order) is: [ 91.785712][ T2763] [ 91.785712][ T2763] -> #2 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 91.787421][ T2763] percpu_down_read_internal+0x5c/0x294 [ 91.788629][ T2763] ext4_writepages+0x16c/0x2d8 [ 91.789699][ T2763] do_writepages+0x270/0x468 [ 91.790703][ T2763] __writeback_single_inode+0x144/0x1808 [ 91.791878][ T2763] writeback_single_inode+0x3b8/0xaa0 [ 91.792944][ T2763] write_inode_now+0x170/0x208 [ 91.793918][ T2763] iput+0x6bc/0xb90 [ 91.794714][ T2763] ext4_xattr_block_set+0x1aac/0x2188 [ 91.795875][ T2763] ext4_expand_extra_isize_ea+0xb18/0x13a0 [ 91.797080][ T2763] __ext4_expand_extra_isize+0x29c/0x370 [ 91.798227][ T2763] __ext4_mark_inode_dirty+0x3a4/0x810 [ 91.799337][ T2763] ext4_evict_inode+0x7a0/0xfc4 [ 91.800347][ T2763] evict+0x4b8/0x740 [ 91.801195][ T2763] iput+0x858/0xb90 [ 91.802064][ T2763] ext4_process_orphan+0x240/0x2b4 [ 91.803169][ T2763] ext4_orphan_cleanup+0x7b8/0xd30 [ 91.804313][ T2763] ext4_fill_super+0x45a4/0x4d60 [ 91.805392][ T2763] get_tree_bdev_flags+0x380/0x434 [ 91.806476][ T2763] get_tree_bdev+0x2c/0x3c [ 91.807442][ T2763] ext4_get_tree+0x28/0x38 [ 91.808353][ T2763] vfs_get_tree+0x90/0x28c [ 91.809201][ T2763] fc_mount+0x24/0xac [ 91.810060][ T2763] do_new_mount+0x2a4/0x540 [ 91.811022][ T2763] path_mount+0x5d0/0xa68 [ 91.811949][ T2763] do_mount+0xe8/0x148 [ 91.812810][ T2763] __arm64_sys_mount+0x334/0x380 [ 91.813840][ T2763] invoke_syscall+0x98/0x244 [ 91.814818][ T2763] el0_svc_common+0xe8/0x23c [ 91.815796][ T2763] do_el0_svc+0x48/0x58 [ 91.816716][ T2763] el0_svc+0x64/0x260 [ 91.817549][ T2763] el0t_64_sync_handler+0x48/0x148 [ 91.818641][ T2763] el0t_64_sync+0x198/0x19c [ 91.819644][ T2763] [ 91.819644][ T2763] -> #1 (&ei->xattr_sem){++++}-{4:4}: [ 91.821123][ T2763] down_write+0x50/0xc0 [ 91.822014][ T2763] ext4_xattr_set_handle+0x138/0xe00 [ 91.823104][ T2763] ext4_initxattrs+0xa4/0x118 [ 91.824106][ T2763] security_inode_init_security+0x24c/0x378 [ 91.825330][ T2763] ext4_init_security+0x44/0x58 [ 91.826380][ T2763] __ext4_new_inode+0x28dc/0x3390 [ 91.827416][ T2763] ext4_create+0x1e8/0x3f4 [ 91.828311][ T2763] path_openat+0x1244/0x2a6c [ 91.829288][ T2763] do_file_open+0x1c4/0x2e4 [ 91.830247][ T2763] do_sys_openat2+0x114/0x1e8 [ 91.831225][ T2763] do_sys_open+0xac/0xdc [ 91.832099][ T2763] __arm64_sys_openat+0x9c/0xb8 [ 91.833124][ T2763] invoke_syscall+0x98/0x244 [ 91.834179][ T2763] el0_svc_common+0xe8/0x23c [ 91.835148][ T2763] do_el0_svc+0x48/0x58 [ 91.836028][ T2763] el0_svc+0x64/0x260 [ 91.836866][ T2763] el0t_64_sync_handler+0x48/0x148 [ 91.837928][ T2763] el0t_64_sync+0x198/0x19c [ 91.838880][ T2763] [ 91.838880][ T2763] -> #0 (jbd2_handle){++++}-{0:0}: [ 91.840302][ T2763] __lock_acquire+0x1780/0x2f44 [ 91.841385][ T2763] lock_acquire+0x140/0x368 [ 91.842379][ T2763] wait_transaction_locked+0x178/0x220 [ 91.843545][ T2763] start_this_handle+0x5b0/0x1c10 [ 91.844647][ T2763] jbd2__journal_start+0x260/0x520 [ 91.845690][ T2763] __ext4_journal_start_sb+0x228/0x948 [ 91.846829][ T2763] ext4_do_writepages+0xb18/0x3ac8 [ 91.847889][ T2763] ext4_writepages+0x194/0x2d8 [ 91.848850][ T2763] do_writepages+0x270/0x468 [ 91.849792][ T2763] __writeback_single_inode+0x144/0x1808 [ 91.850896][ T2763] writeback_sb_inodes+0x79c/0x1744 [ 91.851954][ T2763] __writeback_inodes_wb+0xec/0x210 [ 91.853024][ T2763] wb_writeback+0x3e8/0x10e0 [ 91.853970][ T2763] wb_workfn+0x9ac/0xcb4 [ 91.854873][ T2763] process_scheduled_works+0x79c/0x1098 [ 91.856030][ T2763] worker_thread+0x754/0xba0 [ 91.857030][ T2763] kthread+0x2f8/0x3c8 [ 91.857887][ T2763] ret_from_fork+0x10/0x20 [ 91.858845][ T2763] [ 91.858845][ T2763] other info that might help us debug this: [ 91.858845][ T2763] [ 91.860752][ T2763] Chain exists of: [ 91.860752][ T2763] jbd2_handle --> &ei->xattr_sem --> &sbi->s_writepages_rwsem [ 91.860752][ T2763] [ 91.863322][ T2763] Possible unsafe locking scenario: [ 91.863322][ T2763] [ 91.864701][ T2763] CPU0 CPU1 [ 91.865672][ T2763] ---- ---- [ 91.866619][ T2763] rlock(&sbi->s_writepages_rwsem); [ 91.867586][ T2763] lock(&ei->xattr_sem); [ 91.868841][ T2763] lock(&sbi->s_writepages_rwsem); [ 91.870424][ T2763] lock(jbd2_handle); [ 91.871241][ T2763] [ 91.871241][ T2763] *** DEADLOCK *** [ 91.871241][ T2763] [ 91.872874][ T2763] 4 locks held by kworker/u8:7/2763: [ 91.873944][ T2763] #0: ffff0000c1f19140 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x748/0x1098 [ 91.876190][ T2763] #1: ffff8000990c7c40 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x750/0x1098 [ 91.878664][ T2763] #2: ffff0000d4bc80d8 (&type->s_umount_key#31){++++}-{4:4}, at: super_trylock_shared+0x24/0xdc [ 91.880738][ T2763] #3: ffff0000d4bd6c18 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x16c/0x2d8 [ 91.882791][ T2763] [ 91.882791][ T2763] stack backtrace: [ 91.883944][ T2763] CPU: 0 UID: 0 PID: 2763 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT [ 91.885688][ T2763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 91.887609][ T2763] Workqueue: writeback wb_workfn (flush-259:0) [ 91.888811][ T2763] Call trace: [ 91.889414][ T2763] show_stack+0x2c/0x3c (C) [ 91.890277][ T2763] __dump_stack+0x30/0x40 [ 91.891105][ T2763] dump_stack_lvl+0xd8/0x12c [ 91.891974][ T2763] dump_stack+0x1c/0x28 [ 91.892777][ T2763] print_circular_bug+0x328/0x330 [ 91.893717][ T2763] check_noncircular+0x158/0x174 [ 91.894673][ T2763] __lock_acquire+0x1780/0x2f44 [ 91.895580][ T2763] lock_acquire+0x140/0x368 [ 91.896413][ T2763] wait_transaction_locked+0x178/0x220 [ 91.897394][ T2763] start_this_handle+0x5b0/0x1c10 [ 91.898305][ T2763] jbd2__journal_start+0x260/0x520 [ 91.899232][ T2763] __ext4_journal_start_sb+0x228/0x948 [ 91.900247][ T2763] ext4_do_writepages+0xb18/0x3ac8 [ 91.901336][ T2763] ext4_writepages+0x194/0x2d8 [ 91.902320][ T2763] do_writepages+0x270/0x468 [ 91.903281][ T2763] __writeback_single_inode+0x144/0x1808 [ 91.904442][ T2763] writeback_sb_inodes+0x79c/0x1744 [ 91.905508][ T2763] __writeback_inodes_wb+0xec/0x210 [ 91.906601][ T2763] wb_writeback+0x3e8/0x10e0 [ 91.907529][ T2763] wb_workfn+0x9ac/0xcb4 [ 91.908363][ T2763] process_scheduled_works+0x79c/0x1098 [ 91.909409][ T2763] worker_thread+0x754/0xba0 [ 91.910308][ T2763] kthread+0x2f8/0x3c8 [ 91.911119][ T2763] ret_from_fork+0x10/0x20 [ 92.010042][ T4892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 92.011871][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 92.648900][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 93.049015][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 94.089127][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 95.129025][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 95.688779][ T1093] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 96.169106][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 97.129193][ T4804] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 97.209102][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 98.248844][ T4954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 98.728739][ T1093] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 99.289308][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 100.329539][ T26] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 101.369425][ T4662] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog