last executing test programs: 4.982194538s ago: executing program 2 (id=2443): open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x10) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r3, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r4}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000140)="6edeeb0ae0cc167fbf686f3955260735aea7138879ec2ffb8669980c4d27a902ba23cab7756b20558a221cff62b7c262d3c2a492121ea8254712f3f3ccbe5936c7d6f8178982b795f832cd0ff8", 0x4d}], 0x1, 0x0, 0x0, 0x7f67e9411fcd827}, 0x20000000) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r4, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0) 4.025023596s ago: executing program 3 (id=2445): socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f0000000740)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP") move_mount(0xffffffffffffffff, &(0x7f0000000780)='./file1\x00', 0xffffffffffffffff, &(0x7f00000009c0)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xe7c) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) r2 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r2, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}, 0x24004059) 3.996298143s ago: executing program 4 (id=2446): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x1, 0x0, 0x5, @vifc_lcl_addr=@remote, @remote}, 0x10) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r2}, 0x10) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000140)=0xf, 0x4) 3.155812366s ago: executing program 3 (id=2448): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="200000000000000008000400699b000008001b000000000049ae60706bd458762488d19551e613cbd287cf68899cff789ec5bd62a7e800780c1429386cbc55eef6eda4d57704bffb5de01820a16b824641322fa812fd4194ea9da000639dad8500e1f5fae32433b97351cfc3200d3a06209b61ad9f2dc9a616aad00267c9de99980d30922cc39c3c3fe7528a2b1b23cc4ebd891dc4421c423393f31566d9f965ce3166ea4511fddf0fccda695d545b044f387b9549c594d7da7e81196415"], 0x30}, 0x1, 0x0, 0x0, 0x600}, 0x0) 2.562592714s ago: executing program 3 (id=2449): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$inet(r0, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000180)="24aeb629fe7b9365d7b070ecc4dd1152738d0e31230b870ed50f6d166478d2b3e4963ba03800c460d40436d5d6dd73c8b2cf41e6937baa57c249d2bed4d36b15b641c2766034b01209e60dfa5ade22e0d4d897f05005799bdccfdd63a57071ae1dcb969a498512bc5544c935d9a6bcd83023a3273285119b7dca7195b4e9a06313e5ea7216706b86fec41cd475b6028b0ad94a7f4ecfba8d380208febb6670f078d0a460ec128c1bb7c6", 0xaa}, {&(0x7f0000000380)="064b5a44bc841d0eb3cde7939f732de2357f57de1b028d9c939cf361d6e17fd0a67ea6b6456bb6c3c6739facbfbff1201931291b341b298590f55f00f3874ce872dbc3ce8cda35ace31b9b334bb5a9165ed6c44eecae86a24d83e1d288d3dd466809e24f0dc811508e518851cd83141ee9ba314b9f0398eaa68f6eae7e8ae7f63b846b74e2178d35f52c2ab884891ea40c2ce9b48fb4f5ce8f8ebfada1e4b15a367904af34b5d705f4130309ed83916c416f91224b852695a76bc8a8b95874d54bbd0f583fd39f957277b27ceb0348eeb5b30e9a5ddb33a6ad8d3a4aa2998997", 0xe0}, {&(0x7f00000002c0)="1605c41488222e501df162ae251a0959ad74eebcb67a7a8df3f2f742cb505b5f305b7e4c0806dd887ce286c0a4ee4878527dfac1e149c4ba454e77021a92e325a7aa1b1b7e09bd91cdb6b9619ae6f8bc6be45840a2bb31c3", 0x58}, {&(0x7f0000000240)="7457b2316e204aba6b591334c56be87dc6b5ec55cf130145", 0x18}, {&(0x7f0000000480)="cdf3015ae846337720622f5ef786deee3b963ec31593af3e36f09ccbb64dcf5afc09d82f57e74df1f5", 0x29}, {&(0x7f0000000c40)="645ae8fd", 0x4}, {0x0}], 0x7, &(0x7f00000014c0)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32, @ANYBLOB="ffffffffffffffff00000000110000000000000000000000010000000800000000000000c0000000000000000000000007000000000713077f000001640101027f000001ffffffff440c3493e00000010000000494040100868c000000020207f74ea75f9d010b12f2ec980a07e40c950611804d3c1ae7d99bdf24af4c458c9d7f010bdd8af270d8997426f6061286006d06ccbe572e0000000000000000050bf6b4728cdc94b773da0012af8ceedb9567d2a29f509c62d87b7344060ec2933c6984a30cd11d513c08060b77a0338aa2137f71360510ca7a469edf0a931711ac9544426aae5fa2002d33d0a669a5e75c98af"], 0xf8}, 0x44000) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 2.557137056s ago: executing program 4 (id=2451): r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_procfs(0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10) sendmsg$nl_xfrm(r1, 0x0, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) accept4$tipc(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x10, 0x0) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 2.382321177s ago: executing program 4 (id=2454): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) bind$packet(r1, &(0x7f0000000300)={0x11, 0xf6, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) 2.348235036s ago: executing program 0 (id=2456): add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0xffff, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000340)={r4, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, &(0x7f0000000040)=0x84) 2.223218413s ago: executing program 4 (id=2458): syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f0000000740)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP") move_mount(0xffffffffffffffff, &(0x7f0000000780)='./file1\x00', 0xffffffffffffffff, &(0x7f00000009c0)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xe7c) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) r2 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r2, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}, 0x24004059) 2.139371739s ago: executing program 2 (id=2459): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) set_mempolicy(0x3, &(0x7f00000002c0)=0x1ff, 0x5) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x40, 0x2) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0x0) 1.447706492s ago: executing program 0 (id=2460): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) socket$netlink(0x10, 0x3, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20040055) openat$rfkill(0xffffffffffffff9c, 0x0, 0x40900, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x10000) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 1.386679429s ago: executing program 3 (id=2462): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth0_to_bridge\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r3, @ANYBLOB="080003"], 0x44}}, 0x0) 1.317914296s ago: executing program 2 (id=2464): r0 = socket$kcm(0xa, 0x1, 0x106) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000008040000cd00000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r2}, 0x18) close(r0) 1.273745618s ago: executing program 2 (id=2465): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18) r2 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0x22, &(0x7f0000000000)={{0xa, 0x0, 0x101, @loopback, 0xa3c}, {0xa, 0xfffe, 0xfffffffd, @dev, 0x4}, 0x1000, {[0x9, 0x0, 0xfffffffe, 0xfffffef9, 0x0, 0x1, 0x2]}}, 0x5c) 1.20670293s ago: executing program 3 (id=2467): r0 = semget(0x2, 0x4, 0x200) semop(r0, &(0x7f0000000040)=[{0x1, 0x7fff, 0x1800}, {0x0, 0x8001}], 0x2) semop(r0, &(0x7f0000000500)=[{0x0, 0x0, 0x1800}, {0x1, 0x3}], 0x2) 1.206528053s ago: executing program 1 (id=2468): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014}) r2 = dup(r1) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x0) 1.133318037s ago: executing program 1 (id=2469): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0xdc0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 1.126750482s ago: executing program 2 (id=2470): add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0xffff, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000340)={r4, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, &(0x7f0000000040)=0x84) 1.106344784s ago: executing program 0 (id=2471): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) syz_emit_ethernet(0x66, &(0x7f0000000780)={@broadcast, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x6c, 0x0, @private}}}}}, 0x0) 1.061403256s ago: executing program 1 (id=2472): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x54, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10000}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x7}, @IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x0) 1.060385888s ago: executing program 4 (id=2473): socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d40)={r1, 0x0, 0xe, 0x0, &(0x7f0000000040)="0000ffffffffa000903626e43925", 0x0, 0xc00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 1.010690379s ago: executing program 3 (id=2474): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1}, 0x10) r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$IMADDTIMER(r2, 0x80044940, &(0x7f0000000080)=0x14) unshare(0x62040200) close(r2) 1.004792993s ago: executing program 1 (id=2475): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000b40)={0x38, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x48010}, 0x10) bind$ax25(r2, &(0x7f0000000100)={{0x3, @null, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) close(0xffffffffffffffff) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x34, r6, 0x1, 0x0, 0x0, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'nicvf0\x00'}]}, 0x34}, 0x1, 0x40030000000000}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x10000001) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r7, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', &(0x7f00000002c0)=@random="8c", 0x1, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000016c0)=ANY=[@ANYBLOB="5c0000001400130526bd7000fddbdf25ac1414aa000000000000000000000000e00000020000000000000000000000004e20000b4e230002020020203c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000002004c0015005a07350003000000"], 0x5c}, 0x1, 0x0, 0x0, 0x20040818}, 0x20000802) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) syz_init_net_socket$ax25(0x3, 0x2, 0xcc) r9 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="2800000011146ff90000050000000000080001000000000008004b001300"], 0x28}}, 0x800) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) 978.567622ms ago: executing program 0 (id=2476): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800014000000000080002400000000050000000160a01"], 0xd8}, 0x1, 0x0, 0x0, 0x20008841}, 0x0) 834.401731ms ago: executing program 1 (id=2477): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYRESHEX, @ANYRES16, @ANYRES64, @ANYRESDEC=0x0, @ANYBLOB="224cd060bbb53adaf138aea1bb271d31b660ad4e31911edb20a752d5caa6029380f0d6291fdd5afff8035d14b405b01d9f9c7dc6d1d7537f6dc0d71cb4868f4cf01c88870dfa0c777b6c4e810e7996737ac765f264ba9ae4227f3c2b829472e586f83ae3262b979536758034794e974f11ba4305964998b6e6c3ac66d9c9b2"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f687372000000001400010076657468315f766c616e"], 0xfc}}, 0x0) 833.754906ms ago: executing program 0 (id=2478): unshare(0x2c020400) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x28, 0x10, 0x401, 0x8000004, 0x0, {0x0, 0x0, 0x0, 0x0, 0x503}, [@IFLA_NET_NS_FD={0x8, 0x1c, r0}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004800}, 0x4000000) 137.582446ms ago: executing program 2 (id=2479): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70e0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3c", 0x75}, {&(0x7f0000000b40)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287a4b9aaa18fd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b72871a8d42f37988365ff226c1523bf01617976641421438e16378094c94f2e55a44150d9a358d92606afb12f21a63daadbb143d6ccdae88d53521b9fe51ffabb08ff67cb98266eeb1fbf81ec1e", 0xe8}, {&(0x7f0000001080)="f96be6c391f1f8b23ae44a70a75f4a5ed0e013f808d3907ab089ee65d16a6c6f5c666dad31257fb48b66d940a3819d0809971ea8274a65901ba7b32c2f8b64909bc77cebdb3d1fe42679c0bad81bbc987e4dc146cabce802cfbb1bd48bdfa1788a9cd0e2c10d97bfd158374cf6166d1d1fe69de0d7af1f82a10852bf4f191d4405d2d8f11a2d2b8316b0b82f13b666efdf680525e32fd01b43af093ff773f7f6b0ae0dab56f6e7bbebb2cd23bb5e6204ad488f6943ceae409f980b034e00", 0xbe}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7d6e9f2521f6a1578e1cc2fbf58837a2633c0b8299192718c61227412dafd01e899723b33735bbec3e1429117362acc4139fc3565f183bd5568f47f4bc416adb360fdd9c497c2ad2ffe1ad738f4c073f1378d2b455e61844076a4a97ac1e13e2fb300ae69d55c501f96dcc39bf7ed835cc866f0fbd8e936e8374a484f111919dc610e0a36a0ee3df2ab1d", 0xe0}, {&(0x7f0000000200)="057322e18609ed78266492c2a2ae3f0c0f3f6394c53de2727898d209dcb274efec9fc9995189ead7bf00148d091675fa045479985e4f644d258d0aa4a69618eb08ba045907a549ed83b88863c73d859acf1d16d599c71547d018aba5064338", 0x5f}], 0x5}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001180)="acc870bde54caaeacb0000108cef4fa7bf44702b284b2e80cb32d33a86853c8c28797cd14c72c87f849f6ccbf3198d11a0b1ef000006000200000088e0e022b04dbd50d36f3c028c27ba1d00000000000000000005000033abe805fe6cdcd4386304aee926d10982f6054c0e49c4a6be676d07a9d61ab465cc070000004726d0d2e39543237c93424a344146f9c3be104f7366c812776c6c4eeb4d588b56567e030386dcf93b1791134001339faf9200879546070198310212788008b3f8e768a7bf3340bcd8536d4ed3026a1bd5", 0xce}, {&(0x7f0000000840)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc48755381c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b933aa9169f5f7b51dd5319b8016623d1863d70581691a79a6678db1e5e7fa1c98c5b9e4a87272e9c4a1bd98dbb2ab76919ba5c1020e80bd0659e82d861dc6fe4c62639134c504aa438689d28748c22ebfe2772d64b6", 0xd0}, {&(0x7f0000000e80)="5be3b011e12323e4ab88c0472f0700000000000000e71ba6231f303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc2580600000000000000d6e36e737691a1c6bd2a64b2a85cbaaf646e72f8fe08c33a33b275787892f61fbb621794716f96031931b55af30fa01d72aa5a53ee4c07ab7c96a4a9ed93f4d20269982ab6feb22d8e77afb7b861622ab963b07f0026fd6424082bcd0864a854e542aacc3201fff776fe1c000000000000000000000000000000002da46e8a95bcead77a244256266fe952d151a841aaa0c9c727bf08c37869c70d6aed073d6bb9fb037a079b697f3ba963ba49b6aecdc3e839ae25d497b0e60408b8e0a9931aeb1be35eea2a22fa50d66a634804121bde6a4a2d7a23c08d8237aac90c577c24f4ec2949d9202659fe626262e0764eed651fe91d276cd8918ba1a079c716281613b127eca886d75e994a1b41314ff21f5a4fd8a7e55c65b2eebabf0db0268c53503bb309959c1c0b222c6fb8310e8f25e7c26e24baedcc72d41798c95c01626c311e9f1262dfa4dedd161672c578a7af36c8a95437f295e14a1e0c7245cb53f83cc7b4b9294bb13473331502b7735a955080f7c2fd79d3fe0d", 0x1d9}], 0x3}}], 0x2, 0xc0) sendmsg$NL80211_CMD_STOP_NAN(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x100, 0x100076}}}}, ["", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x8044}, 0x50) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 131.171072ms ago: executing program 4 (id=2480): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'dummy0\x00', 0x0}) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6, @remote}, 0x10) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f00000006c0)={[{@noquota}, {@barrier_val={'barrier', 0x3d, 0x1000}}, {@grpjquota}, {@noauto_da_alloc}, {@dioread_lock}]}, 0x3, 0x4e4, &(0x7f0000002d40)="$eJzs3c9PXFsdAPDvHZgCLc/hqYvnS3w2+gxttDNQbEtcVEyMrppY68YVIgyEMDCEGdpCGkPjH2Bi/BVduXJj4tqYmP4JxqSJ7o0xmkbbunChjrnDHYu8AYaUYSjz+SSn95z763tO4R7m3HMzN4C+dTkiZiJiICKuRkQhW5/LUuzspnS/F88fzacpicbQvb8lkWTrWudKsuWl7LDhiPjaVyK+lXwwbm1re2WuUilvZOVSfXW9VNvavra8OrdUXiqvzUxN3py+NX1jeuLE2nr7S3/+4Xd//uXbv/nsgz/O/vXKt9NqjWbb9rajEzsd7rfb9Hzz/6JlMCI2jhPsDBvI2pPvdUUAAOhI+hn/wxHxyYh4+ZNe1wYAAADohsYXRuNfSUQDAAAAOLdyzWdgk1wxexZgNHK5YnH3Gd6PxsVcpVqrf2axurm2sPus7Fjkc4vLlfJE9qzwWOSTtDzZzL8qX99XnoqItyPi+4WRZrk4X60s9PrmBwAAAPSJS/vG//8o7I7/AQAAgHNmrNcVAAAAALrO+B8AAADOvwPH/8ng6VYEAAAA6Iav3rmTpkbr/dcL97c2V6r3ry2UayvF1c354nx1Y724VK0uNb+zb/Wo81Wq1fXPxdrmw1K9XKuXalvbs6vVzbX6bPO93rPlRuFUmgUAAADs8fYnnvwhiYidz480U+pCti1/9OEz3a0d0E254+2edKsewOkb6HUFgJ7xgC/0rw7G+MA5d8TA/gf7yse8bQAAAJwF4x97rfl/84HwBjOQh/5l/h/6l/l/6F/m/6HPDR29y/BBG357wnUBAAC6ZrSZklwxmwscjVyuWIx4q/lagHyyuFwpT0TEhyLi94X8UFqe7HWlAQAAAAAAAAAAAAAAAAAAAAAAAOAN02gk0QAAAADOtYjcX5LsRf7jhfdH998fuJD8s9BcRsSDn9770cO5en1jMl3/9/+tr/84W3+9tSb1jVO+kwEAAAC0tMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJykF88fzbfSacZ99sWIGGsXfzCGm8vhXxUi4uLLJAb3HJdExMAJxN95HBHvtIufpNWKsawW++PnImKkx/EvnUB86GdP0v5nJr3+8vuuv1xcbi7bX3+DWXpdzy4f1P/lWv1fs59r1/+9dfiph1uZd5/+snRg/McR7w62739a8ZN28S903sZvfn17+6BtjZ9FjB/x9yeNX6qvrpdqW9vXllfnlspL5bWpqcmb07emb0xPlBaXK+Xs37YxvvfxX//nsPZfbBt/t/89sP0R8X6H7f/304fPP3JI/Cufav/zf+eQ+OnvxKezvwPp9vFWfmc3v9d7v/jde4e1f+GA9h/684+IKx22/+rd7/ypw10BgFNQ29pematUyhtdyYx07cwyaaa6diaqIXN2M3ezC/3Yh/e4YwIAAE7cqw/9+7ccY4IHAAAAAAAAAAAAAAAAAAAAeC1d/xKyof//ZoHh3jUVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQ/w0AAP//5w/Stg==") r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0xc, 0xfff1}, {0xfff3}}}, 0x24}}, 0x20040000) 70.480484ms ago: executing program 0 (id=2481): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) socket$netlink(0x10, 0x3, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20040055) openat$rfkill(0xffffffffffffff9c, 0x0, 0x40900, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001880), 0x0, 0x10000) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 0s ago: executing program 1 (id=2482): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000008c0)={[{@bsdgroups}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@grpquota}]}, 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) pwrite64(r0, &(0x7f0000000000)='2', 0x1, 0x4fed0) sendfile(r0, r0, 0x0, 0xe3aa6ea) kernel console output (not intermixed with test programs): ne, BIOS Google 05/07/2025 [ 204.258025][T10448] Call trace: [ 204.258029][T10448] show_stack+0x2c/0x3c (C) [ 204.258046][T10448] __dump_stack+0x30/0x40 [ 204.258057][T10448] dump_stack_lvl+0xd8/0x12c [ 204.258068][T10448] dump_stack+0x1c/0x28 [ 204.258078][T10448] warn_alloc+0x1f8/0x30c [ 204.258091][T10448] __vmalloc_node_range_noprof+0x114/0xfbc [ 204.258105][T10448] vmalloc_user_noprof+0xf0/0x14c [ 204.258118][T10448] xskq_create+0xbc/0x168 [ 204.258133][T10448] xsk_init_queue+0xb0/0x118 [ 204.258146][T10448] xsk_setsockopt+0x39c/0x540 [ 204.258159][T10448] do_sock_setsockopt+0x1ec/0x328 [ 204.258175][T10448] __arm64_sys_setsockopt+0x170/0x1e0 [ 204.258190][T10448] invoke_syscall+0x98/0x2b8 [ 204.258201][T10448] el0_svc_common+0x130/0x23c [ 204.258212][T10448] do_el0_svc+0x48/0x58 [ 204.258223][T10448] el0_svc+0x58/0x17c [ 204.258238][T10448] el0t_64_sync_handler+0x78/0x108 [ 204.258253][T10448] el0t_64_sync+0x198/0x19c [ 204.276216][T10448] Mem-Info: [ 204.276248][T10448] active_anon:22 inactive_anon:7546 isolated_anon:0 [ 204.276248][T10448] active_file:2996 inactive_file:3900 isolated_file:0 [ 204.276248][T10448] unevictable:768 dirty:74 writeback:7 [ 204.276248][T10448] slab_reclaimable:10138 slab_unreclaimable:93575 [ 204.276248][T10448] mapped:32096 shmem:3823 pagetables:812 [ 204.276248][T10448] sec_pagetables:0 bounce:0 [ 204.276248][T10448] kernel_misc_reclaimable:0 [ 204.276248][T10448] free:1447723 free_pcp:508 free_cma:7360 [ 204.276295][T10448] Node 0 active_anon:88kB inactive_anon:30184kB active_file:11984kB inactive_file:15600kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:128384kB dirty:296kB writeback:28kB shmem:15292kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10156kB pagetables:3248kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 204.276341][T10448] Node 0 DMA free:3076864kB boost:0kB min:20840kB low:26048kB high:31256kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145728kB managed:3080192kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:29440kB [ 204.276395][T10448] lowmem_reserve[]: 0 0 3498 3498 3498 [ 204.276468][T10448] Node 0 Normal free:2714028kB boost:0kB min:24212kB low:30264kB high:36316kB reserved_highatomic:0KB active_anon:88kB inactive_anon:30184kB active_file:11984kB inactive_file:15600kB unevictable:3072kB writepending:324kB present:5242880kB managed:3582812kB mlocked:0kB bounce:0kB free_pcp:2024kB local_pcp:1136kB free_cma:0kB [ 204.276521][T10448] lowmem_reserve[]: 0 0 0 0 0 [ 204.276592][T10448] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 1*256kB (C) 1*512kB (C) 0*1024kB 0*2048kB 751*4096kB (MC) = 3076864kB [ 204.276778][T10448] Node 0 Normal: 509*4kB (UE) 1121*8kB (UME) 979*16kB (UME) 114*32kB (UE) 693*64kB (UME) 541*128kB (UME) 397*256kB (UME) 269*512kB (UME) 154*1024kB (UME) 7*2048kB (UM) 527*4096kB (UM) = 2713900kB [ 204.278562][T10448] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 204.278587][T10448] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=32768kB [ 204.278609][T10448] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 204.278632][T10448] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=64kB [ 204.278654][T10448] 10711 total pagecache pages [ 204.278671][T10448] 0 pages in swap cache [ 204.278688][T10448] Free swap = 124996kB [ 204.278706][T10448] Total swap = 124996kB [ 204.278723][T10448] 2097152 pages RAM [ 204.278740][T10448] 0 pages HighMem/MovableOnly [ 204.278757][T10448] 431401 pages reserved [ 204.278774][T10448] 8192 pages cma reserved [ 204.278792][T10448] 0 pages hwpoisoned [ 204.415535][T10448] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 204.627371][T10469] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1452'. [ 204.663576][T10473] rdma_op 00000000efe106a2 conn xmit_rdma 0000000000000000 [ 204.839414][T10486] netlink: 1676 bytes leftover after parsing attributes in process `syz.3.1459'. [ 205.122758][T10503] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1466'. [ 205.555771][T10527] loop3: detected capacity change from 0 to 512 [ 205.558821][T10527] EXT4-fs (loop3): filesystem is read-only [ 205.560256][T10527] EXT4-fs (loop3): filesystem is read-only [ 205.560302][T10527] EXT4-fs (loop3): orphan cleanup on readonly fs [ 205.560488][T10527] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.1476: bad orphan inode 16 [ 205.560803][T10527] ext4_test_bit(bit=15, block=3) = 0 [ 205.561794][T10527] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 205.715709][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.724794][T10532] loop2: detected capacity change from 0 to 512 [ 205.728312][T10532] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 205.737797][T10532] EXT4-fs (loop2): orphan cleanup on readonly fs [ 205.738216][T10532] EXT4-fs (loop2): 1 truncate cleaned up [ 205.739068][T10532] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 205.758129][T10532] EXT4-fs error (device loop2): ext4_nfs_get_inode:1529: inode #11: comm syz.2.1477: iget: bad extra_isize 46 (inode size 256) [ 205.760228][T10532] EXT4-fs (loop2): Remounting filesystem read-only [ 205.807987][ T6497] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.836967][T10535] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1479'. [ 205.996267][T10546] netlink: 'syz.2.1483': attribute type 4 has an invalid length. [ 206.035228][T10546] netlink: 'syz.2.1483': attribute type 4 has an invalid length. [ 206.280190][T10566] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1491'. [ 206.425220][T10574] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 206.425524][T10574] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 206.440557][T10574] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1495'. [ 206.444838][ T6496] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 206.465889][T10574] vlan2: entered promiscuous mode [ 206.467354][T10574] bond0: entered promiscuous mode [ 206.469052][T10574] bond_slave_0: entered promiscuous mode [ 206.471034][T10574] bond_slave_1: entered promiscuous mode [ 206.487024][T10492] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 206.554388][T10583] loop3: detected capacity change from 0 to 512 [ 206.617665][T10583] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 206.647407][T10592] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1502'. [ 206.660954][T10583] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.673680][T10591] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1503'. [ 206.703017][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.738709][T10597] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1514'. [ 206.803781][T10600] loop3: detected capacity change from 0 to 1024 [ 206.832217][T10600] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 206.874662][T10600] EXT4-fs error (device loop3): ext4_map_blocks:709: inode #15: block 3: comm syz.3.1504: lblock 3 mapped to illegal pblock 3 (length 13) [ 206.881642][T10600] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 206.885675][T10600] EXT4-fs (loop3): This should not happen!! Data will be lost [ 206.885675][T10600] [ 206.918747][T10600] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1504: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.926946][T10600] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1504: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.933139][T10600] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1504: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.941369][T10600] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1504: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.944701][T10600] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1504: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.945173][T10600] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1504: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.945838][T10600] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1504: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.946209][T10600] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1504: lblock 3 mapped to illegal pblock 3 (length 1) [ 206.946534][T10600] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1504: lblock 3 mapped to illegal pblock 3 (length 1) [ 207.054990][ T14] veth0_to_bond: left promiscuous mode [ 207.154114][T10609] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 207.698564][T10640] loop2: detected capacity change from 0 to 128 [ 207.798624][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.911025][T10652] loop3: detected capacity change from 0 to 1024 [ 207.911626][T10652] EXT4-fs: Ignoring removed i_version option [ 207.911667][T10652] EXT4-fs: Ignoring removed mblk_io_submit option [ 207.911716][T10652] EXT4-fs: Ignoring removed nobh option [ 207.911739][T10652] EXT4-fs: Ignoring removed bh option [ 207.933110][T10654] loop2: detected capacity change from 0 to 512 [ 207.945929][T10654] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 207.956756][T10654] EXT4-fs (loop2): 1 truncate cleaned up [ 207.957701][T10654] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.970640][T10652] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 208.042957][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.043715][ T6497] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.173834][ T31] kauditd_printk_skb: 48 callbacks suppressed [ 208.173907][ T31] audit: type=1326 audit(207.790:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10668 comm="syz.1.1532" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 208.173955][ T31] audit: type=1326 audit(207.790:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10668 comm="syz.1.1532" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 208.173999][ T31] audit: type=1326 audit(207.790:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10668 comm="syz.1.1532" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=82 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 208.174049][ T31] audit: type=1326 audit(207.790:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10668 comm="syz.1.1532" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 208.174094][ T31] audit: type=1326 audit(207.790:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10668 comm="syz.1.1532" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 208.436633][T10688] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 208.467293][T10690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.467604][T10690] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.482620][T10690] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1542'. [ 208.501833][ T31] audit: type=1326 audit(208.120:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10691 comm="syz.2.1543" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 208.501928][ T31] audit: type=1326 audit(208.120:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10691 comm="syz.2.1543" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 208.501967][ T31] audit: type=1326 audit(208.120:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10691 comm="syz.2.1543" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=178 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 208.502005][ T31] audit: type=1326 audit(208.120:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10691 comm="syz.2.1543" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 208.502043][ T31] audit: type=1326 audit(208.120:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10691 comm="syz.2.1543" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=107 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 208.506912][T10690] vlan3: entered promiscuous mode [ 208.567134][T10697] loop2: detected capacity change from 0 to 2048 [ 209.231744][T10718] block device autoloading is deprecated and will be removed. [ 209.233792][T10718] syz.1.1549: attempt to access beyond end of device [ 209.233792][T10718] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 209.282266][ T6496] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 209.733718][T10724] __nla_validate_parse: 1 callbacks suppressed [ 209.733795][T10724] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1552'. [ 209.850848][T10729] macvlan1: entered promiscuous mode [ 209.856513][T10729] ipvlan0: entered promiscuous mode [ 209.857374][T10729] ipvlan0: left promiscuous mode [ 209.872653][T10729] macvlan1: left promiscuous mode [ 209.908053][T10738] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1558'. [ 209.917008][T10738] ip6gre1: entered allmulticast mode [ 210.027566][T10742] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 210.027746][T10742] IPv6: NLM_F_CREATE should be set when creating new route [ 210.027825][T10742] IPv6: NLM_F_CREATE should be set when creating new route [ 210.027858][T10742] IPv6: NLM_F_CREATE should be set when creating new route [ 210.182028][T10750] loop3: detected capacity change from 0 to 1024 [ 210.258984][T10750] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 210.292419][T10754] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 210.402181][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.515373][T10765] geneve0: entered allmulticast mode [ 210.531019][T10768] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1570'. [ 210.882833][T10792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1576'. [ 211.096924][T10806] batman_adv: batadv0: Adding interface: dummy0 [ 211.098742][T10806] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.107064][T10806] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 211.205983][T10809] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1590'. [ 211.732143][T10800] syz.2.1586 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 211.732403][T10800] CPU: 0 UID: 0 PID: 10800 Comm: syz.2.1586 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 211.732418][T10800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.732426][T10800] Call trace: [ 211.732430][T10800] show_stack+0x2c/0x3c (C) [ 211.732446][T10800] __dump_stack+0x30/0x40 [ 211.732458][T10800] dump_stack_lvl+0xd8/0x12c [ 211.732468][T10800] dump_stack+0x1c/0x28 [ 211.732478][T10800] dump_header+0xb8/0x3c8 [ 211.732491][T10800] oom_kill_process+0x324/0x968 [ 211.732505][T10800] out_of_memory+0xd60/0x105c [ 211.732518][T10800] mem_cgroup_out_of_memory+0x210/0x2bc [ 211.732533][T10800] try_charge_memcg+0xa4c/0xecc [ 211.732545][T10800] charge_memcg+0xa0/0x184 [ 211.732557][T10800] __mem_cgroup_charge+0x38/0xb0 [ 211.732569][T10800] filemap_add_folio+0x5c/0x298 [ 211.732581][T10800] __filemap_get_folio+0x544/0xc58 [ 211.732592][T10800] filemap_fault+0x988/0x1278 [ 211.732603][T10800] __do_fault+0xf8/0x498 [ 211.732614][T10800] handle_mm_fault+0x2cb0/0x4d18 [ 211.732629][T10800] __get_user_pages+0x1dd4/0x30d8 [ 211.732642][T10800] populate_vma_page_range+0x218/0x2e8 [ 211.732654][T10800] __mm_populate+0x208/0x330 [ 211.732666][T10800] __arm64_sys_mlockall+0x3c4/0x480 [ 211.732678][T10800] invoke_syscall+0x98/0x2b8 [ 211.732689][T10800] el0_svc_common+0x130/0x23c [ 211.732699][T10800] do_el0_svc+0x48/0x58 [ 211.732710][T10800] el0_svc+0x58/0x17c [ 211.732725][T10800] el0t_64_sync_handler+0x78/0x108 [ 211.732738][T10800] el0t_64_sync+0x198/0x19c [ 211.732752][T10800] memory: usage 307200kB, limit 307200kB, failcnt 153 [ 211.732970][T10800] memory+swap: usage 307228kB, limit 9007199254740988kB, failcnt 0 [ 211.732999][T10800] kmem: usage 282676kB, limit 9007199254740988kB, failcnt 0 [ 211.733020][T10800] Memory cgroup stats for /syz2: [ 211.733140][T10800] cache 8159232 [ 211.733165][T10800] rss 16953344 [ 211.733181][T10800] rss_huge 0 [ 211.733198][T10800] shmem 0 [ 211.733215][T10800] mapped_file 8159232 [ 211.733232][T10800] dirty 0 [ 211.733248][T10800] writeback 0 [ 211.733265][T10800] workingset_refault_anon 307 [ 211.733282][T10800] workingset_refault_file 29 [ 211.733299][T10800] swap 28672 [ 211.733316][T10800] swapcached 0 [ 211.733333][T10800] pgpgin 115093 [ 211.733350][T10800] pgpgout 110495 [ 211.733366][T10800] pgfault 146260 [ 211.733383][T10800] pgmajfault 67 [ 211.733400][T10800] inactive_anon 0 [ 211.733516][T10800] active_anon 0 [ 211.733534][T10800] inactive_file 0 [ 211.733551][T10800] active_file 0 [ 211.733568][T10800] unevictable 25112576 [ 211.733585][T10800] hierarchical_memory_limit 314572800 [ 211.733603][T10800] hierarchical_memsw_limit 9223372036854771712 [ 211.733621][T10800] total_cache 8159232 [ 211.733638][T10800] total_rss 16953344 [ 211.733655][T10800] total_rss_huge 0 [ 211.733672][T10800] total_shmem 0 [ 211.733689][T10800] total_mapped_file 8159232 [ 211.733706][T10800] total_dirty 0 [ 211.733723][T10800] total_writeback 0 [ 211.733740][T10800] total_workingset_refault_anon 307 [ 211.733757][T10800] total_workingset_refault_file 29 [ 211.733775][T10800] total_swap 28672 [ 211.733792][T10800] total_swapcached 0 [ 211.733809][T10800] total_pgpgin 115093 [ 211.733826][T10800] total_pgpgout 110495 [ 211.733843][T10800] total_pgfault 146260 [ 211.733860][T10800] total_pgmajfault 67 [ 211.733886][T10800] total_inactive_anon 0 [ 211.733903][T10800] total_active_anon 0 [ 211.733920][T10800] total_inactive_file 0 [ 211.733937][T10800] total_active_file 0 [ 211.733954][T10800] total_unevictable 25112576 [ 211.733971][T10800] anon_cost 0 [ 211.733992][T10800] file_cost 1 [ 211.734009][T10800] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1586,pid=10794,uid=0 [ 211.734990][T10800] Memory cgroup out of memory: Killed process 10794 (syz.2.1586) total-vm:101860kB, anon-rss:17436kB, file-rss:31720kB, shmem-rss:0kB, UID:0 pgtables:172kB oom_score_adj:1000 [ 212.313050][T10843] netlink: 'syz.4.1605': attribute type 4 has an invalid length. [ 212.323521][T10845] loop0: detected capacity change from 0 to 1764 [ 212.350534][T10843] netlink: 'syz.4.1605': attribute type 4 has an invalid length. [ 212.364598][ T6496] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 212.434756][T10791] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 212.678010][T10855] loop0: detected capacity change from 0 to 1024 [ 212.697333][T10855] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 212.712564][T10855] EXT4-fs error (device loop0): ext4_map_blocks:709: inode #15: block 3: comm syz.0.1610: lblock 3 mapped to illegal pblock 3 (length 13) [ 212.725182][T10855] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 212.728788][T10855] EXT4-fs (loop0): This should not happen!! Data will be lost [ 212.728788][T10855] [ 212.742116][T10855] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1610: lblock 3 mapped to illegal pblock 3 (length 1) [ 212.757150][T10855] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1610: lblock 3 mapped to illegal pblock 3 (length 1) [ 212.771226][T10855] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1610: lblock 3 mapped to illegal pblock 3 (length 1) [ 212.776279][T10855] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1610: lblock 3 mapped to illegal pblock 3 (length 1) [ 212.776677][T10855] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1610: lblock 3 mapped to illegal pblock 3 (length 1) [ 212.777055][T10855] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1610: lblock 3 mapped to illegal pblock 3 (length 1) [ 212.777365][T10855] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1610: lblock 3 mapped to illegal pblock 3 (length 1) [ 212.777655][T10855] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1610: lblock 3 mapped to illegal pblock 3 (length 1) [ 212.777965][T10855] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1610: lblock 3 mapped to illegal pblock 3 (length 1) [ 213.044617][T10873] netlink: 'syz.3.1614': attribute type 6 has an invalid length. [ 214.053275][ T33] oom_reaper: reaped process 10794 (syz.2.1586), now anon-rss:32kB, file-rss:30852kB, shmem-rss:0kB [ 214.127750][T10881] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 214.301674][T10894] netlink: 'syz.3.1624': attribute type 1 has an invalid length. [ 214.316496][T10894] 8021q: adding VLAN 0 to HW filter on device bond13 [ 214.317143][T10892] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1623'. [ 214.373902][ T6501] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.419189][T10899] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1624'. [ 214.459276][T10894] bond13: (slave veth11): Enslaving as an active interface with a down link [ 214.507801][T10905] loop0: detected capacity change from 0 to 512 [ 214.525437][T10905] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 214.555699][T10905] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.1626: invalid indirect mapped block 83886080 (level 1) [ 214.565359][T10905] EXT4-fs (loop0): 1 orphan inode deleted [ 214.567277][T10905] EXT4-fs (loop0): 1 truncate cleaned up [ 214.570233][T10905] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 214.666736][ T6501] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.890601][T10918] warn_alloc: 3 callbacks suppressed [ 214.890669][T10918] syz.1.1634: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 214.890773][T10918] CPU: 0 UID: 0 PID: 10918 Comm: syz.1.1634 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 214.890790][T10918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 214.890798][T10918] Call trace: [ 214.890802][T10918] show_stack+0x2c/0x3c (C) [ 214.890820][T10918] __dump_stack+0x30/0x40 [ 214.890832][T10918] dump_stack_lvl+0xd8/0x12c [ 214.890843][T10918] dump_stack+0x1c/0x28 [ 214.890853][T10918] warn_alloc+0x1f8/0x30c [ 214.890874][T10918] __vmalloc_node_range_noprof+0x114/0xfbc [ 214.890889][T10918] vmalloc_user_noprof+0xf0/0x14c [ 214.890902][T10918] xskq_create+0xbc/0x168 [ 214.890923][T10918] xsk_init_queue+0xb0/0x118 [ 214.890936][T10918] xsk_setsockopt+0x39c/0x540 [ 214.890949][T10918] do_sock_setsockopt+0x1ec/0x328 [ 214.890965][T10918] __arm64_sys_setsockopt+0x170/0x1e0 [ 214.890980][T10918] invoke_syscall+0x98/0x2b8 [ 214.890992][T10918] el0_svc_common+0x130/0x23c [ 214.891003][T10918] do_el0_svc+0x48/0x58 [ 214.891014][T10918] el0_svc+0x58/0x17c [ 214.891028][T10918] el0t_64_sync_handler+0x78/0x108 [ 214.891043][T10918] el0t_64_sync+0x198/0x19c [ 214.891167][T10918] Mem-Info: [ 214.891193][T10918] active_anon:21 inactive_anon:4714 isolated_anon:0 [ 214.891193][T10918] active_file:2490 inactive_file:3741 isolated_file:0 [ 214.891193][T10918] unevictable:3332 dirty:54 writeback:0 [ 214.891193][T10918] slab_reclaimable:10173 slab_unreclaimable:94426 [ 214.891193][T10918] mapped:31472 shmem:1004 pagetables:806 [ 214.891193][T10918] sec_pagetables:0 bounce:0 [ 214.891193][T10918] kernel_misc_reclaimable:0 [ 214.891193][T10918] free:1382357 free_pcp:4248 free_cma:7360 [ 214.891245][T10918] Node 0 active_anon:84kB inactive_anon:18856kB active_file:9960kB inactive_file:14964kB unevictable:13328kB isolated(anon):0kB isolated(file):0kB mapped:125888kB dirty:216kB writeback:0kB shmem:4016kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10032kB pagetables:3224kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 214.891297][T10918] Node 0 DMA free:3076864kB boost:0kB min:20840kB low:26048kB high:31256kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145728kB managed:3080192kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:29440kB [ 214.891360][T10918] lowmem_reserve[]: 0 0 3498 3498 3498 [ 214.891467][T10918] Node 0 Normal free:2452564kB boost:0kB min:24212kB low:30264kB high:36316kB reserved_highatomic:0KB active_anon:84kB inactive_anon:18856kB active_file:9960kB inactive_file:14964kB unevictable:13328kB writepending:216kB present:5242880kB managed:3582812kB mlocked:10304kB bounce:0kB free_pcp:17088kB local_pcp:14308kB free_cma:0kB [ 214.891532][T10918] lowmem_reserve[]: 0 0 0 0 0 [ 214.891638][T10918] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 1*256kB (C) 1*512kB (C) 0*1024kB 0*2048kB 751*4096kB (MC) = 3076864kB [ 214.891921][T10918] Node 0 Normal: 1027*4kB (UME) 1405*8kB (UME) 1224*16kB (UME) 226*32kB (UME) 706*64kB (UME) 391*128kB (UME) 182*256kB (UM) 11*512kB (ME) 88*1024kB (UME) 7*2048kB (UM) 527*4096kB (UM) = 2452660kB [ 214.892308][T10918] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 214.892337][T10918] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=32768kB [ 214.892365][T10918] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 214.892393][T10918] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=64kB [ 214.892421][T10918] 9798 total pagecache pages [ 214.892444][T10918] 6 pages in swap cache [ 214.892466][T10918] Free swap = 124968kB [ 214.892489][T10918] Total swap = 124996kB [ 214.892512][T10918] 2097152 pages RAM [ 214.892534][T10918] 0 pages HighMem/MovableOnly [ 214.892556][T10918] 431401 pages reserved [ 214.892579][T10918] 8192 pages cma reserved [ 214.892601][T10918] 0 pages hwpoisoned [ 214.945913][T10924] loop0: detected capacity change from 0 to 1024 [ 214.982623][T10924] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 215.017431][T10924] EXT4-fs error (device loop0): ext4_map_blocks:709: inode #15: block 3: comm syz.0.1636: lblock 3 mapped to illegal pblock 3 (length 13) [ 215.034820][T10924] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 215.034901][T10924] EXT4-fs (loop0): This should not happen!! Data will be lost [ 215.034901][T10924] [ 215.041529][T10924] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1636: lblock 3 mapped to illegal pblock 3 (length 1) [ 215.048608][T10924] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1636: lblock 3 mapped to illegal pblock 3 (length 1) [ 215.059035][T10924] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1636: lblock 3 mapped to illegal pblock 3 (length 1) [ 215.066481][T10924] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1636: lblock 3 mapped to illegal pblock 3 (length 1) [ 215.067028][T10924] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1636: lblock 3 mapped to illegal pblock 3 (length 1) [ 215.067447][T10924] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1636: lblock 3 mapped to illegal pblock 3 (length 1) [ 215.067912][T10924] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1636: lblock 3 mapped to illegal pblock 3 (length 1) [ 215.068351][T10924] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1636: lblock 3 mapped to illegal pblock 3 (length 1) [ 215.068786][T10924] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1636: lblock 3 mapped to illegal pblock 3 (length 1) [ 215.117733][T10934] netlink: 'syz.4.1639': attribute type 1 has an invalid length. [ 215.215664][T10934] 8021q: adding VLAN 0 to HW filter on device bond8 [ 215.275674][T10934] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1639'. [ 215.342432][T10937] bond8: (slave veth5): Enslaving as an active interface with a down link [ 215.398532][T10943] vlan3: entered allmulticast mode [ 215.400069][T10943] veth1: entered allmulticast mode [ 215.402469][T10943] veth1: entered promiscuous mode [ 215.412528][T10943] veth1: left promiscuous mode [ 215.471662][T10943] bond8: (slave vlan3): Enslaving as an active interface with a down link [ 215.550726][T10946] loop3: detected capacity change from 0 to 512 [ 215.553850][T10946] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 215.564763][T10946] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.1641: invalid indirect mapped block 83886080 (level 1) [ 215.594128][T10946] EXT4-fs (loop3): 1 orphan inode deleted [ 215.594199][T10946] EXT4-fs (loop3): 1 truncate cleaned up [ 215.596906][T10946] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 215.616223][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.759206][T10951] vlan4: entered promiscuous mode [ 215.764254][T10951] vlan4: entered allmulticast mode [ 215.776085][T10951] hsr_slave_1: entered allmulticast mode [ 215.834158][T10953] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1644'. [ 215.890523][ T6501] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.943352][T10959] batadv0: entered promiscuous mode [ 215.945889][T10959] batadv0: left promiscuous mode [ 215.996137][T10963] loop4: detected capacity change from 0 to 256 [ 216.015278][T10961] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1643'. [ 216.165518][T10967] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1649'. [ 216.205111][ T6496] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 216.221564][T10968] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1649'. [ 216.244666][T10918] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 218.148237][T10997] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 218.148404][T10997] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 218.154286][T10997] vhci_hcd vhci_hcd.0: Device attached [ 218.162959][T10998] vhci_hcd: connection closed [ 218.176615][ T455] vhci_hcd: stop threads [ 218.177249][ T455] vhci_hcd: release socket [ 218.177340][ T455] vhci_hcd: disconnect device [ 218.631146][T11005] loop0: detected capacity change from 0 to 512 [ 218.633920][T11005] EXT4-fs: Ignoring removed mblk_io_submit option [ 218.646306][T11005] ext4: Unknown parameter 'seclabel' [ 219.239079][T10951] Can't find ip_set type hash:net, [ 219.333029][T11002] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 219.626582][T11029] loop2: detected capacity change from 0 to 1024 [ 219.628040][T11029] EXT4-fs: Ignoring removed oldalloc option [ 219.770693][T11029] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 220.628077][ T6497] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.689330][T11044] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1677'. [ 220.827055][T11047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1678'. [ 220.827666][T11047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1678'. [ 221.404855][ T6496] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 221.831636][T11074] netlink: 'syz.3.1689': attribute type 4 has an invalid length. [ 221.853093][T11074] netlink: 'syz.3.1689': attribute type 4 has an invalid length. [ 221.918150][T11054] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 221.978229][T11079] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1690'. [ 222.120533][T11089] loop4: detected capacity change from 0 to 1024 [ 222.135717][T11089] EXT4-fs: Ignoring removed oldalloc option [ 222.162909][T11089] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 222.229836][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.279327][T11094] netlink: 2564 bytes leftover after parsing attributes in process `syz.3.1696'. [ 222.410897][T11102] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1698'. [ 223.632401][T11110] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 224.303578][T11130] netlink: 'syz.0.1709': attribute type 1 has an invalid length. [ 224.364170][T11132] loop3: detected capacity change from 0 to 1024 [ 224.392919][T11132] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 224.416186][T11130] 8021q: adding VLAN 0 to HW filter on device bond6 [ 224.445297][T11132] EXT4-fs error (device loop3): ext4_map_blocks:709: inode #15: block 3: comm syz.3.1710: lblock 3 mapped to illegal pblock 3 (length 13) [ 224.465418][T11132] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 224.465475][T11132] EXT4-fs (loop3): This should not happen!! Data will be lost [ 224.465475][T11132] [ 224.473230][T11130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1709'. [ 224.479500][T11139] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1710: lblock 3 mapped to illegal pblock 3 (length 1) [ 224.480170][T11139] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1710: lblock 3 mapped to illegal pblock 3 (length 1) [ 224.480478][T11139] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1710: lblock 3 mapped to illegal pblock 3 (length 1) [ 224.480772][T11139] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1710: lblock 3 mapped to illegal pblock 3 (length 1) [ 224.481086][T11139] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1710: lblock 3 mapped to illegal pblock 3 (length 1) [ 224.481383][T11139] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1710: lblock 3 mapped to illegal pblock 3 (length 1) [ 224.481680][T11139] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1710: lblock 3 mapped to illegal pblock 3 (length 1) [ 224.482097][T11139] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1710: lblock 3 mapped to illegal pblock 3 (length 1) [ 224.482417][T11139] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.1710: lblock 3 mapped to illegal pblock 3 (length 1) [ 224.513528][T11133] bond6: (slave veth11): Enslaving as an active interface with a down link [ 224.534651][T11141] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1711'. [ 224.772720][T11149] syz_tun: entered allmulticast mode [ 224.802981][T11149] syz_tun: left allmulticast mode [ 225.645502][ T6496] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 226.165972][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.405570][ T31] kauditd_printk_skb: 4 callbacks suppressed [ 226.405636][ T31] audit: type=1326 audit(226.030:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11173 comm="syz.0.1725" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 226.405688][ T31] audit: type=1326 audit(226.030:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11173 comm="syz.0.1725" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 226.439227][ T31] audit: type=1326 audit(226.060:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11173 comm="syz.0.1725" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 226.439304][ T31] audit: type=1326 audit(226.060:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11173 comm="syz.0.1725" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 226.439366][ T31] audit: type=1326 audit(226.060:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11173 comm="syz.0.1725" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 226.439412][ T31] audit: type=1326 audit(226.060:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11173 comm="syz.0.1725" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=189 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 226.439456][ T31] audit: type=1326 audit(226.060:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11173 comm="syz.0.1725" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 226.439502][ T31] audit: type=1326 audit(226.060:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11173 comm="syz.0.1725" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 226.497100][T11177] netlink: 'syz.3.1723': attribute type 1 has an invalid length. [ 226.553296][T11164] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 226.603080][T11177] 8021q: adding VLAN 0 to HW filter on device bond14 [ 226.635016][T11182] netlink: 'syz.0.1726': attribute type 10 has an invalid length. [ 226.647831][T11177] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1723'. [ 226.658291][T11182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.661142][T11182] team0: Port device bond0 added [ 226.731539][T11180] bond14: (slave veth15): Enslaving as an active interface with a down link [ 226.848431][T11185] loop0: detected capacity change from 0 to 512 [ 226.873583][T11185] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 226.899922][T11185] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.025100][ T6501] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.372722][T11202] loop0: detected capacity change from 0 to 1024 [ 228.141733][T11202] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.184751][T11202] EXT4-fs error (device loop0): ext4_map_blocks:709: inode #15: block 3: comm syz.0.1733: lblock 3 mapped to illegal pblock 3 (length 13) [ 228.192437][T11202] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 228.195967][T11202] EXT4-fs (loop0): This should not happen!! Data will be lost [ 228.195967][T11202] [ 228.232461][T11202] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1733: lblock 3 mapped to illegal pblock 3 (length 1) [ 228.243625][T11216] netlink: 'syz.2.1738': attribute type 1 has an invalid length. [ 228.264046][T11202] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1733: lblock 3 mapped to illegal pblock 3 (length 1) [ 228.266018][T11199] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1733: lblock 3 mapped to illegal pblock 3 (length 1) [ 228.266693][T11199] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1733: lblock 3 mapped to illegal pblock 3 (length 1) [ 228.267085][T11202] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1733: lblock 3 mapped to illegal pblock 3 (length 1) [ 228.267598][T11199] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1733: lblock 3 mapped to illegal pblock 3 (length 1) [ 228.268166][T11202] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1733: lblock 3 mapped to illegal pblock 3 (length 1) [ 228.268670][T11202] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1733: lblock 3 mapped to illegal pblock 3 (length 1) [ 228.269739][T11202] EXT4-fs error (device loop0): ext4_map_blocks:675: inode #15: block 3: comm syz.0.1733: lblock 3 mapped to illegal pblock 3 (length 1) [ 228.321367][T11221] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1737'. [ 228.345767][T11216] 8021q: adding VLAN 0 to HW filter on device bond8 [ 228.356450][T11216] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1738'. [ 228.578227][T11226] loop1: detected capacity change from 0 to 2048 [ 228.607357][T11220] bond8: (slave veth1): Enslaving as an active interface with a down link [ 228.641579][T11226] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 228.911054][T11237] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 228.924135][T11237] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 186 with max blocks 300 with error 28 [ 228.928557][T11237] EXT4-fs (loop1): This should not happen!! Data will be lost [ 228.928557][T11237] [ 228.932418][T11237] EXT4-fs (loop1): Total free blocks count 0 [ 228.932474][T11237] EXT4-fs (loop1): Free/Dirty block details [ 228.932504][T11237] EXT4-fs (loop1): free_blocks=2415919104 [ 228.932535][T11237] EXT4-fs (loop1): dirty_blocks=496 [ 228.932562][T11237] EXT4-fs (loop1): Block reservation details [ 228.932589][T11237] EXT4-fs (loop1): i_reserved_data_blocks=31 [ 229.135424][ T6501] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.187082][ T542] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 230.398272][T11266] netlink: 'syz.1.1752': attribute type 1 has an invalid length. [ 230.444010][T11266] 8021q: adding VLAN 0 to HW filter on device bond8 [ 230.500773][T11265] bond8: (slave veth11): Enslaving as an active interface with a down link [ 230.529150][T11271] loop2: detected capacity change from 0 to 512 [ 230.534299][T11265] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1752'. [ 230.579680][T11271] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 230.711477][T11259] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 230.763862][ T6497] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.828586][T11279] loop1: detected capacity change from 0 to 1024 [ 230.858015][T11279] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.889674][T11279] EXT4-fs error (device loop1): ext4_map_blocks:709: inode #15: block 3: comm syz.1.1756: lblock 3 mapped to illegal pblock 3 (length 13) [ 230.894140][T11279] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 230.898895][T11279] EXT4-fs (loop1): This should not happen!! Data will be lost [ 230.898895][T11279] [ 230.911344][T11279] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #15: block 3: comm syz.1.1756: lblock 3 mapped to illegal pblock 3 (length 1) [ 230.918417][T11279] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #15: block 3: comm syz.1.1756: lblock 3 mapped to illegal pblock 3 (length 1) [ 230.922832][T11279] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #15: block 3: comm syz.1.1756: lblock 3 mapped to illegal pblock 3 (length 1) [ 230.929175][T11279] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #15: block 3: comm syz.1.1756: lblock 3 mapped to illegal pblock 3 (length 1) [ 230.934027][T11279] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #15: block 3: comm syz.1.1756: lblock 3 mapped to illegal pblock 3 (length 1) [ 230.943714][T11279] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #15: block 3: comm syz.1.1756: lblock 3 mapped to illegal pblock 3 (length 1) [ 230.948087][T11279] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #15: block 3: comm syz.1.1756: lblock 3 mapped to illegal pblock 3 (length 1) [ 230.952471][T11279] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #15: block 3: comm syz.1.1756: lblock 3 mapped to illegal pblock 3 (length 1) [ 230.956994][T11279] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #15: block 3: comm syz.1.1756: lblock 3 mapped to illegal pblock 3 (length 1) [ 231.650123][T11303] netlink: 'syz.2.1765': attribute type 1 has an invalid length. [ 231.672112][T11303] 8021q: adding VLAN 0 to HW filter on device bond9 [ 231.691992][ T6489] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.734353][T11309] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1765'. [ 231.797093][T11303] bond9: (slave veth7): Enslaving as an active interface with a down link [ 231.861946][T11311] vlan2: entered allmulticast mode [ 231.862024][T11311] veth1: entered allmulticast mode [ 231.862545][T11311] veth1: entered promiscuous mode [ 231.862853][T11311] veth1: left promiscuous mode [ 231.888093][T11311] bond9: (slave vlan2): Enslaving as an active interface with a down link [ 231.920200][T11315] loop3: detected capacity change from 0 to 1024 [ 231.969923][T11315] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 233.252564][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.280473][T11335] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1774'. [ 234.622224][T11348] loop4: detected capacity change from 0 to 1024 [ 234.642374][T11345] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1779'. [ 234.647213][T11345] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1779'. [ 234.647283][T11345] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1779'. [ 234.704779][T11348] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 234.717460][T11348] EXT4-fs error (device loop4): ext4_map_blocks:709: inode #15: block 3: comm syz.4.1778: lblock 3 mapped to illegal pblock 3 (length 13) [ 234.721738][T11348] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 234.721800][T11348] EXT4-fs (loop4): This should not happen!! Data will be lost [ 234.721800][T11348] [ 234.736731][T11348] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1778: lblock 3 mapped to illegal pblock 3 (length 1) [ 234.741067][T11348] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1778: lblock 3 mapped to illegal pblock 3 (length 1) [ 234.745584][T11348] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1778: lblock 3 mapped to illegal pblock 3 (length 1) [ 234.749752][T11348] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1778: lblock 3 mapped to illegal pblock 3 (length 1) [ 234.754007][T11348] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1778: lblock 3 mapped to illegal pblock 3 (length 1) [ 234.754373][T11348] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1778: lblock 3 mapped to illegal pblock 3 (length 1) [ 234.756479][T11348] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1778: lblock 3 mapped to illegal pblock 3 (length 1) [ 234.756805][T11348] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1778: lblock 3 mapped to illegal pblock 3 (length 1) [ 234.757140][T11348] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1778: lblock 3 mapped to illegal pblock 3 (length 1) [ 236.210472][ T31] audit: type=1107 audit(235.830:582): pid=11378 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 236.475074][T11385] loop1: detected capacity change from 0 to 128 [ 236.475699][T11385] EXT4-fs: Ignoring removed nobh option [ 236.526212][T11385] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 236.619936][ T6489] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 236.915758][T11398] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1802'. [ 236.915833][T11398] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1802'. [ 236.915858][T11398] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1802'. [ 236.972630][ T31] audit: type=1326 audit(236.590:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11400 comm="syz.0.1803" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 236.983128][ T31] audit: type=1326 audit(236.590:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11400 comm="syz.0.1803" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 236.989489][ T31] audit: type=1326 audit(236.590:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11400 comm="syz.0.1803" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=159 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 236.995188][ T31] audit: type=1326 audit(236.590:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11400 comm="syz.0.1803" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 237.001077][ T31] audit: type=1326 audit(236.590:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11400 comm="syz.0.1803" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 237.174672][T11408] GPL calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 237.195805][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.500237][T11435] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled [ 237.503949][ T31] audit: type=1326 audit(237.120:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11432 comm="syz.2.1817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 237.516479][ T31] audit: type=1326 audit(237.140:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11432 comm="syz.2.1817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=59 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 237.521998][ T31] audit: type=1326 audit(237.140:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11432 comm="syz.2.1817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 237.527758][ T31] audit: type=1326 audit(237.140:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11432 comm="syz.2.1817" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=178 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 238.480728][T11446] loop3: detected capacity change from 0 to 512 [ 238.511502][T11446] EXT4-fs: Ignoring removed oldalloc option [ 238.599454][T11446] EXT4-fs error (device loop3): ext4_xattr_inode_iget:433: comm syz.3.1821: Parent and EA inode have the same ino 15 [ 238.604171][T11446] EXT4-fs error (device loop3): ext4_xattr_inode_iget:433: comm syz.3.1821: Parent and EA inode have the same ino 15 [ 238.608056][T11446] EXT4-fs (loop3): 1 orphan inode deleted [ 238.610779][T11446] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 238.708417][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.817282][T11462] netlink: 'syz.1.1826': attribute type 4 has an invalid length. [ 238.893794][T11462] netlink: 'syz.1.1826': attribute type 4 has an invalid length. [ 238.963013][T11465] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1825'. [ 239.371656][T11480] loop1: detected capacity change from 0 to 1024 [ 239.420465][T11480] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.432795][T11483] loop4: detected capacity change from 0 to 512 [ 239.455224][T11483] journal_path: Non-blockdev passed as './bus' [ 239.455299][T11483] EXT4-fs: error: could not find journal device path [ 239.550436][ T6489] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.678969][T11491] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.729601][ T11] kernel write not supported for file /912/coredump_filter (pid: 11 comm: kworker/0:1) [ 239.761809][T11491] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.783612][T11498] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 239.784005][T11498] bond0: (slave lo): Error: Device can not be enslaved while up [ 239.816004][T11491] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.908341][T11491] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.995060][T11506] netlink: 'syz.2.1842': attribute type 4 has an invalid length. [ 240.000125][T11506] netlink: 'syz.2.1842': attribute type 4 has an invalid length. [ 240.073523][T11491] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.117512][T11491] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.140437][T11491] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.167274][T11491] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.783406][T11536] netlink: 'syz.2.1854': attribute type 4 has an invalid length. [ 240.810791][T11538] loop4: detected capacity change from 0 to 512 [ 240.813498][T11538] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 240.821395][T11536] netlink: 'syz.2.1854': attribute type 4 has an invalid length. [ 240.837777][T11538] EXT4-fs (loop4): 1 truncate cleaned up [ 240.838692][T11538] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 240.977817][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.011191][T11547] ieee802154 phy0 wpan0: encryption failed: -22 [ 241.120656][T11555] netlink: 268 bytes leftover after parsing attributes in process `syz.4.1866'. [ 241.259427][T11563] netlink: 'syz.4.1869': attribute type 1 has an invalid length. [ 241.385745][T11563] 8021q: adding VLAN 0 to HW filter on device bond9 [ 241.428319][T11565] bond9: (slave veth7): Enslaving as an active interface with a down link [ 241.497423][T11571] loop1: detected capacity change from 0 to 512 [ 241.523149][T11571] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 241.578668][T11575] netlink: 'syz.3.1872': attribute type 4 has an invalid length. [ 241.603625][ T6489] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.635087][T11575] netlink: 'syz.3.1872': attribute type 4 has an invalid length. [ 241.680365][T11581] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1876'. [ 241.842974][T11590] loop1: detected capacity change from 0 to 512 [ 241.916130][T11590] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 241.993653][ T6489] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.023533][T11602] netlink: 'syz.0.1884': attribute type 1 has an invalid length. [ 242.072832][T11602] 8021q: adding VLAN 0 to HW filter on device bond7 [ 242.167769][T11607] bond7: (slave veth13): Enslaving as an active interface with a down link [ 242.170714][T11602] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1884'. [ 242.282011][T11616] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1889'. [ 242.491761][T11624] vhci_hcd: default hub control req: 4001 v0008 i0003 l0 [ 242.496311][T11624] batman_adv: batadv0: Removing interface: dummy0 [ 242.514352][T11624] team0: Port device dummy0 added [ 243.344616][T11632] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1895'. [ 243.493509][T11641] 8021q: adding VLAN 0 to HW filter on device bond8 [ 243.526901][T11641] bond8: (slave veth15): Enslaving as an active interface with a down link [ 243.536944][T11641] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1899'. [ 243.739511][T11632] infiniband syz0: set active [ 243.739574][T11632] infiniband syz0: added bond_slave_1 [ 243.827107][T11632] RDS/IB: syz0: added [ 243.828454][T11632] smc: adding ib device syz0 with port count 1 [ 243.830316][T11632] smc: ib device syz0 port 1 has pnetid [ 243.977574][ T6538] kernel write not supported for file /979/coredump_filter (pid: 6538 comm: kworker/1:4) [ 244.142023][T11669] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1910'. [ 244.370939][T11675] validate_nla: 7 callbacks suppressed [ 244.372441][T11675] netlink: 'syz.2.1913': attribute type 4 has an invalid length. [ 244.390447][T11675] netlink: 'syz.2.1913': attribute type 4 has an invalid length. [ 244.432099][T11677] netlink: 'syz.1.1914': attribute type 1 has an invalid length. [ 244.469665][T11677] 8021q: adding VLAN 0 to HW filter on device bond9 [ 244.515077][T11677] bond9: (slave veth13): Enslaving as an active interface with a down link [ 244.518568][T11677] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1914'. [ 244.898933][T11694] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 244.987275][T11698] loop1: detected capacity change from 0 to 512 [ 245.005621][T11698] EXT4-fs (loop1): too many log groups per flexible block group [ 245.007889][T11698] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 245.011198][T11698] EXT4-fs (loop1): mount failed [ 245.091370][T11706] netlink: 'syz.3.1926': attribute type 1 has an invalid length. [ 245.135971][T11706] 8021q: adding VLAN 0 to HW filter on device bond15 [ 245.139448][T11707] netlink: 'syz.4.1925': attribute type 4 has an invalid length. [ 245.149604][T11707] netlink: 'syz.4.1925': attribute type 4 has an invalid length. [ 245.207603][T11713] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1926'. [ 245.317750][T11706] bond15: (slave veth17): Enslaving as an active interface with a down link [ 245.866876][T11722] loop1: detected capacity change from 0 to 512 [ 247.044431][T11722] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 247.587672][ T31] kauditd_printk_skb: 22 callbacks suppressed [ 247.587725][ T31] audit: type=1326 audit(247.210:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11734 comm="syz.0.1932" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 247.597598][ T31] audit: type=1326 audit(247.220:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11734 comm="syz.0.1932" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 247.607304][ T31] audit: type=1326 audit(247.230:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11734 comm="syz.0.1932" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 247.618379][ T31] audit: type=1326 audit(247.240:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11734 comm="syz.0.1932" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 247.618451][ T31] audit: type=1326 audit(247.240:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11734 comm="syz.0.1932" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 247.641240][ T31] audit: type=1326 audit(247.250:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11734 comm="syz.0.1932" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 247.641314][ T31] audit: type=1326 audit(247.250:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11734 comm="syz.0.1932" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 247.641372][ T31] audit: type=1326 audit(247.250:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11734 comm="syz.0.1932" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 247.681269][ T31] audit: type=1326 audit(247.290:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11734 comm="syz.0.1932" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=163 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 247.681343][ T31] audit: type=1326 audit(247.290:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11734 comm="syz.0.1932" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 247.801790][T11738] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1934'. [ 247.850099][T11742] 9pnet_fd: Insufficient options for proto=fd [ 247.964053][T11744] loop4: detected capacity change from 0 to 1024 [ 247.968930][T11746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 247.981988][T11746] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 248.005965][T11748] loop3: detected capacity change from 0 to 256 [ 248.009384][T11746] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1938'. [ 248.016113][T11748] FAT-fs (loop3): bogus sectors per cluster 0 [ 248.016161][T11748] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; no bootstrapping code [ 248.016201][T11748] FAT-fs (loop3): Can't find a valid FAT filesystem [ 248.089555][T11744] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 248.153903][T11744] EXT4-fs error (device loop4): ext4_map_blocks:709: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 13) [ 248.165793][T11744] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 248.169284][T11744] EXT4-fs (loop4): This should not happen!! Data will be lost [ 248.169284][T11744] [ 248.195362][T11752] netlink: 'syz.0.1939': attribute type 4 has an invalid length. [ 248.218304][T11752] netlink: 'syz.0.1939': attribute type 4 has an invalid length. [ 248.221296][T11744] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 248.227925][T11744] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 248.228595][T11744] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 248.228922][T11744] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 248.229232][T11744] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 248.229519][T11744] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 248.229857][T11744] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 248.235195][T11744] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 248.237334][T11744] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.1936: lblock 3 mapped to illegal pblock 3 (length 1) [ 248.319079][ T6489] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 248.423657][T11760] netlink: 'syz.1.1941': attribute type 1 has an invalid length. [ 248.457966][T11760] 8021q: adding VLAN 0 to HW filter on device bond10 [ 248.547431][T11760] bond10: (slave veth15): Enslaving as an active interface with a down link [ 248.560065][T11760] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1941'. [ 248.798759][T11771] loop1: detected capacity change from 0 to 256 [ 248.907506][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.138625][T11790] netlink: 'syz.4.1954': attribute type 1 has an invalid length. [ 249.169365][ T2395] ieee802154 phy0 wpan0: encryption failed: -22 [ 249.176073][T11790] 8021q: adding VLAN 0 to HW filter on device bond10 [ 249.255838][T11798] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1954'. [ 249.290554][T11790] bond10: (slave veth9): Enslaving as an active interface with a down link [ 249.399913][T11806] loop4: detected capacity change from 0 to 512 [ 249.427073][T11806] EXT4-fs (loop4): too many log groups per flexible block group [ 249.429479][T11806] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 249.431641][T11806] EXT4-fs (loop4): mount failed [ 249.446386][T11809] IPv6: Can't replace route, no match found [ 249.519563][T11817] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1966'. [ 249.611576][T11818] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1965'. [ 249.612914][T11818] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1965'. [ 249.613051][T11818] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1965'. [ 249.652116][T11822] loop1: detected capacity change from 0 to 512 [ 249.670453][T11822] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' [ 249.670536][T11822] EXT4-fs: error: could not find journal device path [ 249.774036][T11832] netlink: 'syz.3.1971': attribute type 1 has an invalid length. [ 249.803288][T11832] 8021q: adding VLAN 0 to HW filter on device bond16 [ 249.826896][T11832] bond16: (slave veth19): Enslaving as an active interface with a down link [ 249.854906][T11832] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1971'. [ 249.989318][T11847] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1976'. [ 249.993228][T11847] syz0: rxe_newlink: already configured on bond_slave_1 [ 251.180528][T11864] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 251.180597][T11864] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 251.236572][T11867] netlink: 'syz.3.1988': attribute type 1 has an invalid length. [ 251.318678][T11867] 8021q: adding VLAN 0 to HW filter on device bond17 [ 251.359725][T11874] bond17: (slave veth21): Enslaving as an active interface with a down link [ 251.479683][T11880] netlink: 'syz.1.1990': attribute type 10 has an invalid length. [ 251.530476][T11883] ksmbd: Unknown IPC event: 1, ignore. [ 251.653054][T11880] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 252.694784][T11902] 9pnet_fd: Insufficient options for proto=fd [ 252.904926][T11911] loop3: detected capacity change from 0 to 256 [ 252.932420][T11911] xt_connbytes: Forcing CT accounting to be enabled [ 252.934816][T11911] Cannot find set identified by id 0 to match [ 253.162290][T11915] xt_hashlimit: max too large, truncated to 1048576 [ 253.295619][T11920] loop3: detected capacity change from 0 to 512 [ 253.317610][T11920] EXT4-fs (loop3): orphan cleanup on readonly fs [ 253.318167][T11920] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.2002: bad orphan inode 13 [ 253.318776][T11920] ext4_test_bit(bit=12, block=18) = 1 [ 253.318817][T11920] is_bad_inode(inode)=0 [ 253.318851][T11920] NEXT_ORPHAN(inode)=2130706432 [ 253.318885][T11920] max_ino=32 [ 253.318908][T11920] i_nlink=1 [ 253.319853][T11920] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 253.425477][T11920] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 253.514962][T11920] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2002: bg 0: block 248: padding at end of block bitmap is not set [ 253.521813][T11920] __quota_error: 109 callbacks suppressed [ 253.521896][T11920] Quota error (device loop3): write_blk: dquota write failed [ 253.522058][T11920] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 253.522095][T11920] EXT4-fs error (device loop3): ext4_acquire_dquot:6935: comm syz.3.2002: Failed to acquire dquot type 1 [ 253.606974][ T31] audit: type=1326 audit(253.230:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11930 comm="syz.2.2006" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 253.607055][ T31] audit: type=1326 audit(253.230:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11930 comm="syz.2.2006" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 253.630118][ T31] audit: type=1326 audit(253.250:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11930 comm="syz.2.2006" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 253.636224][ T31] audit: type=1326 audit(253.250:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11930 comm="syz.2.2006" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 253.647947][ T31] audit: type=1326 audit(253.270:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11930 comm="syz.2.2006" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 253.653573][ T31] audit: type=1326 audit(253.270:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11930 comm="syz.2.2006" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 253.659275][ T31] audit: type=1326 audit(253.270:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11930 comm="syz.2.2006" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 253.664783][ T31] audit: type=1326 audit(253.280:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11930 comm="syz.2.2006" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8295a768 code=0x7ffc0000 [ 253.725034][T11920] EXT4-fs warning (device loop3): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 253.794822][T11938] 9pnet_fd: Insufficient options for proto=fd [ 254.026241][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.261038][T11964] loop4: detected capacity change from 0 to 512 [ 255.353572][T11964] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 255.541748][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.462296][T11994] sch_tbf: burst 3298 is lower than device lo mtu (11337746) ! [ 256.624802][T12003] tipc: Failed to obtain node identity [ 256.625051][T12003] tipc: Enabling of bearer rejected, failed to enable media [ 256.666701][T12005] __nla_validate_parse: 3 callbacks suppressed [ 256.666777][T12005] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2034'. [ 257.605082][T12016] loop4: detected capacity change from 0 to 1024 [ 257.629014][T12016] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 257.789514][T12026] loop1: detected capacity change from 0 to 2048 [ 257.819578][T12026] EXT4-fs (loop1): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 257.861595][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.326167][ T6489] EXT4-fs (loop1): unmounting filesystem 00000800-0000-0000-0000-000000000000. [ 258.332633][T12042] pim6reg: entered allmulticast mode [ 258.349545][T12040] pim6reg: left allmulticast mode [ 258.468342][T12044] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2048'. [ 258.694693][ T31] kauditd_printk_skb: 23 callbacks suppressed [ 258.695521][ T31] audit: type=1326 audit(258.310:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12049 comm="syz.0.2051" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 258.695574][ T31] audit: type=1326 audit(258.310:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12049 comm="syz.0.2051" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 258.713950][ T31] audit: type=1326 audit(258.330:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12049 comm="syz.0.2051" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 258.720811][ T31] audit: type=1326 audit(258.340:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12049 comm="syz.0.2051" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 258.728347][ T31] audit: type=1326 audit(258.350:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12049 comm="syz.0.2051" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 258.742312][ T31] audit: type=1326 audit(258.360:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12049 comm="syz.0.2051" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=181 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 258.742396][ T31] audit: type=1326 audit(258.360:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12049 comm="syz.0.2051" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 258.742453][ T31] audit: type=1326 audit(258.360:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12049 comm="syz.0.2051" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 258.763037][ T31] audit: type=1326 audit(258.380:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12049 comm="syz.0.2051" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 258.763133][ T31] audit: type=1326 audit(258.380:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12049 comm="syz.0.2051" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 259.865528][T12067] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2057'. [ 259.865599][T12067] ksmbd: Unknown IPC event: 3, ignore. [ 259.927631][T12071] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2059'. [ 260.032240][T12078] loop4: detected capacity change from 0 to 164 [ 260.097089][T12078] syz.4.2062: attempt to access beyond end of device [ 260.097089][T12078] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 260.097536][T12078] syz.4.2062: attempt to access beyond end of device [ 260.097536][T12078] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 260.355498][T12103] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2072'. [ 260.723955][T12133] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2086'. [ 261.951166][T12161] loop4: detected capacity change from 0 to 2048 [ 262.203241][T12161] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 262.369048][T12166] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2098'. [ 263.766715][T12191] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2108'. [ 264.019272][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.092826][T12209] loop4: detected capacity change from 0 to 128 [ 264.122842][T12209] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 264.150749][ T31] kauditd_printk_skb: 66 callbacks suppressed [ 264.152727][ T31] audit: type=1326 audit(263.770:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12212 comm="syz.0.2119" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 264.159797][ T31] audit: type=1326 audit(263.780:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12212 comm="syz.0.2119" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 264.166618][ T31] audit: type=1326 audit(263.790:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12212 comm="syz.0.2119" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 264.173013][ T31] audit: type=1326 audit(263.790:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12212 comm="syz.0.2119" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 264.242187][ T31] audit: type=1326 audit(263.860:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12212 comm="syz.0.2119" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=181 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 264.242276][ T31] audit: type=1326 audit(263.860:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12212 comm="syz.0.2119" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 264.242314][ T31] audit: type=1326 audit(263.860:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12212 comm="syz.0.2119" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 264.252470][ T6499] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 264.285145][ T31] audit: type=1326 audit(263.900:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12212 comm="syz.0.2119" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=279 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 264.285233][ T31] audit: type=1326 audit(263.900:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12212 comm="syz.0.2119" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffaa15a79c code=0x7ffc0000 [ 264.286458][ T31] audit: type=1326 audit(263.910:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12212 comm="syz.0.2119" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffaa158e30 code=0x7ffc0000 [ 264.419292][T12218] bond0: (slave dummy0): Releasing backup interface [ 264.466480][T12221] loop4: detected capacity change from 0 to 512 [ 264.469164][T12221] EXT4-fs: Ignoring removed oldalloc option [ 264.521394][T12221] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.2120: Parent and EA inode have the same ino 15 [ 264.578423][T12224] loop3: detected capacity change from 0 to 1024 [ 264.648949][T12224] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 264.666765][T12218] bridge_slave_0: left allmulticast mode [ 264.669821][T12218] bridge_slave_0: left promiscuous mode [ 264.675498][T12218] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.716030][T12224] EXT4-fs error (device loop3): ext4_map_blocks:709: inode #15: block 3: comm syz.3.2122: lblock 3 mapped to illegal pblock 3 (length 13) [ 264.732058][T12224] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 264.732123][T12224] EXT4-fs (loop3): This should not happen!! Data will be lost [ 264.732123][T12224] [ 264.740896][T12218] bridge_slave_1: left allmulticast mode [ 264.745102][T12218] bridge_slave_1: left promiscuous mode [ 264.748067][T12218] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.757246][T12230] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2122: lblock 3 mapped to illegal pblock 3 (length 1) [ 264.773654][T12230] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2122: lblock 3 mapped to illegal pblock 3 (length 1) [ 264.783625][T12218] bond0: (slave bond_slave_0): Releasing backup interface [ 264.790656][T12230] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2122: lblock 3 mapped to illegal pblock 3 (length 1) [ 264.812357][T12230] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2122: lblock 3 mapped to illegal pblock 3 (length 1) [ 264.833022][T12218] bond0: (slave bond_slave_1): Releasing backup interface [ 264.837262][T12223] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2122: lblock 3 mapped to illegal pblock 3 (length 1) [ 264.869018][T12221] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.2120: Parent and EA inode have the same ino 15 [ 264.870558][T12221] EXT4-fs (loop4): 1 orphan inode deleted [ 264.871419][T12221] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 264.873331][T12230] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2122: lblock 3 mapped to illegal pblock 3 (length 1) [ 264.883731][T12223] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2122: lblock 3 mapped to illegal pblock 3 (length 1) [ 264.890323][T12223] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2122: lblock 3 mapped to illegal pblock 3 (length 1) [ 264.895215][T12230] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2122: lblock 3 mapped to illegal pblock 3 (length 1) [ 264.965575][T12218] team0: Port device team_slave_1 removed [ 264.978380][T12218] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 264.991356][T12218] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 264.996479][T12218] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 265.001132][T12218] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 265.470542][T12218] bond1: (slave veth3): Releasing backup interface [ 265.470611][T12218] bond1: (slave veth3): the permanent HWaddr of slave - 52:11:ac:d3:62:cf - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 265.529474][T12218] bond1: (slave vlan2): Releasing backup interface [ 265.629173][T12218] veth1: left promiscuous mode [ 265.636155][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.655228][T12218] bond5: (slave veth9): Releasing active interface [ 265.768050][T12218] bond8: (slave veth11): Releasing active interface [ 265.825064][T12218] bond9: (slave veth13): Releasing active interface [ 265.910155][T12218] bond10: (slave veth15): Releasing active interface [ 266.705926][T12246] loop3: detected capacity change from 0 to 2048 [ 266.737433][T12246] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 266.857670][T12259] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2134'. [ 266.857740][T12259] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2134'. [ 266.871595][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.947665][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 266.990635][T12263] loop4: detected capacity change from 0 to 1024 [ 267.043483][T12263] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 267.072326][T12263] EXT4-fs error (device loop4): ext4_map_blocks:709: inode #15: block 3: comm syz.4.2135: lblock 3 mapped to illegal pblock 3 (length 13) [ 267.072721][T12263] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 267.072755][T12263] EXT4-fs (loop4): This should not happen!! Data will be lost [ 267.072755][T12263] [ 267.083769][T12263] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2135: lblock 3 mapped to illegal pblock 3 (length 1) [ 267.084196][T12263] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2135: lblock 3 mapped to illegal pblock 3 (length 1) [ 267.084601][T12263] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2135: lblock 3 mapped to illegal pblock 3 (length 1) [ 267.084986][T12263] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2135: lblock 3 mapped to illegal pblock 3 (length 1) [ 267.085756][T12263] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2135: lblock 3 mapped to illegal pblock 3 (length 1) [ 267.086102][T12263] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2135: lblock 3 mapped to illegal pblock 3 (length 1) [ 267.086432][T12263] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2135: lblock 3 mapped to illegal pblock 3 (length 1) [ 267.086862][T12263] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2135: lblock 3 mapped to illegal pblock 3 (length 1) [ 267.087324][T12263] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2135: lblock 3 mapped to illegal pblock 3 (length 1) [ 268.372659][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 268.437339][T12286] wireguard0: entered promiscuous mode [ 268.437410][T12286] wireguard0: entered allmulticast mode [ 269.119050][T12280] netlink: 300 bytes leftover after parsing attributes in process `syz.3.2142'. [ 269.153159][T12297] loop4: detected capacity change from 0 to 2048 [ 269.208320][T12297] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 269.336323][ T31] kauditd_printk_skb: 110 callbacks suppressed [ 269.338176][ T31] audit: type=1326 audit(268.960:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12307 comm="syz.3.2150" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8575a768 code=0x7ffc0000 [ 269.344044][ T31] audit: type=1326 audit(268.960:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12307 comm="syz.3.2150" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8575a768 code=0x7ffc0000 [ 269.350082][ T31] audit: type=1326 audit(268.970:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12307 comm="syz.3.2150" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8575a768 code=0x7ffc0000 [ 269.350149][ T31] audit: type=1326 audit(268.970:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12307 comm="syz.3.2150" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8575a768 code=0x7ffc0000 [ 269.350194][ T31] audit: type=1326 audit(268.970:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12307 comm="syz.3.2150" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8575a768 code=0x7ffc0000 [ 269.350244][ T31] audit: type=1326 audit(268.970:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12307 comm="syz.3.2150" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8575a768 code=0x7ffc0000 [ 269.350289][ T31] audit: type=1326 audit(268.970:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12307 comm="syz.3.2150" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8575a768 code=0x7ffc0000 [ 269.372272][T12309] loop3: detected capacity change from 0 to 512 [ 269.374745][ T31] audit: type=1326 audit(268.980:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12307 comm="syz.3.2150" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8575a768 code=0x7ffc0000 [ 269.374797][ T31] audit: type=1326 audit(268.980:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12307 comm="syz.3.2150" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8575a768 code=0x7ffc0000 [ 269.374837][ T31] audit: type=1326 audit(268.980:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12307 comm="syz.3.2150" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8575a768 code=0x7ffc0000 [ 269.417659][T12309] EXT4-fs warning (device loop3): ext4_enable_quotas:7170: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 269.418039][T12309] EXT4-fs (loop3): mount failed [ 269.660831][T12322] loop3: detected capacity change from 0 to 1024 [ 269.684050][T12322] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 269.726069][T12322] EXT4-fs error (device loop3): ext4_map_blocks:709: inode #15: block 3: comm syz.3.2155: lblock 3 mapped to illegal pblock 3 (length 13) [ 269.737474][T12322] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 269.737541][T12322] EXT4-fs (loop3): This should not happen!! Data will be lost [ 269.737541][T12322] [ 269.857395][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.616808][T12341] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2163'. [ 270.635302][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 270.673210][T12347] siw: device registration error -23 [ 270.799567][T12356] block device autoloading is deprecated and will be removed. [ 270.806797][T12356] syz.2.2169: attempt to access beyond end of device [ 270.806797][T12356] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 270.994057][T12369] loop3: detected capacity change from 0 to 512 [ 271.005361][T12369] EXT4-fs: Ignoring removed oldalloc option [ 271.018944][T12369] EXT4-fs error (device loop3): ext4_xattr_inode_iget:433: comm syz.3.2175: Parent and EA inode have the same ino 15 [ 271.022976][T12369] EXT4-fs error (device loop3): ext4_xattr_inode_iget:433: comm syz.3.2175: Parent and EA inode have the same ino 15 [ 271.027328][T12369] EXT4-fs (loop3): 1 orphan inode deleted [ 271.038564][T12369] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 271.055918][T12371] loop4: detected capacity change from 0 to 2048 [ 271.205815][T12371] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 271.215716][T12375] Invalid logical block size (3) [ 271.953153][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 272.208317][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 272.370186][T12411] loop4: detected capacity change from 0 to 1024 [ 272.408400][T12411] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 272.428153][T12411] EXT4-fs error (device loop4): ext4_map_blocks:709: inode #15: block 3: comm syz.4.2184: lblock 3 mapped to illegal pblock 3 (length 13) [ 272.438955][T12411] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 272.439028][T12411] EXT4-fs (loop4): This should not happen!! Data will be lost [ 272.439028][T12411] [ 272.529243][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.543770][T12433] loop3: detected capacity change from 0 to 2048 [ 273.612398][T12441] netlink: 'syz.0.2198': attribute type 1 has an invalid length. [ 273.624256][T12433] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 273.652937][T12441] 8021q: adding VLAN 0 to HW filter on device bond9 [ 273.699456][T12441] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2198'. [ 273.811680][T12447] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 273.811922][T12447] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 652 with error 28 [ 273.811954][T12447] EXT4-fs (loop3): This should not happen!! Data will be lost [ 273.811954][T12447] [ 273.811977][T12447] EXT4-fs (loop3): Total free blocks count 0 [ 273.811999][T12447] EXT4-fs (loop3): Free/Dirty block details [ 273.812023][T12447] EXT4-fs (loop3): free_blocks=2415919104 [ 273.812048][T12447] EXT4-fs (loop3): dirty_blocks=656 [ 273.812069][T12447] EXT4-fs (loop3): Block reservation details [ 273.812090][T12447] EXT4-fs (loop3): i_reserved_data_blocks=41 [ 273.902425][ T43] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 274.037278][T12460] netlink: 'syz.2.2206': attribute type 1 has an invalid length. [ 274.187257][T12471] loop4: detected capacity change from 0 to 128 [ 274.201472][T12471] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 274.276706][ T6499] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 274.360545][ T31] kauditd_printk_skb: 259 callbacks suppressed [ 274.360617][ T31] audit: type=1326 audit(273.980:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12475 comm="syz.4.2210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 274.370407][ T31] audit: type=1326 audit(273.980:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12475 comm="syz.4.2210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 274.371771][ T31] audit: type=1326 audit(273.990:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12475 comm="syz.4.2210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 274.372001][ T31] audit: type=1326 audit(273.990:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12475 comm="syz.4.2210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 274.372449][ T31] audit: type=1326 audit(273.990:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12475 comm="syz.4.2210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 274.372969][ T31] audit: type=1326 audit(273.990:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12475 comm="syz.4.2210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 274.373124][ T31] audit: type=1326 audit(273.990:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12475 comm="syz.4.2210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 274.373376][ T31] audit: type=1326 audit(273.990:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12475 comm="syz.4.2210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 274.373680][ T31] audit: type=1326 audit(273.990:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12475 comm="syz.4.2210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 274.373903][ T31] audit: type=1326 audit(273.990:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12475 comm="syz.4.2210" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 274.576730][T12441] bond9 (unregistering): Released all slaves [ 274.626597][T12460] 8021q: adding VLAN 0 to HW filter on device bond10 [ 274.713564][T12464] bond10: (slave gretap1): making interface the new active one [ 274.717864][T12464] bond10: (slave gretap1): Enslaving as an active interface with an up link [ 274.723696][T12467] vlan3: entered allmulticast mode [ 274.725345][T12467] bond10: entered allmulticast mode [ 274.726721][T12467] gretap1: entered allmulticast mode [ 274.728826][T12467] bond10: (slave vlan3): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 274.902905][T12493] loop4: detected capacity change from 0 to 512 [ 274.924312][T12495] 9pnet_fd: Insufficient options for proto=fd [ 274.998054][T12493] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 275.108365][T12508] syz.0.2224: attempt to access beyond end of device [ 275.108365][T12508] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 275.245151][T12517] sch_tbf: burst 3298 is lower than device lo mtu (11337746) ! [ 275.319656][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 275.652473][T12523] wireguard0: entered promiscuous mode [ 275.652649][T12523] wireguard0: entered allmulticast mode [ 276.051452][T12529] loop4: detected capacity change from 0 to 512 [ 276.090566][T12529] EXT4-fs (loop4): too many log groups per flexible block group [ 276.090749][T12529] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 276.090841][T12529] EXT4-fs (loop4): mount failed [ 276.621628][T12571] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2250'. [ 276.792945][T12571] team0: Port device team_slave_0 removed [ 276.905760][T12587] tipc: Failed to obtain node identity [ 276.912597][T12587] tipc: Enabling of bearer rejected, failed to enable media [ 277.042620][T12594] loop3: detected capacity change from 0 to 2048 [ 277.689531][T12618] netlink: 'syz.0.2271': attribute type 1 has an invalid length. [ 277.735116][T12618] 8021q: adding VLAN 0 to HW filter on device bond9 [ 277.807639][T12618] bond9: (slave veth17): Enslaving as an active interface with a down link [ 277.812760][T12618] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2271'. [ 278.187731][T12643] loop3: detected capacity change from 0 to 128 [ 279.095060][T12657] 9pnet_fd: Insufficient options for proto=fd [ 279.103192][T12658] netlink: 'syz.2.2288': attribute type 1 has an invalid length. [ 279.133072][T12658] 8021q: adding VLAN 0 to HW filter on device bond11 [ 279.177995][T12658] bond11: (slave veth9): Enslaving as an active interface with a down link [ 279.205266][T12658] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2288'. [ 279.339561][T12675] Timeout policy `syz0' can only be used by L3 protocol number 33011 [ 279.362376][T12678] loop4: detected capacity change from 0 to 128 [ 279.383119][ T31] kauditd_printk_skb: 71 callbacks suppressed [ 279.383183][ T31] audit: type=1107 audit(279.000:1309): pid=12677 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 279.408923][T12678] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 279.509688][T12691] netlink: 'syz.1.2301': attribute type 4 has an invalid length. [ 279.537430][ T6499] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 279.570524][T12697] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2304'. [ 279.682443][T12707] loop4: detected capacity change from 0 to 128 [ 279.854278][T12716] warn_alloc: 3 callbacks suppressed [ 279.854348][T12716] syz.0.2312: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 279.854484][T12716] CPU: 1 UID: 0 PID: 12716 Comm: syz.0.2312 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 279.854501][T12716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 279.854509][T12716] Call trace: [ 279.854513][T12716] show_stack+0x2c/0x3c (C) [ 279.854531][T12716] __dump_stack+0x30/0x40 [ 279.854543][T12716] dump_stack_lvl+0xd8/0x12c [ 279.854554][T12716] dump_stack+0x1c/0x28 [ 279.854564][T12716] warn_alloc+0x1f8/0x30c [ 279.854577][T12716] __vmalloc_node_range_noprof+0x114/0xfbc [ 279.854591][T12716] vmalloc_user_noprof+0xf0/0x14c [ 279.854604][T12716] xskq_create+0xbc/0x168 [ 279.854619][T12716] xsk_init_queue+0xb0/0x118 [ 279.854633][T12716] xsk_setsockopt+0x39c/0x540 [ 279.854645][T12716] do_sock_setsockopt+0x1ec/0x328 [ 279.854662][T12716] __arm64_sys_setsockopt+0x170/0x1e0 [ 279.854677][T12716] invoke_syscall+0x98/0x2b8 [ 279.854689][T12716] el0_svc_common+0x130/0x23c [ 279.854700][T12716] do_el0_svc+0x48/0x58 [ 279.854710][T12716] el0_svc+0x58/0x17c [ 279.854725][T12716] el0t_64_sync_handler+0x78/0x108 [ 279.854740][T12716] el0t_64_sync+0x198/0x19c [ 279.854864][T12716] Mem-Info: [ 279.854897][T12716] active_anon:24 inactive_anon:6045 isolated_anon:0 [ 279.854897][T12716] active_file:3185 inactive_file:13375 isolated_file:0 [ 279.854897][T12716] unevictable:768 dirty:164 writeback:1 [ 279.854897][T12716] slab_reclaimable:10621 slab_unreclaimable:98329 [ 279.854897][T12716] mapped:30689 shmem:2378 pagetables:766 [ 279.854897][T12716] sec_pagetables:0 bounce:0 [ 279.854897][T12716] kernel_misc_reclaimable:0 [ 279.854897][T12716] free:1433434 free_pcp:638 free_cma:7360 [ 279.854951][T12716] Node 0 active_anon:96kB inactive_anon:24180kB active_file:12740kB inactive_file:53500kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:122756kB dirty:656kB writeback:4kB shmem:9512kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10856kB pagetables:3064kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 279.855008][T12716] Node 0 DMA free:3076864kB boost:0kB min:20840kB low:26048kB high:31256kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145728kB managed:3080192kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:29440kB [ 279.855073][T12716] lowmem_reserve[]: 0 0 3498 3498 3498 [ 279.855180][T12716] Node 0 Normal free:2656872kB boost:0kB min:24212kB low:30264kB high:36316kB reserved_highatomic:0KB active_anon:96kB inactive_anon:24180kB active_file:12740kB inactive_file:53500kB unevictable:3072kB writepending:660kB present:5242880kB managed:3582812kB mlocked:0kB bounce:0kB free_pcp:2544kB local_pcp:1984kB free_cma:0kB [ 279.855244][T12716] lowmem_reserve[]: 0 0 0 0 0 [ 279.855350][T12716] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 1*256kB (C) 1*512kB (C) 0*1024kB 0*2048kB 751*4096kB (MC) = 3076864kB [ 279.855630][T12716] Node 0 Normal: 4*4kB (UE) 664*8kB (UE) 1441*16kB (UME) 608*32kB (UME) 998*64kB (UME) 561*128kB (UME) 381*256kB (UM) 258*512kB (UME) 129*1024kB (UME) 11*2048kB (UM) 510*4096kB (UM) = 2656736kB [ 279.856031][T12716] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 279.856061][T12716] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=32768kB [ 279.856088][T12716] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 279.856117][T12716] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=64kB [ 279.856144][T12716] 18901 total pagecache pages [ 279.856167][T12716] 0 pages in swap cache [ 279.856190][T12716] Free swap = 124996kB [ 279.856212][T12716] Total swap = 124996kB [ 279.856235][T12716] 2097152 pages RAM [ 279.856257][T12716] 0 pages HighMem/MovableOnly [ 279.856280][T12716] 431401 pages reserved [ 279.856302][T12716] 8192 pages cma reserved [ 279.856325][T12716] 0 pages hwpoisoned [ 279.969516][T12724] netlink: 'syz.3.2316': attribute type 4 has an invalid length. [ 279.991467][T12716] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 280.229842][ T31] audit: type=1326 audit(279.850:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12742 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 280.229957][ T31] audit: type=1326 audit(279.850:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12742 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 280.235782][ T31] audit: type=1326 audit(279.860:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12742 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=101 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 280.236196][ T31] audit: type=1326 audit(279.860:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12742 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 280.236239][ T31] audit: type=1326 audit(279.860:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12742 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 280.297512][T12747] loop3: detected capacity change from 0 to 128 [ 280.309357][T12749] netlink: 'syz.1.2329': attribute type 4 has an invalid length. [ 280.332191][T12747] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 280.338914][T12752] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2327'. [ 280.431046][T12758] random: crng reseeded on system resumption [ 280.511693][ T6490] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 280.704146][ T31] audit: type=1326 audit(280.320:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12769 comm="syz.4.2338" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 280.711007][ T31] audit: type=1326 audit(280.330:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12769 comm="syz.4.2338" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 280.718986][ T31] audit: type=1326 audit(280.340:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12769 comm="syz.4.2338" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 280.733375][ T31] audit: type=1326 audit(280.350:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12769 comm="syz.4.2338" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8135a768 code=0x7ffc0000 [ 281.480427][T12782] loop4: detected capacity change from 0 to 128 [ 281.485589][T12782] EXT4-fs: Ignoring removed nobh option [ 281.502098][T12782] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 281.618467][ T6499] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 281.718052][T12801] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2351'. [ 281.737661][T12802] pim6reg: entered allmulticast mode [ 281.809969][T12802] pim6reg: left allmulticast mode [ 282.026430][T12813] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2356'. [ 282.055031][ T6496] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 282.895573][T12807] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 282.971530][T12834] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.064352][T12834] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.116116][T12844] loop4: detected capacity change from 0 to 512 [ 283.151176][T12852] netlink: 'syz.2.2369': attribute type 1 has an invalid length. [ 283.154430][T12852] netlink: 'syz.2.2369': attribute type 2 has an invalid length. [ 283.156938][T12852] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2369'. [ 283.167660][T12844] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 283.186130][T12834] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.350915][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 284.114700][T12859] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 284.229390][T12834] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.395427][T12834] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.411553][T12834] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.414181][ T31] kauditd_printk_skb: 20 callbacks suppressed [ 284.414252][ T31] audit: type=1326 audit(284.030:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12875 comm="syz.0.2380" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 284.414309][ T31] audit: type=1326 audit(284.030:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12875 comm="syz.0.2380" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 284.428635][ T31] audit: type=1326 audit(284.050:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12877 comm="syz.3.2382" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8575a768 code=0x7ffc0000 [ 284.435335][ T31] audit: type=1326 audit(284.050:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12875 comm="syz.0.2380" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 284.441133][ T31] audit: type=1326 audit(284.050:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12875 comm="syz.0.2380" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 284.447069][ T31] audit: type=1326 audit(284.060:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12875 comm="syz.0.2380" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 284.452958][ T31] audit: type=1326 audit(284.060:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12875 comm="syz.0.2380" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 284.459138][ T31] audit: type=1326 audit(284.060:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12875 comm="syz.0.2380" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 284.462696][T12834] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.467634][ T31] audit: type=1326 audit(284.060:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12875 comm="syz.0.2380" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 284.473772][ T31] audit: type=1326 audit(284.060:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12875 comm="syz.0.2380" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=192 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 284.485895][T12834] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.598677][T12885] loop3: detected capacity change from 0 to 512 [ 284.624256][T12885] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 284.670234][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 285.619946][T12899] syz.2.2390: attempt to access beyond end of device [ 285.619946][T12899] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 285.775086][T12903] sch_tbf: burst 3298 is lower than device lo mtu (11337746) ! [ 286.125225][ T6496] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 287.057872][T12910] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 287.332463][T12958] netlink: 'syz.1.2417': attribute type 1 has an invalid length. [ 287.375235][T12958] 8021q: adding VLAN 0 to HW filter on device bond11 [ 288.033720][T12958] bond11: (slave veth17): Enslaving as an active interface with a down link [ 288.049710][T12958] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2417'. [ 288.119907][T12969] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2420'. [ 288.304588][T12977] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 288.318201][T12987] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2427'. [ 288.327221][T12986] loop4: detected capacity change from 0 to 1024 [ 288.354299][T12986] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 288.377336][T12986] EXT4-fs error (device loop4): ext4_map_blocks:709: inode #15: block 3: comm syz.4.2428: lblock 3 mapped to illegal pblock 3 (length 13) [ 288.395079][T12986] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 288.395145][T12986] EXT4-fs (loop4): This should not happen!! Data will be lost [ 288.395145][T12986] [ 288.416232][T12986] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2428: lblock 3 mapped to illegal pblock 3 (length 1) [ 288.417126][T12986] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2428: lblock 3 mapped to illegal pblock 3 (length 1) [ 288.425151][T12986] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2428: lblock 3 mapped to illegal pblock 3 (length 1) [ 288.428142][T12986] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2428: lblock 3 mapped to illegal pblock 3 (length 1) [ 288.428501][T12986] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2428: lblock 3 mapped to illegal pblock 3 (length 1) [ 288.428798][T12986] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2428: lblock 3 mapped to illegal pblock 3 (length 1) [ 288.429127][T12986] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2428: lblock 3 mapped to illegal pblock 3 (length 1) [ 288.429544][T12986] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2428: lblock 3 mapped to illegal pblock 3 (length 1) [ 288.429850][T12986] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2428: lblock 3 mapped to illegal pblock 3 (length 1) [ 288.610917][T13002] netlink: 'syz.3.2432': attribute type 1 has an invalid length. [ 288.699862][T13002] 8021q: adding VLAN 0 to HW filter on device bond18 [ 288.718122][T13005] bond18: (slave veth23): Enslaving as an active interface with a down link [ 289.401821][T13002] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2432'. [ 289.425482][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.473683][T13011] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2435'. [ 289.493260][T13011] hsr_slave_0: left promiscuous mode [ 289.498633][T13011] hsr_slave_1: left promiscuous mode [ 289.551779][T13016] netlink: 'syz.4.2434': attribute type 4 has an invalid length. [ 289.581108][T13013] netlink: 'syz.4.2434': attribute type 4 has an invalid length. [ 289.704803][ T31] kauditd_printk_skb: 17 callbacks suppressed [ 289.704867][ T31] audit: type=1326 audit(289.320:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13022 comm="syz.0.2439" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 289.704927][ T31] audit: type=1326 audit(289.320:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13022 comm="syz.0.2439" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 289.704973][ T31] audit: type=1326 audit(289.320:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13022 comm="syz.0.2439" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=194 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 289.705018][ T31] audit: type=1326 audit(289.320:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13022 comm="syz.0.2439" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 289.705062][ T31] audit: type=1326 audit(289.320:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13022 comm="syz.0.2439" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaa15a768 code=0x7ffc0000 [ 289.770343][T13027] ip6gre1: entered promiscuous mode [ 289.771887][T13027] ip6gre1: entered allmulticast mode [ 289.859111][T13031] bridge_slave_0: left allmulticast mode [ 289.861619][T13031] bridge_slave_0: left promiscuous mode [ 289.863429][T13031] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.883964][T13031] bridge_slave_1: left allmulticast mode [ 289.890409][T13031] bridge_slave_1: left promiscuous mode [ 289.892714][T13031] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.909309][T13031] bond1: (slave veth0_to_bond): Releasing active interface [ 289.982687][T13038] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2443'. [ 289.987503][T13031] $Hÿ: (slave bond_slave_0): Releasing backup interface [ 290.019506][T13031] bond_slave_0: left promiscuous mode [ 290.023121][T13031] $Hÿ: (slave bond_slave_1): Releasing backup interface [ 290.064744][T13031] bond_slave_1: left promiscuous mode [ 290.384983][ T6496] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 290.723230][T13029] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 290.756759][T13043] loop3: detected capacity change from 0 to 1024 [ 290.785961][T13031] team0: Port device team_slave_1 removed [ 290.786558][T13031] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.786656][T13031] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 290.794386][T13043] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 290.795870][T13031] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.795958][T13031] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 290.819481][T13043] EXT4-fs error (device loop3): ext4_map_blocks:709: inode #15: block 3: comm syz.3.2445: lblock 3 mapped to illegal pblock 3 (length 13) [ 290.827163][T13043] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 290.827222][T13043] EXT4-fs (loop3): This should not happen!! Data will be lost [ 290.827222][T13043] [ 290.834034][T13031] team0: Port device batadv1 removed [ 290.840725][T13043] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2445: lblock 3 mapped to illegal pblock 3 (length 1) [ 290.841304][T13043] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2445: lblock 3 mapped to illegal pblock 3 (length 1) [ 290.841617][T13043] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2445: lblock 3 mapped to illegal pblock 3 (length 1) [ 290.841926][T13043] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2445: lblock 3 mapped to illegal pblock 3 (length 1) [ 290.842221][T13043] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2445: lblock 3 mapped to illegal pblock 3 (length 1) [ 290.842507][T13043] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2445: lblock 3 mapped to illegal pblock 3 (length 1) [ 290.842791][T13043] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2445: lblock 3 mapped to illegal pblock 3 (length 1) [ 290.843098][T13043] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2445: lblock 3 mapped to illegal pblock 3 (length 1) [ 290.843384][T13043] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #15: block 3: comm syz.3.2445: lblock 3 mapped to illegal pblock 3 (length 1) [ 290.876616][T13031] bond5: (slave veth3): Releasing active interface [ 290.911785][T13031] bond7: (slave veth5): Releasing active interface [ 290.948713][T13031] bond8: (slave veth1): Releasing active interface [ 290.992244][T13031] bond9: (slave veth7): Releasing active interface [ 290.992494][T13031] bond9: (slave veth7): the permanent HWaddr of slave - 56:1d:e0:74:70:ab - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 291.038653][T13031] bond9: (slave vlan2): Releasing active interface [ 291.069620][T13031] bond10: (slave gretap1): Releasing active interface [ 291.069684][T13031] gretap1: left allmulticast mode [ 291.110967][T13031] bond11: (slave veth9): Releasing active interface [ 291.200115][T13036] team0: Mode changed to "loadbalance" [ 291.599423][ T6490] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.999489][T13047] dvmrp1: entered allmulticast mode [ 292.001313][T13048] dvmrp1: left allmulticast mode [ 292.109569][T13055] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.109835][T13055] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.117137][T13055] team0: Device batadv1 failed to change mtu [ 292.257296][T13064] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2452'. [ 292.567899][ T31] audit: type=1326 audit(292.190:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13073 comm="syz.1.2457" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 292.568009][ T31] audit: type=1326 audit(292.190:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13073 comm="syz.1.2457" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 292.581060][ T31] audit: type=1326 audit(292.200:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13073 comm="syz.1.2457" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 292.581119][ T31] audit: type=1326 audit(292.200:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13073 comm="syz.1.2457" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 292.581251][ T31] audit: type=1326 audit(292.200:1375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13073 comm="syz.1.2457" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff82d5a768 code=0x7ffc0000 [ 292.609783][T13077] loop4: detected capacity change from 0 to 1024 [ 293.298918][T13077] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 293.337087][T13077] EXT4-fs error (device loop4): ext4_map_blocks:709: inode #15: block 3: comm syz.4.2458: lblock 3 mapped to illegal pblock 3 (length 13) [ 293.344289][T13077] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 293.344366][T13077] EXT4-fs (loop4): This should not happen!! Data will be lost [ 293.344366][T13077] [ 293.369783][T13077] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2458: lblock 3 mapped to illegal pblock 3 (length 1) [ 293.375432][T13077] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2458: lblock 3 mapped to illegal pblock 3 (length 1) [ 293.375997][T13077] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2458: lblock 3 mapped to illegal pblock 3 (length 1) [ 293.376325][T13077] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2458: lblock 3 mapped to illegal pblock 3 (length 1) [ 293.376670][T13077] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2458: lblock 3 mapped to illegal pblock 3 (length 1) [ 293.377003][T13077] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2458: lblock 3 mapped to illegal pblock 3 (length 1) [ 293.377302][T13077] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2458: lblock 3 mapped to illegal pblock 3 (length 1) [ 293.377596][T13077] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2458: lblock 3 mapped to illegal pblock 3 (length 1) [ 293.377896][T13077] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #15: block 3: comm syz.4.2458: lblock 3 mapped to illegal pblock 3 (length 1) [ 293.425740][T13091] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2463'. [ 293.695856][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.716403][T13111] netlink: 'syz.1.2472': attribute type 1 has an invalid length. [ 293.790808][T13118] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2476'. [ 293.847609][T13119] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2475'. [ 293.867620][T13119] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2475'. [ 293.870104][T13119] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2475'. [ 294.685721][T13135] dummy0: entered promiscuous mode [ 294.694094][T13135] loop4: detected capacity change from 0 to 512 [ 294.706363][T13135] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 294.734931][T13135] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 294.747023][T13135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2480'. [ 294.806169][T13135] ** replaying previous printk message ** [ 294.806169][T13135] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578 [ 294.806235][T13135] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 13135, name: syz.4.2480 [ 294.806260][T13135] preempt_count: 0, expected: 0 [ 294.806279][T13135] RCU nest depth: 1, expected: 0 [ 294.806299][T13135] 2 locks held by syz.4.2480/13135: [ 294.806319][T13135] #0: ffff80009248e928 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dellink+0x27c/0x640 [ 294.806403][T13135] #1: ffff80008f508920 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x10/0x4c [ 294.806480][T13135] CPU: 1 UID: 0 PID: 13135 Comm: syz.4.2480 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 294.806494][T13135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 294.806501][T13135] Call trace: [ 294.806505][T13135] show_stack+0x2c/0x3c (C) [ 294.806519][T13135] __dump_stack+0x30/0x40 [ 294.806531][T13135] dump_stack_lvl+0xd8/0x12c [ 294.806541][T13135] dump_stack+0x1c/0x28 [ 294.806551][T13135] __might_resched+0x348/0x4c4 [ 294.806567][T13135] __might_sleep+0x94/0x110 [ 294.806581][T13135] __mutex_lock_common+0x10c/0x2190 [ 294.806596][T13135] mutex_lock_nested+0x2c/0x38 [ 294.806609][T13135] dev_set_promiscuity+0xf0/0x1fc [ 294.806622][T13135] packet_notifier+0x248/0x918 [ 294.806633][T13135] notifier_call_chain+0x1b8/0x4e4 [ 294.806645][T13135] raw_notifier_call_chain+0x3c/0x50 [ 294.806656][T13135] unregister_netdevice_many_notify+0x125c/0x1fbc [ 294.806669][T13135] rtnl_dellink+0x394/0x640 [ 294.806681][T13135] rtnetlink_rcv_msg+0x664/0x97c [ 294.806693][T13135] netlink_rcv_skb+0x230/0x414 [ 294.806706][T13135] rtnetlink_rcv+0x28/0x38 [ 294.806718][T13135] netlink_unicast+0x60c/0x824 [ 294.806729][T13135] netlink_sendmsg+0x648/0x930 [ 294.806741][T13135] ____sys_sendmsg+0x490/0x7b8 [ 294.806756][T13135] ___sys_sendmsg+0x204/0x278 [ 294.806770][T13135] __arm64_sys_sendmsg+0x184/0x238 [ 294.806785][T13135] invoke_syscall+0x98/0x2b8 [ 294.806797][T13135] el0_svc_common+0x130/0x23c [ 294.806808][T13135] do_el0_svc+0x48/0x58 [ 294.806819][T13135] el0_svc+0x58/0x17c [ 294.806833][T13135] el0t_64_sync_handler+0x78/0x108 [ 294.806852][T13135] el0t_64_sync+0x198/0x19c [ 294.806867][T13135] [ 294.864680][T13135] ============================= [ 294.865959][T13135] [ BUG: Invalid wait context ] [ 294.867236][T13135] 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 Tainted: G W [ 294.869365][T13135] ----------------------------- [ 294.870654][T13135] syz.4.2480/13135 is trying to lock: [ 294.872044][T13135] ffff0000cd706d38 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: dev_set_promiscuity+0xf0/0x1fc [ 294.874881][T13135] other info that might help us debug this: [ 294.876466][T13135] context-{5:5} [ 294.877405][T13135] 2 locks held by syz.4.2480/13135: [ 294.878760][T13135] #0: ffff80009248e928 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dellink+0x27c/0x640 [ 294.881161][T13135] #1: ffff80008f508920 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x10/0x4c [ 294.883587][T13135] stack backtrace: [ 294.884597][T13135] CPU: 1 UID: 0 PID: 13135 Comm: syz.4.2480 Tainted: G W 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT [ 294.887881][T13135] Tainted: [W]=WARN [ 294.888864][T13135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 294.891516][T13135] Call trace: [ 294.892374][T13135] show_stack+0x2c/0x3c (C) [ 294.893532][T13135] __dump_stack+0x30/0x40 [ 294.894684][T13135] dump_stack_lvl+0xd8/0x12c [ 294.895861][T13135] dump_stack+0x1c/0x28 [ 294.896949][T13135] __lock_acquire+0xaa0/0x3058 [ 294.898165][T13135] lock_acquire+0x14c/0x2e0 [ 294.899346][T13135] __mutex_lock_common+0x1d0/0x2190 [ 294.900669][T13135] mutex_lock_nested+0x2c/0x38 [ 294.901936][T13135] dev_set_promiscuity+0xf0/0x1fc [ 294.903277][T13135] packet_notifier+0x248/0x918 [ 294.904563][T13135] notifier_call_chain+0x1b8/0x4e4 [ 294.905858][T13135] raw_notifier_call_chain+0x3c/0x50 [ 294.907258][T13135] unregister_netdevice_many_notify+0x125c/0x1fbc [ 294.908956][T13135] rtnl_dellink+0x394/0x640 [ 294.910126][T13135] rtnetlink_rcv_msg+0x664/0x97c [ 294.911409][T13135] netlink_rcv_skb+0x230/0x414 [ 294.912680][T13135] rtnetlink_rcv+0x28/0x38 [ 294.913809][T13135] netlink_unicast+0x60c/0x824 [ 294.915048][T13135] netlink_sendmsg+0x648/0x930 [ 294.916278][T13135] ____sys_sendmsg+0x490/0x7b8 [ 294.917517][T13135] ___sys_sendmsg+0x204/0x278 [ 294.918712][T13135] __arm64_sys_sendmsg+0x184/0x238 [ 294.920059][T13135] invoke_syscall+0x98/0x2b8 [ 294.921262][T13135] el0_svc_common+0x130/0x23c [ 294.922478][T13135] do_el0_svc+0x48/0x58 [ 294.923581][T13135] el0_svc+0x58/0x17c [ 294.924632][T13135] el0t_64_sync_handler+0x78/0x108 [ 294.926001][T13135] el0t_64_sync+0x198/0x19c [ 294.937353][T13135] dummy0 (unregistering): left promiscuous mode [ 295.001527][ T6499] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.