last executing test programs: 4m57.497430837s ago: executing program 3 (id=864): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'macvtap0\x00', 0x0}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000800)=@newsa={0x148, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@local, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {}, {}, {}, 0x0, 0x3502, 0x2}, [@offload={0xc, 0x1c, {r1}}, @algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x148}}, 0x0) 4m57.121466403s ago: executing program 3 (id=868): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'prefer', '=static', @val={0x3a, [0x30]}}}}]}) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x515002, 0xc6) 4m57.021371124s ago: executing program 3 (id=870): r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2000) read(r1, &(0x7f0000000200)=""/198, 0xc6) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x61680, 0x20, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000740)={0xfffffffb, 0x2, 0x1, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000400)={0x0, 0x1f000000}) tkill(r0, 0x7) 4m56.712834149s ago: executing program 3 (id=875): syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x880, &(0x7f00000001c0)=ANY=[@ANYBLOB='shortname=lower,iocharset=iso8859-1,fmask=00000000000000000000066,uni_xlate=1,uni_xlate=0,fmask=00000000000000000000003,uid=', @ANYRESHEX=0x0, @ANYBLOB=',uni_xlate=0,utf8=1,check=strict,nonumtail=0,rodir,errors=continue,shortname=lower,umaQk=00000000000000000000007,rodir,sys_immutable,\x00'], 0x4, 0x2dc, &(0x7f0000000bc0)="$eJzs3c1uG1UfBvBnEsf221fCXrBCSIwEC1ZV0ytwhFIJkRVVFsACIppKKI6QWikSH8Ltii0bFiy4AiQkLoQNd8AFILGjlSoNmvE4toubj6pu+fj9Nj45c54z/zMZJ5NFjj969fjoVpnb97/8Nf1+kY1RRnlQZJiNzNzLktE3AQD+yR5UVX6vplYdL+6tzhVJ+muuDQBYj/N+/7deOm391L52114aALAmN997/52dvb3dd8uynxvHX5/s13/Z16/T4zu380nGOcy1DPIoaR4UttI8LdTNG1VVTTrlw7Ish3njeHKyXyePP/y5nX/nt6TJb2eQYdN1+rTR5N/e290upxbyk7qOK+35R3X+egZ5+TS8lL++Ip/9bt58faH+qxnkl4/zaca51RQxzfeyt/vVdlm+VX37xxcf1OXV+WJyst9rxs1Vm8/5WwMAAAAAAAAAAAAAAAAAAAAAwL/Y1XbvnF6a/Xvqrnb/nc1H9RdbKWeGy/vzTPPFbKLF/YGqqppU+X62P8+1siyrduA838krnXRezKoBAAAAAAAAAAAAAAAAAADg7+XuZ58fHYzHh3eeSaPYmM7aSfLwZvK084wWel7L8phRstTTa1dyMB63Z8/4cLgwYafpaePZnI0pkjPLqBfxjC7LeY3/LVa42Pjhx8tO2D9/zNbqcz1V48rqazi7u44OitXXsJdZT7+9Sb7rJvMx3VywjO6TDlW5zO3XXVFhMrhIfLbW6Tz/bw5NzkileHJhm6fvy7aneHwV3eaqroxvtY089gaZ3xsXup/Tn8b/+rOisFsHAAAAAAAAAAAAAAAAAACs1fy/f1ccvH9mdKPqra0sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiu5p//f4nGpA1fYHA3d+6+4CUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwH/BnAAAA//+lXFN6") mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) 4m56.525309462s ago: executing program 3 (id=877): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1108}, 0x0) 4m56.053314839s ago: executing program 3 (id=885): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000940)=@newtfilter={0x180, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x150, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x0, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x0, 0x2, 0x49}]}]}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x10c, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x3c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x3000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xc00}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xff}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5ac}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x2c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xfffffffffffffdac, 0x1, 0x86}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x19d}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xe7}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x11a8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x81}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xb5}]}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}]}}]}, 0x180}, 0x1, 0x0, 0x0, 0x80}, 0x800) 4m55.473046437s ago: executing program 32 (id=885): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000940)=@newtfilter={0x180, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x150, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x0, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x0, 0x2, 0x49}]}]}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x10c, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x3c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x3000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xc00}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xff}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5ac}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x2c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xfffffffffffffdac, 0x1, 0x86}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x19d}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xe7}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x11a8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x81}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xb5}]}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}]}}]}, 0x180}, 0x1, 0x0, 0x0, 0x80}, 0x800) 5.289707911s ago: executing program 4 (id=3135): ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaa270005d7"], 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) 4.199789318s ago: executing program 4 (id=3137): sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x4000080) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4f0, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}, @common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x550) 2.455491864s ago: executing program 1 (id=3150): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) readv(r1, &(0x7f0000000000)=[{&(0x7f0000001200)=""/150, 0x96}], 0x1) ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9, 0x0, "000080f100df000000a7d9de16c708db7200"}) r2 = syz_open_pts(r1, 0x42) r3 = dup3(r2, r1, 0x0) write$UHID_INPUT(r3, &(0x7f00000001c0)={0xd, {"08c39ee52f329f1698b1c4865f8b0a0a5eee9f496a0809c3d21c25867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76013256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c602945509167be440382a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d04e729ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e715329917fb70728a4a0530999b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0x1000}}, 0xffffff5c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x90, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x60, 0x2, [@TCA_FLOWER_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffff8, 0xfff, 0x0, 0x5, 0xb}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}, @TCA_FLOWER_FLAGS={0x8, 0x16, 0x12}]}}]}, 0x90}}, 0x24000000) syz_open_dev$tty1(0xc, 0x4, 0x2) 2.405145724s ago: executing program 4 (id=3151): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x3c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x13) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x4, 0x0) r2 = syz_pidfd_open(r1, 0x0) pidfd_send_signal(r2, 0x2, 0x0, 0x0) 2.273698586s ago: executing program 0 (id=3153): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000400)={0x0, {{0xa, 0x0, 0x2, @mcast1={0xff, 0x7}}}, {{0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x400, @mcast1={0xff, 0x7}}}, {{0xa, 0xffff, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) 2.205139807s ago: executing program 0 (id=3155): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x1e, r2, 0xfffffffffffffffe, r2, 0x0) 2.141301828s ago: executing program 4 (id=3156): bind$netlink(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2d, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='tcp_cong_state_set\x00', r0}, 0x18) r1 = socket$kcm(0x2, 0x1, 0x106) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x3, 0x0}, 0x30004001) 2.114827438s ago: executing program 1 (id=3158): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000001ec0), 0xffffffffffffffff) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='kfree\x00', r2}, 0x18) request_key(&(0x7f0000001640)='ceph\x00', &(0x7f0000001680)={'syz', 0x2}, &(0x7f00000016c0)=']\'.\x00', 0xfffffffffffffffc) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00', 0x0}) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r6 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) r8 = socket(0x11, 0x3, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r8, &(0x7f0000000180)={0x11, 0x3, r10, 0x1, 0x0, 0x6, @dev}, 0x14) bind$packet(r8, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x9, 0x6, @dev}, 0x14) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r5}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xc}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x1fc, 0x0, 0xfffffc80, 0x0, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, 0x3f, 0x0, 0x0, 0x2, 0xffffffff, 0x2, 0xc00, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4000, 0x0, 0x0, 0xfffffffe, 0x6, 0x0, 0x0, 0x272, 0xb, 0xfffffffd, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x0, 0x80007, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0x0, 0x1, 0x3, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff8000, 0x0, 0xffffffff, 0x1, 0x0, 0x9, 0x0, 0x0, 0x4, 0x6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x40000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5, 0x0, 0x2000000, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb6, 0x0, 0x1, 0x0, 0x7, 0x0, 0x0, 0xffffffff, 0xffff, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xd79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x7, 0x100, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xff, 0x2, 0x0, 0x0, 0x19, 0x40000000}, 0x0, 0x7f}}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r11 = syz_open_dev$tty1(0xc, 0x4, 0x2) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r12, 0x0, 0xfffffffffffffffd}, 0x18) r13 = socket$inet6_tcp(0xa, 0x1, 0x0) flistxattr(r13, 0x0, 0x0) ioctl$TIOCL_SETSEL(r11, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x3bf, 0x4, 0x14a}}) ioctl$TCSETS2(r11, 0x402c542b, &(0x7f0000000080)={0xfffe7527, 0x10000, 0xefc9, 0xfffffffd, 0x7, "20ab9809006ea4a7446c180000cd681ec267a0", 0x6, 0x6}) ioctl$TIOCL_PASTESEL(r11, 0x541c, &(0x7f0000000000)) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r1, 0x1, 0x70bd25, 0x4, {{}, {}, {0x14, 0x19, {0x80000000, 0x4000001, 0x1, 0x5}}}}, 0x30}, 0x1, 0x0, 0x0, 0x20040803}, 0x20000040) 2.033762349s ago: executing program 4 (id=3159): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r1, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f00000000c0), 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r1, &(0x7f00000001c0)="45f09df92fe89d22", 0x8, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) 2.033396129s ago: executing program 0 (id=3160): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r2}, 0x0, &(0x7f0000000580)=r3}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r2, &(0x7f0000000780)}, 0x20) 1.758106194s ago: executing program 4 (id=3161): sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x4000080) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4f0, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}, @common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x550) 1.640230746s ago: executing program 0 (id=3163): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000400)={0x0, {{0xa, 0x0, 0x2, @mcast1={0xff, 0x7}}}, {{0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x400, @mcast1={0xff, 0x7}}}, {{0xa, 0xffff, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) 1.302563931s ago: executing program 2 (id=3165): r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00') r1 = socket(0x18, 0x4, 0x0) connect$pppoe(r1, &(0x7f0000000100)={0x18, 0x0, {0x2, @broadcast, 'vxcan1\x00'}}, 0x1e) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000003c0)='kmem_cache_free\x00', r2}, 0x18) sendfile(r1, r0, 0x0, 0x8) 1.282614151s ago: executing program 0 (id=3166): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) readv(r1, &(0x7f0000000000)=[{&(0x7f0000001200)=""/150, 0x96}], 0x1) ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x9, 0x0, "000080f100df000000a7d9de16c708db7200"}) r2 = syz_open_pts(r1, 0x42) r3 = dup3(r2, r1, 0x0) write$UHID_INPUT(r3, &(0x7f00000001c0)={0xd, {"08c39ee52f329f1698b1c4865f8b0a0a5eee9f496a0809c3d21c25867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76013256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c602945509167be440382a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d04e729ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e715329917fb70728a4a0530999b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0x1000}}, 0xffffff5c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x90, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x60, 0x2, [@TCA_FLOWER_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffff8, 0xfff, 0x0, 0x5, 0xb}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}, @TCA_FLOWER_FLAGS={0x8, 0x16, 0x12}]}}]}, 0x90}}, 0x24000000) syz_open_dev$tty1(0xc, 0x4, 0x2) 1.037610215s ago: executing program 2 (id=3167): bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000700)="8d050f09", 0x4}], 0x1}, 0x0) sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvmsg$unix(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)=""/229, 0xec1}], 0x12}, 0x0) 1.008388075s ago: executing program 0 (id=3168): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet_icmp(0x2, 0x2, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r0}, 0x18) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000040)="89faf48f4a084c876525f924451bdffd04f00f961ab575133220c25b88e91893355776fba1942f5cf6c1abd85bea6b47df79d8a354c995838541ee00a021e4c53f8677c2cc1bbc9b5ac6a767013ca1decc90579f079bdd501d4e02cd3fc6b5c0027285883825f39920ef3b2338de2b5f1cd3406eff57608ea1c18b729734cacb824d6ac33bc89003d54f5aff9b2afbcb93ba3c", 0x93}, {&(0x7f0000000200)="d18cc55bb6c3636d3d2343270c7cb4124c973342401905388870503197a06f883698c8cf35e9d03893f80fded5e3369eaea7f289bcccbd6f91d7ce3b1eba257f4c1283422d43857c5925c03459a8b9240748e192b2677efa9c58abd0f61f89a64b22718a71605bd6c6fc9df31261fc55c253ee1781a027f2db8af1bc948be29b7abb567eebd1b2f1e245ecccff99adc3602cfdbb64e12af630c0ddcecded73484314580ed43bf0c52631930c88a038aa2ee80bc1eea00c7208510e2d6b2f6bdf9c01bc0b28e0d946d5", 0xc9}], 0x2) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, 0x0, &(0x7f0000000200)}, 0x20) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x2004000, &(0x7f0000000040)={[{@errors_remount}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@usrjquota}]}, 0xfe, 0x563, &(0x7f00000007c0)="$eJzs3c9rHFUcAPDvbHbbpK02BSnoQQI9WKndtIk/KnioR9FiQe91SaahZNMt2U1pYsH2oBcvUgQRC+If4N1j8R/wryhooUgJevASmWQ22Ta7m1/bZHU/H5j2vZnZefPmzXv5vp1dNoCBNZb9U4h4OSK+SSKOt2wrRr5xbG2/5Se3p7IliZWVT/5MIsnXNfdP8v+PNjPFiF+/jDhT2FxufXFptlKtpvN5frwxd2O8vrh09tpcZSadSa9PTE5eeGty4t133u5ZXV+//Pf3Hz/44MLXp5a/+/nRiXtJXIxj+bbWeuzBndbMWIzl16QUF5/Z8XwPCusnyUGfALsylPfzUmRjwPEYyns98P/3RUSsAANpJBL9HwZUMw5ozu035sHDBxiV7J/H769NgDbXv7j23kgMr86NjiwnT82MsvnuaA/Kz8r45Y/797Ilevc+BMCW7tyNiHPF4ubxL8nHv907t419ni3D+Af750EW/7zRLv4prMc/0Sb+Odqm7+7G1v2/8KgHxXSUxX/vtY1/1x9ajQ7luRciRkajlFy9Vk2zse3FiDgdpcNZvtvznAvLD1c6bWuN/7IlK78ZC+bn8ah4+OnXTFcalb3UudXjuxGvtI1/k/X2T9q0f3Y9Lm+zjJPp/Vc7bdu6/s/Xyk8Rr7Vt/40nWkn355Pjq/fDePOu2Oyvr07+1qn8g65/1v5Hutd/NGl9XlvfeRk/Dv+Tdtq22/v/UPLpavpQvu5WpdGYPx9xKPlo8/qJjdc28839s/qfPtV9/Gt3/49ExGfbrH+3mXQ/tP/0jtp/54mHH37+Q6fy8/qXomv7v7maOp2v2c74t90T3Mu1AwAAAAAAgH5TiIhjkRTK6+lCoVxe+3zHS3GkUK3VG2eu1hauT8fqd2VHo1RoPuk+vpZPmp9/GG3JTzyTn4yIExHx7dDIar48VatOH3TlAQAAAAAAAAAAAAAAAAAAoE8c7fD9/8zvQwd9dsBz5ye/YXBt2f978UtPQF/a7d//+R6fB7D/xP8wuPR/GFz6Pwwu/R8Gl/4Pg0v/h8Gl/wMAAAAAAAAAAAAAAAAAAAAAAAAAAEBPXb50KVtWlp/cnsry0zcXF2ZrN89Op/XZ8tzCVHmqNn+jPFOrzVTT8lRtbqvjVWu1G+cnYuHWeCOtN8bri0tX5moL1xtXrs1VZtIraWlfagUAAAAAAAAAAAAAAAAAAAD/LfXFpdlKtZrOS/RzYvg5HfnO3o9T7IfrI7HjRBLd9znokQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvwbAAD//+f9MzI=") r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000500)='kfree\x00') r5 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF2(r5, 0x402c542d, &(0x7f0000000400)={0x400, 0x7b7, 0x6, 0xfbff, 0xfe, "42e23ae179d88f00000000000000000400", 0x0, 0xd}) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000140)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x2, 0x3, 0x4, {0xa, 0x4e24, 0x4, @remote, 0x1}}}, 0x32) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000100)=0x4) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000480)=0x9) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCOUTQ(r7, 0x5411, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="4400000002060500f10de2cd44057eeb000000000c000300686173683a69700005000400000000000900020073797a310000000005000500020000000500010006"], 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140e00000020c00028008000140e00040015c66078b2153e480d5965e119009b56fd9239200a880cd2539ba1c13427ad3441e50d2cc0544367b7049cee0a02de95324bde8ad0a678784a5f0eddd40cff11a628a6d79bdb51d5c8d02628fd5faaf03daf4f41d5c9963e9596bb26162"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) shutdown(r3, 0x1) 971.642745ms ago: executing program 1 (id=3169): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x1170, 0x1170, 0x1398, 0x0, 0x1170, 0x1398, 0x1398, 0x1398, 0x1398, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast2, 'netpci0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)) ptrace$getregset(0x4205, r0, 0x1, &(0x7f0000000080)={&(0x7f00000000c0)=""/120, 0x78}) 849.737787ms ago: executing program 2 (id=3170): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000400)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x3, 0x7, 0x7ffc1ffb}]}) msync(&(0x7f00009d7000/0x4000)=nil, 0x4000, 0x1) 779.815418ms ago: executing program 1 (id=3171): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r2}, 0x0, &(0x7f0000000580)=r3}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r2, &(0x7f0000000780)}, 0x20) 701.493649ms ago: executing program 2 (id=3172): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000480)={0x28, 0x0, 0x1ffffcb66, @local}, 0x10) 496.329402ms ago: executing program 2 (id=3173): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000540)='./bus\x00', 0x8800, &(0x7f0000000280)={[{@user_xattr}, {@sysvgroups}, {@i_version}]}, 0x1, 0x50c, &(0x7f0000001000)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLEaGVEHsEqRsSN4pix1HsLJvQQ3rmikQlTvTIH8C5Jw7cuCC4cSkHJH5EoAaJg9GMJ6mb2o3VJHYUfz7SaObNm/r7fXH8Xuc59gtgZF2PiP2ImIiITyNiNjufy7b4qL0l1z05uLdyeHBvJRet1if/zKX1ybno+DeJa9ljFiPihw8jfpJ7Pm5jd29juVqtbGfl+WZta76xu3drvba8VlmrbJbLS4tLCx/cfr98bm19qzaRHX318R/2v/WzJK2Z7ExnO85Tu+mF4ziJ8Yj4/kUEG4KxrD0Tw06El5KPiNcj4u309T8bY+mzCQBcZa3WbLRmO8sAwFWXT+fAcvlSNhcwE/l8qdSew3sjpvPVeqN58259Z3O1PVc2F4X83fVqZSGbK5yLQi4pL6bHT8vlE+XbEfFaRPxiciotl1bq1dVh/scHAEbYtRPj/38m2+M/AHDFFYedAAAwcD3G//1B5wEADI77fwAYPcZ/ABg97fF/athpAAAD5P4fAEaP8R8ARsoPPv442VqH2fdfr362u7NR/+zWaqWxUartrJRW6ttbpbV6fS39zp7aaY9Xrde3Ft+Lnc/nvr3VaM43dvfu1Oo7m8076fd636kU0qt8sgAAhum1tx79OZeMyB9OpVt0rOVQGGpmwEXLDzsBYGjGhp0AMDRW+4LRdYZ7fNMDcEV0WaL3GcVuHxBqtVqti0sJuGA3vmT+H0ZVx/y/vwKGEWP+H0aX+X8YXa1Wrt81/6PfCwGAy80cP9Dj/f/Xs/1vsjcHfrx68ooHF5kVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXG5H6/+WsrXAZyKfL5UiXomIuSjk7q5XKwsR8WpE/GmyMJmUF4ecMwBwVvm/5bL1v27MvjvzTNWb144PJyLip7/65JefLzeb23+MmMj9a/LofPNBdr48+OwBgNMdjdPpvuNG/snBvZWjbZD5/P27EVFsxz88mIjD4/jjMZ7ui1GIiOl/57JyW65j7uIs9u9HxBe7tT8XM+kcSHvl05Pxk9ivDDR+/pn4+bSuvU9+Fl84h1xg1DxK+p+Pur3+8nE93Xd//RfTHurssv4veaiVw7QPfBr/qP8b69H/Xe83xnu/+177aOr5uvsRXx6POIp92NH/HMXP9Yj/bp/x//KVN9/uVdf6dcSN6B6/M9Z8s7Y139jdu7VeW16rrFU2y+WlxaWFD26/X55P56jne48G//jw5qu96pL2T/eIXzyl/V/vs/0P//fpj772gvjffKdb/Hy88YL4yZj4jT7jL0//ttirLom/2qP9pz3/N/uM//ive88tGw4ADE9jd29juVqtbI/kQfR38e+zH9alyHmkD5Jn4RKk0fXgO4OKNRHdq37+TvvXdDKi8xe71XqpWL16jPOYdQMug+MXfUT8d9jJAAAAAAAAAAAAAAAAXQ3iE0vDbiMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABX1/8DAAD//9RMyv0=") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x20200, 0x0, 0xfe, 0x0, &(0x7f00000007c0)) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./bus/file0\x00') 235.275606ms ago: executing program 1 (id=3174): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x8, {{0xa, 0x0, 0x7, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast1, 0x2}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x400, @mcast1={0xff, 0x7}}}, {{0xa, 0xffff, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) 48.401299ms ago: executing program 1 (id=3175): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x4, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x11, 0x60}, [@exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = dup(0xffffffffffffffff) r2 = syz_io_uring_setup(0x3e, &(0x7f0000000640)={0x0, 0xaddc, 0x10100, 0x1, 0x203, 0x0, r1}, &(0x7f0000000380)=0x0, &(0x7f00000003c0)=0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r5, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x80002101}) io_uring_enter(r2, 0xd81, 0x0, 0x0, 0x0, 0x0) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x400e, &(0x7f0000000300)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@sysvgroups}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f0000001f00)=ANY=[], 0xe00f, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x242, 0x0) ioctl$TIOCMIWAIT(r7, 0x545c, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r6) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="b80000002800010004000000f8dbdf2507"], 0xb8}], 0x1, 0x0, 0x0, 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) semtimedop(0x0, 0x0, 0x0, 0x0) unshare(0x2c040000) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040800}, 0x0) getegid() 0s ago: executing program 2 (id=3176): syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') getpid() bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = epoll_create1(0x80000) r1 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl1\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x2f, 0x4, 0x9, 0x1, 0x30, @ipv4={'\x00', '\xff\xff', @remote}, @remote, 0x10, 0x7800, 0x7, 0x8}}) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f00000002c0)={0x21, 0x1, 0x7f, 0x3, @vifc_lcl_ifindex=r2, @rand_addr=0x64010102}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040)={0x3641cbda46fa34f0}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r0, &(0x7f0000000000)={0xa0000001}) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x19, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400", 0x2}], 0x1}, 0x40814) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x10100) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) pause() r5 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14) fcntl$setsig(r5, 0xa, 0x13) fcntl$setlease(r5, 0x400, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) truncate(&(0x7f0000000200)='./file0\x00', 0x1000000) kernel console output (not intermixed with test programs): d=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11797 comm="syz.2.2156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461eb8e929 code=0x7ffc0000 [ 343.771590][ T28] audit: type=1326 audit(1751982589.846:2870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11793 comm="syz.4.2154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 343.823628][T11802] netlink: 'syz.1.2157': attribute type 11 has an invalid length. [ 343.838059][T11804] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2158'. [ 344.001851][T11806] loop1: detected capacity change from 0 to 4096 [ 344.026339][T11806] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 344.085618][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 344.452514][T11818] loop4: detected capacity change from 0 to 512 [ 344.480036][T11818] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 344.517423][T11818] EXT4-fs error (device loop4): ext4_validate_block_bitmap:430: comm syz.4.2162: bg 0: block 5: invalid block bitmap [ 344.536702][T11818] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 344.547962][T11818] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.2162: invalid indirect mapped block 3 (level 2) [ 344.562400][T11818] EXT4-fs (loop4): 2 truncates cleaned up [ 344.569994][T11818] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 344.642008][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 344.747886][T11828] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2165'. [ 344.878685][T11832] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 345.208772][T11840] loop4: detected capacity change from 0 to 512 [ 345.271357][T11840] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 345.284565][T11840] ext4 filesystem being mounted at /314/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 345.417861][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 346.317920][T11886] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 346.325716][T11886] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 346.354447][T11886] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 346.362405][T11886] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 346.539980][T11893] loop1: detected capacity change from 0 to 4096 [ 346.560773][T11893] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 346.564174][T11896] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 346.640673][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 346.730865][T11902] loop2: detected capacity change from 0 to 1024 [ 346.739891][T11902] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 346.771135][T11902] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 346.911975][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 347.238492][T11921] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 347.308551][T11924] loop4: detected capacity change from 0 to 512 [ 347.359599][T11924] EXT4-fs warning (device loop4): ext4_enable_quotas:7173: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 347.433832][T11924] EXT4-fs (loop4): mount failed [ 347.494630][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 347.494646][ T28] audit: type=1326 audit(1751982593.652:2893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11919 comm="syz.1.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 347.559569][ T28] audit: type=1326 audit(1751982593.652:2894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11919 comm="syz.1.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 347.607516][ T28] audit: type=1326 audit(1751982593.692:2895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11919 comm="syz.1.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 347.653980][ T28] audit: type=1326 audit(1751982593.692:2896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11919 comm="syz.1.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 347.684030][ T28] audit: type=1326 audit(1751982593.692:2897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11919 comm="syz.1.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 347.842295][ T28] audit: type=1326 audit(1751982593.692:2898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11919 comm="syz.1.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 347.921381][ T28] audit: type=1326 audit(1751982593.692:2899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11919 comm="syz.1.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 347.962747][T11936] sch_tbf: burst 3298 is lower than device lo mtu (11337904) ! [ 347.963742][ T28] audit: type=1326 audit(1751982593.702:2900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11919 comm="syz.1.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 347.994435][ T28] audit: type=1326 audit(1751982593.702:2901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11919 comm="syz.1.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 348.017096][ T28] audit: type=1326 audit(1751982593.702:2902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11919 comm="syz.1.2200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 348.134656][T11943] loop4: detected capacity change from 0 to 1024 [ 348.163236][T11943] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 348.234050][T11943] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 348.342786][T11948] loop2: detected capacity change from 0 to 512 [ 348.405310][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.542613][T11948] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 348.566664][T11948] ext4 filesystem being mounted at /557/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 348.758716][T11955] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2210'. [ 348.808214][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.945744][T11959] netlink: 'syz.2.2213': attribute type 11 has an invalid length. [ 349.695864][T11974] loop4: detected capacity change from 0 to 1024 [ 349.713656][T11974] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 349.862697][T11977] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 349.885932][T11974] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 350.162202][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 350.306546][T11987] netlink: 'syz.0.2224': attribute type 11 has an invalid length. [ 350.533147][T11992] netlink: 'syz.4.2226': attribute type 6 has an invalid length. [ 350.816352][T12002] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2228'. [ 351.364533][T12012] netlink: 'syz.1.2234': attribute type 11 has an invalid length. [ 351.601042][T12021] netlink: 'syz.0.2237': attribute type 6 has an invalid length. [ 351.769092][T12024] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2239'. [ 351.805789][T12025] loop1: detected capacity change from 0 to 512 [ 351.930080][T12025] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 351.960000][T12025] ext4 filesystem being mounted at /570/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 352.261870][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 352.350602][T12035] loop2: detected capacity change from 0 to 1024 [ 352.380873][T12035] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 352.395338][T12039] netlink: 'syz.0.2245': attribute type 11 has an invalid length. [ 352.426503][T12035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 352.511810][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 352.593765][T12047] netlink: 'syz.1.2248': attribute type 6 has an invalid length. [ 352.648736][T12053] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2249'. [ 352.754760][T12055] loop4: detected capacity change from 0 to 512 [ 352.795079][T12055] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 352.833656][T12055] ext4 filesystem being mounted at /330/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 353.073868][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 353.095402][T12071] netlink: 'syz.2.2256': attribute type 11 has an invalid length. [ 353.184371][T12073] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2258'. [ 353.749608][T12086] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2262'. [ 354.002283][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 354.002299][ T28] audit: type=1326 audit(1751982600.153:2916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12092 comm="syz.1.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 354.002914][T12091] loop4: detected capacity change from 0 to 512 [ 354.028995][ T28] audit: type=1326 audit(1751982600.173:2917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12092 comm="syz.1.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 354.097474][ T28] audit: type=1326 audit(1751982600.173:2918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12092 comm="syz.1.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 354.151194][ T28] audit: type=1326 audit(1751982600.173:2919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12092 comm="syz.1.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 354.151252][ T28] audit: type=1326 audit(1751982600.173:2920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12092 comm="syz.1.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 354.151297][ T28] audit: type=1326 audit(1751982600.173:2921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12092 comm="syz.1.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 354.151341][ T28] audit: type=1326 audit(1751982600.173:2922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12092 comm="syz.1.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 354.151387][ T28] audit: type=1326 audit(1751982600.173:2923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12092 comm="syz.1.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 354.151436][ T28] audit: type=1326 audit(1751982600.173:2924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12092 comm="syz.1.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 354.151479][ T28] audit: type=1326 audit(1751982600.173:2925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12092 comm="syz.1.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 354.165220][T12091] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 354.165341][T12091] ext4 filesystem being mounted at /337/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 354.198806][T12097] loop2: detected capacity change from 0 to 1024 [ 354.202370][T12097] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 354.250644][ T5884] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 354.264993][ T5884] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 354.267158][T12097] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 354.272351][T12102] loop1: detected capacity change from 0 to 1024 [ 354.273274][T12102] EXT4-fs: Ignoring removed nomblk_io_submit option [ 354.404101][T12102] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 354.564959][T12102] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 354.576160][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 354.590655][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 354.644978][T12102] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 354.938603][T12110] 9pnet_fd: Insufficient options for proto=fd [ 354.998620][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 355.246195][T12116] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2273'. [ 355.520773][T12121] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2275'. [ 356.532491][T12130] loop2: detected capacity change from 0 to 164 [ 356.603028][T12133] loop1: detected capacity change from 0 to 1024 [ 356.656355][T12133] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 356.701300][T12137] 9pnet_fd: Insufficient options for proto=fd [ 356.725262][T12133] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 356.844877][T12142] netlink: 'syz.0.2282': attribute type 11 has an invalid length. [ 356.919496][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 357.083676][T12146] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2285'. [ 358.662618][T12166] loop1: detected capacity change from 0 to 1024 [ 358.743673][T12166] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 358.865928][T12166] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 358.900429][T12172] netlink: 'syz.2.2294': attribute type 11 has an invalid length. [ 359.040246][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 359.278839][T12178] loop1: detected capacity change from 0 to 128 [ 359.316287][T12178] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 359.376905][T12132] warn_alloc: 1 callbacks suppressed [ 359.376925][T12132] syz.4.2277: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null) [ 359.379700][T12178] ext4 filesystem being mounted at /584/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 359.382509][T12132] ,cpuset=syz4,mems_allowed=0-1 [ 359.435763][T12132] CPU: 1 PID: 12132 Comm: syz.4.2277 Not tainted 6.6.96-syzkaller #0 [ 359.443905][T12132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 359.454017][T12132] Call Trace: [ 359.457379][T12132] [ 359.460360][T12132] dump_stack_lvl+0x16c/0x230 [ 359.465116][T12132] ? show_regs_print_info+0x20/0x20 [ 359.470399][T12132] ? load_image+0x3b0/0x3b0 [ 359.475067][T12132] ? __rcu_read_unlock+0x7c/0xd0 [ 359.480074][T12132] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 359.486551][T12132] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 359.493116][T12132] warn_alloc+0x210/0x300 [ 359.497493][T12132] ? zone_watermark_ok_safe+0x230/0x230 [ 359.503076][T12132] ? _raw_spin_unlock+0x28/0x40 [ 359.507962][T12132] ? __kmem_cache_free+0xba/0x1f0 [ 359.513028][T12132] __vmalloc_node_range+0x662/0x1320 [ 359.518374][T12132] ? free_vm_area+0x50/0x50 [ 359.522955][T12132] ? kvmalloc_node+0x70/0x180 [ 359.527672][T12132] ? rcu_is_watching+0x15/0xb0 [ 359.532477][T12132] ? kvmalloc_node+0x70/0x180 [ 359.537194][T12132] ? trace_kmalloc+0x1f/0xa0 [ 359.541820][T12132] kvmalloc_node+0x13f/0x180 [ 359.546451][T12132] ? translate_table+0x199/0x1fe0 [ 359.551514][T12132] translate_table+0x199/0x1fe0 [ 359.556425][T12132] ? ipt_register_table+0x7a0/0x7a0 [ 359.561666][T12132] ? __might_fault+0xaa/0x120 [ 359.566385][T12132] ? __lock_acquire+0x7c80/0x7c80 [ 359.571444][T12132] ? __virt_addr_valid+0x18c/0x540 [ 359.576588][T12132] ? __might_fault+0xaa/0x120 [ 359.581297][T12132] ? __might_fault+0xc6/0x120 [ 359.586032][T12132] ? __might_fault+0xaa/0x120 [ 359.590756][T12132] do_ipt_set_ctl+0x960/0xcc0 [ 359.595481][T12132] ? ipt_unregister_table_exit+0x230/0x230 [ 359.601318][T12132] ? __lock_acquire+0x7c80/0x7c80 [ 359.606375][T12132] ? rcu_is_watching+0x15/0xb0 [ 359.611175][T12132] ? trace_contention_end+0x39/0xe0 [ 359.616411][T12132] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 359.622085][T12132] ? mutex_unlock+0x10/0x10 [ 359.626629][T12132] ? __might_sleep+0xe0/0xe0 [ 359.631254][T12132] ? mutex_lock_nested+0x20/0x20 [ 359.636230][T12132] ? futex_wake+0x40d/0x4b0 [ 359.640771][T12132] nf_setsockopt+0x263/0x280 [ 359.645405][T12132] ? sock_common_recvmsg+0x1b0/0x1b0 [ 359.650830][T12132] smc_setsockopt+0x229/0xab0 [ 359.655554][T12132] ? smc_shutdown+0x9b0/0x9b0 [ 359.660276][T12132] ? aa_sock_opt_perm+0x74/0x100 [ 359.665255][T12132] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 359.670844][T12132] ? security_socket_setsockopt+0x7e/0xa0 [ 359.676598][T12132] ? smc_shutdown+0x9b0/0x9b0 [ 359.681314][T12132] do_sock_setsockopt+0x254/0x3e0 [ 359.686384][T12132] ? __ia32_sys_recv+0xb0/0xb0 [ 359.691200][T12132] ? __fdget+0x180/0x210 [ 359.695482][T12132] __x64_sys_setsockopt+0x1be/0x250 [ 359.700736][T12132] do_syscall_64+0x55/0xb0 [ 359.705207][T12132] ? clear_bhb_loop+0x40/0x90 [ 359.709919][T12132] ? clear_bhb_loop+0x40/0x90 [ 359.714630][T12132] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 359.720559][T12132] RIP: 0033:0x7fba0b18e929 [ 359.725008][T12132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 359.744783][T12132] RSP: 002b:00007fba0bf3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 359.753279][T12132] RAX: ffffffffffffffda RBX: 00007fba0b3b5fa0 RCX: 00007fba0b18e929 [ 359.761291][T12132] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000005 [ 359.769297][T12132] RBP: 00007fba0b210b39 R08: 0000000000000298 R09: 0000000000000000 [ 359.777298][T12132] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000000 [ 359.785300][T12132] R13: 0000000000000000 R14: 00007fba0b3b5fa0 R15: 00007ffec5836598 [ 359.793319][T12132] [ 359.843520][T12132] Mem-Info: [ 359.846731][T12132] active_anon:7039 inactive_anon:0 isolated_anon:0 [ 359.846731][T12132] active_file:1237 inactive_file:39934 isolated_file:0 [ 359.846731][T12132] unevictable:768 dirty:90 writeback:0 [ 359.846731][T12132] slab_reclaimable:11216 slab_unreclaimable:112071 [ 359.846731][T12132] mapped:26947 shmem:4246 pagetables:530 [ 359.846731][T12132] sec_pagetables:0 bounce:0 [ 359.846731][T12132] kernel_misc_reclaimable:0 [ 359.846731][T12132] free:1326369 free_pcp:7934 free_cma:0 [ 359.913210][T12132] Node 0 active_anon:28156kB inactive_anon:0kB active_file:4948kB inactive_file:159536kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:107788kB dirty:356kB writeback:0kB shmem:15448kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13032kB pagetables:2220kB sec_pagetables:0kB all_unreclaimable? no [ 359.952997][T12132] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 359.986959][ T5784] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 359.991178][T12132] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 360.033137][T12183] loop2: detected capacity change from 0 to 256 [ 360.063008][T12132] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 360.076201][ T28] kauditd_printk_skb: 37 callbacks suppressed [ 360.076219][ T28] audit: type=1804 audit(1751982606.240:2963): pid=12183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2298" name="/newroot/581/file1/file0" dev="loop2" ino=1048625 res=1 errno=0 [ 360.108868][T12132] Node 0 DMA32 free:1393208kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:28212kB inactive_anon:0kB active_file:4948kB inactive_file:158224kB unevictable:1536kB writepending:356kB present:3129332kB managed:2589596kB mlocked:0kB bounce:0kB free_pcp:8324kB local_pcp:832kB free_cma:0kB [ 360.143110][T12132] lowmem_reserve[]: 0 0 1 1 1 [ 360.148468][T12132] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 360.191507][T12132] lowmem_reserve[]: 0 0 0 0 0 [ 360.199945][T12132] Node 1 Normal free:3896640kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:23520kB local_pcp:10752kB free_cma:0kB [ 360.266129][ T28] audit: type=1326 audit(1751982606.430:2964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12184 comm="syz.1.2299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 360.273535][T12132] lowmem_reserve[]: 0 0 0 0 0 [ 360.312535][T12132] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 360.325589][ T28] audit: type=1326 audit(1751982606.430:2965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12184 comm="syz.1.2299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 360.325643][ T28] audit: type=1326 audit(1751982606.430:2966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12184 comm="syz.1.2299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 360.329661][ T28] audit: type=1326 audit(1751982606.430:2967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12184 comm="syz.1.2299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 360.348606][T12132] Node 0 DMA32: 334*4kB (UME) 388*8kB (UME) 302*16kB (ME) 102*32kB (UME) 29*64kB (UME) 8*128kB (UME) 32*256kB (UM) 15*512kB (UM) [ 360.424586][ T28] audit: type=1326 audit(1751982606.430:2968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12184 comm="syz.1.2299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 360.464864][ T28] audit: type=1326 audit(1751982606.430:2969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12184 comm="syz.1.2299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 360.474209][T12132] 32*1024kB [ 360.488612][ T28] audit: type=1326 audit(1751982606.430:2970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12184 comm="syz.1.2299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 360.514879][ T28] audit: type=1326 audit(1751982606.430:2971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12184 comm="syz.1.2299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000 [ 360.541325][ T28] audit: type=1326 audit(1751982606.430:2972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12184 comm="syz.1.2299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87a698e929 code=0x7ffc0000 [ 360.544525][T12132] (UME) 3*2048kB (UM) 323*4096kB (UM) = 1393208kB [ 360.571273][T12132] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 360.585318][T12132] Node 1 Normal: 246*4kB (UME) 45*8kB (UME) 36*16kB (UME) 130*32kB (UME) 26*64kB (UE) 10*128kB (UME) 2*256kB (UE) 2*512kB (UM) 1*1024kB (E) 1*2048kB (E) 948*4096kB (M) = 3896640kB [ 360.638495][T12132] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 360.664495][T12132] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 360.688799][T12132] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 360.702274][T12132] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 360.723056][T12132] 45457 total pagecache pages [ 360.730970][T12132] 0 pages in swap cache [ 360.856324][T12132] Free swap = 124692kB [ 360.860581][T12132] Total swap = 124996kB [ 360.883399][T12132] 2097051 pages RAM [ 360.900184][T12132] 0 pages HighMem/MovableOnly [ 360.935023][T12132] 416138 pages reserved [ 360.955745][T12132] 0 pages cma reserved [ 361.655057][T12198] netlink: 'syz.0.2304': attribute type 11 has an invalid length. [ 361.827972][T12200] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2305'. [ 361.903788][T12203] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2306'. [ 361.969165][T12207] loop2: detected capacity change from 0 to 512 [ 361.984635][T12207] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 362.501008][T12215] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 362.538723][T12214] IPVS: stopping master sync thread 12215 ... [ 362.752153][T12222] loop1: detected capacity change from 0 to 1024 [ 362.767986][T12222] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 362.832488][T12222] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 363.003691][T12228] netlink: 'syz.0.2315': attribute type 11 has an invalid length. [ 363.116964][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 363.260922][T12231] loop2: detected capacity change from 0 to 8192 [ 363.847685][T12260] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 363.868407][T12259] IPVS: stopping master sync thread 12260 ... [ 364.057672][T12264] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2323'. [ 364.203783][T12272] netlink: 'syz.1.2326': attribute type 11 has an invalid length. [ 364.499946][T12285] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 364.546754][T12284] IPVS: stopping master sync thread 12285 ... [ 364.991710][T12300] netlink: 'syz.0.2338': attribute type 11 has an invalid length. [ 365.098811][T12302] loop2: detected capacity change from 0 to 1024 [ 365.132625][T12302] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 365.206850][T12302] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 365.375776][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 365.931651][T12318] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2346'. [ 366.018715][T12322] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2348'. [ 366.518952][T12327] netlink: 'syz.2.2350': attribute type 11 has an invalid length. [ 367.120564][T12346] netlink: 'syz.0.2356': attribute type 8 has an invalid length. [ 367.393220][ T5797] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 367.405870][ T8540] syz_tun (unregistering): left allmulticast mode [ 367.412487][ T5797] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 367.431307][ T5797] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 367.451753][ T5797] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 367.459924][ T5797] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 367.470907][ T5797] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 367.502450][T12350] wg2: entered promiscuous mode [ 367.512268][T12350] wg2: entered allmulticast mode [ 367.722309][ T48] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.867668][ T48] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.966758][ T48] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.995021][T12362] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2362'. [ 368.101711][ T48] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.494272][T12355] chnl_net:caif_netlink_parms(): no params data found [ 369.222406][T12378] loop2: detected capacity change from 0 to 512 [ 369.407437][T12378] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 369.456892][T12378] EXT4-fs (loop2): 1 truncate cleaned up [ 369.485870][T12378] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 369.553492][ T5797] Bluetooth: hci2: command tx timeout [ 369.563646][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 369.563662][ T28] audit: type=1800 audit(1751982615.715:2979): pid=12378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2366" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 369.711481][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 369.727690][T12385] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2367'. [ 369.748160][T12385] bridge0: entered promiscuous mode [ 369.757373][T12385] bridge0: port 3(macvlan2) entered blocking state [ 369.764589][T12385] bridge0: port 3(macvlan2) entered disabled state [ 369.771461][T12385] macvlan2: entered allmulticast mode [ 369.777102][T12385] bridge0: entered allmulticast mode [ 369.786601][T12385] macvlan2: left allmulticast mode [ 369.791965][T12385] bridge0: left allmulticast mode [ 369.804748][T12385] bridge0: left promiscuous mode [ 369.852246][T12388] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2368'. [ 369.920464][T12355] bridge0: port 1(bridge_slave_0) entered blocking state [ 369.936929][T12355] bridge0: port 1(bridge_slave_0) entered disabled state [ 369.949570][T12355] bridge_slave_0: entered allmulticast mode [ 369.959242][T12355] bridge_slave_0: entered promiscuous mode [ 369.974076][T12355] bridge0: port 2(bridge_slave_1) entered blocking state [ 369.988156][T12355] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.003617][T12355] bridge_slave_1: entered allmulticast mode [ 370.011960][T12355] bridge_slave_1: entered promiscuous mode [ 370.147429][T12396] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2372'. [ 370.148535][T12355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 370.159087][T12396] syz.0.2372[12396] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 370.166565][T12396] syz.0.2372[12396] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 370.238152][T12355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 370.434569][T12355] team0: Port device team_slave_0 added [ 370.456182][T12355] team0: Port device team_slave_1 added [ 370.586322][T12408] loop4: detected capacity change from 0 to 512 [ 370.604304][T12355] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 370.611348][T12355] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 370.642478][T12408] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 370.687437][T12408] EXT4-fs (loop4): 1 truncate cleaned up [ 370.701950][T12408] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 370.715210][T12355] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 370.737151][ T28] audit: type=1326 audit(1751982616.885:2980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.2.2380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461eb8e929 code=0x7ffc0000 [ 370.764133][ T28] audit: type=1326 audit(1751982616.885:2981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.2.2380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461eb8e929 code=0x7ffc0000 [ 370.787276][ T28] audit: type=1326 audit(1751982616.885:2982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.2.2380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f461eb8e929 code=0x7ffc0000 [ 370.810134][ T28] audit: type=1326 audit(1751982616.885:2983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.2.2380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f461eb8e963 code=0x7ffc0000 [ 370.827775][T12416] loop2: detected capacity change from 0 to 2048 [ 370.836279][ T28] audit: type=1326 audit(1751982616.925:2984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.2.2380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f461eb8d3df code=0x7ffc0000 [ 370.862342][ T28] audit: type=1326 audit(1751982616.985:2985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.2.2380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f461eb8e9b7 code=0x7ffc0000 [ 370.886559][T12418] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2381'. [ 370.895874][ T28] audit: type=1326 audit(1751982616.985:2986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.2.2380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f461eb8d290 code=0x7ffc0000 [ 370.933681][T12355] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 370.940709][T12355] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 370.953525][T12416] loop2: p1 < > p4 [ 370.972879][ T28] audit: type=1326 audit(1751982616.985:2987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.2.2380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f461eb8e52b code=0x7ffc0000 [ 370.982660][T12416] loop2: p4 size 8388608 extends beyond EOD, [ 371.006059][T12355] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 371.025112][T12416] truncated [ 371.028417][ T28] audit: type=1326 audit(1751982617.045:2988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12406 comm="syz.4.2376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 371.081829][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 371.251106][T12355] hsr_slave_0: entered promiscuous mode [ 371.268288][T12355] hsr_slave_1: entered promiscuous mode [ 371.281132][T12355] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 371.293708][T12355] Cannot create hsr debugfs directory [ 371.542646][T12435] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2387'. [ 371.633988][ T5797] Bluetooth: hci2: command tx timeout [ 371.742156][T12437] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2389'. [ 371.837634][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 371.850580][ T48] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 371.860449][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 371.872258][ T48] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 371.886467][ T48] bridge_slave_1: left allmulticast mode [ 371.892354][ T48] bridge_slave_1: left promiscuous mode [ 371.899035][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.911046][ T48] bridge_slave_0: left allmulticast mode [ 371.917229][ T48] bridge_slave_0: left promiscuous mode [ 371.923178][ T48] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.978472][ T48] veth1_macvtap: left promiscuous mode [ 371.984407][ T48] veth0_macvtap: left promiscuous mode [ 371.990282][ T48] veth1_vlan: left promiscuous mode [ 371.995973][ T48] veth0_vlan: left promiscuous mode [ 372.668715][T12458] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2396'. [ 372.916767][T12467] loop4: detected capacity change from 0 to 1024 [ 372.961791][T12467] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 373.020296][T12467] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 373.128410][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 373.402606][ T48] team0 (unregistering): Port device team_slave_1 removed [ 373.497131][ T48] team0 (unregistering): Port device team_slave_0 removed [ 373.609959][ T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 373.702496][ T48] bond0 (unregistering): (slave 30): Releasing backup interface [ 373.738008][ T5797] Bluetooth: hci2: command tx timeout [ 374.374157][ T48] bond0 (unregistering): Released all slaves [ 374.479460][T12470] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2402'. [ 374.493127][T12470] bridge0: entered promiscuous mode [ 374.510410][T12470] bridge0: port 3(macvlan2) entered blocking state [ 374.518939][T12470] bridge0: port 3(macvlan2) entered disabled state [ 374.525917][T12470] macvlan2: entered allmulticast mode [ 374.531448][T12470] bridge0: entered allmulticast mode [ 374.538556][T12470] macvlan2: left allmulticast mode [ 374.549400][T12470] bridge0: left allmulticast mode [ 374.555778][T12470] bridge0: left promiscuous mode [ 374.771122][T12491] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2408'. [ 374.908268][T12499] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2411'. [ 375.083136][T12503] loop2: detected capacity change from 0 to 512 [ 375.198032][T12355] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 375.227815][T12355] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 375.619578][T12503] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 375.644233][T12355] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 375.701495][T12503] ext4 filesystem being mounted at /612/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 375.713534][T12355] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 375.793496][ T5797] Bluetooth: hci2: command tx timeout [ 375.856325][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 375.876676][T12355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 375.924077][T12355] 8021q: adding VLAN 0 to HW filter on device team0 [ 375.964112][T10482] bridge0: port 1(bridge_slave_0) entered blocking state [ 375.971342][T10482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 375.991009][T12522] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2416'. [ 376.012614][T12522] bridge0: entered promiscuous mode [ 376.020631][T12522] bridge0: port 1(macvlan2) entered blocking state [ 376.031641][T12522] bridge0: port 1(macvlan2) entered disabled state [ 376.039244][T12522] macvlan2: entered allmulticast mode [ 376.047818][T12522] bridge0: entered allmulticast mode [ 376.055487][T12522] macvlan2: left allmulticast mode [ 376.060828][T12522] bridge0: left allmulticast mode [ 376.067877][T12522] bridge0: left promiscuous mode [ 376.117823][T10482] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.125070][T10482] bridge0: port 2(bridge_slave_1) entered forwarding state [ 376.499976][T12355] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 376.555525][T12355] veth0_vlan: entered promiscuous mode [ 376.571117][T12355] veth1_vlan: entered promiscuous mode [ 376.650161][T12355] veth0_macvtap: entered promiscuous mode [ 376.679940][T12355] veth1_macvtap: entered promiscuous mode [ 376.711784][T12542] loop4: detected capacity change from 0 to 512 [ 376.727373][T12355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.744063][T12355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.756578][T12355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.768446][T12355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.776802][T12542] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 376.785077][T12355] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 376.793123][T12542] ext4 filesystem being mounted at /371/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 376.824301][T12355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.835868][T12355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.846461][T12355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.857244][T12355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.871069][T12355] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 376.906618][T12355] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.944809][T12355] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.974846][T12355] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.004983][T12355] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.449832][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 377.783864][T10482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 377.833604][T10482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 377.874194][T10482] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 377.884930][T10482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 378.317961][T12562] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2435'. [ 378.347306][T12564] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2427'. [ 378.409655][T12564] bridge0: entered promiscuous mode [ 378.432169][T12564] bridge0: port 3(macvlan2) entered blocking state [ 378.465873][T12564] bridge0: port 3(macvlan2) entered disabled state [ 378.492343][T12564] macvlan2: entered allmulticast mode [ 378.520240][T12564] bridge0: entered allmulticast mode [ 378.528620][T12565] xt_CT: No such helper "netbios-ns" [ 378.554404][T12564] macvlan2: left allmulticast mode [ 378.561212][T12564] bridge0: left allmulticast mode [ 378.580484][T12564] bridge0: left promiscuous mode [ 378.839878][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.955265][ T5795] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 378.971691][ T5795] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 378.983828][ T5795] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 379.008719][ T5795] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 379.030655][ T5795] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 379.040863][ T5795] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 379.080003][T10527] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.275436][T10527] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.386719][T10527] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.502619][T10527] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.842465][T12583] loop4: detected capacity change from 0 to 1024 [ 379.850198][T12583] EXT4-fs: Ignoring removed orlov option [ 379.883189][T12583] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 379.923594][T12583] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 379.929092][T12571] chnl_net:caif_netlink_parms(): no params data found [ 379.955043][T12583] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e800e01c, mo2=0000] [ 379.981039][T12583] System zones: 0-1, 3-12 [ 380.023727][T12583] EXT4-fs error (device loop4): ext4_map_blocks:718: inode #3: block 1: comm syz.4.2433: lblock 1 mapped to illegal pblock 1 (length 1) [ 380.079864][T12583] __quota_error: 30 callbacks suppressed [ 380.079883][T12583] Quota error (device loop4): write_blk: dquota write failed [ 380.086747][T12590] loop1: detected capacity change from 0 to 1024 [ 380.096600][T12583] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 380.107210][T12590] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 380.138625][T12583] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.2433: Failed to acquire dquot type 0 [ 380.151153][T12583] EXT4-fs error (device loop4): ext4_free_blocks:6681: comm syz.4.2433: Freeing blocks not in datazone - block = 0, count = 4096 [ 380.175678][T12583] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.2433: Invalid inode bitmap blk 0 in block_group 0 [ 380.189858][T12583] EXT4-fs error (device loop4) in ext4_free_inode:363: Corrupt filesystem [ 380.206562][T10492] EXT4-fs error (device loop4): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:28: lblock 1 mapped to illegal pblock 1 (length 1) [ 380.226460][T12583] EXT4-fs (loop4): 1 orphan inode deleted [ 380.234664][T12590] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 380.238457][T12583] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 380.263612][T10492] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 380.274463][T10492] EXT4-fs error (device loop4): ext4_release_dquot:6974: comm kworker/u4:28: Failed to release dquot type 0 [ 380.291526][T12590] EXT4-fs error (device loop1): ext4_xattr_inode_iget:440: comm syz.1.2437: inode #1600285996: comm syz.1.2437: iget: illegal inode # [ 380.306604][T12590] EXT4-fs error (device loop1): ext4_xattr_inode_iget:445: comm syz.1.2437: error while reading EA inode 1600285996 err=-117 [ 380.314790][T12583] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 380.363157][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 380.493727][T12571] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.500997][T12571] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.530780][T12571] bridge_slave_0: entered allmulticast mode [ 380.541926][T12583] loop4: detected capacity change from 0 to 512 [ 380.543278][T12571] bridge_slave_0: entered promiscuous mode [ 380.577500][T12583] Quota error (device loop4): do_check_range: Getting block 67108867 out of range 1-5 [ 380.578962][T12571] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.587889][T12583] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 380.595799][T12571] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.612011][T12583] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.2433: Failed to acquire dquot type 1 [ 380.630313][T12583] EXT4-fs (loop4): 1 truncate cleaned up [ 380.637608][T12583] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 380.647904][T12571] bridge_slave_1: entered allmulticast mode [ 380.652222][T12583] ext4 filesystem being mounted at /373/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 380.671581][T12583] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 380.676669][T12571] bridge_slave_1: entered promiscuous mode [ 380.741930][T12607] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2441'. [ 380.791629][T12571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 380.832397][T12571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 380.940333][T12571] team0: Port device team_slave_0 added [ 380.959361][T12571] team0: Port device team_slave_1 added [ 380.981582][T12611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2444'. [ 381.049789][T12613] loop4: detected capacity change from 0 to 512 [ 381.074731][ T5797] Bluetooth: hci0: command tx timeout [ 381.096284][T12613] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 381.111606][T12571] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 381.112142][T12613] ext4 filesystem being mounted at /374/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 381.136403][T12571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.164033][T12571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 381.274142][T12571] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 381.281171][T12571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.314174][T12571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 381.408431][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 381.501042][T10527] dvmrp0 (unregistering): left allmulticast mode [ 381.538595][T12571] hsr_slave_0: entered promiscuous mode [ 381.545921][T12571] hsr_slave_1: entered promiscuous mode [ 381.554344][T12571] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 381.562014][T12571] Cannot create hsr debugfs directory [ 381.826059][T12636] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2454'. [ 381.998622][T12642] loop4: detected capacity change from 0 to 512 [ 382.009123][T12644] loop1: detected capacity change from 0 to 1024 [ 382.021711][T12644] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 382.102095][T12642] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 382.137987][T12642] ext4 filesystem being mounted at /378/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 382.199203][T12644] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 382.285012][T10527] hsr_slave_0: left promiscuous mode [ 382.307599][T10527] hsr_slave_1: left promiscuous mode [ 382.320096][T12644] EXT4-fs error (device loop1): ext4_xattr_inode_iget:440: comm syz.1.2457: inode #1785687596: comm syz.1.2457: iget: illegal inode # [ 382.335662][T12644] EXT4-fs error (device loop1): ext4_xattr_inode_iget:445: comm syz.1.2457: error while reading EA inode 1785687596 err=-117 [ 382.349141][T10527] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 382.357396][T10527] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 382.367552][T10527] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 382.369839][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 382.382712][T10527] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 382.429943][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 382.449867][T10527] veth1_macvtap: left promiscuous mode [ 382.455921][T10527] veth0_macvtap: left promiscuous mode [ 382.461663][T10527] veth1_vlan: left promiscuous mode [ 382.470514][T10527] veth0_vlan: left promiscuous mode [ 382.700544][T12655] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.2460' sets config #0 [ 383.044515][ T28] audit: type=1326 audit(1751982629.200:3019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12664 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 383.080578][T12666] loop4: detected capacity change from 0 to 512 [ 383.151540][ T28] audit: type=1326 audit(1751982629.200:3020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12664 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 383.175748][ T28] audit: type=1326 audit(1751982629.200:3021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12664 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 383.184300][ T5797] Bluetooth: hci0: command tx timeout [ 383.206416][ T28] audit: type=1326 audit(1751982629.200:3022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12664 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fba0b18e963 code=0x7ffc0000 [ 383.260006][T12666] EXT4-fs (loop4): orphan cleanup on readonly fs [ 383.267604][ T28] audit: type=1326 audit(1751982629.240:3023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12664 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fba0b18d3df code=0x7ffc0000 [ 383.299649][T12666] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.2464: bg 0: block 248: padding at end of block bitmap is not set [ 383.319165][T12666] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.2464: Failed to acquire dquot type 1 [ 383.349877][T12666] EXT4-fs (loop4): 1 truncate cleaned up [ 383.360879][T12666] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000001 ro without journal. Quota mode: writeback. [ 383.451540][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000001. [ 383.927163][T10527] team0 (unregistering): Port device team_slave_1 removed [ 383.986483][T10527] team0 (unregistering): Port device team_slave_0 removed [ 384.044006][T10527] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 384.099150][T10527] bond0 (unregistering): (slave c1ÿ): Releasing backup interface [ 384.801517][T10527] bond0 (unregistering): Released all slaves [ 384.862958][T12675] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2467'. [ 385.233628][ T5797] Bluetooth: hci0: command tx timeout [ 385.260505][T12697] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2475'. [ 385.384523][T12701] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2476'. [ 385.470196][T12571] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 385.486872][T12571] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 385.509209][T12571] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 385.539791][T12571] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 385.549651][T12705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2486'. [ 385.559791][T12703] loop4: detected capacity change from 0 to 1024 [ 385.582182][T12703] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 385.640589][T12703] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 385.731775][T12571] 8021q: adding VLAN 0 to HW filter on device bond0 [ 385.768108][T12571] 8021q: adding VLAN 0 to HW filter on device team0 [ 385.795667][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 385.816042][T10527] bridge0: port 1(bridge_slave_0) entered blocking state [ 385.823337][T10527] bridge0: port 1(bridge_slave_0) entered forwarding state [ 385.849604][T10527] bridge0: port 2(bridge_slave_1) entered blocking state [ 385.856876][T10527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 386.016812][T12728] loop1: detected capacity change from 0 to 128 [ 386.110828][T12725] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2485'. [ 386.143562][T12725] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 386.247685][T12725] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 386.664768][T12571] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 386.776930][T12571] veth0_vlan: entered promiscuous mode [ 387.103689][T12571] veth1_vlan: entered promiscuous mode [ 387.345471][ T5797] Bluetooth: hci0: command tx timeout [ 387.421589][T12571] veth0_macvtap: entered promiscuous mode [ 387.462854][T12571] veth1_macvtap: entered promiscuous mode [ 387.556751][T12571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 387.568572][T12571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 387.586308][T12571] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 387.613156][T12571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 387.638602][T12571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 387.648994][T12571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 387.659897][T12571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 387.672279][T12571] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 387.726632][T12571] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.751845][T12571] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.783359][T12571] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.797020][T12762] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2498'. [ 387.813456][T12571] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.033557][T10505] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 388.041473][T10505] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 388.099088][ T2893] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 388.128787][ T2893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 388.678456][T12789] loop1: detected capacity change from 0 to 1024 [ 388.699099][T12789] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 388.749575][T12789] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 388.891720][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 388.962768][ T5795] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 389.005082][ T5795] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 389.017766][ T5795] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 389.032928][ T5795] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 389.040946][ T5795] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 389.050251][ T5795] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 389.311955][T10492] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.555238][T10492] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.747777][T10492] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.844375][T10492] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.031885][T12819] loop1: detected capacity change from 0 to 1024 [ 390.073811][T12819] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 390.122702][T12819] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 390.225116][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 390.322891][T12792] chnl_net:caif_netlink_parms(): no params data found [ 390.618006][T12792] bridge0: port 1(bridge_slave_0) entered blocking state [ 390.628953][T12792] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.638265][T12792] bridge_slave_0: entered allmulticast mode [ 390.649992][T12792] bridge_slave_0: entered promiscuous mode [ 390.661397][T12792] bridge0: port 2(bridge_slave_1) entered blocking state [ 390.672520][T12792] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.682425][T12792] bridge_slave_1: entered allmulticast mode [ 390.698693][T12792] bridge_slave_1: entered promiscuous mode [ 390.946746][T12792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 391.002713][T12792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 391.028022][T12844] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2524'. [ 391.130162][T12792] team0: Port device team_slave_0 added [ 391.157244][T12792] team0: Port device team_slave_1 added [ 391.167289][ T5795] Bluetooth: hci4: command tx timeout [ 391.250165][T12850] loop4: detected capacity change from 0 to 256 [ 391.478206][T12792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 391.530357][T12792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 391.537682][T12850] loop4: detected capacity change from 0 to 1764 [ 391.563259][T12792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 391.576998][T12792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 391.584434][T12792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 391.630884][T12792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 391.751001][T12792] hsr_slave_0: entered promiscuous mode [ 391.759463][T12792] hsr_slave_1: entered promiscuous mode [ 391.773897][T12792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 391.781723][T12792] Cannot create hsr debugfs directory [ 392.512151][T10492] hsr_slave_0: left promiscuous mode [ 392.519015][T10492] hsr_slave_1: left promiscuous mode [ 392.531104][T10492] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 392.540175][T10492] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 392.556796][T10492] bridge_slave_1: left allmulticast mode [ 392.562539][T10492] bridge_slave_1: left promiscuous mode [ 392.572023][T12870] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2534'. [ 392.572053][T10492] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.596831][T10492] bridge_slave_0: left allmulticast mode [ 392.608377][T10492] bridge_slave_0: left promiscuous mode [ 392.624251][T10492] bridge0: port 1(bridge_slave_0) entered disabled state [ 392.666010][T10492] veth0_macvtap: left promiscuous mode [ 392.682012][T10492] veth1_vlan: left promiscuous mode [ 392.689054][T10492] veth0_vlan: left promiscuous mode [ 392.857289][T10492] infiniband syz1: set down [ 393.245156][ T5795] Bluetooth: hci4: command tx timeout [ 393.813115][T10492] team0 (unregistering): Port device team_slave_1 removed [ 393.873955][T10492] team0 (unregistering): Port device team_slave_0 removed [ 393.928437][T10492] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 393.986805][T10492] bond0 (unregistering): (slave 30): Releasing backup interface [ 394.129152][T10505] smc: removing ib device syz1 [ 394.792836][T10492] bond0 (unregistering): Released all slaves [ 395.327578][T12895] loop1: detected capacity change from 0 to 1024 [ 395.343081][ T5795] Bluetooth: hci4: command tx timeout [ 395.361217][T12895] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 395.482809][T12895] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 395.724459][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 395.847895][T12907] loop1: detected capacity change from 0 to 512 [ 395.950936][T12907] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 396.031052][T12907] ext4 filesystem being mounted at /44/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 396.375527][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 396.676599][T12792] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 396.690091][T10492] IPVS: stop unused estimator thread 0... [ 396.726729][T12792] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 396.757383][T12792] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 396.802659][T12792] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 397.106297][T12792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 397.184174][T12792] 8021q: adding VLAN 0 to HW filter on device team0 [ 397.204175][T10522] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.211393][T10522] bridge0: port 1(bridge_slave_0) entered forwarding state [ 397.262541][T10522] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.269818][T10522] bridge0: port 2(bridge_slave_1) entered forwarding state [ 397.393548][ T5795] Bluetooth: hci4: command tx timeout [ 397.956955][T12792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 398.007827][T12950] loop2: detected capacity change from 0 to 1024 [ 398.038889][T12950] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 398.071703][T12792] veth0_vlan: entered promiscuous mode [ 398.092575][T12792] veth1_vlan: entered promiscuous mode [ 398.119400][T12950] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 398.148463][T12792] veth0_macvtap: entered promiscuous mode [ 398.161461][T12792] veth1_macvtap: entered promiscuous mode [ 398.190903][T12792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 398.212892][T12792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 398.223631][T12792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 398.235412][T12792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 398.248805][T12792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 398.262888][T12792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 398.273809][T12792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 398.284825][T12792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 398.295527][T12792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 398.323270][T12571] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 398.330254][T12792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 398.370438][T12792] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.397058][T12792] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.412015][T12792] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.425117][T12792] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.570199][T10505] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 398.598667][T10505] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 398.649847][T10474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 398.670451][T10474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 398.787770][T12963] loop4: detected capacity change from 0 to 8192 [ 398.815172][T12963] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 399.157330][T12978] netlink: 'syz.0.2567': attribute type 10 has an invalid length. [ 399.217276][T12978] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.225110][T12978] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.365187][T12988] loop1: detected capacity change from 0 to 1024 [ 399.375002][T12988] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 399.376345][T12978] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.393705][T12978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 399.401299][T12978] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.408589][T12978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 399.427935][T12988] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 399.430000][T12978] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 399.459785][T12984] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2567'. [ 399.491516][T12984] bridge_slave_1: left allmulticast mode [ 399.497498][T12984] bridge_slave_1: left promiscuous mode [ 399.503680][T12984] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.516803][T12984] bridge_slave_0: left allmulticast mode [ 399.522547][T12984] bridge_slave_0: left promiscuous mode [ 399.528682][T12984] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.540041][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 399.620626][T12984] bond0: (slave bridge0): Releasing backup interface [ 399.697557][T13000] loop1: detected capacity change from 0 to 1024 [ 399.710152][T13000] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (12806!=20869) [ 399.728410][T13000] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802c018, mo2=0002] [ 399.738641][T13000] System zones: 0-1, 3-36 [ 399.749621][T13000] EXT4-fs (loop1): orphan cleanup on readonly fs [ 399.767617][T13000] EXT4-fs (loop1): 1 orphan inode deleted [ 399.779134][T13000] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 399.815804][T13000] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 401.283039][T13044] loop1: detected capacity change from 0 to 1024 [ 401.329740][T13044] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 401.371493][T13044] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 401.484863][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 402.062342][T13071] loop4: detected capacity change from 0 to 256 [ 402.143778][T13077] loop1: detected capacity change from 0 to 128 [ 402.178291][T13077] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 402.193224][T13077] ext4 filesystem being mounted at /58/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 402.366479][T12355] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 403.884858][T13103] loop4: detected capacity change from 0 to 1024 [ 403.891167][T13106] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2611'. [ 403.897552][T13103] EXT4-fs: Ignoring removed nomblk_io_submit option [ 403.960406][T13103] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 403.992188][T13112] loop1: detected capacity change from 0 to 1024 [ 404.001751][T13112] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 404.034592][T13112] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 404.092693][T13116] loop0: detected capacity change from 0 to 2048 [ 404.107283][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 404.136674][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 404.187284][T13116] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 404.331131][T12792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 404.366460][T13124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2617'. [ 405.137702][T13141] netlink: 'syz.2.2623': attribute type 10 has an invalid length. [ 405.160320][T13141] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.169544][T13141] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.294369][T13141] bridge0: port 2(bridge_slave_1) entered blocking state [ 405.301692][T13141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 405.309462][T13141] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.316702][T13141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 405.330435][T13141] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 405.370110][T13144] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2623'. [ 405.379419][T13144] bridge_slave_1: left allmulticast mode [ 405.385257][T13144] bridge_slave_1: left promiscuous mode [ 405.391267][T13144] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.401732][T13144] bridge_slave_0: left allmulticast mode [ 405.409297][T13144] bridge_slave_0: left promiscuous mode [ 405.420110][T13144] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.541560][T13144] bond0: (slave bridge0): Releasing backup interface [ 405.659193][T13157] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2627'. [ 405.712779][T13159] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2628'. [ 405.838185][T13163] loop1: detected capacity change from 0 to 1024 [ 405.868089][T13163] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 405.901389][ T28] kauditd_printk_skb: 27 callbacks suppressed [ 405.901404][ T28] audit: type=1800 audit(1751982652.053:3049): pid=13163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2629" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 405.909244][T13167] loop4: detected capacity change from 0 to 1024 [ 405.970764][T13167] ext4: Unknown parameter 'uid<00000000000000000000' [ 406.040024][ T28] audit: type=1326 audit(1751982652.183:3050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13164 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 406.131503][ T28] audit: type=1326 audit(1751982652.193:3051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13164 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 406.172864][T13163] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4036: comm syz.1.2629: Allocating blocks 497-513 which overlap fs metadata [ 406.195813][ T28] audit: type=1326 audit(1751982652.193:3052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13164 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 406.229094][ T28] audit: type=1326 audit(1751982652.193:3053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13164 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 406.265489][T13161] EXT4-fs (loop1): pa ffff888077735d98: logic 32, phys. 161, len 22 [ 406.274408][T13161] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 1 [ 406.290314][ T28] audit: type=1326 audit(1751982652.193:3054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13164 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 406.345903][ T28] audit: type=1326 audit(1751982652.193:3055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13164 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 406.422877][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 406.427532][ T28] audit: type=1326 audit(1751982652.223:3056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13164 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 406.455536][ T28] audit: type=1326 audit(1751982652.223:3057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13164 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 406.479100][ T28] audit: type=1326 audit(1751982652.223:3058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13164 comm="syz.4.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 406.578236][T13182] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2638'. [ 407.617801][T13213] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2650'. [ 408.413356][T13228] loop2: detected capacity change from 0 to 128 [ 409.238601][T10505] kworker/u4:39: attempt to access beyond end of device [ 409.238601][T10505] loop2: rw=1, sector=145, nr_sectors = 896 limit=128 [ 409.521517][T13244] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2659'. [ 409.712481][T13253] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2664'. [ 409.892189][T13258] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2668'. [ 409.922190][T13261] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2669'. [ 411.525541][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 411.525557][ T28] audit: type=1326 audit(1751982657.681:3073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13309 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 411.559437][ T28] audit: type=1326 audit(1751982657.701:3074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13309 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 411.587893][ T28] audit: type=1326 audit(1751982657.701:3075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13309 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 411.616955][ T28] audit: type=1326 audit(1751982657.701:3076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13309 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 411.717721][T13314] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2691'. [ 412.258377][T13327] loop0: detected capacity change from 0 to 1024 [ 412.272425][T13327] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 412.343151][T13327] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 412.555029][T12792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 413.171170][T13352] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2705'. [ 413.552743][T13366] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2710'. [ 413.686794][T13368] loop2: detected capacity change from 0 to 1024 [ 413.723206][T13368] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 413.759320][T13372] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2712'. [ 413.791131][T13368] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 413.942330][T12571] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 414.546212][T13393] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2720'. [ 414.869602][ T28] audit: type=1326 audit(1751982661.030:3077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13391 comm="syz.1.2720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 414.912382][ T28] audit: type=1326 audit(1751982661.050:3078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13391 comm="syz.1.2720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 414.948934][ T28] audit: type=1326 audit(1751982661.070:3079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13391 comm="syz.1.2720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 414.977922][ T28] audit: type=1326 audit(1751982661.070:3080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13391 comm="syz.1.2720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 415.064701][T13393] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 415.087293][T13393] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 415.108439][T13393] bond0 (unregistering): Released all slaves [ 415.265221][T13403] loop4: detected capacity change from 0 to 1024 [ 415.275715][T13403] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 415.301497][T13403] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 415.371757][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 415.638744][T13412] netlink: 'syz.4.2726': attribute type 1 has an invalid length. [ 415.650787][T13412] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2726'. [ 415.821251][T13418] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2729'. [ 415.868416][T13419] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2728'. [ 416.052535][T13427] loop0: detected capacity change from 0 to 512 [ 416.077752][T13427] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.2732: casefold flag without casefold feature [ 416.093102][T13427] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.2732: couldn't read orphan inode 15 (err -117) [ 416.111113][T13427] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 416.173831][ T28] audit: type=1800 audit(1751982662.333:3081): pid=13427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2732" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 416.231308][T12792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 416.735067][T13446] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2741'. [ 417.568285][T13470] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2752'. [ 418.944075][T13498] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2763'. [ 419.199228][T13506] netlink: 'syz.1.2766': attribute type 1 has an invalid length. [ 419.208604][T13506] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2766'. [ 419.612579][T13515] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2771'. [ 419.832332][T13518] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2772'. [ 420.015153][T13522] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2775'. [ 420.158157][T13525] loop2: detected capacity change from 0 to 1024 [ 420.778525][T13525] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 420.900090][ T28] audit: type=1800 audit(1751982667.049:3082): pid=13525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2776" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 422.097080][T12571] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.111704][T13539] Cannot find add_set index 0 as target [ 422.235548][T13541] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2780'. [ 422.255041][T13541] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2780'. [ 422.282863][T13541] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2780'. [ 422.303875][T13541] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2780'. [ 422.323240][T13541] netlink: 'syz.1.2780': attribute type 6 has an invalid length. [ 423.819208][T13564] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2789'. [ 423.890107][T13566] loop0: detected capacity change from 0 to 1024 [ 424.006118][T13566] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 424.070007][ T28] audit: type=1800 audit(1751982670.229:3083): pid=13566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2788" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 425.378086][T13582] loop1: detected capacity change from 0 to 1024 [ 425.391462][T12792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 425.438069][T13582] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 425.513484][ T28] audit: type=1800 audit(1751982671.659:3084): pid=13582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2793" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 425.569202][T13590] syz.0.2796[13590] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 425.569346][T13590] syz.0.2796[13590] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 425.779653][T13582] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4036: comm syz.1.2793: Allocating blocks 497-513 which overlap fs metadata [ 425.836827][T13579] EXT4-fs (loop1): pa ffff88805e4e41d0: logic 32, phys. 161, len 22 [ 425.845074][T13579] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 1 [ 425.863004][T13595] loop4: detected capacity change from 0 to 512 [ 425.931641][T13595] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 425.944562][T13595] ext4 filesystem being mounted at /479/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 425.957607][T13595] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 425.971452][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 426.117782][T13603] pim6reg: entered allmulticast mode [ 426.126748][T13603] pim6reg: left allmulticast mode [ 426.522405][T13610] loop4: detected capacity change from 0 to 164 [ 426.576842][T13612] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2806'. [ 426.593972][T13610] syz.4.2805: attempt to access beyond end of device [ 426.593972][T13610] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 426.639300][T13610] syz.4.2805: attempt to access beyond end of device [ 426.639300][T13610] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 426.690170][T13614] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2815'. [ 426.766110][T13616] loop1: detected capacity change from 0 to 1024 [ 426.821057][T13622] netlink: 'syz.4.2808': attribute type 1 has an invalid length. [ 426.842211][T13616] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 426.958002][ T28] audit: type=1800 audit(1751982673.099:3085): pid=13616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2807" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 427.217029][T13622] 8021q: adding VLAN 0 to HW filter on device bond2 [ 427.227619][T13622] bond1: (slave bond2): making interface the new active one [ 427.235928][T13622] bond1: (slave bond2): Enslaving as an active interface with an up link [ 427.276514][T13628] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 428.255556][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 428.257738][T13635] binfmt_misc: register: failed to install interpreter file ./bus [ 428.718411][T13648] loop4: detected capacity change from 0 to 2048 [ 428.742016][T13652] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2819'. [ 428.760496][T13648] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 428.785062][ T28] audit: type=1800 audit(1751982674.949:3086): pid=13644 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2818" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 428.850180][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 429.054476][T13664] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2824'. [ 429.067904][T13664] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2824'. [ 429.269212][ T28] audit: type=1326 audit(1751982675.429:3087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13667 comm="syz.1.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 429.322994][T13670] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2827'. [ 429.333584][ T28] audit: type=1326 audit(1751982675.459:3088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13667 comm="syz.1.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 429.376530][ T28] audit: type=1326 audit(1751982675.459:3089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13667 comm="syz.1.2826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 429.684275][T13679] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2830'. [ 430.215093][T13694] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2834'. [ 430.243714][T13694] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2834'. [ 430.430489][T13701] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 431.821740][T13719] xt_recent: hitcount (16385) is larger than allowed maximum (255) [ 432.004656][T13725] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2846'. [ 432.005948][T13727] loop4: detected capacity change from 0 to 1024 [ 432.035548][T13727] EXT4-fs: Ignoring removed orlov option [ 432.097224][T13727] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 432.115216][T13731] 9pnet_fd: Insufficient options for proto=fd [ 432.180720][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 433.403151][T13754] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2857'. [ 433.438981][ T28] audit: type=1326 audit(1751982679.589:3090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13757 comm="syz.1.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 433.497896][ T28] audit: type=1326 audit(1751982679.589:3091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13757 comm="syz.1.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 433.554703][ T28] audit: type=1326 audit(1751982679.589:3092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13757 comm="syz.1.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 433.637747][ T28] audit: type=1326 audit(1751982679.589:3093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13757 comm="syz.1.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 433.698481][ T28] audit: type=1326 audit(1751982679.589:3094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13757 comm="syz.1.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 433.731698][ T28] audit: type=1326 audit(1751982679.589:3095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13757 comm="syz.1.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 433.754278][ T28] audit: type=1326 audit(1751982679.589:3096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13757 comm="syz.1.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 433.776834][ T28] audit: type=1326 audit(1751982679.589:3097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13757 comm="syz.1.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 433.817913][ T28] audit: type=1326 audit(1751982679.589:3098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13757 comm="syz.1.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 433.840691][ T28] audit: type=1326 audit(1751982679.599:3099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13757 comm="syz.1.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 433.877715][T13767] veth1_macvtap: left promiscuous mode [ 433.887495][T13767] macsec0: entered promiscuous mode [ 434.016885][T13770] loop0: detected capacity change from 0 to 164 [ 434.035594][T13770] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 435.572298][T13789] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2871'. [ 435.573499][T13787] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2870'. [ 435.593617][T13789] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2871'. [ 435.661372][T13793] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2872'. [ 435.684469][T13792] netlink: 14 bytes leftover after parsing attributes in process `¬í'. [ 435.941788][T13792] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 435.962699][T13792] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 435.981751][T13792] bond0 (unregistering): Released all slaves [ 436.009803][T13801] vlan2: entered allmulticast mode [ 436.021133][T13801] bridge_slave_0: entered allmulticast mode [ 436.550721][T13814] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2883'. [ 436.580390][T13814] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2883'. [ 436.727668][T13818] loop4: detected capacity change from 0 to 1024 [ 436.735478][T13818] EXT4-fs: Ignoring removed oldalloc option [ 436.741580][T13818] EXT4-fs: Ignoring removed bh option [ 436.748344][T13818] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 436.787262][T13818] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 436.853248][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 436.975183][T13823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2885'. [ 437.170120][T13832] loop4: detected capacity change from 0 to 256 [ 437.255672][T13832] FAT-fs (loop4): error, corrupted file size (i_pos 196, 2097152) [ 437.283488][T13832] FAT-fs (loop4): Filesystem has been set read-only [ 437.516793][T13838] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2892'. [ 437.546417][T13838] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2892'. [ 438.906649][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 438.906665][ T28] audit: type=1326 audit(1751982685.062:3108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13866 comm="syz.0.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808eb8e929 code=0x7ffc0000 [ 438.943988][ T28] audit: type=1326 audit(1751982685.062:3109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13866 comm="syz.0.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808eb8e929 code=0x7ffc0000 [ 438.973131][ T28] audit: type=1326 audit(1751982685.102:3110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13866 comm="syz.0.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f808eb8e929 code=0x7ffc0000 [ 439.008321][ T28] audit: type=1326 audit(1751982685.102:3111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13866 comm="syz.0.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808eb8e929 code=0x7ffc0000 [ 439.032534][ T28] audit: type=1326 audit(1751982685.102:3112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13866 comm="syz.0.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f808eb8e929 code=0x7ffc0000 [ 439.296584][ T28] audit: type=1326 audit(1751982685.442:3113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13866 comm="syz.0.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808eb8e929 code=0x7ffc0000 [ 439.342458][ T28] audit: type=1326 audit(1751982685.442:3114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13866 comm="syz.0.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808eb8e929 code=0x7ffc0000 [ 440.230484][T13890] loop0: detected capacity change from 0 to 128 [ 440.253637][T13890] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 440.280685][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.373730][T10507] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 440.581106][T13899] sd 0:0:1:0: device reset [ 440.783919][T13907] __nla_validate_parse: 6 callbacks suppressed [ 440.783937][T13907] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2918'. [ 441.227738][T13916] loop4: detected capacity change from 0 to 1024 [ 441.235158][T13916] EXT4-fs: inline encryption not supported [ 441.241110][T13916] EXT4-fs: Ignoring removed bh option [ 441.321967][T13916] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 441.420090][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 441.442788][T13931] loop0: detected capacity change from 0 to 128 [ 441.479280][T13931] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 441.546081][T13931] ext4 filesystem being mounted at /87/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 441.629646][T13935] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2928'. [ 441.666901][T13935] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2928'. [ 442.287263][T12792] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 442.578460][T13951] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2934'. [ 442.759449][ T28] audit: type=1326 audit(1751982688.904:3115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.2.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 442.813239][T13963] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2940'. [ 442.823002][T13963] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2940'. [ 442.832446][ T28] audit: type=1326 audit(1751982688.904:3116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.2.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 442.861468][T13953] loop2: detected capacity change from 0 to 2048 [ 442.891379][ T28] audit: type=1326 audit(1751982688.904:3117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13952 comm="syz.2.2936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 443.117408][T13974] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2946'. [ 443.273165][T13980] loop2: detected capacity change from 0 to 128 [ 443.338383][T13980] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 443.479723][T13983] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2949'. [ 443.491469][T10522] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 443.659188][T13993] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2952'. [ 443.683623][T13993] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2952'. [ 443.736128][T13995] random: crng reseeded on system resumption [ 444.050029][T14004] loop0: detected capacity change from 0 to 1024 [ 444.085154][T14004] EXT4-fs: Ignoring removed nomblk_io_submit option [ 444.166023][T14004] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 444.334961][T12792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 445.062440][ T28] kauditd_printk_skb: 60 callbacks suppressed [ 445.062457][ T28] audit: type=1107 audit(1751982691.220:3178): pid=14036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 445.255761][ T28] audit: type=1326 audit(1751982691.414:3179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.4.2976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 445.303477][ T28] audit: type=1326 audit(1751982691.414:3180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.4.2976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 445.377293][ T28] audit: type=1326 audit(1751982691.444:3181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.4.2976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 445.511820][ T28] audit: type=1326 audit(1751982691.444:3182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.4.2976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 445.535135][ T28] audit: type=1326 audit(1751982691.444:3183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.4.2976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba0b18e929 code=0x7ffc0000 [ 445.623967][T14059] binfmt_misc: register: failed to install interpreter file ./file0 [ 445.965448][T14074] pim6reg1: entered promiscuous mode [ 445.966546][T14068] loop1: detected capacity change from 0 to 8192 [ 445.970932][T14074] pim6reg1: entered allmulticast mode [ 446.467099][T14086] loop4: detected capacity change from 0 to 128 [ 446.504749][T14086] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 446.542706][T14091] loop1: detected capacity change from 0 to 512 [ 446.561643][T14089] __nla_validate_parse: 3 callbacks suppressed [ 446.561664][T14089] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2995'. [ 446.643105][T14091] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 446.684159][T14091] ext4 filesystem being mounted at /168/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 446.816405][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 446.860208][T14104] loop4: detected capacity change from 0 to 512 [ 446.875482][T14105] loop2: detected capacity change from 0 to 512 [ 446.886125][T14104] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 446.899305][T14104] EXT4-fs (loop4): orphan cleanup on readonly fs [ 446.967230][T14104] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #16: comm syz.4.3001: corrupted inode contents [ 447.032076][ T28] audit: type=1326 audit(1751982693.170:3184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14110 comm="syz.1.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 447.056585][T14104] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #16: comm syz.4.3001: mark_inode_dirty error [ 447.109298][T14104] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #16: comm syz.4.3001: corrupted inode contents [ 447.137104][ T28] audit: type=1326 audit(1751982693.170:3185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14110 comm="syz.1.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 447.163660][ T28] audit: type=1326 audit(1751982693.190:3186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14110 comm="syz.1.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 447.189911][ T28] audit: type=1326 audit(1751982693.190:3187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14110 comm="syz.1.3002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f783cf8e929 code=0x7ffc0000 [ 447.191650][T14104] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz.4.3001: mark_inode_dirty error [ 447.933630][T14104] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #16: comm syz.4.3001: corrupted inode contents [ 447.998717][T14104] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 448.047027][T14104] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #16: comm syz.4.3001: corrupted inode contents [ 448.081916][T14104] EXT4-fs error (device loop4): ext4_truncate:4288: inode #16: comm syz.4.3001: mark_inode_dirty error [ 448.107051][T14104] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 448.134069][T14104] EXT4-fs (loop4): 1 truncate cleaned up [ 448.154435][T10507] EXT4-fs error (device loop4): ext4_release_dquot:6974: comm kworker/u4:41: Failed to release dquot type 1 [ 448.180808][T14104] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 448.251865][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 448.282120][T14125] loop0: detected capacity change from 0 to 128 [ 448.310339][T14125] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 448.460321][T14128] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3008'. [ 448.789539][T14139] netlink: 300 bytes leftover after parsing attributes in process `syz.0.3012'. [ 448.836643][T14145] netlink: 'syz.4.3014': attribute type 6 has an invalid length. [ 448.900835][T14147] loop1: detected capacity change from 0 to 128 [ 449.078091][T14147] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 449.581689][T14169] loop4: detected capacity change from 0 to 512 [ 449.627997][T14169] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 449.641258][T14169] ext4 filesystem being mounted at /536/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 449.779167][T14174] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 449.789959][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 449.916836][T14174] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 450.090852][T14183] loop4: detected capacity change from 0 to 764 [ 450.125794][T14183] rock: directory entry would overflow storage [ 450.152591][T14183] rock: sig=0x5850, size=36, remaining=7 [ 450.409994][T14188] loop0: detected capacity change from 0 to 1024 [ 450.475402][T14188] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 450.546157][T12792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 450.711574][T14203] loop0: detected capacity change from 0 to 1024 [ 450.781211][T14203] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 450.888614][T14203] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4036: comm syz.0.3037: Allocating blocks 385-513 which overlap fs metadata [ 451.496538][T14203] EXT4-fs (loop0): pa ffff88805e4e49f8: logic 16, phys. 129, len 24 [ 451.505401][T14203] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 8 [ 451.552414][T14213] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3039'. [ 451.817880][T12792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 451.966957][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 451.966973][ T28] audit: type=1326 audit(1751982698.126:3192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14223 comm="syz.2.3052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 452.007615][T14224] syz.2.3052[14224] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 452.007756][T14224] syz.2.3052[14224] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 452.043770][ T28] audit: type=1326 audit(1751982698.156:3193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14223 comm="syz.2.3052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 452.080664][ T28] audit: type=1326 audit(1751982698.166:3194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14223 comm="syz.2.3052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 452.132744][ T28] audit: type=1326 audit(1751982698.236:3195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14223 comm="syz.2.3052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 452.187108][ T28] audit: type=1326 audit(1751982698.236:3196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14223 comm="syz.2.3052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 452.236733][ T28] audit: type=1326 audit(1751982698.266:3197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14223 comm="syz.2.3052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 452.325108][ T28] audit: type=1326 audit(1751982698.266:3198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14223 comm="syz.2.3052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 452.399213][ T28] audit: type=1326 audit(1751982698.266:3199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14223 comm="syz.2.3052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 452.631913][ T28] audit: type=1326 audit(1751982698.786:3200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14241 comm="syz.2.3050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 452.683806][ T28] audit: type=1326 audit(1751982698.786:3201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14241 comm="syz.2.3050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 454.468610][T14265] loop1: detected capacity change from 0 to 1024 [ 454.523240][T14265] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 454.576052][T14265] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4036: comm syz.1.3060: Allocating blocks 385-513 which overlap fs metadata [ 454.624474][T14265] EXT4-fs (loop1): pa ffff88805e4e4cb0: logic 16, phys. 129, len 24 [ 454.632643][T14265] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5377: group 0, free 0, pa_free 8 [ 454.753657][T14274] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3063'. [ 455.644328][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 456.068177][T14294] loop0: detected capacity change from 0 to 2048 [ 456.123930][T14294] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 456.218783][T14294] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 456.558918][T12792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 456.743653][T14316] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3077'. [ 457.700193][T14329] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3083'. [ 457.751421][T14334] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3084'. [ 458.250091][T14344] loop0: detected capacity change from 0 to 2048 [ 458.272415][T14344] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 458.365304][T14344] EXT4-fs (loop0): shut down requested (0) [ 458.467216][T12792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 459.414477][T14365] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3096'. [ 460.152511][T14384] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3103'. [ 460.356919][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 460.356987][ T28] audit: type=1326 audit(1751982706.512:3204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14396 comm="syz.0.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808eb8e929 code=0x7ffc0000 [ 460.737662][ T28] audit: type=1326 audit(1751982706.542:3205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14396 comm="syz.0.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808eb8e929 code=0x7ffc0000 [ 460.932791][ T28] audit: type=1326 audit(1751982706.552:3206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14396 comm="syz.0.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f808eb8e929 code=0x7ffc0000 [ 461.015656][ T28] audit: type=1326 audit(1751982706.552:3207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14396 comm="syz.0.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808eb8e929 code=0x7ffc0000 [ 461.068906][ T28] audit: type=1326 audit(1751982706.552:3208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14396 comm="syz.0.3109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f808eb8e929 code=0x7ffc0000 [ 462.141674][T14410] loop4: detected capacity change from 0 to 512 [ 462.152293][T14410] EXT4-fs: Ignoring removed mblk_io_submit option [ 462.159290][T14410] EXT4-fs: Ignoring removed bh option [ 462.272330][T14410] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 462.284499][T14410] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 462.332992][T14410] EXT4-fs (loop4): 1 truncate cleaned up [ 462.346519][T14410] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 462.658401][ T8219] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 462.840145][T14422] tipc: Started in network mode [ 462.852958][T14424] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3117'. [ 462.854034][T14422] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 462.885393][T14422] tipc: Enabling of bearer rejected, failed to enable media [ 463.321359][T14436] atomic_op ffff88807cc20198 conn xmit_atomic 0000000000000000 [ 464.164918][T14441] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3124'. [ 464.328785][T14448] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3127'. [ 464.365085][T14449] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 464.433067][T14451] loop4: detected capacity change from 0 to 2048 [ 464.490539][T14451] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 464.511864][T14453] loop2: detected capacity change from 0 to 1024 [ 464.537435][T14451] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 464.569295][T14453] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 464.589235][T14451] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 464.602937][T14451] EXT4-fs (loop4): This should not happen!! Data will be lost [ 464.602937][T14451] [ 464.619636][T14451] EXT4-fs (loop4): Total free blocks count 0 [ 464.629092][T14466] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 464.629936][T14451] EXT4-fs (loop4): Free/Dirty block details [ 464.655236][T14451] EXT4-fs (loop4): free_blocks=2415919104 [ 464.699945][T14466] EXT4-fs (loop4): This should not happen!! Data will be lost [ 464.699945][T14466] [ 464.704507][T14451] EXT4-fs (loop4): dirty_blocks=16 [ 464.733563][T14451] EXT4-fs (loop4): Block reservation details [ 464.803675][T12571] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 464.957683][T14470] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3134'. [ 465.232368][T14481] dummy0: entered promiscuous mode [ 465.271838][T14481] macsec1: entered promiscuous mode [ 465.319571][T14481] macsec1: entered allmulticast mode [ 465.325075][T14481] dummy0: entered allmulticast mode [ 465.335538][T14481] dummy0: left allmulticast mode [ 465.342678][T14481] dummy0: left promiscuous mode [ 466.587623][T14501] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3141'. [ 466.721860][T14504] atomic_op ffff88805db35998 conn xmit_atomic 0000000000000000 [ 466.814434][T14506] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3143'. [ 467.184389][T14514] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.3146'. [ 467.253845][T14513] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.3146'. [ 467.600306][T14520] loop1: detected capacity change from 0 to 736 [ 468.460386][T14544] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 468.666466][ T28] audit: type=1326 audit(1751982719.828:3209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14553 comm="syz.2.3162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 468.791993][ T28] audit: type=1326 audit(1751982719.848:3210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14553 comm="syz.2.3162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 468.845052][ T28] audit: type=1326 audit(1751982719.848:3211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14553 comm="syz.2.3162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 468.876379][ T28] audit: type=1326 audit(1751982719.848:3212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14553 comm="syz.2.3162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 469.440965][T14574] loop0: detected capacity change from 0 to 1024 [ 469.502852][ T28] audit: type=1326 audit(1751982720.658:3213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14577 comm="syz.2.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 469.552045][ T28] audit: type=1326 audit(1751982720.658:3214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14577 comm="syz.2.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 469.576085][ T28] audit: type=1326 audit(1751982720.658:3215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14577 comm="syz.2.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 469.581593][T14574] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 469.598756][ T28] audit: type=1326 audit(1751982720.658:3216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14577 comm="syz.2.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 469.598815][ T28] audit: type=1326 audit(1751982720.658:3217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14577 comm="syz.2.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65778e929 code=0x7ffc0000 [ 469.885422][T14587] loop2: detected capacity change from 0 to 512 [ 469.892778][T14587] EXT4-fs: Ignoring removed i_version option [ 469.926238][T14587] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 469.947066][T14587] ext4 filesystem being mounted at /156/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 469.990578][T14587] EXT4-fs error (device loop2): ext4_get_first_dir_block:3592: inode #12: block 32: comm syz.2.3173: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 470.104735][T14587] EXT4-fs error (device loop2): ext4_get_first_dir_block:3595: inode #12: comm syz.2.3173: directory missing '.' [ 470.219807][T12571] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 470.308773][T14594] loop1: detected capacity change from 0 to 512 [ 470.316251][T14594] EXT4-fs: Ignoring removed i_version option [ 470.329692][T14594] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 470.357752][T14594] EXT4-fs (loop1): 1 truncate cleaned up [ 470.379293][T14594] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 470.477980][T14594] [ 470.480394][T14594] ====================================================== [ 470.487449][T14594] WARNING: possible circular locking dependency detected [ 470.494514][T14594] 6.6.96-syzkaller #0 Not tainted [ 470.499570][T14594] ------------------------------------------------------ [ 470.506615][T14594] syz.1.3175/14594 is trying to acquire lock: [ 470.512708][T14594] ffff88805e435410 (&sb->s_type->i_mutex_key#8/1){+.+.}-{3:3}, at: ext4_xattr_inode_lookup_create+0x1917/0x1d80 [ 470.524632][T14594] [ 470.524632][T14594] but task is already holding lock: [ 470.532027][T14594] ffff88805e432088 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x15fa/0x1c90 [ 470.541398][T14594] [ 470.541398][T14594] which lock already depends on the new lock. [ 470.541398][T14594] [ 470.551829][T14594] [ 470.551829][T14594] the existing dependency chain (in reverse order) is: [ 470.560884][T14594] [ 470.560884][T14594] -> #1 (&ei->i_data_sem/3){++++}-{3:3}: [ 470.568818][T14594] down_write+0x97/0x1f0 [ 470.573633][T14594] ext4_xattr_inode_lookup_create+0x15fe/0x1d80 [ 470.580445][T14594] ext4_xattr_ibody_set+0x202/0x6a0 [ 470.586212][T14594] ext4_xattr_set_handle+0xaad/0x1290 [ 470.592151][T14594] ext4_xattr_set+0x22d/0x320 [ 470.597374][T14594] __vfs_setxattr+0x431/0x470 [ 470.602609][T14594] __vfs_setxattr_noperm+0x12d/0x5e0 [ 470.608451][T14594] vfs_setxattr+0x16c/0x2f0 [ 470.613516][T14594] path_setxattr+0x362/0x550 [ 470.618658][T14594] __x64_sys_lsetxattr+0xb8/0xd0 [ 470.624157][T14594] do_syscall_64+0x55/0xb0 [ 470.629142][T14594] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 470.635603][T14594] [ 470.635603][T14594] -> #0 (&sb->s_type->i_mutex_key#8/1){+.+.}-{3:3}: [ 470.644447][T14594] __lock_acquire+0x2ddb/0x7c80 [ 470.649858][T14594] lock_acquire+0x197/0x410 [ 470.654926][T14594] down_write+0x97/0x1f0 [ 470.659726][T14594] ext4_xattr_inode_lookup_create+0x1917/0x1d80 [ 470.666558][T14594] ext4_xattr_block_set+0x23e/0x32a0 [ 470.672412][T14594] ext4_expand_extra_isize_ea+0x10ea/0x19e0 [ 470.678874][T14594] __ext4_expand_extra_isize+0x306/0x400 [ 470.685058][T14594] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 470.691064][T14594] ext4_setattr+0x1673/0x1c90 [ 470.696281][T14594] notify_change+0xb0d/0xe10 [ 470.701413][T14594] do_truncate+0x19b/0x220 [ 470.706369][T14594] path_openat+0x298c/0x3190 [ 470.711492][T14594] do_filp_open+0x1c5/0x3d0 [ 470.716533][T14594] do_sys_openat2+0x12c/0x1c0 [ 470.721756][T14594] __x64_sys_openat+0x139/0x160 [ 470.727180][T14594] do_syscall_64+0x55/0xb0 [ 470.732140][T14594] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 470.738577][T14594] [ 470.738577][T14594] other info that might help us debug this: [ 470.738577][T14594] [ 470.748827][T14594] Possible unsafe locking scenario: [ 470.748827][T14594] [ 470.756288][T14594] CPU0 CPU1 [ 470.761662][T14594] ---- ---- [ 470.767039][T14594] lock(&ei->i_data_sem/3); [ 470.771679][T14594] lock(&sb->s_type->i_mutex_key#8/1); [ 470.779777][T14594] lock(&ei->i_data_sem/3); [ 470.786949][T14594] lock(&sb->s_type->i_mutex_key#8/1); [ 470.792524][T14594] [ 470.792524][T14594] *** DEADLOCK *** [ 470.792524][T14594] [ 470.800677][T14594] 5 locks held by syz.1.3175/14594: [ 470.805885][T14594] #0: ffff88802d682418 (sb_writers#4){++++}-{0:0}, at: mnt_want_write+0x41/0x90 [ 470.815061][T14594] #1: ffff88805e432210 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: do_truncate+0x187/0x220 [ 470.825367][T14594] #2: ffff88805e4323a0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_setattr+0xef3/0x1c90 [ 470.835570][T14594] #3: ffff88805e432088 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x15fa/0x1c90 [ 470.845363][T14594] #4: ffff88805e431ec8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3dc/0x6e0 [ 470.855660][T14594] [ 470.855660][T14594] stack backtrace: [ 470.861555][T14594] CPU: 0 PID: 14594 Comm: syz.1.3175 Not tainted 6.6.96-syzkaller #0 [ 470.869722][T14594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 470.879796][T14594] Call Trace: [ 470.883092][T14594] [ 470.886040][T14594] dump_stack_lvl+0x16c/0x230 [ 470.890760][T14594] ? load_image+0x3b0/0x3b0 [ 470.895284][T14594] ? show_regs_print_info+0x20/0x20 [ 470.900516][T14594] ? print_circular_bug+0x12b/0x1a0 [ 470.905738][T14594] check_noncircular+0x2bd/0x3c0 [ 470.910703][T14594] ? print_deadlock_bug+0x5d0/0x5d0 [ 470.915923][T14594] ? lockdep_lock+0xe0/0x220 [ 470.920537][T14594] __lock_acquire+0x2ddb/0x7c80 [ 470.925418][T14594] ? verify_lock_unused+0x140/0x140 [ 470.930646][T14594] lock_acquire+0x197/0x410 [ 470.935167][T14594] ? ext4_xattr_inode_lookup_create+0x1917/0x1d80 [ 470.941609][T14594] ? __might_sleep+0xe0/0xe0 [ 470.946227][T14594] ? read_lock_is_recursive+0x20/0x20 [ 470.951642][T14594] ? dquot_free_inode+0x871/0xa00 [ 470.956699][T14594] ? ext4_mark_iloc_dirty+0x67c/0x1ca0 [ 470.962184][T14594] down_write+0x97/0x1f0 [ 470.966446][T14594] ? ext4_xattr_inode_lookup_create+0x1917/0x1d80 [ 470.972896][T14594] ? down_read_killable+0x340/0x340 [ 470.978127][T14594] ? ext4_get_dquots+0xd/0x20 [ 470.982833][T14594] ? dquot_drop+0x135/0x160 [ 470.987365][T14594] ext4_xattr_inode_lookup_create+0x1917/0x1d80 [ 470.993647][T14594] ? mark_lock+0x94/0x320 [ 470.998005][T14594] ? ext4_xattr_ibody_set+0x6a0/0x6a0 [ 471.003405][T14594] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 471.009410][T14594] ? lock_chain_count+0x20/0x20 [ 471.014289][T14594] ? ext4_xattr_block_set+0xd6/0x32a0 [ 471.019682][T14594] ext4_xattr_block_set+0x23e/0x32a0 [ 471.024995][T14594] ? __might_sleep+0xe0/0xe0 [ 471.029610][T14594] ? ext4_xattr_inode_get+0x1a9/0x310 [ 471.035013][T14594] ? __getblk_gfp+0x54/0x660 [ 471.039627][T14594] ? ext4_xattr_block_find+0x350/0x350 [ 471.045105][T14594] ? ext4_xattr_block_find+0x2d4/0x350 [ 471.050586][T14594] ext4_expand_extra_isize_ea+0x10ea/0x19e0 [ 471.056512][T14594] __ext4_expand_extra_isize+0x306/0x400 [ 471.062172][T14594] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 471.067678][T14594] ext4_setattr+0x1673/0x1c90 [ 471.072394][T14594] ? ext4_write_inode+0x550/0x550 [ 471.077440][T14594] notify_change+0xb0d/0xe10 [ 471.082074][T14594] do_truncate+0x19b/0x220 [ 471.086516][T14594] ? put_page_bootmem+0x2c0/0x2c0 [ 471.091565][T14594] ? apparmor_file_truncate+0x23f/0x2d0 [ 471.097155][T14594] ? ima_bprm_check+0x1f0/0x1f0 [ 471.102047][T14594] path_openat+0x298c/0x3190 [ 471.106699][T14594] ? do_filp_open+0x3d0/0x3d0 [ 471.111415][T14594] do_filp_open+0x1c5/0x3d0 [ 471.115941][T14594] ? vfs_tmpfile+0x490/0x490 [ 471.120561][T14594] ? _raw_spin_unlock+0x28/0x40 [ 471.125433][T14594] ? alloc_fd+0x58f/0x630 [ 471.129825][T14594] do_sys_openat2+0x12c/0x1c0 [ 471.134526][T14594] ? do_sys_open+0xe0/0xe0 [ 471.139232][T14594] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 471.145323][T14594] ? lock_chain_count+0x20/0x20 [ 471.150191][T14594] __x64_sys_openat+0x139/0x160 [ 471.155068][T14594] do_syscall_64+0x55/0xb0 [ 471.159511][T14594] ? clear_bhb_loop+0x40/0x90 [ 471.164209][T14594] ? clear_bhb_loop+0x40/0x90 [ 471.168908][T14594] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 471.174820][T14594] RIP: 0033:0x7f783cf8e929 [ 471.179255][T14594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.198879][T14594] RSP: 002b:00007f783dd42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 471.207314][T14594] RAX: ffffffffffffffda RBX: 00007f783d1b5fa0 RCX: 00007f783cf8e929 [ 471.215317][T14594] RDX: 0000000000000242 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 471.223322][T14594] RBP: 00007f783d010b39 R08: 0000000000000000 R09: 0000000000000000 [ 471.231330][T14594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 471.239321][T14594] R13: 0000000000000000 R14: 00007f783d1b5fa0 R15: 00007ffc011c9728 [ 471.247413][T14594] [ 471.437242][T12792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 471.504667][T12355] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.