last executing test programs: 2m33.769592052s ago: executing program 0 (id=324): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000500)='kfree\x00', r0, 0x0, 0x2}, 0x18) r1 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000480)=@security={'security\x00', 0xe, 0x4, 0x318, 0xffffffff, 0xd0, 0xd0, 0xd0, 0xffffffff, 0xffffffff, 0x338, 0x338, 0x338, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x4, 0x2, 0x5, 0x1, 0x2], 0x1, 0x3}, {0x1, [0x2, 0x0, 0x4, 0x5, 0x1, 0x1], 0x6, 0x6}}}}, {{@ip={@multicast2, @dev={0xac, 0x14, 0x14, 0xf}, 0xff, 0xff000000, 'gretap0\x00', '\x00', {0xff}, {}, 0x67, 0x0, 0x20}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @random="e2f7c98a5a81", 0x7, 0xc, [0x11, 0x3, 0xd, 0x2, 0x0, 0x3a, 0x19, 0x29, 0x32, 0x5, 0x37, 0x2b, 0x3f, 0x19, 0xa, 0x26], 0x2, 0x8, 0xf}}}, {{@ip={@multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0xff000000, 'veth0_to_bond\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0xc, 0x2, 0x4}, 0x0, 0x70, 0xe0}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x7, 0x101, 0x1, 0x0, 0x0, "d862388dd98282262a8598026042188b8d9f0769f15bec082380d40e2a209f9e95dc6811b7d4d46ecbbe55b4eb6a7c68c3287be06be2b836d7005af269e9c53a"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x378) 2m33.565265972s ago: executing program 0 (id=327): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x940}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r2}, @IFLA_HSR_SLAVE1={0x8}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40010}, 0x8000) 2m33.301701621s ago: executing program 0 (id=330): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 2m33.08878494s ago: executing program 0 (id=332): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = epoll_create(0x402) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000000}) close_range(r0, r1, 0x0) 2m32.74848619s ago: executing program 0 (id=334): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00'}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r0}, &(0x7f0000000000), &(0x7f0000000200)}, 0x1f) 2m32.401453558s ago: executing program 0 (id=336): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@nogrpid}, {@resuid}, {@nolazytime}, {@debug}, {@nombcache}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) mknodat$null(r0, 0x0, 0x0, 0x103) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 2m17.299637451s ago: executing program 32 (id=336): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@nogrpid}, {@resuid}, {@nolazytime}, {@debug}, {@nombcache}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) mknodat$null(r0, 0x0, 0x0, 0x103) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 5.280962244s ago: executing program 2 (id=1352): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=ANY=[@ANYBLOB="14000000100001000000ddffffff00000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c000000150a0102"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 4.424478941s ago: executing program 2 (id=1354): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r0, &(0x7f0000000040)={0x23, 0x0, 0x6, 0x1}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000a50000002a00000095"], &(0x7f0000000b40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) ioctl$SIOCPNENABLEPIPE(r0, 0x89ed, 0x0) 4.112838011s ago: executing program 2 (id=1357): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) clock_gettime(0x0, &(0x7f00000002c0)) 3.8750082s ago: executing program 2 (id=1361): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) listen(r0, 0x101) r1 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000240)=0xc) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg$inet(r1, &(0x7f0000003380)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000000c0)}], 0x1}}], 0x1, 0x800) 2.864833048s ago: executing program 4 (id=1371): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) acct(0xfffffffffffffffe) 2.199515216s ago: executing program 1 (id=1372): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r2}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 2.177140146s ago: executing program 2 (id=1373): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x40000000000}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001a40)=ANY=[@ANYBLOB="b70200000f000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000010000006a0a00fe00000000850000000d000000bf0000000000000095000000000000005ecefab8f2e85c6c1ca711fc206bb8ad6ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bd04000000000000009c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5f683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891184604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e101d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe151acc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394b9ba1a836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429ba63903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6d6fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f25005798ca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9958fad67ccaba76408da35c9f1534c8bd48bbdf9594e8b4ce73febaefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb3b379e221a5318849b6b0679b5d65ab855fc9f1d10022cc20603480ffb1e3392fad690ce56aaa717e56fd55aec3d9d6671f55d7bc33830a4095497586e8d15c2a32d3176d45b783cb27112a69c14134488b6dd302c3e92a7e659351b610ed5ba022f92d4bf26b0a5c10a3c8eb0fabdf0017995ea0c06b41fe6dda769729328d6ee80ab3b4aeeeee7926575d526431184b2034b5cdacc8eaab03cf45af6ec451f65705d8a4375d559e4c3ad80e942d237616d8f2fdd5afe4fdf21478228d9f6299bf67cf1e62fc11c285e18fb65eeb657bc7375401bb175f6d2625195ce8647945dbdfb7eacc06a24832d155059b0f0c36b9433eff190f4c4c160f0484d4d39f5f92e8bd49ad3df23b961fe7bf9e506c5098ca79deb7906257e4ce9035f3a6b29453ee41640ade8b5916f38d19ab6f2fd51a9fd9a2559411967460952acf5c549e5466ee2d8563397a5f028486220fae69611d9bc0f1a68d31ad1a4e387de687ab1537bd46703e4e5ae0f096f731916628bf743a49ea7b7d22c04d738ca439343aaab682d45dc91187e9ff08005358e1f3d864f36ee590fb0da9c958f15f9105c41add43a7c28874e58c31a7acb0467e0bd97f2ccd78615b5144267772381e7498bb98d9e8a3f98b505e5c9645e19d011dd86a1dc134fa4b21ff8ec2d054ae7e0044b4700cd54ce392c2ee515e86070f2df561c15f331a1babfa60504410fa56a848ba1f501c8eb0bd6856451d150cfaf95d6dc889be27e8915bb3670fc76bcbeb390f3cefb5429c84907a92c6eab2b15758194ece4b1461f622510bcff5c0f8354637856f94d71a0841180e78a3a837ae7847c479f5c9c54859cb85393f190042a5dc31197f2c463be8affe29869d71df330b3466fc79b3488b4a2a3e2aae9af6421cd0902347103f2384bf08e5230b37297b668be11b4428b9a8e8c259afa6c73dd87fcc165b2fea66a180bf048530a5849f849d37aca6874cb1d50defdb90b3da04a575db38825db87f6bb0013a5dabcc0e9783aaac0cbb5d6fc437f1e77bf69cae31a213ca2b90ece8cc70fa320c9ffd05618e7a6e6cf8ada6b3e62557174b6d3516cc0"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f0080047e0ffff00124000633a77fbac141416e000000194029f034d2f87e589ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x6b, 0x60000000}, 0xf) 1.862226155s ago: executing program 4 (id=1376): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) 1.849478405s ago: executing program 5 (id=1377): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffc}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) rt_sigaction(0x10, 0x0, 0x0, 0x8, &(0x7f0000000540)) 1.804739255s ago: executing program 2 (id=1378): shmctl$SHM_LOCK(0x0, 0xb) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0xa, 0x1, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x44, 0x6, 0x418, 0x2b0, 0x2b0, 0x2b0, 0x138, 0x98, 0x380, 0x380, 0x380, 0x380, 0x380, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @ECN={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x478) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) 1.785750975s ago: executing program 1 (id=1379): r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) ioctl$USBDEVFS_WAIT_FOR_RESUME(r0, 0x5523) 1.679996464s ago: executing program 4 (id=1380): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r0, 0x400, 0x0) fsetxattr$trusted_overlay_redirect(r0, 0x0, 0x0, 0x0, 0x0) fremovexattr(r0, &(0x7f00000000c0)=@known='trusted.overlay.redirect\x00') 1.472828664s ago: executing program 3 (id=1381): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb, 0x0, 0x0, 0x0, 0x101}}, @TCA_CT_MARK={0x8, 0x10}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4004000}, 0x10000000) 1.418013904s ago: executing program 1 (id=1382): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, 0x0) sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000000000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f00000007c0), 0x0}}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000003c0)='kmem_cache_free\x00', r3}, 0x18) clock_gettime(0x0, &(0x7f0000000280)) socket$pppoe(0x18, 0x1, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@setlink={0x3c, 0x13, 0x1, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r5}, @IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}]}, 0x3c}}, 0x0) r6 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r6, 0x8922, 0x0) 1.348740194s ago: executing program 5 (id=1383): bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x3c) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0xff, r3}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x4) sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x7400, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1}, 0x24}}, 0x0) 1.248858213s ago: executing program 4 (id=1384): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@newqdisc={0x4c, 0x24, 0xf0b, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0x0, 0xc}}}}, @TCA_RATE={0x6}]}, 0x4c}}, 0x0) 1.195302454s ago: executing program 3 (id=1385): syz_emit_ethernet(0x32, &(0x7f0000000180)={@broadcast, @random="67eaa8fce250", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x0, 0x24, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x4, 0x0, 0x10, 0x0, @gue={{0x2, 0x0, 0x2, 0x3, 0x100, @val=0x80}}}}}}}, 0x0) 934.304593ms ago: executing program 3 (id=1386): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008001500b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents64(r3, &(0x7f00000015c0)=""/4110, 0x100e) 765.896133ms ago: executing program 4 (id=1387): syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x0, &(0x7f00000021c0)={[{@dioread_nolock}, {@minixdf}, {@nolazytime}, {}]}, 0x1, 0x783, &(0x7f0000002200)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR") r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x68, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r0, 0x0, 0x1}, 0x18) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x200, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x5f, 0xffffffffffffffff, {0x29}}, './file0\x00'}) 765.089123ms ago: executing program 1 (id=1388): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000180)={@dev={0xfe, 0x80, '\x00', 0xb}, 0x0, r4}) 637.536022ms ago: executing program 5 (id=1389): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) 532.839302ms ago: executing program 3 (id=1390): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) 487.106562ms ago: executing program 1 (id=1391): syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000}]}}) 407.878111ms ago: executing program 5 (id=1392): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) open_by_handle_at(0xffffffffffffff9c, 0x0, 0x202400) 296.852112ms ago: executing program 3 (id=1393): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x458, 0x340, 0x11, 0x148, 0x0, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2a0, 0x2e8, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd8, 0x0, {}, [@common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x8002, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'}) 224.562611ms ago: executing program 4 (id=1394): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000580)={[{@nolazytime}]}, 0xfe, 0x507, &(0x7f0000000f40)="$eJzs3U9vG2kZAPBnJna2abM4CxyWldhdsUVJBHWahrYRhwISglOlQrmXkLhRFCeuEqdtogpS8QGQEAIkLnDigsQHQEL9CAipEtwRIFAFLRw4FAbZHoc0tdNEdWw2/v2kt/PXfp6n7oznnZl6Ahha70fEVERkWZZNR0Qpn5/mLXZbrbHes6cPFhstiSy7+bckknxe+73eyIfn8pediYivfzXiW8nLcTe3d1YXqtXKRj49U19LnmfZzoWVtYXlynJlfW5u9sr81fnL8xd7UudERFz78p9/+L2ff+Xarz977w+3/jr17VaBLfvr6KVW6cXm30VbISI2TiLYgBSaFbZcHnAuAAAcrnG8/9GI+FRETEcpRppHc03Tg80MAAAA6JXsC+PxPGld/wMAAABOpzQixuPGaDm/33c80rRcbt3D+/E4m1Zrm/XPZKW98wUTUUxvr1QrF/N7ByaimDSmZ/N7bNvTlw5Mz0XEWxHxg9JYc7q8WKsuDfTMBwAAAAyPc80+f5K2+///LLX6/wAAAMApMzHoBAAAAIATp/8PAAAAp5/+PwAAAJxqN65fb7Ss/fzrpbvbW6u1uxeWKpur5bWtxfJibeNOeblWW35SiKitver9qrXanc/F+tb9mXplsz6zub1za622tV6/tfLCI7ABAACAPnrrvUe/TyJi9/NjaURkyb5lxYhsZP/Khf7nB5yc9Dgr/+nk8gD6b2TQCQAD45Aehldx0AkAA/eq/UDXm3d+0/tcAACAkzH5ib3r/83WMJovSwaaGXDS8uv/iW0dho/r/zC8XP+D4VU87AhApwBOvfQIm/rrX//PsmMlBQAA9Nx4syVpOe8HjEealssRbzYfC/C//x30kYj4Xan4xu2VamW2OSdxegAAAAAAAAAAAAAAAAAAAAAAAAAAjijLksi6aD0NMEa7LQcAAAA+HCLSvyT5878mS+fHD54fGE3+VWoOI+LeT27+6P5Cvb4x25j/97359R/n8y/1/fQFAAAA0EG7n97uxwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABALz17+mCx3foZ98mXImKiU/xCnGkOz0QxIs7+I4nCvtclETHSg/i7DyPi7U7xk0ZaMZFncTB+GhFjA45/rgfxYZg9aux/vthp+0vj/eaw8/ZXyNvrau3/RjrGb+//Rrrs/97s9Ibpy7PeefzLma7xH0a8U+i8/2nHTw7ET/L2wRFr/OY3dna6Lct+FjHZ8fsneaHWmaRwZ2Zze+fCytrCcmW5sj43N3tl/ur85fmLM7dXqpX8z44xvv/JX/3nsPrPdok/0aX+dk7nj1j/vx/ff/qx1mjxwKJi/DTLpj7o/O/v7S7x2999n84/7sb0ZHt8tzW+37u/+O277x1S/1KX+rt9/u0cpo5Y//TXvvvHI64KAPTB5vbO6kK1Wtk43kgSsfsaLzcyXCNj0cegC3HYOu2D2D7k85081P/FR3DskcHtkwAAgJOR7B30DzoTAAAAAAAAAAAAAAAAAAAAGF6v+hmw6MHPiR2MuTuYUgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADvXfAAAA///ST8Yo") 215.321791ms ago: executing program 5 (id=1395): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2, 0x0, 0x8000000000002}, 0x18) utimes(&(0x7f0000000040)='./file0\x00', 0x0) 112.896401ms ago: executing program 3 (id=1396): syz_emit_ethernet(0x32, &(0x7f0000000180)={@broadcast, @random="67eaa8fce250", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x0, 0x24, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x4, 0x0, 0x10, 0x0, @gue={{0x2, 0x0, 0x2, 0x3, 0x100, @val=0x80}}}}}}}, 0x0) 110.059351ms ago: executing program 1 (id=1397): r0 = socket(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 5 (id=1398): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004000)={&(0x7f0000000a40)=@newtaction={0x488, 0x30, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1100}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0xfffffffc, 0x0, 0x1, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0xc76, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffc01, 0x3, 0x0, 0xf, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0xfffffc01, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4, 0x0, 0x0, 0x0, {0x1, 0x0, 0x0, 0x0, 0xb, 0x4}, {0x0, 0x0, 0x9, 0x0, 0x2}, 0x0, 0x100}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x488}}, 0x0) kernel console output (not intermixed with test programs): /98/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.116316][ T5674] netlink: 24 bytes leftover after parsing attributes in process `syz.3.504'. [ 134.903430][ T4247] EXT4-fs (loop2): unmounting filesystem. [ 134.909402][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 135.193464][ T5695] netlink: 131036 bytes leftover after parsing attributes in process `syz.4.510'. [ 135.235011][ T5695] openvswitch: netlink: Flow actions attr not present in new flow. [ 135.407630][ T4258] Bluetooth: hci5: command 0x0419 tx timeout [ 135.447177][ T5017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 135.464538][ T5017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 135.519399][ T27] kauditd_printk_skb: 156 callbacks suppressed [ 135.519415][ T27] audit: type=1326 audit(1740665987.353:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5703 comm="syz.2.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 135.602222][ T5540] device veth0_vlan entered promiscuous mode [ 135.618425][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 135.637458][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 135.656095][ T27] audit: type=1326 audit(1740665987.353:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5703 comm="syz.2.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 135.699460][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 135.719835][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 135.744768][ T5540] device veth1_vlan entered promiscuous mode [ 135.763868][ T27] audit: type=1326 audit(1740665987.383:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5703 comm="syz.2.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 135.818801][ T5711] netlink: 96 bytes leftover after parsing attributes in process `syz.4.517'. [ 135.865497][ T5017] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 135.873266][ T27] audit: type=1326 audit(1740665987.383:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5703 comm="syz.2.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 135.927268][ T5017] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 135.969766][ T5017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 136.013994][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 136.056508][ T5017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 136.082757][ T27] audit: type=1326 audit(1740665987.383:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5703 comm="syz.2.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 136.106320][ T27] audit: type=1326 audit(1740665987.393:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5703 comm="syz.2.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 136.134782][ T5540] device veth0_macvtap entered promiscuous mode [ 136.168348][ T5540] device veth1_macvtap entered promiscuous mode [ 136.430648][ T27] audit: type=1326 audit(1740665987.393:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5703 comm="syz.2.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 136.821846][ T27] audit: type=1326 audit(1740665987.393:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5703 comm="syz.2.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 136.845434][ T27] audit: type=1326 audit(1740665987.393:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5703 comm="syz.2.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 136.887550][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.920107][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.955104][ T27] audit: type=1326 audit(1740665987.393:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5703 comm="syz.2.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 136.986069][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 137.025081][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 137.034197][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.055543][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 137.066299][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.084335][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 137.096195][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.115967][ T5540] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 137.331383][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 137.340724][ T4333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 137.365698][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 137.387254][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.427974][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 137.468564][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.508794][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 137.548738][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.578583][ T5540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 137.602924][ T5540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.650205][ T5540] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 137.683477][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 137.705750][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 137.755470][ T5540] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.779293][ T5540] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.815129][ T5540] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.838614][ T5540] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.068903][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 138.150486][ T5017] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 138.178923][ T5017] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 138.237249][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 138.268008][ T5017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 138.328659][ T5017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 138.380973][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 139.164479][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 140.165053][ T5773] netlink: 28 bytes leftover after parsing attributes in process `syz.3.542'. [ 140.185052][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 140.514769][ T5779] xt_TPROXY: Can be used only with -p tcp or -p udp [ 141.198966][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 141.351221][ T5785] loop3: detected capacity change from 0 to 512 [ 141.399929][ T5785] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 141.435760][ T5785] EXT4-fs (loop3): warning: maximal mount count reached, running e2fsck is recommended [ 141.605591][ T27] kauditd_printk_skb: 22 callbacks suppressed [ 141.605613][ T27] audit: type=1326 audit(1740665993.433:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5789 comm="syz.4.548" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x0 [ 141.656897][ T5785] EXT4-fs error (device loop3): ext4_orphan_get:1400: comm syz.3.546: inode #15: comm syz.3.546: iget: illegal inode # [ 141.708703][ T5785] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.546: couldn't read orphan inode 15 (err -117) [ 141.794367][ T5785] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 141.936234][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 142.226239][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 142.621177][ T27] audit: type=1326 audit(1740665994.433:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.5.553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 142.680993][ T27] audit: type=1326 audit(1740665994.463:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.5.553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 142.858630][ T27] audit: type=1326 audit(1740665994.463:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.5.553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 142.938161][ T5814] xt_TPROXY: Can be used only with -p tcp or -p udp [ 143.228991][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 143.370059][ T27] audit: type=1326 audit(1740665994.463:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.5.553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 143.503378][ T27] audit: type=1326 audit(1740665994.473:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.5.553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 143.525915][ T27] audit: type=1326 audit(1740665994.473:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.5.553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 143.568622][ T27] audit: type=1326 audit(1740665994.473:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.5.553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 143.597540][ T5818] loop4: detected capacity change from 0 to 512 [ 143.619228][ T5818] EXT4-fs: Ignoring removed i_version option [ 143.642991][ T5818] EXT4-fs: Ignoring removed mblk_io_submit option [ 143.649738][ T27] audit: type=1326 audit(1740665994.473:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.5.553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 143.688721][ T5818] ext4: Unknown parameter 'seclabel' [ 143.731857][ T27] audit: type=1326 audit(1740665994.473:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5803 comm="syz.5.553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 144.206973][ T5838] netlink: 24 bytes leftover after parsing attributes in process `syz.2.568'. [ 144.248587][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 144.490664][ T5843] xt_TPROXY: Can be used only with -p tcp or -p udp [ 144.934790][ T5863] loop1: detected capacity change from 0 to 512 [ 144.954454][ T5864] IPv4: Oversized IP packet from 172.20.20.24 [ 144.963927][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 144.972100][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 145.007378][ T5863] EXT4-fs: Ignoring removed i_version option [ 145.026936][ T5863] EXT4-fs: Ignoring removed mblk_io_submit option [ 145.057337][ T5863] ext4: Unknown parameter 'seclabel' [ 145.261867][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 146.065561][ T5895] xt_TPROXY: Can be used only with -p tcp or -p udp [ 146.448422][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 147.287770][ T5912] loop4: detected capacity change from 0 to 1024 [ 147.316928][ T27] kauditd_printk_skb: 30 callbacks suppressed [ 147.316945][ T27] audit: type=1326 audit(1740665999.143:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.5.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 147.370362][ T5912] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 147.391289][ T5917] netlink: 8 bytes leftover after parsing attributes in process `syz.5.605'. [ 147.400305][ T5912] EXT4-fs error (device loop4): ext4_get_journal_inode:5723: inode #32: comm syz.4.602: iget: special inode unallocated [ 147.420769][ T5917] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 147.438583][ T27] audit: type=1326 audit(1740665999.183:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.5.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 147.466694][ T5912] EXT4-fs (loop4): no journal found [ 147.477968][ T5912] EXT4-fs (loop4): can't get journal size [ 147.485609][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 147.485653][ T5917] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 147.516280][ T5912] EXT4-fs error (device loop4): ext4_protect_reserved_inode:160: inode #32: comm syz.4.602: iget: special inode unallocated [ 147.556431][ T27] audit: type=1326 audit(1740665999.183:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.5.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 147.600058][ T5912] EXT4-fs (loop4): failed to initialize system zone (-117) [ 147.607405][ T5912] EXT4-fs (loop4): mount failed [ 147.673386][ T27] audit: type=1326 audit(1740665999.193:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.5.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 147.768607][ T27] audit: type=1326 audit(1740665999.193:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.5.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 147.866310][ T27] audit: type=1326 audit(1740665999.193:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.5.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 147.953702][ T27] audit: type=1326 audit(1740665999.193:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.5.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 148.040990][ T27] audit: type=1326 audit(1740665999.193:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.5.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 148.178695][ T27] audit: type=1326 audit(1740665999.193:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.5.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 148.293971][ T5934] xt_TPROXY: Can be used only with -p tcp or -p udp [ 148.321150][ T27] audit: type=1326 audit(1740665999.193:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5916 comm="syz.5.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 148.391698][ T5938] 9pnet_fd: Insufficient options for proto=fd [ 148.427168][ T4245] block device autoloading is deprecated and will be removed. [ 148.492907][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 148.794554][ T5948] loop5: detected capacity change from 0 to 1024 [ 148.873249][ T5948] EXT4-fs: Ignoring removed orlov option [ 148.889429][ T5948] EXT4-fs: Ignoring removed orlov option [ 148.909483][ T5952] netlink: 40 bytes leftover after parsing attributes in process `syz.3.620'. [ 148.994324][ T5948] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 149.248093][ T5962] xt_TPROXY: Can be used only with -p tcp or -p udp [ 149.296068][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 149.500006][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 149.506895][ T5968] 9pnet: Could not find request transport: t [ 149.788270][ T5975] 9pnet_fd: Insufficient options for proto=fd [ 150.022903][ T5977] loop5: detected capacity change from 0 to 1024 [ 150.082401][ T5977] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 150.213974][ T5984] loop4: detected capacity change from 0 to 2048 [ 150.387010][ T5984] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 150.398082][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 150.417762][ T5984] ext4 filesystem being mounted at /145/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.432699][ T5986] 9pnet: Could not find request transport: f [ 150.487242][ T5984] netlink: 'syz.4.630': attribute type 10 has an invalid length. [ 150.553536][ T5984] netlink: 40 bytes leftover after parsing attributes in process `syz.4.630'. [ 150.553933][ T5984] device batadv0 entered promiscuous mode [ 150.554564][ T5984] bridge0: port 1(batadv0) entered blocking state [ 150.554635][ T5984] bridge0: port 1(batadv0) entered disabled state [ 150.556497][ T5984] bridge0: port 1(batadv0) entered blocking state [ 150.556592][ T5984] bridge0: port 1(batadv0) entered forwarding state [ 150.840195][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 150.868066][ T5195] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 150.878399][ T5195] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 150.912373][ T5984] batman_adv: batadv0: Adding interface: dummy0 [ 150.958926][ T5984] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.009285][ T5984] batman_adv: batadv0: Interface activated: dummy0 [ 151.322377][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 151.450861][ T6016] 9pnet_fd: Insufficient options for proto=fd [ 151.457025][ T6015] netlink: 4 bytes leftover after parsing attributes in process `syz.1.643'. [ 151.488140][ T6015] device bridge_slave_1 left promiscuous mode [ 151.536237][ T6015] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.730888][ T6015] device bridge_slave_0 left promiscuous mode [ 151.770582][ T6015] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.859995][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 152.536916][ T27] kauditd_printk_skb: 91 callbacks suppressed [ 152.536932][ T27] audit: type=1326 audit(1740666004.363:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.5.648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 152.708683][ T27] audit: type=1326 audit(1740666004.403:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.5.648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 152.818749][ T27] audit: type=1326 audit(1740666004.403:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.5.648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 152.880158][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 152.885275][ T6038] loop1: detected capacity change from 0 to 128 [ 152.909094][ T6040] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 152.933022][ T27] audit: type=1326 audit(1740666004.403:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.5.648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 153.044304][ T27] audit: type=1326 audit(1740666004.403:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.5.648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 153.164845][ T27] audit: type=1326 audit(1740666004.423:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.5.648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 153.266745][ T27] audit: type=1326 audit(1740666004.423:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6029 comm="syz.5.648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 153.696167][ T6056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.662'. [ 153.719352][ T27] audit: type=1326 audit(1740666005.553:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.4.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 153.786493][ T27] audit: type=1326 audit(1740666005.553:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.4.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 153.913990][ T27] audit: type=1326 audit(1740666005.573:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.4.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 153.923474][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 154.505193][ T6087] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 154.609399][ T6090] xt_TPROXY: Can be used only with -p tcp or -p udp [ 154.918619][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 155.635931][ T6118] loop5: detected capacity change from 0 to 2048 [ 155.673863][ T6118] EXT4-fs: inline encryption not supported [ 155.710926][ T6118] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 155.776472][ T6126] netlink: 'syz.1.690': attribute type 3 has an invalid length. [ 155.817063][ T6118] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 155.861094][ T6124] netlink: 4 bytes leftover after parsing attributes in process `syz.2.689'. [ 155.906293][ T6124] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 155.964858][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 155.989088][ T6124] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 156.067389][ T6124] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 156.207053][ T6124] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 156.897776][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 156.985318][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 157.026789][ T6147] xt_TPROXY: Can be used only with -p tcp or -p udp [ 157.968288][ T6169] loop5: detected capacity change from 0 to 1024 [ 158.019417][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 158.085900][ T6169] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 158.206582][ T6178] netlink: 4 bytes leftover after parsing attributes in process `syz.3.704'. [ 158.222554][ T6180] random: crng reseeded on system resumption [ 158.299140][ T27] kauditd_printk_skb: 14 callbacks suppressed [ 158.299156][ T27] audit: type=1326 audit(1740666010.133:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6168 comm="syz.5.703" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x0 [ 158.335043][ T6182] x_tables: duplicate underflow at hook 1 [ 158.546320][ T6192] netlink: 8 bytes leftover after parsing attributes in process `syz.3.708'. [ 158.626989][ T6192] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.072031][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 159.892545][ T6209] loop1: detected capacity change from 0 to 2048 [ 159.991068][ T6214] xt_TPROXY: Can be used only with -p tcp or -p udp [ 160.073888][ T6209] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 160.092098][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 160.125116][ T6209] ext4 filesystem being mounted at /145/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 160.274196][ T27] audit: type=1800 audit(1740666012.103:911): pid=6209 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.711" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 160.274883][ T6209] netlink: 'syz.1.711': attribute type 10 has an invalid length. [ 160.332278][ T6209] netlink: 40 bytes leftover after parsing attributes in process `syz.1.711'. [ 160.408688][ T6209] device batadv0 entered promiscuous mode [ 160.420086][ T6209] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 160.559069][ T6221] batman_adv: batadv0: Adding interface: dummy0 [ 160.612224][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 160.657147][ T6221] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.779420][ T6221] batman_adv: batadv0: Interface activated: dummy0 [ 160.989837][ T4245] EXT4-fs (loop1): unmounting filesystem. [ 161.103993][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 161.185333][ T27] audit: type=1326 audit(1740666013.013:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 161.278571][ T27] audit: type=1326 audit(1740666013.053:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 161.373168][ T27] audit: type=1326 audit(1740666013.053:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 161.488122][ T27] audit: type=1326 audit(1740666013.053:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 161.528901][ T6254] tipc: Can't bind to reserved service type 1 [ 161.583393][ T27] audit: type=1326 audit(1740666013.053:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 161.725738][ T27] audit: type=1326 audit(1740666013.073:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 161.901876][ T27] audit: type=1326 audit(1740666013.073:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 161.978830][ T27] audit: type=1326 audit(1740666013.073:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6242 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 162.129827][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 162.575219][ T6269] loop3: detected capacity change from 0 to 2048 [ 162.964285][ T6269] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 163.032437][ T6269] ext4 filesystem being mounted at /168/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.154381][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 163.170252][ T6269] netlink: 'syz.3.731': attribute type 10 has an invalid length. [ 163.188915][ T6269] netlink: 40 bytes leftover after parsing attributes in process `syz.3.731'. [ 163.249949][ T6269] device batadv0 entered promiscuous mode [ 163.256390][ T6269] bridge0: port 3(batadv0) entered blocking state [ 163.295255][ T6269] bridge0: port 3(batadv0) entered disabled state [ 163.314335][ T6269] bridge0: port 3(batadv0) entered blocking state [ 163.321362][ T6269] bridge0: port 3(batadv0) entered forwarding state [ 163.386738][ T6293] batman_adv: batadv0: Adding interface: dummy0 [ 163.400961][ T6293] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.478658][ T6293] batman_adv: batadv0: Interface activated: dummy0 [ 163.727138][ T6307] netlink: 24 bytes leftover after parsing attributes in process `syz.1.743'. [ 163.739072][ T4338] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 163.748462][ T4338] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 163.750363][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 164.319153][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 164.982743][ T6328] loop5: detected capacity change from 0 to 1024 [ 165.071364][ T6328] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 165.191269][ T6328] EXT4-fs (loop5): orphan cleanup on readonly fs [ 165.266933][ T6328] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5885: Corrupt filesystem [ 165.289827][ T6328] EXT4-fs (loop5): Remounting filesystem read-only [ 165.296395][ T6328] EXT4-fs error (device loop5): ext4_dirty_inode:6089: inode #3: comm syz.5.750: mark_inode_dirty error [ 165.358473][ T6328] EXT4-fs (loop5): Remounting filesystem read-only [ 165.365384][ T6328] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:477: comm syz.5.750: Invalid block bitmap block 3 in block_group 0 [ 165.382761][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 165.406470][ T6328] EXT4-fs (loop5): Remounting filesystem read-only [ 165.415840][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 165.415853][ T27] audit: type=1326 audit(1740666017.243:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6341 comm="syz.3.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 165.460538][ T6328] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5885: Corrupt filesystem [ 165.498791][ T6328] EXT4-fs (loop5): Remounting filesystem read-only [ 165.502059][ T6345] loop2: detected capacity change from 0 to 2048 [ 165.505336][ T6328] EXT4-fs error (device loop5): ext4_dirty_inode:6089: inode #3: comm syz.5.750: mark_inode_dirty error [ 165.549856][ T27] audit: type=1326 audit(1740666017.243:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6341 comm="syz.3.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 165.586175][ T6328] EXT4-fs (loop5): Remounting filesystem read-only [ 165.600924][ T6328] Quota error (device loop5): write_blk: dquota write failed [ 165.621390][ T6345] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 165.623475][ T6328] EXT4-fs error (device loop5): ext4_map_blocks:634: inode #3: block 1: comm syz.5.750: lblock 6 mapped to illegal pblock 1 (length 1) [ 165.640522][ T6345] ext4 filesystem being mounted at /142/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.659303][ T27] audit: type=1326 audit(1740666017.283:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6341 comm="syz.3.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 165.681190][ T6328] EXT4-fs (loop5): Remounting filesystem read-only [ 165.714064][ T27] audit: type=1326 audit(1740666017.283:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6341 comm="syz.3.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 165.744336][ T6328] Quota error (device loop5): write_blk: dquota write failed [ 165.774779][ T27] audit: type=1326 audit(1740666017.283:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6341 comm="syz.3.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 165.783663][ T6328] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota [ 165.841969][ T27] audit: type=1326 audit(1740666017.283:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6341 comm="syz.3.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 165.918669][ T6328] EXT4-fs error (device loop5): ext4_map_blocks:634: inode #3: block 48: comm syz.5.750: lblock 0 mapped to illegal pblock 48 (length 1) [ 165.964467][ T27] audit: type=1326 audit(1740666017.283:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6341 comm="syz.3.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 166.007685][ T6328] EXT4-fs (loop5): Remounting filesystem read-only [ 166.023384][ T6328] EXT4-fs error (device loop5): ext4_acquire_dquot:6795: comm syz.5.750: Failed to acquire dquot type 0 [ 166.082249][ T6328] EXT4-fs (loop5): Remounting filesystem read-only [ 166.107677][ T6328] EXT4-fs error (device loop5): ext4_map_blocks:634: inode #3: block 49: comm syz.5.750: lblock 1 mapped to illegal pblock 49 (length 1) [ 166.173934][ T6328] EXT4-fs (loop5): Remounting filesystem read-only [ 166.196864][ T6328] EXT4-fs error (device loop5): ext4_acquire_dquot:6795: comm syz.5.750: Failed to acquire dquot type 0 [ 166.223670][ T6345] netlink: 'syz.2.756': attribute type 10 has an invalid length. [ 166.248131][ T6345] netlink: 40 bytes leftover after parsing attributes in process `syz.2.756'. [ 166.278159][ T6328] EXT4-fs (loop5): Remounting filesystem read-only [ 166.287937][ T6328] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5885: Corrupt filesystem [ 166.349880][ T6328] EXT4-fs (loop5): Remounting filesystem read-only [ 166.356713][ T6328] EXT4-fs error (device loop5): ext4_evict_inode:279: inode #15: comm syz.5.750: mark_inode_dirty error [ 166.398928][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 166.434592][ T6328] EXT4-fs (loop5): Remounting filesystem read-only [ 166.444753][ T6328] EXT4-fs warning (device loop5): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 166.457864][ T4247] EXT4-fs (loop2): unmounting filesystem. [ 166.484222][ T6328] EXT4-fs (loop5): 1 orphan inode deleted [ 166.510751][ T6328] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 166.524434][ T6362] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 166.598774][ T6363] loop4: detected capacity change from 0 to 2048 [ 166.662397][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 166.687345][ T6363] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 167.017557][ T6377] netlink: 40 bytes leftover after parsing attributes in process `syz.1.764'. [ 167.113247][ T6378] netlink: 4 bytes leftover after parsing attributes in process `syz.1.764'. [ 167.251377][ T6369] loop1: detected capacity change from 0 to 8192 [ 167.377115][ T6369] loop1: p1 p2 p3 p4 [ 167.692999][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 168.021263][ T6369] loop1: p1 start 67159808 is beyond EOD, truncated [ 168.029196][ T6369] loop1: p2 size 130943 extends beyond EOD, truncated [ 168.036853][ T6369] loop1: p3 size 8388608 extends beyond EOD, truncated [ 168.206869][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 168.219158][ T6369] loop1: p4 start 49398 is beyond EOD, truncated [ 168.448466][ T6401] loop5: detected capacity change from 0 to 256 [ 168.464445][ T6402] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 168.602900][ T6405] sd 0:0:1:0: device reset [ 168.703677][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 168.913347][ T6418] syz.5.782[6418] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 168.913450][ T6418] syz.5.782[6418] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 169.708618][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 170.070076][ T6429] loop4: detected capacity change from 0 to 2048 [ 170.229607][ T6429] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 170.238478][ T6429] ext4 filesystem being mounted at /180/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 170.299035][ T6442] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 170.729031][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 170.847277][ T6464] xt_TPROXY: Can be used only with -p tcp or -p udp [ 171.001038][ T6323] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm kworker/u4:19: bg 0: block 345: padding at end of block bitmap is not set [ 171.177227][ T6323] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 1259 with error 117 [ 171.276089][ T6323] EXT4-fs (loop4): This should not happen!! Data will be lost [ 171.276089][ T6323] [ 171.501640][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 172.076979][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 172.299617][ T6478] IPv6: Can't replace route, no match found [ 172.328103][ T6476] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 173.066216][ T6501] netlink: 4 bytes leftover after parsing attributes in process `syz.2.814'. [ 173.095108][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 173.145547][ T6499] loop3: detected capacity change from 0 to 2048 [ 173.184783][ T6501] netlink: 4 bytes leftover after parsing attributes in process `syz.2.814'. [ 173.259125][ T6510] xt_TPROXY: Can be used only with -p tcp or -p udp [ 173.386779][ T6499] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 173.434681][ T6499] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 173.583893][ T27] kauditd_printk_skb: 22 callbacks suppressed [ 173.583910][ T27] audit: type=1800 audit(1740666025.413:950): pid=6499 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.813" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 173.699775][ T6517] 9pnet_fd: p9_fd_create_tcp (6517): problem connecting socket to 127.0.0.1 [ 173.823952][ T6499] netlink: 'syz.3.813': attribute type 10 has an invalid length. [ 173.839953][ T6499] netlink: 40 bytes leftover after parsing attributes in process `syz.3.813'. [ 174.098583][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 174.120175][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 175.128627][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 175.261296][ T6532] loop2: detected capacity change from 0 to 736 [ 175.721593][ T4247] Symlink component flag not implemented [ 176.148663][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 177.168051][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 177.834993][ T6584] loop3: detected capacity change from 0 to 256 [ 177.855852][ T6584] FAT-fs (loop3): Unrecognized mount option "ÿÿÿÿÿÿÿ" or missing value [ 178.173016][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 178.246725][ T27] audit: type=1326 audit(1740666030.073:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 178.371419][ T27] audit: type=1326 audit(1740666030.133:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 178.487733][ T27] audit: type=1326 audit(1740666030.133:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 178.648745][ T27] audit: type=1326 audit(1740666030.133:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 179.057725][ T27] audit: type=1326 audit(1740666030.133:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 179.179030][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 179.378561][ T27] audit: type=1326 audit(1740666030.133:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 179.628631][ T27] audit: type=1326 audit(1740666030.133:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 179.629660][ T6604] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 179.738624][ T27] audit: type=1326 audit(1740666030.133:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f39de98bad0 code=0x7ffc0000 [ 179.943193][ T27] audit: type=1326 audit(1740666030.133:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f39de98bad0 code=0x7ffc0000 [ 180.722856][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 180.818662][ T27] audit: type=1326 audit(1740666030.133:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 180.948652][ T27] audit: type=1326 audit(1740666030.133:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 181.046848][ T27] audit: type=1326 audit(1740666030.153:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 181.096730][ T27] audit: type=1326 audit(1740666030.153:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6589 comm="syz.1.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 181.921883][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 182.466193][ T6638] xt_TPROXY: Can be used only with -p tcp or -p udp [ 182.951078][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 182.974484][ T6652] loop5: detected capacity change from 0 to 1024 [ 183.785580][ T6652] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 183.980416][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 184.006826][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 184.218966][ T6668] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 184.415341][ T6674] loop5: detected capacity change from 0 to 128 [ 184.486171][ T6674] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 184.905138][ T6682] ip6t_rpfilter: unknown options [ 185.556196][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 186.119690][ T4258] Bluetooth: hci3: command 0x0406 tx timeout [ 186.119734][ T4261] Bluetooth: hci2: command 0x0406 tx timeout [ 186.133488][ T4258] Bluetooth: hci4: command 0x0406 tx timeout [ 186.141577][ T4258] Bluetooth: hci0: command 0x0406 tx timeout [ 186.150044][ T4258] Bluetooth: hci1: command 0x0406 tx timeout [ 186.388329][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 186.561791][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 186.598180][ T6693] capability: warning: `syz.2.882' uses deprecated v2 capabilities in a way that may be insecure [ 186.656838][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 186.656855][ T27] audit: type=1326 audit(1740666038.483:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 186.707469][ T6697] program syz.2.882 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 186.777775][ T27] audit: type=1326 audit(1740666038.533:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 186.867401][ T6701] loop5: detected capacity change from 0 to 164 [ 186.882645][ T27] audit: type=1326 audit(1740666038.533:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 186.989385][ T27] audit: type=1326 audit(1740666038.533:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 187.012620][ T27] audit: type=1326 audit(1740666038.533:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 187.024777][ T6696] netem: change failed [ 187.057082][ T6701] syz.5.885: attempt to access beyond end of device [ 187.057082][ T6701] loop5: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 187.591056][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 187.607844][ T27] audit: type=1326 audit(1740666038.533:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 187.670231][ T6701] syz.5.885: attempt to access beyond end of device [ 187.670231][ T6701] loop5: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 187.859588][ T27] audit: type=1326 audit(1740666038.533:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 187.969898][ T27] audit: type=1326 audit(1740666038.533:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 187.993240][ T27] audit: type=1326 audit(1740666038.583:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 188.019455][ T27] audit: type=1326 audit(1740666038.623:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6695 comm="syz.4.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 188.113265][ T6710] loop3: detected capacity change from 0 to 764 [ 188.163085][ T6712] device macvlan1 entered promiscuous mode [ 188.199578][ T6712] device ipvlan0 entered promiscuous mode [ 188.210693][ T6715] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 188.234419][ T6712] device ipvlan0 left promiscuous mode [ 188.240507][ T4291] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 188.259874][ T6712] device macvlan1 left promiscuous mode [ 188.438605][ T4291] usb 3-1: Using ep0 maxpacket: 32 [ 188.447241][ T4291] usb 3-1: config 1 interface 0 has no altsetting 0 [ 188.487390][ T4291] usb 3-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.40 [ 188.537070][ T4291] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.568542][ T4291] usb 3-1: Product: syz [ 188.572775][ T4291] usb 3-1: Manufacturer: syz [ 188.577396][ T4291] usb 3-1: SerialNumber: syz [ 188.608052][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 188.641812][ T6725] loop1: detected capacity change from 0 to 1024 [ 188.720082][ T6725] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 188.778837][ T6731] netlink: 8 bytes leftover after parsing attributes in process `syz.5.896'. [ 188.801235][ T4245] EXT4-fs (loop1): unmounting filesystem. [ 188.961955][ T4291] usbhid 3-1:1.0: can't add hid device: -71 [ 189.008787][ T4291] usbhid: probe of 3-1:1.0 failed with error -71 [ 189.080249][ T4291] usb 3-1: USB disconnect, device number 2 [ 189.080440][ T6734] syz.4.898[6734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.086217][ T6734] syz.4.898[6734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.197541][ T6738] hub 6-0:1.0: USB hub found [ 189.303927][ T6738] hub 6-0:1.0: 1 port detected [ 189.709219][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 190.178407][ T6749] xt_TPROXY: Can be used only with -p tcp or -p udp [ 190.528685][ T6757] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 190.797292][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 191.759374][ T27] kauditd_printk_skb: 98 callbacks suppressed [ 191.759389][ T27] audit: type=1326 audit(1740666043.593:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6772 comm="syz.4.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 191.812753][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 191.864241][ T27] audit: type=1326 audit(1740666043.633:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6772 comm="syz.4.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 191.880957][ T6776] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 191.953709][ T27] audit: type=1326 audit(1740666043.633:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6772 comm="syz.4.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 192.078729][ T27] audit: type=1326 audit(1740666043.633:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6772 comm="syz.4.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 192.849326][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 192.914396][ T27] audit: type=1326 audit(1740666044.743:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.4.918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 193.072023][ T27] audit: type=1326 audit(1740666044.773:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.4.918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 193.299643][ T27] audit: type=1326 audit(1740666044.773:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.4.918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 193.408626][ T27] audit: type=1326 audit(1740666044.773:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.4.918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 193.481867][ T27] audit: type=1326 audit(1740666044.773:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.4.918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 193.512804][ T6802] loop4: detected capacity change from 0 to 1024 [ 193.601060][ T6802] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 193.621820][ T27] audit: type=1326 audit(1740666044.773:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.4.918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7fc50698d169 code=0x7ffc0000 [ 193.747963][ T6811] loop2: detected capacity change from 0 to 2048 [ 193.767635][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 193.825784][ T6811] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 193.859359][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 193.873823][ T6811] ext4 filesystem being mounted at /172/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 193.904261][ T6811] netlink: 'syz.2.924': attribute type 10 has an invalid length. [ 193.951915][ T6811] netlink: 40 bytes leftover after parsing attributes in process `syz.2.924'. [ 194.031673][ T6817] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 194.289114][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.295577][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.401389][ T4247] EXT4-fs (loop2): unmounting filesystem. [ 194.779179][ T6820] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 194.812364][ T6820] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 194.871253][ T6820] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 194.876583][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 194.881809][ T6820] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 194.985696][ T6820] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 195.022855][ T6820] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 195.071421][ T6820] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 195.077666][ T6820] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 195.083834][ T6820] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 195.091319][ T6820] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 195.099253][ T6820] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 195.117690][ T6820] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 195.125019][ T6820] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 195.148692][ T6820] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 195.188902][ T6820] Bluetooth: hci5: Suspend notifier action (1) failed: -4 [ 195.258430][ T6841] xt_TPROXY: Can be used only with -p tcp or -p udp [ 195.913887][ T6852] loop2: detected capacity change from 0 to 1024 [ 195.977182][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 196.228982][ T4249] Bluetooth: hci2: command 0x0c1a tx timeout [ 196.325567][ T6852] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 196.662567][ T6863] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 196.762845][ T4247] EXT4-fs (loop2): unmounting filesystem. [ 196.782273][ T6853] device veth1_vlan left promiscuous mode [ 196.938609][ T4249] Bluetooth: hci1: command 0x0c1a tx timeout [ 196.987617][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 197.050164][ T6865] loop1: detected capacity change from 0 to 2048 [ 197.078625][ T4261] Bluetooth: hci3: command 0x0c1a tx timeout [ 197.098786][ T6869] netlink: 8 bytes leftover after parsing attributes in process `syz.2.942'. [ 197.137989][ T6865] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 197.149083][ T6865] ext4 filesystem being mounted at /192/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 197.169932][ T4261] Bluetooth: hci4: command 0x0c1a tx timeout [ 197.320357][ T4249] Bluetooth: hci5: command 0x0c1a tx timeout [ 197.389495][ T6877] netlink: 'syz.1.943': attribute type 10 has an invalid length. [ 197.389519][ T6877] netlink: 40 bytes leftover after parsing attributes in process `syz.1.943'. [ 197.390082][ T6877] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 197.475132][ T27] kauditd_printk_skb: 15 callbacks suppressed [ 197.475149][ T27] audit: type=1800 audit(1740666049.303:1098): pid=6865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.943" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 197.663374][ T4245] EXT4-fs (loop1): unmounting filesystem. [ 197.995556][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 198.815264][ T4249] Bluetooth: hci2: command 0x0406 tx timeout [ 198.998946][ T4249] Bluetooth: hci1: command 0x0406 tx timeout [ 199.018816][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 199.107766][ T6897] loop1: detected capacity change from 0 to 1024 [ 199.158834][ T4249] Bluetooth: hci3: command 0x0406 tx timeout [ 199.174041][ T6897] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 199.258763][ T4249] Bluetooth: hci4: command 0x0406 tx timeout [ 199.349065][ T6903] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 199.418647][ T4261] Bluetooth: hci5: command 0x0406 tx timeout [ 200.094385][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 200.234460][ T4245] EXT4-fs (loop1): unmounting filesystem. [ 200.560505][ T6912] loop5: detected capacity change from 0 to 2048 [ 200.646695][ T6912] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 200.674527][ T6912] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.701304][ T27] audit: type=1107 audit(1740666052.523:1099): pid=6919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='o_s' [ 200.826455][ T27] audit: type=1800 audit(1740666052.653:1100): pid=6912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.959" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 201.101901][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 201.618599][ T6912] netlink: 'syz.5.959': attribute type 10 has an invalid length. [ 201.634295][ T6912] netlink: 40 bytes leftover after parsing attributes in process `syz.5.959'. [ 201.681372][ T6912] device batadv0 entered promiscuous mode [ 201.687993][ T6912] bridge0: port 3(batadv0) entered blocking state [ 201.697175][ T6912] bridge0: port 3(batadv0) entered disabled state [ 201.705303][ T6912] bridge0: port 3(batadv0) entered blocking state [ 201.711900][ T6912] bridge0: port 3(batadv0) entered forwarding state [ 201.739859][ T6925] batman_adv: batadv0: Adding interface: dummy0 [ 201.758696][ T6925] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.788942][ T6925] batman_adv: batadv0: Interface activated: dummy0 [ 201.858941][ T11] batman_adv: batadv0: IGMP Querier appeared [ 201.864972][ T11] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 202.001234][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 202.133106][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 204.099164][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 205.110189][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 205.333246][ T27] audit: type=1326 audit(1740666057.163:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6985 comm="syz.5.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 205.396266][ T27] audit: type=1326 audit(1740666057.163:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6985 comm="syz.5.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 205.509923][ T6990] netlink: 12 bytes leftover after parsing attributes in process `syz.2.984'. [ 205.549535][ T27] audit: type=1326 audit(1740666057.163:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6985 comm="syz.5.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 205.715673][ T27] audit: type=1326 audit(1740666057.163:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6985 comm="syz.5.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 205.856171][ T27] audit: type=1326 audit(1740666057.163:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6985 comm="syz.5.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 205.968022][ T27] audit: type=1326 audit(1740666057.163:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6985 comm="syz.5.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 206.018441][ T6994] loop4: detected capacity change from 0 to 1024 [ 206.110671][ T7003] xt_TPROXY: Can be used only with -p tcp or -p udp [ 206.118383][ T27] audit: type=1326 audit(1740666057.243:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6985 comm="syz.5.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 206.597048][ T27] audit: type=1326 audit(1740666057.243:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6985 comm="syz.5.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 206.667763][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 206.851496][ T6994] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 206.950561][ T27] audit: type=1326 audit(1740666057.243:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.5.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f77c13bfa25 code=0x7ffc0000 [ 207.079037][ T27] audit: type=1326 audit(1740666057.403:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.5.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 207.155217][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 207.470369][ T7017] loop2: detected capacity change from 0 to 1024 [ 207.586710][ T7017] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 207.618965][ T7017] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3841: comm syz.2.994: Allocating blocks 385-513 which overlap fs metadata [ 207.668814][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 207.778440][ T7017] EXT4-fs (loop2): pa ffff88804ec02380: logic 16, phys. 129, len 24 [ 207.787552][ T7017] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8 [ 208.006228][ T7035] netlink: 332 bytes leftover after parsing attributes in process `syz.4.1001'. [ 208.092756][ T4247] EXT4-fs (loop2): unmounting filesystem. [ 208.226347][ T7038] loop5: detected capacity change from 0 to 1024 [ 208.236758][ T7040] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1003'. [ 208.293909][ T7038] EXT4-fs: Ignoring removed orlov option [ 208.318586][ T7038] EXT4-fs: Ignoring removed nomblk_io_submit option [ 208.458883][ T7038] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 208.502984][ T7050] netlink: 'syz.2.1008': attribute type 280 has an invalid length. [ 208.681850][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 209.141881][ T7045] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.323575][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 209.477619][ T7045] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.688556][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 209.704138][ T7045] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.998313][ T7045] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.095671][ T7080] device netdevsim0 entered promiscuous mode [ 210.133168][ T7080] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 210.451199][ T7045] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.558744][ T7089] loop2: detected capacity change from 0 to 256 [ 210.570637][ T7045] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.616921][ T7089] FAT-fs (loop2): Directory bread(block 64) failed [ 210.646745][ T7045] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.658684][ T7089] FAT-fs (loop2): Directory bread(block 65) failed [ 210.665422][ T7089] FAT-fs (loop2): Directory bread(block 66) failed [ 210.709353][ T7089] FAT-fs (loop2): Directory bread(block 67) failed [ 210.716597][ T7089] FAT-fs (loop2): Directory bread(block 68) failed [ 210.731102][ T7045] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.741199][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 210.766189][ T7089] FAT-fs (loop2): Directory bread(block 69) failed [ 210.808739][ T7089] FAT-fs (loop2): Directory bread(block 70) failed [ 210.815710][ T7089] FAT-fs (loop2): Directory bread(block 71) failed [ 210.856401][ T7089] FAT-fs (loop2): Directory bread(block 72) failed [ 210.872193][ T27] kauditd_printk_skb: 22 callbacks suppressed [ 210.872208][ T27] audit: type=1326 audit(1740666062.703:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7092 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 210.878586][ T7089] FAT-fs (loop2): Directory bread(block 73) failed [ 210.987560][ T27] audit: type=1326 audit(1740666062.733:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7092 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 211.074091][ T27] audit: type=1326 audit(1740666062.733:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7092 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 211.198644][ T27] audit: type=1326 audit(1740666062.733:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7092 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 211.323404][ T27] audit: type=1326 audit(1740666062.733:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7092 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39de98d169 code=0x7ffc0000 [ 211.395997][ T7103] loop3: detected capacity change from 0 to 128 [ 211.405001][ T7099] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1027'. [ 212.228052][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 213.294177][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 213.439056][ T7116] loop1: detected capacity change from 0 to 2048 [ 213.570551][ T7116] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 213.622344][ T7116] ext4 filesystem being mounted at /210/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 213.707379][ T7125] SET target dimension over the limit! [ 213.718756][ T27] audit: type=1800 audit(1740666065.553:1138): pid=7116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1031" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 213.719373][ T7116] netlink: 'syz.1.1031': attribute type 10 has an invalid length. [ 213.828089][ T7116] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1031'. [ 213.871918][ T7116] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 213.897798][ T7127] loop4: detected capacity change from 0 to 764 [ 214.098195][ T4245] EXT4-fs (loop1): unmounting filesystem. [ 214.299294][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 215.322590][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 215.674129][ T7159] loop2: detected capacity change from 0 to 764 [ 215.926041][ T7163] loop1: detected capacity change from 0 to 2048 [ 215.997748][ T7165] loop3: detected capacity change from 0 to 128 [ 216.017503][ T7163] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 216.020765][ T7169] netlink: 'syz.2.1053': attribute type 2 has an invalid length. [ 216.034794][ T7163] ext4 filesystem being mounted at /214/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 216.098087][ T7165] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 216.150108][ T27] audit: type=1800 audit(1740666067.983:1139): pid=7163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1051" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 216.180687][ T7173] netlink: 'syz.1.1051': attribute type 10 has an invalid length. [ 216.236975][ T7165] ext4 filesystem being mounted at /232/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 216.239012][ T7173] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1051'. [ 216.319378][ T7173] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 216.359050][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 216.385334][ T7176] syz.2.1055[7176] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 216.385433][ T7176] syz.2.1055[7176] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 216.536291][ T4245] EXT4-fs (loop1): unmounting filesystem. [ 216.729054][ T7184] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1057'. [ 216.815949][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 216.925409][ T7186] loop2: detected capacity change from 0 to 512 [ 216.969714][ T7180] loop5: detected capacity change from 0 to 8192 [ 217.026627][ T7186] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 217.059194][ T7186] ext4 filesystem being mounted at /202/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 217.231448][ T4247] EXT4-fs (loop2): unmounting filesystem. [ 217.380839][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 217.397058][ T7199] loop2: detected capacity change from 0 to 764 [ 217.612432][ T27] audit: type=1326 audit(1740666069.443:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.4.1067" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc50698d169 code=0x0 [ 217.656421][ T7206] loop3: detected capacity change from 0 to 2048 [ 217.703093][ T7206] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 217.722285][ T7206] ext4 filesystem being mounted at /236/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 217.780473][ T27] audit: type=1800 audit(1740666069.613:1141): pid=7206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1068" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 217.809299][ T7206] netlink: 'syz.3.1068': attribute type 10 has an invalid length. [ 217.857332][ T7206] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1068'. [ 217.970504][ T7215] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1071'. [ 218.018205][ T7215] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1071'. [ 218.035787][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 218.048510][ T7217] IPv6: Can't replace route, no match found [ 218.259465][ T7209] loop2: detected capacity change from 0 to 512 [ 218.273721][ T27] audit: type=1326 audit(1740666070.103:1142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7223 comm="syz.5.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 218.299359][ T7209] EXT4-fs: Ignoring removed orlov option [ 218.330789][ T7209] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 218.353791][ T27] audit: type=1326 audit(1740666070.103:1143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7223 comm="syz.5.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 218.388601][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 218.402734][ T7209] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 218.412812][ T27] audit: type=1326 audit(1740666070.133:1144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7223 comm="syz.5.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 218.469862][ T7209] EXT4-fs (loop2): orphan cleanup on readonly fs [ 218.542736][ T7209] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1069: bg 0: block 248: padding at end of block bitmap is not set [ 218.578628][ T27] audit: type=1326 audit(1740666070.133:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7223 comm="syz.5.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 218.618032][ T7209] Quota error (device loop2): write_blk: dquota write failed [ 218.653837][ T7209] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 218.699849][ T27] audit: type=1326 audit(1740666070.133:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7223 comm="syz.5.1074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 218.742255][ T7209] EXT4-fs error (device loop2): ext4_acquire_dquot:6795: comm syz.2.1069: Failed to acquire dquot type 1 [ 218.793984][ T7209] EXT4-fs (loop2): 1 truncate cleaned up [ 218.815284][ T7209] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 219.022285][ T7245] loop3: detected capacity change from 0 to 256 [ 219.043176][ T7243] loop1: detected capacity change from 0 to 2048 [ 219.046583][ T7245] FAT-fs (loop3): Unrecognized mount option "ÿÿÿÿÿÿÿ" or missing value [ 219.164062][ T7243] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 219.186496][ T7243] ext4 filesystem being mounted at /220/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 219.263541][ T7243] netlink: 'syz.1.1082': attribute type 10 has an invalid length. [ 219.302061][ T7243] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1082'. [ 219.348300][ T4247] EXT4-fs (loop2): unmounting filesystem. [ 219.349017][ T7243] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 219.404236][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 219.645635][ T4245] EXT4-fs (loop1): unmounting filesystem. [ 220.283240][ T7271] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1094'. [ 220.434188][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 220.645949][ T7277] loop5: detected capacity change from 0 to 2048 [ 220.729065][ T7277] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 220.831915][ T7277] ext4 filesystem being mounted at /119/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 220.904078][ T7277] netlink: 'syz.5.1097': attribute type 10 has an invalid length. [ 220.932646][ T7277] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1097'. [ 220.995329][ T7282] siw: device registration error -23 [ 221.074135][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 221.349236][ T27] kauditd_printk_skb: 11 callbacks suppressed [ 221.349252][ T27] audit: type=1326 audit(1740666073.183:1158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.2.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 221.416304][ T7297] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1103'. [ 221.454148][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 221.476632][ T7297] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 221.481296][ T27] audit: type=1326 audit(1740666073.183:1159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.2.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 221.540112][ T7297] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 221.612010][ T27] audit: type=1326 audit(1740666073.213:1160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.2.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 221.700878][ T27] audit: type=1326 audit(1740666073.213:1161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.2.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 221.802381][ T27] audit: type=1326 audit(1740666073.213:1162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.2.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 221.907847][ T27] audit: type=1326 audit(1740666073.223:1163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.2.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 221.992013][ T7307] loop4: detected capacity change from 0 to 256 [ 222.002400][ T7308] syz.5.1108[7308] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 222.002498][ T7308] syz.5.1108[7308] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 222.008792][ T27] audit: type=1326 audit(1740666073.223:1164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.2.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 222.054619][ T7307] FAT-fs (loop4): Unrecognized mount option "ÿÿÿÿÿÿÿ" or missing value [ 222.159382][ T27] audit: type=1326 audit(1740666073.223:1165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.2.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 222.268409][ T27] audit: type=1326 audit(1740666073.223:1166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.2.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 222.379621][ T27] audit: type=1326 audit(1740666073.223:1167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7296 comm="syz.2.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60d418d169 code=0x7ffc0000 [ 222.446820][ T7321] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 222.459777][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 223.006931][ T7333] loop3: detected capacity change from 0 to 2048 [ 223.165207][ T7333] loop3: p2 p3 p7 [ 223.465825][ T7341] loop1: detected capacity change from 0 to 512 [ 223.473624][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 223.517724][ T7341] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 223.568319][ T7341] EXT4-fs (loop1): 1 truncate cleaned up [ 223.585339][ T7341] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 223.925873][ T7357] cgroup: Need name or subsystem set [ 224.230914][ T4245] EXT4-fs (loop1): unmounting filesystem. [ 224.373399][ T7369] loop3: detected capacity change from 0 to 256 [ 224.415913][ T7369] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 224.487251][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 224.494331][ T7369] FAT-fs (loop3): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 224.563207][ T7374] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 224.611425][ T7369] FAT-fs (loop3): Filesystem has been set read-only [ 224.687053][ T7380] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1128'. [ 224.789004][ T7380] bridge0: port 3(batadv0) entered disabled state [ 224.814242][ T7380] device bridge_slave_1 left promiscuous mode [ 224.845608][ T7380] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.877949][ T7380] device bridge_slave_0 left promiscuous mode [ 224.912011][ T7380] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.072279][ T7371] infiniband syz!: set down [ 225.078183][ T7371] infiniband syz!: added team_slave_0 [ 225.194989][ T7371] RDS/IB: syz!: added [ 225.255681][ T7371] smc: adding ib device syz! with port count 1 [ 225.269931][ T7371] smc: ib device syz! port 1 has pnetid [ 225.508998][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 226.104962][ T7405] loop5: detected capacity change from 0 to 128 [ 226.539676][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 227.549002][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 228.210215][ T7430] xt_TPROXY: Can be used only with -p tcp or -p udp [ 228.263468][ T7432] device bond1 entered promiscuous mode [ 228.279079][ T7432] 8021q: adding VLAN 0 to HW filter on device bond1 [ 228.370028][ T7436] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 228.568135][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 228.838344][ T7432] bond1 (unregistering): Released all slaves [ 229.473773][ T7410] siw: device registration error -23 [ 229.574479][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 229.699066][ T7449] syz.2.1157[7449] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 229.699167][ T7449] syz.2.1157[7449] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 229.898907][ T7454] loop5: detected capacity change from 0 to 512 [ 230.041800][ T7454] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 230.110431][ T7454] ext4 filesystem being mounted at /136/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 230.530579][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 230.664572][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 231.673170][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 231.953690][ T7496] syz.2.1172[7496] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 231.953832][ T7496] syz.2.1172[7496] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 232.076284][ T7497] xt_TPROXY: Can be used only with -p tcp or -p udp [ 232.522137][ T7483] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 232.530299][ T7483] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 232.560084][ T7483] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 232.580287][ T7483] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 232.590115][ T7483] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 232.668715][ T7483] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 232.676443][ T7483] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 232.684948][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 232.745368][ T7483] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 232.751525][ T7483] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 232.759452][ T7483] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 232.765720][ T7483] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 232.771758][ T7483] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 232.779358][ T7483] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 232.786093][ T7483] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 232.792281][ T7483] Bluetooth: hci5: Suspend notifier action (1) failed: -4 [ 232.839208][ T27] kauditd_printk_skb: 53 callbacks suppressed [ 232.839225][ T27] audit: type=1326 audit(1740666084.673:1221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7500 comm="syz.3.1176" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x0 [ 232.919053][ T7507] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1178'. [ 232.948193][ T7505] loop5: detected capacity change from 0 to 2048 [ 232.987934][ T7505] EXT4-fs: Ignoring removed bh option [ 233.041047][ T7505] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 233.547786][ T7525] loop2: detected capacity change from 0 to 512 [ 233.607895][ T7525] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 234.321285][ T4261] Bluetooth: hci2: command 0x0c1a tx timeout [ 234.349974][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 234.480627][ T7525] EXT4-fs (loop2): orphan cleanup on readonly fs [ 234.547847][ T7525] Quota error (device loop2): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 234.571802][ T7525] EXT4-fs warning (device loop2): ext4_enable_quotas:7030: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 234.608802][ T4249] Bluetooth: hci1: command 0x0c1a tx timeout [ 234.618812][ T7525] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 234.647320][ T7535] loop3: detected capacity change from 0 to 1024 [ 234.740278][ T7535] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 234.753917][ T7525] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1183: bg 0: block 40: padding at end of block bitmap is not set [ 234.770505][ T4249] Bluetooth: hci3: command 0x0c1a tx timeout [ 234.848906][ T4249] Bluetooth: hci5: command 0x0c1a tx timeout [ 234.855022][ T4249] Bluetooth: hci4: command 0x0c1a tx timeout [ 234.889490][ T7525] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 234.905397][ T7525] EXT4-fs (loop2): 1 truncate cleaned up [ 234.917255][ T7525] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 234.925236][ T6204] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 235.025427][ T7545] xt_TPROXY: Can be used only with -p tcp or -p udp [ 235.248202][ T6204] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 235.358885][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 235.479958][ T6204] EXT4-fs (loop5): This should not happen!! Data will be lost [ 235.479958][ T6204] [ 235.491744][ T6204] EXT4-fs (loop5): Total free blocks count 0 [ 235.497945][ T6204] EXT4-fs (loop5): Free/Dirty block details [ 235.501960][ T7525] EXT4-fs error (device loop2): ext4_get_link:104: inode #16: comm syz.2.1183: bad symlink. [ 235.513657][ T6204] EXT4-fs (loop5): free_blocks=2415919104 [ 235.521865][ T6204] EXT4-fs (loop5): dirty_blocks=1456 [ 235.521887][ T6204] EXT4-fs (loop5): Block reservation details [ 235.521898][ T6204] EXT4-fs (loop5): i_reserved_data_blocks=91 [ 235.526137][ T6204] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 1426 with error 28 [ 235.533642][ T7546] cgroup: Need name or subsystem set [ 235.665668][ T7535] EXT4-fs (loop3): shut down requested (0) [ 235.795755][ T4247] EXT4-fs (loop2): unmounting filesystem. [ 235.881327][ T7551] device bridge0 entered promiscuous mode [ 235.888303][ T7551] device macsec1 entered promiscuous mode [ 235.938088][ T7553] loop1: detected capacity change from 0 to 256 [ 235.963209][ T7551] bridge0: port 4(macsec1) entered blocking state [ 236.007288][ T7553] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 236.030672][ T7551] bridge0: port 4(macsec1) entered disabled state [ 236.070829][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 236.125431][ T7551] device bridge0 left promiscuous mode [ 236.139796][ T7553] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 236.168631][ T7553] FAT-fs (loop1): Filesystem has been set read-only [ 236.235083][ T7561] loop2: detected capacity change from 0 to 128 [ 236.260316][ T27] audit: type=1326 audit(1740666088.093:1222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7563 comm="syz.3.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 236.336963][ T27] audit: type=1326 audit(1740666088.113:1223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7563 comm="syz.3.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 236.344220][ T7564] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1195'. [ 236.359862][ T4249] Bluetooth: hci2: command 0x0406 tx timeout [ 236.384377][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 236.428091][ T7546] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1189'. [ 236.459636][ T27] audit: type=1326 audit(1740666088.113:1224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7563 comm="syz.3.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 236.543478][ T27] audit: type=1326 audit(1740666088.113:1225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7563 comm="syz.3.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 236.552887][ T7564] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1195'. [ 236.661627][ T27] audit: type=1326 audit(1740666088.113:1226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7563 comm="syz.3.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 236.684862][ T4261] Bluetooth: hci1: command 0x0406 tx timeout [ 236.808903][ T7569] loop2: detected capacity change from 0 to 2048 [ 236.809697][ T27] audit: type=1326 audit(1740666088.113:1227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7563 comm="syz.3.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 236.840166][ T4261] Bluetooth: hci3: command 0x0406 tx timeout [ 236.911040][ T7569] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 236.928740][ T4261] Bluetooth: hci4: command 0x0406 tx timeout [ 236.935205][ T4261] Bluetooth: hci5: command 0x0406 tx timeout [ 236.970636][ T27] audit: type=1326 audit(1740666088.113:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7563 comm="syz.3.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 237.010679][ T27] audit: type=1326 audit(1740666088.123:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7563 comm="syz.3.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 237.058803][ T7569] EXT4-fs error (device loop2): ext4_find_extent:936: inode #2: comm syz.2.1197: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 237.314564][ T4247] EXT4-fs (loop2): unmounting filesystem. [ 237.388750][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 237.514613][ T7583] xt_TPROXY: Can be used only with -p tcp or -p udp [ 237.999008][ T27] kauditd_printk_skb: 8 callbacks suppressed [ 237.999024][ T27] audit: type=1326 audit(1740666089.833:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.5.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 238.160016][ T27] audit: type=1326 audit(1740666089.883:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7580 comm="syz.5.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 238.269904][ T27] audit: type=1326 audit(1740666089.953:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7585 comm="syz.5.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f77c13bfa25 code=0x7ffc0000 [ 238.605096][ T27] audit: type=1326 audit(1740666090.123:1241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7585 comm="syz.5.1201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 238.688592][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 238.907374][ T7600] syz.3.1207[7600] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 238.907468][ T7600] syz.3.1207[7600] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 239.024258][ T27] audit: type=1326 audit(1740666090.853:1242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7603 comm="syz.5.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 239.368904][ T27] audit: type=1326 audit(1740666090.923:1243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7603 comm="syz.5.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 239.586288][ T27] audit: type=1326 audit(1740666090.963:1244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7603 comm="syz.5.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 239.711859][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 239.816288][ T27] audit: type=1326 audit(1740666090.963:1245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7603 comm="syz.5.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 239.934303][ T27] audit: type=1326 audit(1740666090.963:1246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7603 comm="syz.5.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 239.957120][ T7620] loop4: detected capacity change from 0 to 8192 [ 240.014610][ T27] audit: type=1326 audit(1740666090.963:1247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7603 comm="syz.5.1206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 240.585026][ T7634] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1217'. [ 240.652796][ T7636] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1217'. [ 240.729891][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 241.006910][ T7646] loop5: detected capacity change from 0 to 1024 [ 241.102170][ T7649] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1224'. [ 241.155829][ T7646] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 241.197108][ T7653] loop4: detected capacity change from 0 to 1024 [ 241.204357][ T7653] EXT4-fs: Ignoring removed orlov option [ 241.300071][ T7653] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 241.357494][ T7657] syz.2.1227[7657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 241.357646][ T7657] syz.2.1227[7657] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 241.528801][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 241.619631][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 241.739898][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 242.748636][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 242.818794][ T7676] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1233'. [ 242.880586][ T7677] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1233'. [ 243.148342][ T7688] syz.3.1239[7688] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 243.164814][ T7688] syz.3.1239[7688] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 243.348603][ T7694] loop4: detected capacity change from 0 to 1024 [ 243.477743][ T7694] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 243.697299][ T7708] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1243'. [ 243.759953][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 243.790894][ T7708] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.834534][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 243.929924][ T7716] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1248'. [ 244.004104][ T7708] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.023945][ T7716] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1248'. [ 244.724348][ T7723] loop2: detected capacity change from 0 to 512 [ 244.768799][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 244.794684][ T7708] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.859081][ T75] __quota_error: 13 callbacks suppressed [ 244.859101][ T75] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 244.878948][ T7723] EXT4-fs (loop2): 1 orphan inode deleted [ 244.884826][ T7723] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 244.903900][ T7725] loop5: detected capacity change from 0 to 2048 [ 244.938740][ T75] EXT4-fs error (device loop2): ext4_release_dquot:6818: comm kworker/u4:4: Failed to release dquot type 1 [ 244.972936][ T7729] syz.1.1254[7729] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 244.973107][ T7729] syz.1.1254[7729] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 245.003100][ T7708] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.046565][ T7723] ext4 filesystem being mounted at /249/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 245.073337][ T7725] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 245.108620][ T7725] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 245.137588][ T7708] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.153813][ T7708] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.173516][ T7708] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.216667][ T7708] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.279055][ T27] audit: type=1800 audit(1740666097.113:1261): pid=7725 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1252" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 245.301035][ T4247] EXT4-fs (loop2): unmounting filesystem. [ 245.318987][ T7725] netlink: 'syz.5.1252': attribute type 10 has an invalid length. [ 245.347358][ T7725] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1252'. [ 245.550471][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 245.692466][ T27] audit: type=1326 audit(1740666097.523:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7748 comm="syz.5.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 245.721728][ T7750] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1262'. [ 245.780271][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 245.786644][ T27] audit: type=1326 audit(1740666097.523:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7748 comm="syz.5.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 245.907337][ T27] audit: type=1326 audit(1740666097.573:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7748 comm="syz.5.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 245.997111][ T7759] loop1: detected capacity change from 0 to 512 [ 246.038378][ T7759] journal_path: Lookup failure for './bus' [ 246.075283][ T7759] EXT4-fs: error: could not find journal device path [ 246.100337][ T27] audit: type=1326 audit(1740666097.573:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7748 comm="syz.5.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 246.123795][ T27] audit: type=1326 audit(1740666097.573:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7748 comm="syz.5.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 246.147517][ T27] audit: type=1326 audit(1740666097.583:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7748 comm="syz.5.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 246.178633][ T7763] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1266'. [ 246.189131][ T27] audit: type=1326 audit(1740666097.583:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7748 comm="syz.5.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 246.300332][ T7763] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1266'. [ 246.823541][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 246.914360][ T27] audit: type=1326 audit(1740666097.583:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7748 comm="syz.5.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 246.965846][ T7766] syz.5.1268[7766] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 246.966000][ T7766] syz.5.1268[7766] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 247.142727][ T7770] loop4: detected capacity change from 0 to 164 [ 247.242234][ T7770] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 247.326153][ T7770] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 247.417700][ T7778] loop5: detected capacity change from 0 to 512 [ 247.496458][ T7778] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 247.529976][ T7778] ext4 filesystem being mounted at /157/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 247.610669][ T7778] hub 6-0:1.0: USB hub found [ 247.645975][ T7785] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1277'. [ 247.655356][ T7778] hub 6-0:1.0: 1 port detected [ 247.726227][ T7791] IPv6: Can't replace route, no match found [ 247.828576][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 247.904260][ T5540] EXT4-fs (loop5): unmounting filesystem. [ 248.984851][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 249.032851][ T7811] syz.5.1284[7811] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 249.033003][ T7811] syz.5.1284[7811] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 249.302502][ T7820] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1289'. [ 249.399881][ T7828] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1292'. [ 249.522138][ T7832] loop3: detected capacity change from 0 to 256 [ 249.527873][ T7830] bridge0: port 3(vlan2) entered blocking state [ 249.578203][ T7830] bridge0: port 3(vlan2) entered disabled state [ 249.610033][ T7830] device vlan2 entered promiscuous mode [ 249.615728][ T7830] device bond0 entered promiscuous mode [ 249.673859][ T7836] loop4: detected capacity change from 0 to 1024 [ 249.688635][ T7830] device bond_slave_0 entered promiscuous mode [ 249.720415][ T7836] ext4: Bad value for 'auto_da_alloc' [ 249.728821][ T7830] device bond_slave_1 entered promiscuous mode [ 249.739611][ T7830] bridge0: port 3(vlan2) entered blocking state [ 249.746014][ T7830] bridge0: port 3(vlan2) entered forwarding state [ 250.017404][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 250.094177][ T27] kauditd_printk_skb: 60 callbacks suppressed [ 250.094245][ T27] audit: type=1326 audit(1740666101.873:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7846 comm="syz.3.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 250.199152][ T27] audit: type=1326 audit(1740666101.873:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7846 comm="syz.3.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 250.238532][ T27] audit: type=1326 audit(1740666102.023:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7846 comm="syz.3.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 250.265597][ T7851] syz.1.1302[7851] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 250.265744][ T7851] syz.1.1302[7851] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 251.006258][ T27] audit: type=1326 audit(1740666102.023:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7846 comm="syz.3.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 251.053821][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 251.077403][ T27] audit: type=1326 audit(1740666102.023:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7846 comm="syz.3.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 251.164341][ T7862] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1305'. [ 251.273908][ T27] audit: type=1326 audit(1740666102.023:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7846 comm="syz.3.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 251.302975][ T7864] device macvlan1 entered promiscuous mode [ 251.332210][ T7866] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1308'. [ 251.359950][ T7864] device ipvlan0 entered promiscuous mode [ 251.366688][ T7864] device ipvlan0 left promiscuous mode [ 251.388608][ T27] audit: type=1326 audit(1740666102.023:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7846 comm="syz.3.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 251.411833][ T7864] device macvlan1 left promiscuous mode [ 251.412126][ T7868] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1306'. [ 251.423095][ T27] audit: type=1326 audit(1740666102.023:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7846 comm="syz.3.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 251.521010][ T27] audit: type=1326 audit(1740666102.023:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7846 comm="syz.3.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 251.580783][ T27] audit: type=1326 audit(1740666102.023:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7846 comm="syz.3.1301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fded3b8d169 code=0x7ffc0000 [ 251.706481][ T7877] netlink: 'syz.2.1312': attribute type 13 has an invalid length. [ 251.931347][ T7877] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 253.730349][ T4249] Bluetooth: hci5: command 0x0406 tx timeout [ 253.766016][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 253.818932][ T7887] loop3: detected capacity change from 0 to 2048 [ 253.829535][ T7877] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 253.898630][ T7880] netlink: 'syz.2.1312': attribute type 13 has an invalid length. [ 253.949724][ T7887] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 253.958308][ T7887] ext4 filesystem being mounted at /285/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 254.073127][ T7900] syz.1.1319[7900] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 254.073284][ T7900] syz.1.1319[7900] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 254.187891][ T7880] gretap0: refused to change device tx_queue_len [ 254.233706][ T7880] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 254.294358][ T7887] netlink: 'syz.3.1316': attribute type 10 has an invalid length. [ 254.305962][ T7887] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1316'. [ 254.357333][ T7887] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 254.467485][ T7911] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1321'. [ 254.494396][ T7914] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1322'. [ 254.599632][ T4256] EXT4-fs (loop3): unmounting filesystem. [ 254.685941][ T7918] loop1: detected capacity change from 0 to 512 [ 254.763065][ T7918] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 254.778653][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 254.791411][ T7918] ext4 filesystem being mounted at /260/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 254.868219][ T7918] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 12: comm syz.1.1325: path /260/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 254.908531][ T7918] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz.1.1325: path /260/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 254.970015][ T7918] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 14: comm syz.1.1325: path /260/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 255.072501][ T7929] EXT4-fs error (device loop1): ext4_map_blocks:634: inode #2: block 18: comm syz.1.1325: lblock 23 mapped to illegal pblock 18 (length 1) [ 255.160196][ T7918] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 15: comm syz.1.1325: path /260/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 255.307727][ T7918] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz.1.1325: path /260/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 255.387985][ T7940] loop2: detected capacity change from 0 to 2048 [ 255.411417][ T7942] syz.3.1334[7942] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 255.411558][ T7942] syz.3.1334[7942] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 255.436909][ T7918] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 17: comm syz.1.1325: path /260/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 255.486534][ T7940] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 255.495685][ T7918] EXT4-fs error (device loop1): ext4_map_blocks:634: inode #2: block 18: comm syz.1.1325: lblock 23 mapped to illegal pblock 18 (length 1) [ 255.534042][ T7940] ext4 filesystem being mounted at /265/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 255.682239][ T4245] EXT4-fs (loop1): unmounting filesystem. [ 255.700069][ T7940] netlink: 'syz.2.1333': attribute type 10 has an invalid length. [ 255.707939][ T7940] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1333'. [ 255.791616][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.798082][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.818976][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 256.899441][ T7955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1336'. [ 256.907893][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 256.966457][ T4247] EXT4-fs (loop2): unmounting filesystem. [ 257.046865][ T7962] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1337'. [ 257.243079][ T7971] loop1: detected capacity change from 0 to 164 [ 257.700671][ T7983] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1347'. [ 257.874311][ T7985] loop1: detected capacity change from 0 to 2048 [ 257.915742][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 257.930376][ T7985] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 258.148111][ T7985] ext4 filesystem being mounted at /264/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 258.165278][ T7985] netlink: 'syz.1.1348': attribute type 10 has an invalid length. [ 258.173243][ T7985] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1348'. [ 258.183151][ T7985] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 258.435364][ T7995] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1351'. [ 259.024296][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 259.047384][ T4245] EXT4-fs (loop1): unmounting filesystem. [ 259.159874][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 259.159889][ T27] audit: type=1326 audit(1740666110.993:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 259.285134][ T27] audit: type=1326 audit(1740666111.003:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 259.290210][ T8008] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1353'. [ 259.378723][ T27] audit: type=1326 audit(1740666111.003:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 259.438642][ T27] audit: type=1326 audit(1740666111.003:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 259.592530][ T27] audit: type=1326 audit(1740666111.013:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 259.696358][ T27] audit: type=1326 audit(1740666111.013:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 259.785079][ T27] audit: type=1326 audit(1740666111.013:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 259.861472][ T27] audit: type=1326 audit(1740666111.013:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 259.898762][ T8023] netlink: 'syz.1.1363': attribute type 10 has an invalid length. [ 259.937184][ T8023] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1363'. [ 259.967524][ T27] audit: type=1326 audit(1740666111.013:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 260.006221][ T8023] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 260.034757][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 260.073784][ T27] audit: type=1326 audit(1740666111.013:1353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c138d169 code=0x7ffc0000 [ 260.396744][ T8037] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1369'. [ 261.038894][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 262.059302][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 262.081357][ T8066] xt_TPROXY: Can be used only with -p tcp or -p udp [ 262.261521][ T8068] netlink: 'syz.1.1382': attribute type 10 has an invalid length. [ 262.298316][ T8068] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1382'. [ 262.361442][ T8068] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 262.428372][ T8070] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1383'. [ 262.546946][ T8080] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1383'. [ 262.892273][ T8084] loop4: detected capacity change from 0 to 2048 [ 262.986529][ T8084] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 263.038338][ T8084] ext4 filesystem being mounted at /289/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 263.068492][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 263.217628][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 263.398911][ T28] INFO: task syz.0.336:5248 blocked for more than 143 seconds. [ 263.406606][ T28] Not tainted 6.1.129-syzkaller #0 [ 263.444198][ T8104] loop4: detected capacity change from 0 to 512 [ 263.448506][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 263.460270][ T8106] syz.1.1397[8106] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 263.460497][ T8106] syz.1.1397[8106] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 263.508534][ T28] task:syz.0.336 state:D [ 263.521077][ T8104] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 263.551082][ T8104] EXT4-fs (loop4): orphan cleanup on readonly fs [ 263.565664][ T28] stack:28616 pid:5248 ppid:4246 flags:0x00004004 [ 263.579062][ T8104] EXT4-fs warning (device loop4): ext4_enable_quotas:7030: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 263.636047][ T28] Call Trace: [ 263.652013][ T28] [ 263.659888][ T8104] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 263.674622][ T28] __schedule+0x143f/0x4570 [ 263.698228][ T28] ? release_firmware_map_entry+0x18b/0x18b [ 263.723525][ T8104] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1394: bg 0: block 40: padding at end of block bitmap is not set [ 263.752191][ T28] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 263.785266][ T28] ? print_irqtrace_events+0x210/0x210 [ 263.799049][ T8104] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 263.818777][ T28] ? _raw_spin_lock_irq+0xdb/0x110 [ 263.830364][ T8104] EXT4-fs (loop4): 1 truncate cleaned up [ 263.836064][ T8104] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 263.844271][ T28] schedule+0xbf/0x180 [ 263.869934][ T28] ? down_read+0x69f/0xa30 [ 263.892173][ T28] schedule_preempt_disabled+0xf/0x20 [ 263.897647][ T28] down_read+0x6ff/0xa30 [ 263.918591][ T28] ? __down_common+0x8b0/0x8b0 [ 263.923440][ T28] lookup_slow+0x45/0x70 [ 263.927793][ T28] walk_component+0x2d0/0x400 [ 263.958325][ T28] path_lookupat+0x16f/0x450 [ 263.968555][ T28] filename_lookup+0x251/0x600 [ 263.973393][ T28] ? hashlen_string+0x110/0x110 [ 263.988587][ T28] ? strncpy_from_user+0x1f9/0x360 [ 263.993774][ T28] ? getname_flags+0x1f9/0x4f0 [ 264.008571][ T28] user_path_at_empty+0x3e/0x60 [ 264.013575][ T28] __se_sys_chdir+0xbb/0x220 [ 264.018196][ T28] ? __x64_sys_chdir+0x40/0x40 [ 264.038896][ T28] ? syscall_enter_from_user_mode+0x2e/0x230 [ 264.044951][ T28] ? lockdep_hardirqs_on+0x94/0x130 [ 264.078560][ T28] ? syscall_enter_from_user_mode+0x2e/0x230 [ 264.084706][ T28] do_syscall_64+0x3b/0xb0 [ 264.098569][ T28] ? clear_bhb_loop+0x45/0xa0 [ 264.098611][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 264.103293][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 264.103319][ T28] RIP: 0033:0x7fcd5938d169 [ 264.150895][ T28] RSP: 002b:00007fcd5a11d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000050 [ 264.160064][ T28] RAX: ffffffffffffffda RBX: 00007fcd595a6080 RCX: 00007fcd5938d169 [ 264.168112][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000400000000140 [ 264.177386][ T28] RBP: 00007fcd5940e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 264.190984][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 264.201305][ T28] R13: 0000000000000001 R14: 00007fcd595a6080 R15: 00007ffc619e9cf8 [ 264.212682][ T28] [ 264.215804][ T28] INFO: task syz.0.336:5249 blocked for more than 144 seconds. [ 264.216733][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 264.225682][ T28] Not tainted 6.1.129-syzkaller #0 [ 264.241260][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 264.254484][ T28] task:syz.0.336 state:D stack:28616 pid:5249 ppid:4246 flags:0x00004004 [ 264.265665][ T28] Call Trace: [ 264.269307][ T28] [ 264.272379][ T28] __schedule+0x143f/0x4570 [ 264.277320][ T28] ? release_firmware_map_entry+0x18b/0x18b [ 264.290803][ T28] ? print_irqtrace_events+0x210/0x210 [ 264.301993][ T28] ? _raw_spin_lock_irq+0xdb/0x110 [ 264.312882][ T28] ? do_raw_spin_unlock+0x137/0x8a0 [ 264.323773][ T28] schedule+0xbf/0x180 [ 264.332376][ T28] rwsem_down_write_slowpath+0xea1/0x14b0 [ 264.345019][ T28] ? rwsem_down_write_slowpath+0x9e3/0x14b0 [ 264.357926][ T28] ? down_write_killable_nested+0x90/0x90 [ 264.379940][ T28] ? read_lock_is_recursive+0x10/0x10 [ 264.390983][ T28] ? rwsem_write_trylock+0x166/0x210 [ 264.402995][ T28] ? clear_nonspinnable+0x60/0x60 [ 264.413700][ T28] filename_create+0x25c/0x530 [ 264.423086][ T28] ? kern_path_create+0x50/0x50 [ 264.444443][ T28] ? __virt_addr_valid+0x17f/0x530 [ 264.466547][ T28] ? __virt_addr_valid+0x17f/0x530 [ 264.479815][ T28] ? __virt_addr_valid+0x45b/0x530 [ 264.485158][ T28] do_mkdirat+0xba/0x360 [ 264.513960][ T28] ? vfs_mkdir+0x590/0x590 [ 264.521277][ T28] ? getname_flags+0x1f9/0x4f0 [ 264.526093][ T28] __x64_sys_mkdirat+0x85/0x90 [ 264.536531][ T28] do_syscall_64+0x3b/0xb0 [ 264.541043][ T28] ? clear_bhb_loop+0x45/0xa0 [ 264.545752][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 264.557138][ T28] RIP: 0033:0x7fcd5938d169 [ 264.561798][ T28] RSP: 002b:00007fcd591ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 264.577603][ T28] RAX: ffffffffffffffda RBX: 00007fcd595a6160 RCX: 00007fcd5938d169 [ 264.585784][ T28] RDX: 0000000000000000 RSI: 0000400000002040 RDI: ffffffffffffff9c [ 264.602601][ T28] RBP: 00007fcd5940e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 264.612952][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 264.624368][ T28] R13: 0000000000000001 R14: 00007fcd595a6160 R15: 00007ffc619e9cf8 [ 264.635224][ T28] [ 264.638385][ T28] INFO: task syz.0.336:5252 blocked for more than 144 seconds. [ 264.659590][ T28] Not tainted 6.1.129-syzkaller #0 [ 264.665277][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 264.704282][ T28] task:syz.0.336 state:D stack:28320 pid:5252 ppid:4246 flags:0x00004004 [ 264.729600][ T28] Call Trace: [ 264.732928][ T28] [ 264.736406][ T28] __schedule+0x143f/0x4570 [ 264.758820][ T28] ? release_firmware_map_entry+0x18b/0x18b [ 264.764959][ T28] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 264.788647][ T28] ? print_irqtrace_events+0x210/0x210 [ 264.794198][ T28] ? _raw_spin_lock_irq+0xdb/0x110 [ 264.808625][ T28] schedule+0xbf/0x180 [ 264.812849][ T28] ? down_read+0x69f/0xa30 [ 264.817308][ T28] schedule_preempt_disabled+0xf/0x20 [ 264.838500][ T28] down_read+0x6ff/0xa30 [ 264.842917][ T28] ? do_raw_spin_unlock+0x137/0x8a0 [ 264.858503][ T28] ? __down_common+0x8b0/0x8b0 [ 264.863564][ T28] path_openat+0x7a7/0x2e60 [ 264.868156][ T28] ? mark_lock+0x9a/0x340 [ 264.888390][ T28] ? do_filp_open+0x480/0x480 [ 264.905074][ T28] do_filp_open+0x230/0x480 [ 264.915599][ T28] ? vfs_tmpfile+0x4a0/0x4a0 [ 264.934370][ T28] ? _raw_spin_unlock+0x24/0x40 [ 264.949852][ T28] ? alloc_fd+0x5a0/0x640 [ 264.964114][ T28] do_sys_openat2+0x13b/0x4f0 [ 264.974562][ T28] ? do_sys_open+0x220/0x220 [ 264.985346][ T28] __x64_sys_openat+0x243/0x290 [ 264.995930][ T28] ? __ia32_sys_open+0x270/0x270 [ 265.006746][ T28] ? syscall_enter_from_user_mode+0x2e/0x230 [ 265.019528][ T28] ? lockdep_hardirqs_on+0x94/0x130 [ 265.041368][ T28] ? syscall_enter_from_user_mode+0x2e/0x230 [ 265.047537][ T28] do_syscall_64+0x3b/0xb0 [ 265.058561][ T28] ? clear_bhb_loop+0x45/0xa0 [ 265.063289][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 265.069434][ T28] RIP: 0033:0x7fcd5938d169 [ 265.073868][ T28] RSP: 002b:00007fcd591de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 265.083510][ T28] RAX: ffffffffffffffda RBX: 00007fcd595a6240 RCX: 00007fcd5938d169 [ 265.091800][ T28] RDX: 0000000000000000 RSI: 0000400000000100 RDI: ffffffffffffff9c [ 265.105212][ T28] RBP: 00007fcd5940e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 265.109794][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 265.113589][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.141766][ T28] R13: 0000000000000001 R14: 00007fcd595a6240 R15: 00007ffc619e9cf8 [ 265.155137][ T28] [ 265.160783][ T28] INFO: task syz.0.336:5254 blocked for more than 145 seconds. [ 265.171669][ T28] Not tainted 6.1.129-syzkaller #0 [ 265.177427][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 265.208573][ T28] task:syz.0.336 state:D stack:28616 pid:5254 ppid:4246 flags:0x00004004 [ 265.217845][ T28] Call Trace: [ 265.228471][ T28] [ 265.231600][ T28] __schedule+0x143f/0x4570 [ 265.236235][ T28] ? release_firmware_map_entry+0x18b/0x18b [ 265.258570][ T28] ? print_irqtrace_events+0x210/0x210 [ 265.264102][ T28] ? _raw_spin_lock_irq+0xdb/0x110 [ 265.278494][ T28] ? do_raw_spin_unlock+0x137/0x8a0 [ 265.284893][ T28] schedule+0xbf/0x180 [ 265.298511][ T28] rwsem_down_write_slowpath+0xea1/0x14b0 [ 265.304309][ T28] ? rwsem_down_write_slowpath+0x9e3/0x14b0 [ 265.319484][ T28] ? down_write_killable_nested+0x90/0x90 [ 265.325488][ T28] ? read_lock_is_recursive+0x10/0x10 [ 265.348494][ T28] ? rwsem_write_trylock+0x166/0x210 [ 265.353943][ T28] ? clear_nonspinnable+0x60/0x60 [ 265.368502][ T28] do_rmdir+0x251/0x590 [ 265.372971][ T28] ? d_delete_notify+0x150/0x150 [ 265.377939][ T28] ? syscall_enter_from_user_mode+0x2e/0x230 [ 265.398745][ T28] __x64_sys_unlinkat+0xdc/0xf0 [ 265.403668][ T28] do_syscall_64+0x3b/0xb0 [ 265.418508][ T28] ? clear_bhb_loop+0x45/0xa0 [ 265.423422][ T28] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 265.438488][ T28] RIP: 0033:0x7fcd5938d169 [ 265.442937][ T28] RSP: 002b:00007fcd591bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 265.468650][ T28] RAX: ffffffffffffffda RBX: 00007fcd595a6320 RCX: 00007fcd5938d169 [ 265.476794][ T28] RDX: 0000000000000200 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 265.498505][ T28] RBP: 00007fcd5940e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 265.506587][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.533754][ T28] R13: 0000000000000000 R14: 00007fcd595a6320 R15: 00007ffc619e9cf8 [ 265.553836][ T28] [ 265.557030][ T28] [ 265.557030][ T28] Showing all locks held in the system: [ 265.588605][ T28] 1 lock held by rcu_tasks_kthre/12: [ 265.595173][ T28] #0: ffffffff8d32e850 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 [ 265.618530][ T28] 1 lock held by rcu_tasks_trace/13: [ 265.624478][ T28] #0: ffffffff8d32f050 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 [ 265.658505][ T28] 1 lock held by khungtaskd/28: [ 265.663850][ T28] #0: ffffffff8d32e680 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 [ 265.688660][ T28] 2 locks held by getty/4009: [ 265.694208][ T28] #0: ffff88814c646098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 265.718607][ T28] #1: ffffc9000325e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x54a/0x1620 [ 265.738502][ T28] 3 locks held by syz.0.336/5237: [ 265.743555][ T28] 1 lock held by syz.0.336/5248: [ 265.758494][ T28] #0: ffff888072733628 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: lookup_slow+0x45/0x70 [ 265.778491][ T28] 2 locks held by syz.0.336/5249: [ 265.783638][ T28] #0: ffff88802a98a460 (sb_writers#4){++++}-{0:0}, at: mnt_want_write+0x3b/0x80 [ 265.808504][ T28] #1: ffff888072733628 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: filename_create+0x25c/0x530 [ 265.838536][ T28] 1 lock held by syz.0.336/5252: [ 265.843801][ T28] #0: ffff888072733628 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: path_openat+0x7a7/0x2e60 [ 265.868487][ T28] 2 locks held by syz.0.336/5254: [ 265.873633][ T28] #0: ffff88802a98a460 (sb_writers#4){++++}-{0:0}, at: mnt_want_write+0x3b/0x80 [ 265.899106][ T28] #1: ffff888072733628 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: do_rmdir+0x251/0x590 [ 265.918495][ T28] 3 locks held by ext4lazyinit/5241: [ 265.923838][ T28] [ 265.926377][ T28] ============================================= [ 265.926377][ T28] [ 265.948513][ T28] NMI backtrace for cpu 0 [ 265.952892][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.129-syzkaller #0 [ 265.961028][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 265.971299][ T28] Call Trace: [ 265.974592][ T28] [ 265.977528][ T28] dump_stack_lvl+0x1e3/0x2cb [ 265.982325][ T28] ? preempt_schedule_thunk+0x16/0x18 [ 265.987836][ T28] ? nf_tcp_handle_invalid+0x647/0x647 [ 265.993430][ T28] ? panic+0x764/0x764 [ 265.997967][ T28] ? vprintk_emit+0x622/0x740 [ 266.002661][ T28] ? printk_sprint+0x490/0x490 [ 266.007426][ T28] ? nmi_cpu_backtrace+0x252/0x560 [ 266.012799][ T28] nmi_cpu_backtrace+0x4e1/0x560 [ 266.017743][ T28] ? nmi_trigger_cpumask_backtrace+0x430/0x430 [ 266.023895][ T28] ? _printk+0xd1/0x111 [ 266.028043][ T28] ? panic+0x764/0x764 [ 266.032106][ T28] ? __wake_up_klogd+0xcc/0x100 [ 266.037084][ T28] ? panic+0x764/0x764 [ 266.041170][ T28] ? nmi_trigger_cpumask_backtrace+0xfc/0x430 [ 266.047900][ T28] nmi_trigger_cpumask_backtrace+0x1ca/0x430 [ 266.054142][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 266.060641][ T28] watchdog+0xf88/0xfd0 [ 266.065074][ T28] ? watchdog+0x1f8/0xfd0 [ 266.069532][ T28] kthread+0x28d/0x320 [ 266.073602][ T28] ? hungtask_pm_notify+0x50/0x50 [ 266.078983][ T28] ? kthread_blkcg+0xd0/0xd0 [ 266.083781][ T28] ret_from_fork+0x1f/0x30 [ 266.088289][ T28] [ 266.093436][ T28] Sending NMI from CPU 0 to CPUs 1: [ 266.099559][ C1] NMI backtrace for cpu 1 [ 266.099573][ C1] CPU: 1 PID: 4294 Comm: kworker/u4:5 Not tainted 6.1.129-syzkaller #0 [ 266.099589][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 266.099598][ C1] Workqueue: phy12 ieee80211_iface_work [ 266.099622][ C1] RIP: 0010:lock_acquire+0x242/0x5a0 [ 266.099645][ C1] Code: 0f 85 a4 01 00 00 49 89 de 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 f7 e8 3c 4a 77 00 48 c7 44 24 60 00 00 00 00 9c 8f 44 24 60 <42> 80 3c 2b 00 74 08 4c 89 f7 e8 9f 49 77 00 f6 44 24 61 02 0f 85 [ 266.099657][ C1] RSP: 0018:ffffc90003eb7040 EFLAGS: 00000046 [ 266.099669][ C1] RAX: 0000000000000001 RBX: 1ffff920007d6e14 RCX: 1ffff920007d6db4 [ 266.099680][ C1] RDX: dffffc0000000000 RSI: ffffffff8b0c2ec0 RDI: ffffffff8b5f6d80 [ 266.099691][ C1] RBP: ffffc90003eb71a0 R08: dffffc0000000000 R09: fffffbfff2256c4d [ 266.099701][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff920007d6e10 [ 266.099712][ C1] R13: dffffc0000000000 R14: ffffc90003eb70a0 R15: 0000000000000246 [ 266.099722][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 266.099734][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 266.099745][ C1] CR2: 000000110c390cbf CR3: 000000000d08e000 CR4: 00000000003506e0 [ 266.099758][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 266.099767][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 266.099776][ C1] Call Trace: [ 266.099781][ C1] [ 266.099788][ C1] ? nmi_cpu_backtrace+0x3de/0x560 [ 266.099808][ C1] ? read_lock_is_recursive+0x10/0x10 [ 266.099829][ C1] ? nmi_trigger_cpumask_backtrace+0x430/0x430 [ 266.099848][ C1] ? nmi_handle+0x25/0x440 [ 266.099874][ C1] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 266.099888][ C1] ? nmi_handle+0x12e/0x440 [ 266.099907][ C1] ? nmi_handle+0x25/0x440 [ 266.099925][ C1] ? lock_acquire+0x242/0x5a0 [ 266.099943][ C1] ? default_do_nmi+0x62/0x150 [ 266.099959][ C1] ? exc_nmi+0xa8/0x100 [ 266.099972][ C1] ? end_repeat_nmi+0x16/0x31 [ 266.099994][ C1] ? lock_acquire+0x242/0x5a0 [ 266.100013][ C1] ? lock_acquire+0x242/0x5a0 [ 266.100031][ C1] ? lock_acquire+0x242/0x5a0 [ 266.100050][ C1] [ 266.100054][ C1] [ 266.100062][ C1] ? read_lock_is_recursive+0x10/0x10 [ 266.100105][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 266.100125][ C1] ? print_irqtrace_events+0x210/0x210 [ 266.100143][ C1] ? do_raw_spin_unlock+0x137/0x8a0 [ 266.100160][ C1] ? lockdep_hardirqs_on+0x94/0x130 [ 266.100177][ C1] ? __virt_addr_valid+0x17f/0x530 [ 266.100194][ C1] __virt_addr_valid+0x19c/0x530 [ 266.100211][ C1] ? __virt_addr_valid+0x17f/0x530 [ 266.100228][ C1] kasan_addr_to_slab+0x9/0x20 [ 266.100243][ C1] __kasan_record_aux_stack+0x11/0xc0 [ 266.100260][ C1] kvfree_call_rcu+0x116/0x8c0 [ 266.100275][ C1] ? read_lock_is_recursive+0x10/0x10 [ 266.100296][ C1] ? rcu_leak_callback+0x10/0x10 [ 266.100309][ C1] ? do_raw_spin_lock+0x14a/0x370 [ 266.100324][ C1] ? cmp_bss+0x2cb/0xde0 [ 266.100347][ C1] cfg80211_update_known_bss+0x16b/0x9e0 [ 266.100368][ C1] cfg80211_bss_update+0x187/0x2280 [ 266.100390][ C1] ? __kmem_cache_alloc_node+0x137/0x260 [ 266.100408][ C1] ? cfg80211_inform_bss_frame_data+0x56c/0x16f0 [ 266.100427][ C1] ? rcu_is_watching+0x11/0xb0 [ 266.100440][ C1] ? cfg80211_inform_bss_frame_data+0x56c/0x16f0 [ 266.100458][ C1] ? cfg80211_inform_bss_frame_data+0x72a/0x16f0 [ 266.100479][ C1] cfg80211_inform_bss_frame_data+0xa67/0x16f0 [ 266.100505][ C1] ? cfg80211_parse_mbssid_data+0x27d0/0x27d0 [ 266.100533][ C1] ? __lock_acquire+0x1f80/0x1f80 [ 266.100559][ C1] ieee80211_bss_info_update+0x847/0xf00 [ 266.100581][ C1] ? __lock_acquire+0x1f80/0x1f80 [ 266.100600][ C1] ? ieee80211_rx_bss_put+0x60/0x60 [ 266.100622][ C1] ? ieee80211_ibss_rx_queued_mgmt+0xec0/0x2de0 [ 266.100637][ C1] ? ieee80211_vif_get_shift+0x225/0x280 [ 266.100656][ C1] ? __lock_acquire+0x1f80/0x1f80 [ 266.100674][ C1] ? ieee80211_sta_get_rates+0x65c/0x720 [ 266.100700][ C1] ieee80211_ibss_rx_queued_mgmt+0x196f/0x2de0 [ 266.100723][ C1] ? ieee80211_ibss_rx_queued_mgmt+0xec0/0x2de0 [ 266.100739][ C1] ? ieee80211_ibss_rx_no_sta+0x740/0x740 [ 266.100758][ C1] ? mark_lock+0x9a/0x340 [ 266.100773][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 266.100793][ C1] ? print_irqtrace_events+0x210/0x210 [ 266.100812][ C1] ? do_raw_spin_unlock+0x137/0x8a0 [ 266.100828][ C1] ? lockdep_hardirqs_on+0x94/0x130 [ 266.100845][ C1] ? skb_dequeue+0x10f/0x140 [ 266.100862][ C1] ieee80211_iface_work+0x7aa/0xce0 [ 266.100880][ C1] ? process_one_work+0x806/0x1260 [ 266.100896][ C1] process_one_work+0x917/0x1260 [ 266.100919][ C1] ? worker_detach_from_pool+0x260/0x260 [ 266.100937][ C1] ? _raw_spin_lock_irqsave+0x120/0x120 [ 266.100950][ C1] ? kthread_data+0x4e/0xc0 [ 266.100970][ C1] ? wq_worker_running+0x97/0x190 [ 266.100986][ C1] worker_thread+0xa47/0x1200 [ 266.101003][ C1] ? release_firmware_map_entry+0x18b/0x18b [ 266.101029][ C1] kthread+0x28d/0x320 [ 266.101042][ C1] ? worker_clr_flags+0x190/0x190 [ 266.101057][ C1] ? kthread_blkcg+0xd0/0xd0 [ 266.101070][ C1] ret_from_fork+0x1f/0x30 [ 266.101100][ C1] [ 266.119673][ T5241] __find_get_block_slow() failed. block=3, b_blocknr=12, b_state=0x00000010, b_size=1024, device loop0 blocksize: 4096 [ 266.276080][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 266.276096][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.129-syzkaller #0 [ 266.276115][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 266.276124][ T28] Call Trace: [ 266.276136][ T28] [ 266.276144][ T28] dump_stack_lvl+0x1e3/0x2cb [ 266.276177][ T28] ? nf_tcp_handle_invalid+0x647/0x647 [ 266.276201][ T28] ? panic+0x764/0x764 [ 266.276219][ T28] ? llist_add_batch+0x160/0x1d0 [ 266.276240][ T28] ? vscnprintf+0x59/0x80 [ 266.276267][ T28] panic+0x318/0x764 [ 266.276286][ T28] ? nmi_trigger_cpumask_backtrace+0x2db/0x430 [ 266.276311][ T28] ? memcpy_page_flushcache+0xfc/0xfc [ 266.276330][ T28] ? preempt_schedule_thunk+0x16/0x18 [ 266.276354][ T28] ? nmi_trigger_cpumask_backtrace+0x2db/0x430 [ 266.276377][ T28] ? nmi_trigger_cpumask_backtrace+0x358/0x430 [ 266.276403][ T28] ? nmi_trigger_cpumask_backtrace+0x35d/0x430 [ 266.276425][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 266.276445][ T28] watchdog+0xfc7/0xfd0 [ 266.276472][ T28] ? watchdog+0x1f8/0xfd0 [ 266.276495][ T28] kthread+0x28d/0x320 [ 266.276510][ T28] ? hungtask_pm_notify+0x50/0x50 [ 266.276529][ T28] ? kthread_blkcg+0xd0/0xd0 [ 266.276547][ T28] ret_from_fork+0x1f/0x30 [ 266.276578][ T28] [ 266.277539][ T28] Kernel Offset: disabled [ 266.766391][ T28] Rebooting in 86400 seconds..