last executing test programs: 14.608545385s ago: executing program 3 (id=3187): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1, 0x0, 0xffffffffffff8001}, 0x18) openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) creat(&(0x7f00000001c0)='./file1\x00', 0x2) acct(&(0x7f0000000080)='./file1\x00') acct(0x0) 14.304877937s ago: executing program 3 (id=3192): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='ext4_get_implied_cluster_alloc_exit\x00', r1, 0x0, 0xffff}, 0x18) r2 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r2, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 7.23148797s ago: executing program 3 (id=3225): bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001c000000850000001b000000b700000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94) syz_emit_ethernet(0x7a, &(0x7f0000000080)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "6ed6c4", 0x44, 0x2f, 0xff, @private2, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x88a8, 0x0, 0xfffc}, {}, {}, {0xa888, 0x88be, 0x8000000, {{0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfe}, 0x1, {0x1}}}, {0x8, 0x22eb, 0x4, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0xb) r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) add_key(&(0x7f0000000340)='ceph\x00', 0x0, 0x0, 0x0, 0x0) ioctl$PIO_UNIMAP(r4, 0x4b67, &(0x7f0000000040)={0x3ffffffffffffe96, &(0x7f0000000000)=[{0x2000, 0x5}]}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24000000) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2}, {0xffff, 0xffff}, {0x5, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) 6.921193234s ago: executing program 3 (id=3229): write$tcp_congestion(0xffffffffffffffff, &(0x7f0000000000)='yeah\x00', 0x5) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="0600000004000000101000008900000000000000", @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000840)={0x0, &(0x7f0000000780)=""/106, &(0x7f0000000380), &(0x7f0000000000), 0x80, r0, 0x0, 0x7}, 0x38) 6.260905703s ago: executing program 5 (id=3236): r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f0000000140)={0xe021, 0x1, [{0x1, 0x1}]}) 5.950548571s ago: executing program 5 (id=3238): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001cc0)=@newtfilter={0x68, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x38, 0x2, [@TCA_FLOW_EMATCHES={0x34, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x24, 0x1, 0x0, 0x0, {{0x4, 0x9, 0x40}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x1}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x2008c014) 5.844838106s ago: executing program 2 (id=3239): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000004000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) fdatasync(0xffffffffffffffff) 5.358749929s ago: executing program 2 (id=3240): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) process_mrelease(0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000340), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x94) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x2, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==") setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="02000000010004000000000004000500a9930000100000000000000020"], 0x24, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x511a01, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x35, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000018000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0) 5.188489593s ago: executing program 5 (id=3242): socket$netlink(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 4.528819408s ago: executing program 5 (id=3244): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getrlimit(0xb, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) 4.528603799s ago: executing program 1 (id=3148): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0) ioctl$TCXONC(r2, 0x540a, 0x2) ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000000000)) r3 = ioctl$TIOCGPTPEER(r2, 0x5441, 0x6) write(r3, &(0x7f0000000080)='g', 0x1) ioctl$TCSETS(r3, 0x5402, &(0x7f0000000140)={0x6, 0x3, 0x6, 0x7fff, 0x1a, "ee1dd756f560f25a63b2f119c3439425ea59d8"}) 4.025216547s ago: executing program 2 (id=3246): r0 = memfd_create(&(0x7f0000000240)='\'\x00K!\xb8\x038\\\xb6\x14\xde\x05S\x98n\xf5$\x92\x92C\xa2<\xdf\x13', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendfile(0xffffffffffffffff, r0, &(0x7f0000000040)=0x7ffffffffffffffe, 0x6) 3.30863162s ago: executing program 1 (id=3248): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0xffffffffffffff84, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x9c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x2c, 0x3, "9ac420000461afb9fdd672bad09dfb78c7699c74e891a0c700"/40}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xe, 0x1, 'IDLETIMER\x00'}]}}}, {0x14, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x4}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) 3.237036933s ago: executing program 5 (id=3249): r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f0000000140)={0xe021, 0x1, [{0x1, 0x1}]}) 3.046706464s ago: executing program 4 (id=3250): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2814850, &(0x7f0000000040), 0x3, 0x4e6, &(0x7f0000001080)="$eJzs3d9rW20dAPDvSZutW/vavurF68A5dNINXdKubitezAqiVwPnvK+1TUtp2pQm3dYypMM7bwbiL/TKKxEEr0XQ/QkiDPReRJSh27zwQs1L0pO165I2ZU2zNZ8PPDvP+ZF+v09CnuQ5z1lOAD3rQkRMRURfRFyOiOF0eyYtsbVdasc9f/ZgtlaSqFbv/DOJJN3W+FtJuhxMHzYQEd/4WsS3k9fjljc2l2aKxcJaup6vLK/myxubVxaXZxYKC4WVqYnx65M3Jq9Njh1ZW29+5W8/evSLr9783efv/WX6H5e+U0trKN23ux3t2GrzuO2mZ+vPRUN/RKwdJthbrC9tT/blll9+r6sJAQCwr9p3/I9GxKcj4sVPu50NAAAA0AnVLw3Ff5OIKgAAAHBiZerXwCaZXHotwFBkMrnc9jW8H4+zmWKpXPncfGl9ZW77WtmRyGbmF4uFsfRa4ZHIJrX18Xp9Z/3qnvWJiHg/In4wfKa+npstFee6ffIDAAAAesTgnvH/v4e3x/8AAADACTPS7QQAAACAjjP+BwAAgJOv5fg/6T/eRAAAAIBO+PqtW7VSbdz/eu7uxvpS6e6VuUJ5Kbe8PpubLa2t5hZKpYX6b/YtH/T3iqXS6hdiZf1+vlIoV/Lljc3p5dL6SmW6fl/v6UL2WFoFAAAA7Pb+px7/OYmIrS+eqZeaU+m+NsbqU53NDuikzOEOTzqVB3D8+rqdANA1LvCF3mU+Hnpdko7rT7c64Id71g952gAAAHgbjH7igPn//U8Qmg+Ed5iBPPQu8//Qu3Z/vf99F/MAjp/5f+hxLaf9dwy02vGHI84FAADomKF6STK5dC5wKDKZXC7ivfptAbLJ/GKxMBYRH4mIPw1nT9fWx7udNAAAAAAAAAAAAAAAAAAAAAAAAAC8Y6rVJKoAAADAiRaR+XuS3sh/dPji0N7zA6eS/wzXlxFx72d3fnx/plJZG69t/9fL7ZWfpNuvduMMBgAAALBXY5zeGMcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFF6/uzBbKMcZ9ynX46IkWbx+2Ogvhz4zXBEnH2RRP+uxyUR0XcE8bceRsQHzeIntbRiJM1ib/xMRJzpcvzBI4gPvexxrf+Zavb+y8SF+rL5+68/LW/q6YVW/V+m0f/V+7lm/d97bcY49+TX+ZbxH0ac62/e/zTiJ2/Y/37rm5ubrfZVfx4x2vTzJ3klVr6yvJovb2xeWVyeWSgsFFYmJsavT96YvDY5lp9fLBbSf5vG+P4nf/v//dp/tkX8kQPaf7HN9v/vyf1nH9sn/qXPNH/9P9gnfu25/2z6OVDbP9qob23Xdzv/qz+e36/9cy3af9Drf6nN9l++/d2/tnkoAHAMyhubSzPFYmFNReX1SjbaPPhURLwlOavsrtxO3+iPkohDPbzLHRMAAHDkdr70dzsTAAAAAAAAAAAAAAAAAAAA6F07//9/sDO/33b61V8WGOheUwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9vVhAAAA//9n9NBb") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) sendfile(r0, r0, 0x0, 0x800000009) 2.945008817s ago: executing program 1 (id=3251): syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2000c12, &(0x7f0000000d80)=ANY=[@ANYBLOB="696f636861727365743d63703835352c757466382c757466382c646d6f64653d3078303030303030303030303030393063382c63727566742c6f76657272696465726f636b7065726d2c636865636b3d7374726963742c6d61703d6f66662c6d6f64653d3078303030303030303030303030303030312c6d61703d6f66662c6f76657272696465726f636b7065726d2c696f636861727365743d64656661756c742c00553459239cc27347a48417c0f93ac0ba095e7cffc5c4fddc72b0acbb858ade3fa8677c39e605a858f1fc03aa3bb441f12627176b75e5312fd7b76a313eafaed505a653df3f3e4755d83dbfae9108d0698e5c7dd588899b31e82cc76d03aa10466b2c8cf82a352e67b4942d149ea42a7612de672d0824c9e3534784c0dd0e80f86758ea33fe023501c9caf88b760bca5be74b221f9b42d23d812d3628e05751725edf05033ecf2aede9bc0000000000000000000000001932664a95e40c386b4e989f0e60bd9c00bc7d00"/375], 0x12, 0x9ef, &(0x7f0000000380)="$eJzs3ctvXNd9B/Dv5UOiaUOSbdV1BdsayZVM2yxFUrVUwYtWIkcSXT4KkgIsdGG5FlUIYuvWbgHbKFAZKLqKkQAJskh2RlZZGfAm3gTeJbtklUWAwP+CkZWyYnDvDKkhOeSQMh+y/PkQM3Mfv3vO7859HM7MnTlhf914YrO5d9dNWTq8amxpqbo94Pi1n3+T1Pn2uzT+1aeffVLePr6bA+nOa8Uvkr4ktaQnybNJ79j47MxUh4LuJDeSfJkUSQ6m8bglN1J8Py2HwZcpflrWu6EDWy2ZTpb4Ttvv/Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5Gxdj48PBIcSAT09ferDUktXXGxmdniiwtrZ+zvEzDF1Wv38UXHetNivKWvr7lrr6fPXp/9jNJaifzXGPsuapD8vTlo8efOfL60z1dy8tvlM03cnDrxb7/4Ud33l5cXHhvVxJ5+F2pT0/MzUxMXbxSr03MzdQunDs3fObq5bna5YnJ+tz1ufn6VG1stn5xfma2NjD2cm3kwoWztfrQ9Zlr01fGhybryxPP/83o8PC52htD/1S/ODs3M33mjaG5sasTk5MT01eqmHJ2GXO+3BH/cWK+Nl+/OFWr3bq9uHB2TU7dWbP/lkEjndakDBrtFDQ6PDo6MjI6OvJxs/fslQnnXrvw2vnh4Z7hNbIuYpd2Wh4uj228mXf+JA4PqKvR/ieTmch0ruXN1Nr+jWU8s5nJ1Abzm5bb/1Nn6pvW29r+N1v5npbZx8q7k3mhOdq3Qfu/QS579/d+PsxHuZO3s5jFLOS9fc9ob/+upJ7pTGQuM5nIVC5WU2rNKbVcyLmcy3DeytUcz1xquZyJTKaeuVzPXOZTr/aoscymnouZz0xmU8tAxvJyahnJhVzI2dRSz1CuZybXMp0rGc/FqpRbuV0972c3yXElaGQrQaObBK1rzLfd/tfX/nPCd87On8ThAS012/8DnUMHxvYiIQAAAGDH/dWvc+joU7/6Q1Lk+ep9+csTk/Xh/U4LAAAA2EHV5XrPlQ+95dDzKbz+BwAAgEdNUX3HrkjSn+ONoeVvQnkTAAAAAB4R1ef/L6Q4fn+C1/8AAADwiOn8G/sdI4rB5Z//rd1sPN5sRjTGiv7LE5P1obGZyddHcrr6lYHqmwbrSutOit7q6wev5EQj6kR/47H/follnX1l1MjQ6yN5JSebKzLwYvnw4kCbyNFG5EuNyJdaI7uzKvJsGQkAj7qTm7THW23/X8lgI2LwWNXk9xxr0wYPa1kB4GGx0sfOn5pdmrVp/5sRL2zU/v/tJq//y4incut445KCobyTd7OYmxlM84qD4+1KXe6NoHEZwmCHdwP6m5cs/PZ8VwbXvR/Qt7KurbELGc1g23cEWsotlnM424jr3p1tAAB77eSm7fDW2v/BDq//+11SCAAPlZUe7HdxYL/XEQBYTSsNAAAAAAAAAAAAAAAAAAAAAAAAAAAAO29LP+D/m9PJ4uJCsgedBawM9G0nw80HurJHOe/7QHeS/ar977Ptpcpt/LA8dQZWD+zziQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA9USTd7aZ3JQeTDCc5s/dZ7Z67+53ATqk92GLFvdzLBzm00+kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHzXNX//vyuNx8cbk9LTlZxKciPJP+93jjvp3n4nsG/+rbpv+f3/rqQ3S0V6Gps9Re/Y+OzMVLn5i4Pl/K8+/eyT8ta57PW9KpQFlDWs6lyiWUPLlN7VSz1ZLdU/vvD+nf969z9q45eqHfPS/OXJ8akrs/9wP/CZ4vNGFwit3SAs5/s/p375g5bJB5qVf16uaXtr671c1Tu+vt6/bLf0BvVuwe3FhdGypvn6m/P//e+3P2iZ9VROJC8OJAOra/rX8rZBTSfWPp+rFV8X/18cyo9zo9r+5bNRLBXlJjpcrf9jt24vLgy98+7izZWc/ndVTkdyPMnNpG/rOR2vzidtVXtdV29Z63AVVN4d7VDeplpKHNngeX2y2mX6t7UOtY3XodLheW9mdLZtRj/8z6dzettb+nSHGtsqvi5+X1zN7/J/Lf1/dJXb/1TaHp1tiqgiW/aU1nmrDq+uRmS15qOtM95aW+aGRyW74Hv5l/zdyvbvajn/N7fV3pyPWmpsf1wk2z8ufnZ4XYtyX9UiHV3TIjXPPhst08zzaCNqgzz/Iq8mPce2dUZ5tcMZZbeO/58UA/lj7ur/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAePgVSXe76V3JqSRHkhwux2vJ0tqYuw9QX1d/8SBp7pgHyfnbp9hwRYt7uZcPcmivMwIAAAAAAABgd1wa/+rTzz4pb9Xn8d35667mnFrSk+RI8aPesfHZmakOBfUmN5Y/0u/bXg43yrsn7o9/WY4922Gh/b18AAC+1f4cAAD//7IYb70=") open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) 2.823562954s ago: executing program 2 (id=3252): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000002c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x801}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) setresuid(0xee00, 0xee00, 0x0) 2.822613018s ago: executing program 5 (id=3253): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000b80)={r3, 0x0, 0x25, 0x0, @val=@netkit}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x400251}, &(0x7f0000000180)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000500)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x33, 0x4000, @fd_index=0x1, 0x5, 0x0, 0x0, 0x2, 0x1, {0x2}}) io_uring_enter(r4, 0x627, 0x4c1, 0x43, 0x0, 0x0) syz_emit_ethernet(0xd81, &(0x7f0000000bc0)={@local, @empty, @void, {@ipv6={0x86dd, @dccp_packet={0x6, 0x6, "936c34", 0xd4b, 0x21, 0x0, @private0, @mcast2, {[], {{0x4e21, 0x4e24, 0x4, 0x1, 0xb, 0x0, 0x0, 0x1a, 0x5, "9d3696", 0x7f, "afe0dc"}, "96ac244a4c27fa87c0d235551dbe506f162d0dd4a7234c0018156d56069f0a7a2d61d0e9e4382abc6ee8776b844ef23aed0ecee5cad64c8f0234fe82a24f0ea53e12cff09a94248015517e98adb1b67b0f3222d937b71f7fd1477af36f29b6f30f7d3ae6725cfede95cdaced89ba7fb98371a8600ea3016bea5516e5b8919bc6c6af28d09b6921ac86fbf6a5fe6868b79c045e8909dd1c0892c8221a4724043772cf0af5ae8cf638299a6cc2ae60daa33095206d348952942ac6e833466047e7152d29338f823a9c017710946ba448e60e63cd98dffa7070c15341da9500e9b7c55cb2cb97b34fa0b767249d5631f04ede4770e6b8e659040c3ea2e617b2e9154d7f622f9de46228104caf7fb3bb97a82fba1ed40df47d95e4638d7bdf82286ccdef72e9e2657aadec9810b466c463dfdc2e8e126f96fa6f44cdd69246ada7502b95aab8e520525d10a99c71e8838abd3b6ac770f48a1107c77013f78908a73b3389973d2c91a87a41bc221b57bb0661881044bc0aeaa904d58e019958cf4077d70ca2377d5915455cdeca57a641f3d424c0002b75c8709e695abb23322c9472e174006381d18005865d035b4ad295a3230a3f946c21fbdb58dc811dda26b1aacdc104e99b5839e626e2c71bbbeea570259478fd9613245c7f88f9e1ad7835f70ad1993cd25d7652b266de363ec33c06fe3a34c15169bd3f4bb294855fb5595e1a4deb30299ab2d828694b77e78ac271011d7202f1365861eef9689c013421db8709560d938682c7f9a7dec7f018b9de80d483f0e6cd8c5367984142e729998671fad4bc8c17687be186c9f1e6b84adde74f9d185ac3a9a9f6be597d4d0db2206a60b51397ef11d1d9fdc631b6da78be69415d3e617991c090af1328bb613633c358f929f435a717ed4cf985e74a092e86a5f26d0dc9e918795b606ca6b5e732e7f4b19abf994986efe7f369d5e8a7a3a4044d371aa050524d0150738501c6a4215df1b1f06a0091a904c90ad759df341c7522138d9dc4243b3dc87fad57b46c204e641366b7bfaa58762df74a162fd2fb685ba319ef65081bd481265b43faaed60930e34e48a2e6d9b77543e63a5989f43abb1fba7c2edc9f119d92d82f71d89f2b5102852cd25ad8fe8dd341491b2f3f54a2350803f7431a3a8174c8d9d07e3b339f1ba4356e43ba8b359774d77877cee1e08da2e61c75b9836ce0a3d0ce985d497e3bfdbcecbaf6a63e0c39e5b6e1db8935c3071584f6356778a5b3de4745addc2a40a4db267d58a06379ed1f411362526b69bfefa4ebe5c3df40328e9b34c3315dd78e6026fac216cd48f03172229cae65a625d0a011f603de7c717c24da2d3b427ac9c21a910e6f1ca72e8b634eb5651afb9c9a6ed51faa9e22da18d1b741bead9f6ca2e2210306946ec1a12cd92d2079d9dcd755280513996024de881146fcccdc749af4ec651e2fccf8f1e71db9159d9c044923fbc35ad44f6997e4264bf9235778f46255bf662d58817d9f976c1729e715a98852e2d2e03b4c76402601d99174937e56a9aaf971c03704dfcfb970f4f1856274b9f64f11954dcd3692c5b9110a2854be44de05fb546b6642d0b6d04b7071551ddab35e4240405bc13deb3197c84989dc7e9e132f68be6cbdc71931cc110e302f8d169ae34aa386a5b20d370ef881286a8671aeb4c5f87d6c83846149b89b38091db91b931b56a252dd8351c2fd9537a27a0ebc349557e93a8e1b8a7aa3f35a83aa402197d80965bf26a7af8f0e3043b15b22182f856de447585d332cbb6955bb5b7c63733b23a8d313cedebb3973265d4510f87c6f49cb822c159334e77cc4ec41edb591b5cdbe95087baac78e0604daccff8c65aca949cc019c6d0cb1f43c189e9387e6dab035eabfe6d12b8f9fd554e0c910ca2a517b483c8e5d7caa63f887727d2b1fcd0331b3b6d8e953423927494e716b92f7cfa6572acd81d9cc8657315e567b98d483dc3ee2fc07d2d09c44aff6d9413283895c8b00928e679fcc40cdf7b92087f7428febf9fab94d71477c74ea194c3257211bfe7393eec4b0de9d9d240ade8f5896c716cacc029d467587f200c3f727cd000c842d66b815c9121a2dd7e28662e8749e2ee86a46cb1f7f19d8dc4ba49b84f74a78217812184efed52e961f0158611409180b89bb0bba1b904f7d724aac636d96cb6fc13385e00914375449ef75eeeb6ea6af68570dfdaa9755fab10a5dc040310d4b6e95a6632875dafa769daf3fc47b000ec0490d7953d75d1ca428f5a87bdc0f17df5fab0767f5fe59f46271ee09d98c8e395b3af04458e5ec91adf717beeb4f6ccb7585588c5c230ca846bafb8fb4cda324f1d852c0e9adf1c483d419512274aaf925efe87a249792c9ba7d7ffaca828dda2303fa1d23ea77f02be0bffc225ea56aefaad2d3bc366a392be17f2558adc32da5f9ec059de27c290533fabed897cd9a18720e9c9362a65f06376828c14a705ffd805e53ef98cceb11ef21553166481a3758d950aea7ef762eee3e0b9cfd8658870a9a77695ca045d3c651df818c9d6cd373a6f225ad089806650205bf734ec184311b17ac8f45107d84cdd726fcc23ae2fb01582d42961c48e36726ff58b4fafda4d7a7dad0fc12a5231c230bd35d42ec0477cf0e33da7f176419504fefddf69b981e2dc43a0e5271d2baba8b06a1226e42b7b4319ad3a22362c5d654f4ca1692038c5d672922980df263455cb5691131a2cd8ed9874078ab5e844f3be25b7c25b58fbdce0560a293e5cefa420711ea56ce67f3a49567a310f8e4f1afd8378ebd32e3fa1d0aa7d5cc22b1267d827b4506717f4337fb38f8c2dab6d7fcba94d56de90e534b8a3ce8928ac1c4b3c2dcfec69c4d9f21e651ec730931b0402b610167a99f56c598c03ba8861059091090751d37e937148d667fd52b5d18f54b59a0091ae92ee5267100c0d3650e8aedda07d74d4335458371cc7366f86b060f670905027b1a31098d3ab8cddab29f21d1c6134ca3add671effd6b0737253c165d194da720071f8ca5252b7bd1af1cbeb1117b7ba232641884fdc85fbd29613b6ef92f6ced4f0a2c4bde00e4a3f7e3a06260bcf62c013761a0c0474cb7de456a75b31faaf5a4ecf52b696e54da615e53c2ba272c1c84bb28f9c31382eea886d1416c254713bfd89126149b27b7cf401ba3ad1416be401d29b3ee90c8b265f420a76c1e593268f028c0bccddb2bd94ca7b4b9c4556333eadd53f66511848c47409c0001c1ba708999d77dcd3205530fe69550ab397d5b8c2fd2ec1d28ac6807cd3d366e093d861a91b76cb3cfea35b0c2e6721218b67c908b85773828fb2758fa4cd88736a132ce116f82bb94bb2ad24e299f61de5229c22080bc29f6d877af257a58d0aec30c0977b6c3c4bde6b8b2d983308cf39a45b52824ab8a2e8091236b80354296934fc1a92902829536e426247551f530c41a91a04894c1670aa34f979b6005939e06d2337446e36470c3b2a3ac62b8967904d7c77443cd87a429513c495d53455ae1bfca7b6a95ce3c7aaf28f3afafddfc4459ac34497761fe0cc30b3136b1a073266a40c2c1e1f40d0f1b5d32d80eebe80bf031a16c1b522a67bca724da6e541332384a80e7dc340cc794582bf3cf68b45f05f13ce776b123b42c477553838f349a6634059e0fcf4f2aeb821244a7ee4d74825289794669a7e7f04497545b216b0106cc731801faedafe935f91275d4d5c21920fde28cec45fc55334f9148013417c2835b28433a50e287409b9790bae5d89a6ff68bef21d6dc040c798d4a75217f6b2628e57ff03c0b7efe72578386ccd9d333759c687b013cf38d2d7a53704bf5241fdb00629b1aa9c4205eafada8407477c131e04d1b8aacda0fbcfa09d89e99907deda0be9f37c1e8034dc4d9f678bef943c743ca53f79eb51d22231b9c2c0670a58a352d1a58e1ac266cee2ddda2ab870a000a0e98d3527a911151820490d4011c9a0fc0f5b389ba7e624b068ad8cf5b320d936acbdc9298d5c5503ae2288df12c06d80f2d8164cfd0f4896942d051c319229666c135434b92ef309dda573e9d430f56557243f38ea5fe5caabf5555df5ac3d82a858735f08636fbd430455f5bf09dca15914055e2eb84fbcbc55cc147946f7951efa258afc57609a1cd41ff6a52dba95bd957869feb7e8ca600f2b20bf19d610e7b179506cad6f98d25b89aeb42b6313123a6d38a1d2c8f59a69a0e16a4db04f73b12c9cf3e782f5d71b44aeb2e85f59d34d43c855e3f49eea31d53c1b52977ce3f315b2c6838905b6c453a6823454ad800371dc22b6f1754e0b7bda7b93a4b9c38bda77947877182cbe374dffc50e46e7e5b86f626f3c9e7fc08689c765f6897651e04c604dbb691606b9899d69da262a7458bbb8c85752d3727823926757d390d3a45700106a62add683a9185da048a74d150a17d6bfd1c85e547703eaf2aa880d9ff9bb27f6cb1bdf18e9f5f419f0d364c1b8d1b7a0564888f4a5198d8137c39456c9c573e078aff60c3f64d337e48a0198edbc1091ef7ef42c352f4cc221303c048cb373fd9ae1102f87f7e099e5cfb2a01cbffdd4bce63e7d1bae825421e761ffc06daae75908ebe5c9171cd1f3e481d9a0a6ad608e9434a4fb9e2ba75177311d948ffeb8abf10238979ea9aa8670b4aaf599ec0bc162746186ddebfadc5d93d2aabf0a6c3889fd6dcdd82ba9ce7b7e182c8d7f63519c3405b3610dc9efff82a3695b321fca1859599e589161e08cf26060713c9b4ac0a1f65db611967f559"}}}}}}, 0x0) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r7, 0x11b, 0x2, &(0x7f00000004c0)=0x1000000, 0x4) r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x4}, 0x50) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000240)={{0x1, 0x1, 0x18, r8}, './file0\x00'}) setsockopt$MRT_FLUSH(r9, 0x0, 0xd4, &(0x7f0000000880)=0x3, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x5}, 0x50) openat$vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x4c0100, 0x0) 2.652911184s ago: executing program 4 (id=3254): bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001c000000850000001b000000b700000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94) syz_emit_ethernet(0x7a, &(0x7f0000000080)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "6ed6c4", 0x44, 0x2f, 0xff, @private2, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x88a8, 0x0, 0xfffc}, {}, {}, {0xa888, 0x88be, 0x8000000, {{0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfe}, 0x1, {0x1}}}, {0x8, 0x22eb, 0x4, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6}}}}}}}}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0xb) r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) add_key(&(0x7f0000000340)='ceph\x00', 0x0, 0x0, 0x0, 0x0) ioctl$PIO_UNIMAP(r4, 0x4b67, &(0x7f0000000040)={0x3ffffffffffffe96, &(0x7f0000000000)=[{0x2000, 0x5}]}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24000000) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2}, {0xffff, 0xffff}, {0x5, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.54719898s ago: executing program 2 (id=3255): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x0, 0x1}}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x200000, 0x3}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x2, 0x1}, 0x10) sendmsg$tipc(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000090}, 0x95) setsockopt$TIPC_DEST_DROPPABLE(r4, 0x10f, 0x81, &(0x7f0000000000), 0x4) dup3(r1, r4, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x50009401, &(0x7f00000007c0)={{r0}, "7732a304c678515e26311dc21a3c02fa65a5110b96cc53ca0431a677de488e39420137452800f7e92bd67a6af8b2081eb6a9b3d3b889d60db96a1fa6346e7ab24822188b6d9956a0a671311677b67654f70671c92f6a22b6bb266a73182478fadc0db3a7892a4a5c02443c4386c9da83d5a5bc465781293c4649189a4e6b575aa1a4ee4866a2657638788577ba57b65803159c147b1715a857ed773610a59d6492b5c0944c41b88593ee84699ef808a2943d017805d3166a8163da94d72d716c6d134349fd4ceecf53d7722c6a7a412727583bd29e02fce9b17a65dbd7a7042d52ff0d7641ecacde3a29a84650a227886ec764154a807c8c5fc33d2c6aa54539b6f2d441d173edbd05cb2858150ddb1f155446580773ff916d83e3e7753b89eba9fb4ffdddd10e39cb11988487f75d27a69249519a7139c9cfd0826eaa4db3eaac20a2f1b58443ec4cddd90b6547f5defa55bdff43d388df1d7abcad95d2e1807f08b96b27c1a8b03c6bf3615303cd401d0addcc9dfa6ea73756ff1978fbde9f6f72e77a81ba45f259652145b76f43df6301da1a4ff74984e8131547dce8e63a15cf65c6fd2f6f94950f623904ee258974f70414f84939939a716609f199fd7f4e5d217c451dfee85fe7f6d2e29a5ecb445e2033b7cfc548a5642beb004eff84956be0b8b4ca7bf48db0b8b3c919d9d69d0309f6b3d8e0540364e72ffe880a5d197c6452c3cb5c77543b87b42641bd62f6bb1997f15d2b2dcedcc8e53a11a43fb585f5bdd79de0515761b908b7d7971f4741aa2f5ca4e40d8f7b277e907e5754b96c85cf4036b3f552c68ac6a7cc536fa5ad8e8d75e768d321568204ba0d9d6d119e5984789531ae103b3cd7ea97cc472691134f387b8bade2e2e3d2aae23c1041554f05cc94e39a7eb2c0f7cb811a944922459f0458c7ff5d790c55b332228c027c8c48b4a698f0f61a2a8cfe523ddd40879894311fe62abb00827a5e7ce90196279f8e3e42a53cd8d7b5ecd3cc1dd2250ba379fd6e5945317781443e39f5ff6f33a787d61d46fec02bdbe543b7a6039a32805ccfca73d3e205e6c959667e6c8c5e9856386c5d744287ce8628072b9e9b1af46a25d935dedb2fd05fe197ad2b76390416e3df2d7f05410833607b38cc98f15794bfd48692ccbc3d90afbb04ea1f55b7eb1c09831e3738c17821b706c61c1d81d04fbcc312b990f3f56cec05096279ef600063a46e9e49ae9711952cb2c157f660f777269e31f322b11273827642758ef12147b557bf7a666bca070ae3a38aa7ea76065db26b00206b457f6bc7b5ec14fa24474513dc3784729da8101de1bf7cd01b3d86b56ab2c7bf5edfd3bce6faf2c056dad02296ae61d67d2cbc070b73f43c88adeadd92d7f02ee7b16c8c440c8525334361b3ab52bc39b4811859004a4df77f1fa12e12d672b7cd29f2bbd2fff97d8c3f5f09e2443febb77eeff2649072919f72fff8e5a891c01f25877afbbc973a8724c195c6d101b2fa4062f28a976dbce5a928d3e3302c098160ffce3878a90b5e3bc81342857006aa8892a1ed294c6ac3fc5d87831e68c0002b141f42806f449bac34184d41451936294ffbc57c11e0bd2c90724a672fe8a9b6d5e237b714cdfdd8c97effebfcd989aa93cab7eca5eb96055544d2e6f9f7e9215cc34f2959e72129fcb079f5c7c83798ef1074437989e18d1a66695e3b3f7f3b1621bb3a43f4654ceb96f1a78ab2562b26f94efa4a2b3be187b2057a800bb9ba3dfe5c5b79c1d06b47688f53cfbcaf0246b5ae8aac897dfb42bf2cb8a8706bd70e1ad58c92029d170f98483c63700a0a0733436b942a9d72691a0965be9d68a180861a031fb1d445aed7cf9a94648c3df8ac859f3695a8e16af30d481640ebef3fd225311e43da2ba7e9febf1570c027639a00b8d579d6d20eaa19294ec96d28f51eff867f84d720709f0e51a490c82cc9b03a36ea951dd18b0f471da027b1e455c534ca92f4c0ebab95b3539a8f64e2826dd38e4bd4a1846a953a3d7cab958d94b21f6fd7c1f41a248c7c935e1aaeefe778e0d0f9a9a3e43cb5406deb33b53ca2528a64a37aec86fbb9b018f64dd4abedd778b19b3b6c8cea1d8a14599d25d9a2696edcec6b72f038472d6ce54a13c39de0880345f0c72e1eb369b0be143b1bc9fca1c385d0d1c30f1ef6b02a46197bf4efda515cad3f23cd7a4a10fcc24fddc7ee2d362bea046d95ffc86a3b3cc924a88bfa0e40a75ebf2241aebfc87c16f8c93db90ac46ad80a941546c981cac204483f1d73289d627b5ab9c07077e399b3e33599fa3561b836dbf1ee581406485d1b59af71171ff6d61956479f11c4b64fa6c56dd27171b9df6651e049d09a6713d6df5ca187789de9be8fc5e05c1bef64b0bae67d9aaa0f6a98ac1aaa442634272e82db6bd99bbd51a1a7abe4535f45c30e29f850149555d7fd8af68686215d043767ce9b4461a67df94521df009f03aa8e258e8d7f9913350aea0887ede247b9a35a5513c78271c7350a2d2663ce6c6f86ed0ae1ea661ac3df97a83179f5ad2b2c3e3f1a4c675dec29787d32f0a9812f9daf2a1e46c1fa2bbabe21d5c252ee76d715e9776167cb8c209a7a4976f4f7062304e773cf1012a628b2947e7b787e5dad78c8659442651acac0cdef3aeca2d01f1ecbaf75c6b57213a3f623e081eda1e626a02d24d3d32250e556adf57ca7c8e4355cce22eb64a5ade8f0dc049e02aefc2b64a3671a5223d37399f689bb8aa6e6fb117be561a445d2bc4fda501d4352feb173bbf7717c1e15b1d56974b14f29452e085bf0b0bc2ef1aff94f741b8c0f734960e3e53267e0e644a896ad3706b3ca6c316090054c5212ad98bb6e6481861761b4d961211e7dcb44278432826fdc6cc3c92dd4bc9c9654b19d8c4111be54e867bd038a8d4b5678200593652e324f7db6a2e39439ee58a6d991737fc4556f061661c559b24de54845d37b72e82c90df45f2d5e2d45803d34d065f9489b895e7ab072d64963f305992625392b79448594e3b4d3565057439c071f836536796bff970285db5ea82ed5eb4f2e5305fb590135dcc1829406922195092e9bea14f54df449d7681aa87e65ca8b9581a96cbebb536280e4024e739193d1ac14bbfd3e6036f391948dcfefe922dc6bdead0278897aba81cb0a7580f0409ea6fbd0f6b83f5a0207be787d584384f0b142a6b33d4e01bd1549e11ce31c68d7831144bdc92270eb8d92dee0be2d78ef5d75dc83241fddf4f84718bb62ae5ef6bab67aa9e5e482ea3c8920d3d3eff96f1ec86d5cc7de1b7d199e06549e06fa68bb5c3336ab74c52e7453bb6e89ec7b99113836ee39495a3e05f6ce857cf51ccc05db9a2d0ea3559ba57549c8d0e01746a2e00f93f82f18cf1947e5a1ec802c3dc493fe2c086996987b593522fedb6f361a1b7830546ea17b6e958e1a4410f347745d3a636cb798abe33e3b661039c62c687e1c5c4533c5313ad8828d2397bda2431d7774443b31aca6b745aeea707097806631bdef1b1b3e500cebaf0a2f4b60e48ab8cb64e28c5d07bf0d2f83e66b1ff661685f4a0e0c4c30cdf8c35be751553a917d9675e388483eba7c2e442cbbd1634bcba32d8a4a2f3197d73c1c832b2df121bb0c7e4b4b9d6c0018fa067004e641dfb91efcc67a31e5484c0feed374f0b0d79954816dec49d0300c14c8d890653c3bb76fdd7e8ade2ed918ec895368327f695098645496f05017deab39cf7d5ff43cc960e93b3622e76f4eaf03fac8eb57cec55e1a63ff5177fe0d4d33fcd96290a7b8f6077297cfec1a4ebf8097e2a7226f7268a1ba7b07169363d2ae9148aa6607164857cbd4e6d938be789af0afcf7503f76ac6f5b69b7aaedb982659cce6ddbc61fd0937f01503070e994af19ff3fcb6ef9dbd862da119aea51a84f57e79c3ea8611ccaabf4ddfabc59f5118ef99bbe0865dad3e47d3a45b7667292662e6d6e40e2c51d946092c3108ffbfe7fe57e61f38fa13648debc3bf67c7154f5f870c9e242385e905dd586685a9fa471eabe212d6614e56d871e05db5945373d43633679ac692932b0193c15cef3121b0137670f980925e5a18610db9d70a0232b5b85bfc84b842498f3778c3315998c638166ed6bf456c1572ac0843128efd69e7b3c51b9d3c35e118ef8e529b542e5594bec3de546adca11c139778c89bfc2103df595dbbb1fbf870fdd518e0d7bb6d5e76002414fbad578a5c22f19f68b23742af84a7ef89dfc4dfe35050c8284287817adbe86a66afc07b7e3839fd64aa27aa1f64f743fc5ef19c3697c8e93b783ce2c6fe5de2c95546928c1b01e5d927455807c83cdb91626f82bc36d8aa0ee6c8a6045e6842679375fcc061eff360207f8ece17dd28153e92dde8af6e71f660b03411b569990602460d8c659609806567051d4a72107f4aa3093fe911017bb4c90ec7a0fe00aa1adb59cc1fefa11becf3135f4224271adc8d9bb03839d65a253023e763586acff3dfb59f4072d9b15e8f0817cf7dd385bfae0abaf81821f603ee1abf4d19acfb187fb148fb931b73e49381d07633bbc2f5aacfe53c74021c043e907d2ff1b20058ec4888dc8052b0550b519b4f610d5031d03ef9aac2058a219d9f0174d2c25389314cddf0ad84b501a5282923c1ffed0e6fac85bcf7ba8557415a1981dd98fe6756182faa6a678a7422a2e9ed46b5aeae4c2fdb4a939cd678e6ba6c0f3303d1580dda3187defef3cbcda652665b717a57b88903cefb2af500147c35bdb58aae32dfac8c8dc9e37764da742e97d72633b55025a951f4f7226fff22e5a3a81f5ec71e4754b6404a27ee9baff2c5dd5fd9f023f78ac50faf890a44e932983c378b98b8415b280f5f25a9bc3cc20b96de53c5c1381c24fa6d20d00a612aee20bc3a5e318e58609c7ba5ca3a21825a03bc30162a0372a5eac44d24080a02ca06c61a2d0e0bddaf038e145ec9e6ec69a4aa0449d813b15c1dd9eb768d21b0720eb66965a48c473ccd50f2e40941542d020ef8349210cb208bf1b30aa663ec07883ccc8e1a8343fe8593b6b66b20b3673d9f84e6e853fd489b3212e7d2a8a30e0232630628a852dcd9fc5f0dcb964f03fecce39627e13a824007317b4d48824ad0c2114ac326c13dcc6fc52cba23e13cf1b1d9afcf06344576f56bb447a1627c8a908b8a57ec40ab37ce1e67c806eb227f4971be49ca8e3d505f20f084affe5b1844e35ffce4696ac87fc0089912f10fc051661e66a0f0c999f5cfd5edddf22ba4ace099d35d9db22e7ad297e527bb9d0e9006dd677167797208207ed901d2805abdd70b7fe6135246f6b14047675c36f121a297b8be4417756db34482a14a44d474add3ff77643425df387a8ea4e12e55846607605f745f5eb354e10ec88e6dca0d2767f5eb1c6e3bffe6469c76ea2fc35b22675e0fcfb800a1a7e546e850a5293de8613f61207d9b4b872e397df8141b52643345124324d2641dec9ccd0b11c6524614e2f5d1d8070508e6a3766c443acdc080e748e3b8e851c71676c3b5bec5f0293fb7feb09ead01798e57318eb922394ec7ba3326d4480e46f52224162e3640918f988b525d2c441afea6e71649cc829c9be8f0b35485bd7fe484cec0b69a6e9435caf32ebabd115aaa4a0c65c951d86240cf8cbf82a950ead1badacb63bc5d572524bc27b7c3a9f6cc1edbd7bfd034adfb02fabb2301d000f62989ff887e7cba6ae913d643669b077f7154bce113284a6f0c1bac6ea156af42eba99311ea8fd2a795c8c000db048d9f1"}) sendmsg$nl_route_sched(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x34, 0x2, [@TCA_HHF_RESET_TIMEOUT={0x8, 0x4, 0x800}, @TCA_HHF_QUANTUM={0x8, 0x2, 0xd}, @TCA_HHF_RESET_TIMEOUT={0x8, 0x4, 0x6}, @TCA_HHF_HH_FLOWS_LIMIT={0x8, 0x3, 0x8}, @TCA_HHF_BACKLOG_LIMIT={0x0, 0x1, 0x2}, @TCA_HHF_QUANTUM={0x3, 0x2, 0xffff8001}]}}, @TCA_RATE={0x6}]}, 0x68}, 0x1, 0x0, 0x0, 0x48801}, 0x0) 2.47696575s ago: executing program 1 (id=3256): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, 0x0, 0xf00) 2.426433251s ago: executing program 3 (id=3257): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000380)={[{@noauto_da_alloc}]}, 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") r0 = creat(0x0, 0x182) fallocate(r0, 0x0, 0xbf5, 0x2000402) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x5, 0x0, 0x2}}, 0x20) r1 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x100) preadv2(r1, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0) 2.359010434s ago: executing program 4 (id=3258): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000500000085000000d000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00005a4000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) 1.861012513s ago: executing program 4 (id=3259): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) 1.860768281s ago: executing program 0 (id=3260): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000100070000000900020073797a300000000014000780050015000000000008001240000000000d000300686173683a6e657400000000050005000a000000050004"], 0x5c}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800000000100000028000000", @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000fb000000000000000000"], 0x50) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000030605000000000000050000000000060500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0) 1.823554906s ago: executing program 3 (id=3261): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='tlb_flush\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 1.734815159s ago: executing program 0 (id=3262): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r0}, 0x10) r1 = dup(0xffffffffffffffff) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240", @ANYRESOCT], 0x64}}, 0x0) 1.645781832s ago: executing program 4 (id=3263): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getrlimit(0xb, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) 1.575398926s ago: executing program 0 (id=3264): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, 0x0, 0x0) r2 = socket$inet(0x2, 0x2, 0x1) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010) sendmsg$inet(r2, &(0x7f0000001040)={&(0x7f0000000040)={0x2, 0xffff, @remote}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000024) 1.391212856s ago: executing program 0 (id=3265): r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f0000000140)={0xe021, 0x1, [{0x1, 0x1}]}) 621.745648ms ago: executing program 0 (id=3266): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) syz_extract_tcp_res(0x0, 0x2, 0x1000) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280"], 0x64}}, 0x40000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="6800000000010104000000000000000002000000240001801400018008000100e066020108000200ac1414000c0002800500010000000000240002801400018008000100e000000108000200e00000010c00028005000100000000000800074000000000040006"], 0x68}}, 0x0) 365.94869ms ago: executing program 1 (id=3267): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000002e80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000005c0)='sys_enter\x00', r1, 0x0, 0x9}, 0x18) getuid() 343.491162ms ago: executing program 2 (id=3268): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x1ffffdc1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000ff0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==") 183.91694ms ago: executing program 4 (id=3269): write$tcp_congestion(0xffffffffffffffff, &(0x7f0000000000)='yeah\x00', 0x5) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="0600000004000000101000008900000000000000", @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000840)={0x0, &(0x7f0000000780)=""/106, &(0x7f0000000380), &(0x7f0000000000), 0x80, r0, 0x0, 0x7}, 0x38) 819.418µs ago: executing program 0 (id=3270): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x9, 0x4, 0x8, 0x10, 0x8}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) 0s ago: executing program 1 (id=3271): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0x8}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_AUTORATE={0x8, 0x9, 0x8d7}, @TCA_CAKE_NAT={0x8, 0xb, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) close(r0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r4, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) kernel console output (not intermixed with test programs): e beyond EOD, truncated [ 429.312897][T12593] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 429.312897][T12593] ) failed (rc=-5) [ 429.765689][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 429.765747][ T30] audit: type=1326 audit(1760491860.585:1873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12604 comm="syz.5.2446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 429.820944][ T30] audit: type=1326 audit(1760491860.585:1874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12604 comm="syz.5.2446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 429.843838][ T30] audit: type=1326 audit(1760491860.585:1875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12604 comm="syz.5.2446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 429.921653][ T30] audit: type=1326 audit(1760491860.585:1876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12604 comm="syz.5.2446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 429.950457][T12611] loop0: detected capacity change from 0 to 512 [ 429.987672][T12611] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 430.000973][ T30] audit: type=1326 audit(1760491860.585:1877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12604 comm="syz.5.2446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 430.028204][T12611] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 430.039142][T12611] EXT4-fs (loop0): 1 truncate cleaned up [ 430.047703][T12611] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 430.063964][ T30] audit: type=1326 audit(1760491860.585:1878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12604 comm="syz.5.2446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 430.091189][ T30] audit: type=1326 audit(1760491860.585:1879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12604 comm="syz.5.2446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 430.116205][ T30] audit: type=1326 audit(1760491860.595:1880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12604 comm="syz.5.2446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 430.117088][T12611] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1286: group 0, [ 430.139193][ T30] audit: type=1326 audit(1760491860.595:1881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12604 comm="syz.5.2446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 430.139309][ T30] audit: type=1326 audit(1760491860.595:1882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12604 comm="syz.5.2446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 430.199328][T12611] block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 430.394057][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 430.816339][T12633] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2454'. [ 430.825546][T12633] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2454'. [ 431.226679][T12652] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 431.238416][T12652] loop9: detected capacity change from 0 to 8 [ 431.256858][T12652] ldm_validate_partition_table(): Disk read failed. [ 431.286078][T12652] Dev loop9: unable to read RDB block 0 [ 431.338806][T12652] loop9: unable to read partition table [ 431.363322][T12652] loop9: partition table beyond EOD, truncated [ 431.369981][T12652] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 431.369981][T12652] ) failed (rc=-5) [ 431.831949][T12673] 9pnet_fd: Insufficient options for proto=fd [ 432.510072][ T9] IPVS: starting estimator thread 0... [ 432.630976][T12694] IPVS: using max 21 ests per chain, 50400 per kthread [ 432.667549][T12658] loop3: detected capacity change from 0 to 1024 [ 432.830786][T12658] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 433.074205][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 433.376050][T12718] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.569215][T12718] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.952813][T12736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2489'. [ 433.976884][T12736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2489'. [ 434.118024][T12740] loop0: detected capacity change from 0 to 128 [ 434.303348][T12747] loop2: detected capacity change from 0 to 1024 [ 434.711320][T12757] loop9: detected capacity change from 0 to 8 [ 434.718385][ C1] blk_print_req_error: 35 callbacks suppressed [ 434.718408][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 434.734810][ C1] buffer_io_error: 35 callbacks suppressed [ 434.734833][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 434.763353][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 434.773672][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 434.791610][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 434.801858][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 434.809867][ C0] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 434.820118][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 434.830151][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 434.830201][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 434.862558][T12725] warn_alloc: 1 callbacks suppressed [ 434.862581][T12725] syz.5.2482: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 434.862815][T12725] CPU: 0 UID: 0 PID: 12725 Comm: syz.5.2482 Not tainted syzkaller #0 PREEMPT(full) [ 434.862858][T12725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 434.862880][T12725] Call Trace: [ 434.862891][T12725] [ 434.862904][T12725] dump_stack_lvl+0x16c/0x1f0 [ 434.862964][T12725] warn_alloc+0x248/0x3a0 [ 434.863028][T12725] ? __pfx_warn_alloc+0x10/0x10 [ 434.863109][T12725] ? xskq_create+0xfb/0x1d0 [ 434.863152][T12725] ? srso_alias_return_thunk+0x5/0xfbef5 [ 434.863196][T12725] ? __vmalloc_node_noprof+0xad/0xf0 [ 434.863262][T12725] __vmalloc_node_range_noprof+0xfe2/0x1480 [ 434.863332][T12725] ? xskq_create+0xfb/0x1d0 [ 434.863390][T12725] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 434.863460][T12725] ? xskq_create+0xfb/0x1d0 [ 434.863506][T12725] vmalloc_user_noprof+0x9e/0xe0 [ 434.863557][T12725] ? xskq_create+0xfb/0x1d0 [ 434.863604][T12725] xskq_create+0xfb/0x1d0 [ 434.863654][T12725] xsk_setsockopt+0x792/0x9a0 [ 434.863700][T12725] ? __pfx_xsk_setsockopt+0x10/0x10 [ 434.863745][T12725] ? srso_alias_return_thunk+0x5/0xfbef5 [ 434.863789][T12725] ? find_held_lock+0x2b/0x80 [ 434.863853][T12725] ? srso_alias_return_thunk+0x5/0xfbef5 [ 434.863896][T12725] ? aa_sock_opt_perm+0xfd/0x1c0 [ 434.863958][T12725] ? __pfx_xsk_setsockopt+0x10/0x10 [ 434.864005][T12725] do_sock_setsockopt+0xf3/0x1d0 [ 434.864050][T12725] __sys_setsockopt+0x1a0/0x230 [ 434.864112][T12725] __x64_sys_setsockopt+0xbd/0x160 [ 434.864163][T12725] ? do_syscall_64+0x91/0xfa0 [ 434.864217][T12725] ? srso_alias_return_thunk+0x5/0xfbef5 [ 434.864265][T12725] ? lockdep_hardirqs_on+0x7c/0x110 [ 434.864320][T12725] do_syscall_64+0xcd/0xfa0 [ 434.864380][T12725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.864417][T12725] RIP: 0033:0x7f870218eec9 [ 434.864444][T12725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.864479][T12725] RSP: 002b:00007f8703082038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 434.864512][T12725] RAX: ffffffffffffffda RBX: 00007f87023e6180 RCX: 00007f870218eec9 [ 434.864536][T12725] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006 [ 434.864558][T12725] RBP: 00007f8702211f91 R08: 0000000000000004 R09: 0000000000000000 [ 434.864580][T12725] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000000 [ 434.864603][T12725] R13: 00007f87023e6218 R14: 00007f87023e6180 R15: 00007ffcd6670968 [ 434.864653][T12725] [ 434.877851][T12725] Mem-Info: [ 434.877868][T12725] active_anon:6403 inactive_anon:0 isolated_anon:0 [ 434.877868][T12725] active_file:7846 inactive_file:47306 isolated_file:0 [ 434.877868][T12725] unevictable:768 dirty:104 writeback:0 [ 434.877868][T12725] slab_reclaimable:11796 slab_unreclaimable:98523 [ 434.877868][T12725] mapped:35752 shmem:3485 pagetables:1421 [ 434.877868][T12725] sec_pagetables:0 bounce:0 [ 434.877868][T12725] kernel_misc_reclaimable:0 [ 434.877868][T12725] free:1281328 free_pcp:22032 free_cma:0 [ 434.878035][T12725] Node 0 active_anon:25612kB inactive_anon:0kB active_file:31384kB inactive_file:189024kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:143008kB dirty:416kB writeback:0kB shmem:12404kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11812kB pagetables:5540kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 434.878133][T12725] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 434.878224][T12725] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 434.878341][T12725] lowmem_reserve[]: 0 2483 2485 2485 2485 [ 434.878416][T12725] Node 0 DMA32 free:1217444kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:25612kB inactive_anon:0kB active_file:31384kB inactive_file:189024kB unevictable:1536kB writepending:416kB zspages:0kB present:3129332kB managed:2543524kB mlocked:0kB bounce:0kB free_pcp:63000kB local_pcp:25800kB free_cma:0kB [ 434.878531][T12725] lowmem_reserve[]: 0 0 1 1 1 [ 434.878602][T12725] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 434.878710][T12725] lowmem_reserve[]: 0 0 0 0 0 [ 434.878782][T12725] Node 1 Normal free:3892508kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:25132kB local_pcp:18028kB free_cma:0kB [ 434.886163][T12725] lowmem_reserve[]: 0 0 0 0 0 [ 434.886243][T12725] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 434.886479][T12725] Node 0 DMA32: 905*4kB (ME) 536*8kB (UME) 726*16kB (UME) 2287*32kB (UME) 1308*64kB (UME) 791*128kB (UME) 451*256kB (UME) 210*512kB (UME) 80*1024kB (UME) 10*2048kB (UME) 150*4096kB (UM) = 1217444kB [ 434.886811][T12725] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 434.887012][T12725] Node 1 Normal: 218*4kB (UM) 61*8kB (UME) 50*16kB (UME) 85*32kB (UME) 21*64kB (UME) 10*128kB (UME) 4*256kB (UME) 4*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3892560kB [ 434.889613][T12725] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 434.889645][T12725] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 434.889676][T12725] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 434.889707][T12725] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 434.889737][T12725] 58632 total pagecache pages [ 434.889752][T12725] 0 pages in swap cache [ 434.889766][T12725] Free swap = 124996kB [ 434.889780][T12725] Total swap = 124996kB [ 434.889795][T12725] 2097051 pages RAM [ 434.889809][T12725] 0 pages HighMem/MovableOnly [ 434.889823][T12725] 429080 pages reserved [ 434.889836][T12725] 0 pages cma reserved [ 434.890848][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 434.890898][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 434.901208][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 434.901257][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 434.907559][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 434.907609][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 434.907671][T12757] ldm_validate_partition_table(): Disk read failed. [ 434.908819][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 434.908868][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 434.909162][ C1] critical medium error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 434.909208][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 434.911138][T12757] Dev loop9: unable to read RDB block 0 [ 434.912026][T12757] loop9: unable to read partition table [ 434.912314][T12757] loop9: partition table beyond EOD, truncated [ 434.912343][T12757] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 434.912343][T12757] ) failed (rc=-5) [ 435.036776][T12766] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2500'. [ 435.388709][T12718] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.519314][T12718] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.942422][T12780] 9pnet_fd: p9_fd_create_unix (12780): problem connecting socket: ./file0: -2 [ 436.162300][ T13] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.162369][ T13] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.393383][ T13] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.393452][ T13] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.800951][T12800] loop0: detected capacity change from 0 to 512 [ 436.812848][T12779] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2507'. [ 436.911400][T12800] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 437.160198][T12800] ext4 filesystem being mounted at /399/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 437.341063][T12809] netlink: 'syz.4.2518': attribute type 13 has an invalid length. [ 437.379523][T12814] loop3: detected capacity change from 0 to 512 [ 437.412379][T12814] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 437.431920][T12814] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 437.458351][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 437.464502][T12814] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 437.485626][T12814] System zones: 0-2, 18-18, 34-35 [ 437.496720][T12814] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 437.702100][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 437.702123][ T30] audit: type=1326 audit(1760491868.525:1893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12820 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 437.779912][ T30] audit: type=1326 audit(1760491868.525:1894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12820 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 437.850985][T12818] syzkaller0: entered promiscuous mode [ 437.856854][T12818] syzkaller0: entered allmulticast mode [ 437.913250][ T30] audit: type=1326 audit(1760491868.525:1895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12820 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 437.935831][ T30] audit: type=1326 audit(1760491868.525:1896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12820 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 438.054162][ T30] audit: type=1326 audit(1760491868.525:1897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12820 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 438.172687][T12828] 9pnet_fd: p9_fd_create_unix (12828): problem connecting socket: ./file0: -2 [ 438.324656][T12842] loop9: detected capacity change from 0 to 8 [ 438.373826][T12842] ldm_validate_partition_table(): Disk read failed. [ 438.401802][T12842] Dev loop9: unable to read RDB block 0 [ 438.402439][T12842] loop9: unable to read partition table [ 438.403872][T12842] loop9: partition table beyond EOD, truncated [ 438.403902][T12842] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 438.403902][T12842] ) failed (rc=-5) [ 440.885864][T12839] : renamed from vlan0 (while UP) [ 440.903483][T12855] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 440.995826][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 441.040709][T12855] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.073746][T12872] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 441.080405][T12872] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 441.118253][T12872] vhci_hcd vhci_hcd.0: Device attached [ 441.173371][T12855] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.185480][T12875] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(12) [ 441.192135][T12875] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 441.210186][T12872] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 441.231655][T12875] vhci_hcd vhci_hcd.0: Device attached [ 441.251011][T12881] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.279669][T12872] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(14) [ 441.286306][T12872] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 441.298073][T12872] vhci_hcd vhci_hcd.0: Device attached [ 441.333995][T12855] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 441.346898][T12872] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(18) [ 441.353524][T12872] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 441.361545][ T5911] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 441.369893][T12875] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 441.392858][T12872] vhci_hcd vhci_hcd.0: Device attached [ 441.442779][T12872] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 441.491174][T12872] vhci_hcd vhci_hcd.0: pdev(2) rhport(7) sockfd(28) [ 441.497831][T12872] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 441.505875][ T932] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 441.521139][T12872] vhci_hcd vhci_hcd.0: Device attached [ 441.683140][ T932] usb 4-1: config 0 has no interfaces? [ 441.688678][ T932] usb 4-1: New USB device found, idVendor=056a, idProduct=0005, bcdDevice= 0.00 [ 441.719781][ T932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.730402][T12901] 9pnet_fd: p9_fd_create_unix (12901): problem connecting socket: ./file0: -2 [ 441.770642][ T932] usb 4-1: config 0 descriptor?? [ 441.823449][T12887] vhci_hcd: connection closed [ 441.824212][T12878] vhci_hcd: connection closed [ 441.824883][ T6011] vhci_hcd: stop threads [ 441.830161][T12873] vhci_hcd: connection reset by peer [ 441.834479][T12897] vhci_hcd: connection closed [ 441.840554][T12890] vhci_hcd: connection closed [ 441.858605][ T6011] vhci_hcd: release socket [ 441.883124][ T6011] vhci_hcd: disconnect device [ 441.891557][ T6011] vhci_hcd: stop threads [ 441.902447][ T6011] vhci_hcd: release socket [ 441.910238][ T6011] vhci_hcd: disconnect device [ 441.917843][ T6011] vhci_hcd: stop threads [ 441.933476][ T6011] vhci_hcd: release socket [ 441.946359][ T6011] vhci_hcd: disconnect device [ 441.962343][ T6011] vhci_hcd: stop threads [ 441.966677][ T6011] vhci_hcd: release socket [ 441.978048][ T6011] vhci_hcd: disconnect device [ 442.027327][ T6011] vhci_hcd: stop threads [ 442.034282][ T6011] vhci_hcd: release socket [ 442.043710][ T6011] vhci_hcd: disconnect device [ 442.410069][ T5982] IPVS: starting estimator thread 0... [ 442.502892][T12921] IPVS: using max 21 ests per chain, 50400 per kthread [ 442.709067][T12881] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.767368][T12923] bond0: entered promiscuous mode [ 442.772628][T12923] bond_slave_0: entered promiscuous mode [ 442.778683][T12923] bond_slave_1: entered promiscuous mode [ 442.788585][T12923] batadv0: entered promiscuous mode [ 442.803198][T12923] bond0: left promiscuous mode [ 442.808135][T12923] bond_slave_0: left promiscuous mode [ 442.814450][T12923] bond_slave_1: left promiscuous mode [ 442.825904][T12923] batadv0: left promiscuous mode [ 442.901738][T12934] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2559'. [ 442.930240][T12934] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2559'. [ 442.954452][T12881] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.082650][ T977] usb 4-1: USB disconnect, device number 2 [ 443.177318][ T13] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.186287][ T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.218147][T12881] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.235101][T12942] loop5: detected capacity change from 0 to 2048 [ 443.290402][ T50] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.300729][T12942] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 443.377226][ T50] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.561275][ T13] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.699057][T12947] 9pnet_fd: p9_fd_create_unix (12947): problem connecting socket: ./file0: -2 [ 443.826363][ T50] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.873601][ T50] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.977238][ T50] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.262765][T12968] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 444.374052][T12968] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 128 with error 28 [ 444.463492][T12968] EXT4-fs (loop5): This should not happen!! Data will be lost [ 444.463492][T12968] [ 444.524184][T12968] EXT4-fs (loop5): Total free blocks count 0 [ 444.524215][T12968] EXT4-fs (loop5): Free/Dirty block details [ 444.524240][T12968] EXT4-fs (loop5): free_blocks=2415919504 [ 444.524267][T12968] EXT4-fs (loop5): dirty_blocks=144 [ 444.524292][T12968] EXT4-fs (loop5): Block reservation details [ 444.524315][T12968] EXT4-fs (loop5): i_reserved_data_blocks=9 [ 444.557932][T12980] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2575'. [ 444.557961][T12980] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2575'. [ 444.903635][T12990] loop3: detected capacity change from 0 to 512 [ 444.904741][T12990] ext4: Unknown parameter 'nouser_xattr' [ 445.322081][T12995] 9pnet_fd: p9_fd_create_unix (12995): problem connecting socket: ./file0: -2 [ 445.961671][T13022] loop0: detected capacity change from 0 to 128 [ 445.989966][T13022] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 445.991006][ T30] audit: type=1800 audit(1760491876.805:1898): pid=13022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2597" name="file2" dev="loop0" ino=1048704 res=0 errno=0 [ 446.033131][T13022] FAT-fs (loop0): Filesystem has been set read-only [ 446.065131][T13022] bio_check_eod: 719 callbacks suppressed [ 446.065153][T13022] syz.0.2597: attempt to access beyond end of device [ 446.065153][T13022] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 446.122369][T13022] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 446.139518][T13022] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 446.167697][ T30] audit: type=1326 audit(1760491876.985:1899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.0.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 446.168411][T13022] syz.0.2597: attempt to access beyond end of device [ 446.168411][T13022] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 446.215551][ T30] audit: type=1326 audit(1760491876.985:1900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.0.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 446.258986][T13022] syz.0.2597: attempt to access beyond end of device [ 446.258986][T13022] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 446.287300][ T30] audit: type=1326 audit(1760491876.985:1901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.0.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 446.321344][T13022] syz.0.2597: attempt to access beyond end of device [ 446.321344][T13022] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 446.359805][ T30] audit: type=1326 audit(1760491876.985:1902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.0.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 446.391280][T13022] syz.0.2597: attempt to access beyond end of device [ 446.391280][T13022] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 446.424960][ T30] audit: type=1326 audit(1760491876.985:1903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.0.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 446.453739][T13039] netlink: 'syz.4.2603': attribute type 13 has an invalid length. [ 446.490980][ T5911] vhci_hcd: vhci_device speed not set [ 446.501669][T13039] netlink: 'syz.4.2603': attribute type 27 has an invalid length. [ 446.525959][T13022] syz.0.2597: attempt to access beyond end of device [ 446.525959][T13022] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 446.551057][T13022] syz.0.2597: attempt to access beyond end of device [ 446.551057][T13022] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 446.591290][ T30] audit: type=1326 audit(1760491876.985:1904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.0.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 446.642569][T13029] syz.0.2597: attempt to access beyond end of device [ 446.642569][T13029] loop0: rw=0, sector=2065, nr_sectors = 1 limit=128 [ 446.691704][T13029] buffer_io_error: 20 callbacks suppressed [ 446.691728][T13029] Buffer I/O error on dev loop0, logical block 2065, async page read [ 446.700710][ T30] audit: type=1326 audit(1760491876.985:1905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.0.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 446.747390][T13029] syz.0.2597: attempt to access beyond end of device [ 446.747390][T13029] loop0: rw=0, sector=2066, nr_sectors = 1 limit=128 [ 446.780489][T13029] Buffer I/O error on dev loop0, logical block 2066, async page read [ 446.788855][ T30] audit: type=1326 audit(1760491876.985:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.0.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 446.865302][ T30] audit: type=1326 audit(1760491876.985:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.0.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 446.888218][T13029] syz.0.2597: attempt to access beyond end of device [ 446.888218][T13029] loop0: rw=0, sector=2067, nr_sectors = 1 limit=128 [ 446.930053][T13029] Buffer I/O error on dev loop0, logical block 2067, async page read [ 446.954523][T13047] 9pnet_fd: p9_fd_create_unix (13047): problem connecting socket: ./file0: -2 [ 446.990169][T13029] Buffer I/O error on dev loop0, logical block 2068, async page read [ 447.029294][T13029] Buffer I/O error on dev loop0, logical block 2069, async page read [ 447.071052][T13029] Buffer I/O error on dev loop0, logical block 2070, async page read [ 447.081207][T13029] Buffer I/O error on dev loop0, logical block 2071, async page read [ 447.089466][T13029] Buffer I/O error on dev loop0, logical block 2072, async page read [ 447.792437][ T9] usb usb38-port1: attempt power cycle [ 448.369879][ T9] usb usb38-port1: unable to enumerate USB device [ 448.796500][T13102] 9pnet_fd: p9_fd_create_unix (13102): problem connecting socket: ./file0: -2 [ 449.626020][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 449.634701][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 449.838098][T13135] netlink: 'syz.0.2640': attribute type 13 has an invalid length. [ 449.849385][T13135] netlink: 'syz.0.2640': attribute type 27 has an invalid length. [ 451.167240][T13177] loop0: detected capacity change from 0 to 512 [ 451.295545][T13177] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 451.321902][ T13] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 128 with max blocks 36 with error 28 [ 451.355444][ T13] EXT4-fs (loop5): This should not happen!! Data will be lost [ 451.355444][ T13] [ 451.393951][T13187] xt_hashlimit: max too large, truncated to 1048576 [ 451.400756][T13177] ext4 filesystem being mounted at /431/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 451.401718][ T13] EXT4-fs (loop5): Total free blocks count 0 [ 451.430918][ T13] EXT4-fs (loop5): Free/Dirty block details [ 451.436969][ T13] EXT4-fs (loop5): free_blocks=2415919504 [ 451.451544][ T13] EXT4-fs (loop5): dirty_blocks=64 [ 451.457886][ T13] EXT4-fs (loop5): Block reservation details [ 451.478886][ T13] EXT4-fs (loop5): i_reserved_data_blocks=4 [ 451.515500][ T50] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28 [ 451.534439][ T50] EXT4-fs (loop5): This should not happen!! Data will be lost [ 451.534439][ T50] [ 451.741742][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 451.805372][ T1002] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 451.851182][ T1002] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 451.859417][ T1002] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 451.888651][ T1002] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 452.053567][T13207] loop0: detected capacity change from 0 to 512 [ 452.144309][T13207] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 452.243551][T13216] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2672'. [ 452.256975][T13207] ext4 filesystem being mounted at /432/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 452.327859][T13219] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 452.376109][T13219] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.434547][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 452.434571][ T30] audit: type=1800 audit(1760491883.235:1937): pid=13207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2663" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 452.508806][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 452.563191][T13219] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 452.573421][T13219] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.694269][T13219] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 452.705014][T13219] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.816557][T13219] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 452.829963][T13242] IPv6: NLM_F_CREATE should be specified when creating new route [ 452.859946][T13219] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.069995][ T1154] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 453.088352][ T1154] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.158745][ T1002] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 453.169332][ T1002] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.216628][ T1002] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 453.234380][ T1002] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.282956][ T13] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 453.314024][ T13] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.444662][T13258] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2683'. [ 453.726282][T13269] loop5: detected capacity change from 0 to 1024 [ 453.743429][T13269] EXT4-fs: Ignoring removed bh option [ 453.758926][T13269] EXT4-fs: inline encryption not supported [ 453.798280][T13269] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 453.852243][T13272] loop2: detected capacity change from 0 to 512 [ 453.866512][T13269] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 453.879871][T13275] loop3: detected capacity change from 0 to 512 [ 453.894779][T13272] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x05417272 (sector = 1) [ 453.917016][T13269] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.2686: lblock 2 mapped to illegal pblock 2 (length 1) [ 453.929054][T13275] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 453.943712][T13272] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 453.955905][T13269] Quota error (device loop5): qtree_write_dquot: dquota write failed [ 453.983022][T13269] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 48: comm syz.5.2686: lblock 0 mapped to illegal pblock 48 (length 1) [ 454.023748][T13275] ext4 filesystem being mounted at /438/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 454.042122][T13269] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 454.052278][T13269] EXT4-fs error (device loop5): ext4_acquire_dquot:6943: comm syz.5.2686: Failed to acquire dquot type 0 [ 454.108275][ T30] audit: type=1800 audit(1760491884.925:1938): pid=13275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2689" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 454.182224][T13269] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6305: Corrupt filesystem [ 454.200779][T13269] EXT4-fs error (device loop5): ext4_evict_inode:254: inode #11: comm syz.5.2686: mark_inode_dirty error [ 454.233068][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 454.251566][T13269] EXT4-fs warning (device loop5): ext4_evict_inode:256: couldn't mark inode dirty (err -117) [ 454.302202][T13269] EXT4-fs (loop5): 1 orphan inode deleted [ 454.310074][T13269] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 454.323241][ T13] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 454.373801][ T13] Quota error (device loop5): remove_tree: Can't read quota data block 1 [ 454.401570][ T13] EXT4-fs error (device loop5): ext4_release_dquot:6979: comm kworker/u8:1: Failed to release dquot type 0 [ 454.401995][T13269] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 1: comm syz.5.2686: lblock 1 mapped to illegal pblock 1 (length 1) [ 454.435662][T13285] : renamed from wg2 (while UP) [ 454.452999][T13269] Quota error (device loop5): find_next_id: Can't read quota tree block 1 [ 454.580217][ T5840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 454.614830][ T5840] EXT4-fs error (device loop5): __ext4_get_inode_loc:4831: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 454.654151][ T5840] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6305: Corrupt filesystem [ 454.678977][ T5840] EXT4-fs error (device loop5): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error [ 454.851316][T13272] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2688'. [ 455.204295][T13312] loop0: detected capacity change from 0 to 512 [ 455.287599][T13312] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 455.368844][T13321] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2708'. [ 455.386863][T13312] ext4 filesystem being mounted at /437/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 455.462591][ T30] audit: type=1800 audit(1760491886.285:1939): pid=13312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2705" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 455.539621][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 456.384584][T13363] loop3: detected capacity change from 0 to 512 [ 456.407043][T13368] ip6t_srh: unknown srh match flags 4000 [ 456.467245][T13363] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 456.544450][T13363] ext4 filesystem being mounted at /447/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 456.638384][ T30] audit: type=1800 audit(1760491887.445:1940): pid=13363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2727" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 456.789054][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 458.477180][T13417] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.667726][T13417] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.844818][T13417] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.951982][T13417] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.974025][ T5911] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 458.999133][ T5911] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 459.145799][ T64] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.190953][ T64] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.345113][ T1154] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.397697][ T1154] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.987331][T13461] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2764'. [ 461.194521][T13502] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.319907][T13502] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.384414][T13513] warn_alloc: 1 callbacks suppressed [ 462.384437][T13513] syz.5.2783: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 462.502262][T13513] CPU: 0 UID: 0 PID: 13513 Comm: syz.5.2783 Not tainted syzkaller #0 PREEMPT(full) [ 462.502316][T13513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 462.502337][T13513] Call Trace: [ 462.502348][T13513] [ 462.502361][T13513] dump_stack_lvl+0x16c/0x1f0 [ 462.502421][T13513] warn_alloc+0x248/0x3a0 [ 462.502484][T13513] ? __pfx_warn_alloc+0x10/0x10 [ 462.502564][T13513] ? xskq_create+0xfb/0x1d0 [ 462.502606][T13513] ? srso_alias_return_thunk+0x5/0xfbef5 [ 462.502649][T13513] ? __vmalloc_node_noprof+0xad/0xf0 [ 462.502709][T13513] __vmalloc_node_range_noprof+0xfe2/0x1480 [ 462.502778][T13513] ? xskq_create+0xfb/0x1d0 [ 462.502837][T13513] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 462.502906][T13513] ? xskq_create+0xfb/0x1d0 [ 462.502951][T13513] vmalloc_user_noprof+0x9e/0xe0 [ 462.503002][T13513] ? xskq_create+0xfb/0x1d0 [ 462.503048][T13513] xskq_create+0xfb/0x1d0 [ 462.503097][T13513] xsk_setsockopt+0x792/0x9a0 [ 462.503143][T13513] ? __pfx_xsk_setsockopt+0x10/0x10 [ 462.503184][T13513] ? srso_alias_return_thunk+0x5/0xfbef5 [ 462.503227][T13513] ? find_held_lock+0x2b/0x80 [ 462.503295][T13513] ? srso_alias_return_thunk+0x5/0xfbef5 [ 462.503337][T13513] ? aa_sock_opt_perm+0xfd/0x1c0 [ 462.503397][T13513] ? __pfx_xsk_setsockopt+0x10/0x10 [ 462.503442][T13513] do_sock_setsockopt+0xf3/0x1d0 [ 462.503487][T13513] __sys_setsockopt+0x1a0/0x230 [ 462.503550][T13513] __x64_sys_setsockopt+0xbd/0x160 [ 462.503601][T13513] ? do_syscall_64+0x91/0xfa0 [ 462.503656][T13513] ? srso_alias_return_thunk+0x5/0xfbef5 [ 462.503699][T13513] ? lockdep_hardirqs_on+0x7c/0x110 [ 462.503755][T13513] do_syscall_64+0xcd/0xfa0 [ 462.503813][T13513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.503849][T13513] RIP: 0033:0x7f870218eec9 [ 462.503876][T13513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 462.503910][T13513] RSP: 002b:00007f8703082038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 462.503944][T13513] RAX: ffffffffffffffda RBX: 00007f87023e6180 RCX: 00007f870218eec9 [ 462.503968][T13513] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006 [ 462.503990][T13513] RBP: 00007f8702211f91 R08: 0000000000000004 R09: 0000000000000000 [ 462.504012][T13513] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000000 [ 462.504034][T13513] R13: 00007f87023e6218 R14: 00007f87023e6180 R15: 00007ffcd6670968 [ 462.504089][T13513] [ 462.790493][T13513] Mem-Info: [ 462.800889][T13513] active_anon:6519 inactive_anon:0 isolated_anon:0 [ 462.800889][T13513] active_file:7846 inactive_file:47318 isolated_file:0 [ 462.800889][T13513] unevictable:4793 dirty:195 writeback:0 [ 462.800889][T13513] slab_reclaimable:11696 slab_unreclaimable:100832 [ 462.800889][T13513] mapped:40852 shmem:7629 pagetables:1404 [ 462.800889][T13513] sec_pagetables:0 bounce:0 [ 462.800889][T13513] kernel_misc_reclaimable:0 [ 462.800889][T13513] free:1274745 free_pcp:19789 free_cma:0 [ 462.846388][ C1] vkms_vblank_simulate: vblank timer overrun [ 462.856471][T13526] loop0: detected capacity change from 0 to 1024 [ 462.923664][T13526] EXT4-fs (loop0): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 463.155937][T13513] Node 0 active_anon:26176kB inactive_anon:0kB active_file:31384kB inactive_file:189072kB unevictable:17636kB isolated(anon):0kB isolated(file):0kB mapped:163408kB dirty:780kB writeback:0kB shmem:28980kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11764kB pagetables:5472kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 463.188386][ C1] vkms_vblank_simulate: vblank timer overrun [ 463.225086][T13526] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 463.296343][T13513] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 463.326313][ C1] vkms_vblank_simulate: vblank timer overrun [ 463.440864][T13513] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 463.470921][ C1] vkms_vblank_simulate: vblank timer overrun [ 463.540829][T13513] lowmem_reserve[]: 0 2483 2485 2485 2485 [ 463.629657][T13513] Node 0 DMA32 free:1189048kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:42084kB inactive_anon:0kB active_file:31384kB inactive_file:189076kB unevictable:1556kB writepending:780kB zspages:0kB present:3129332kB managed:2543524kB mlocked:20kB bounce:0kB free_pcp:56824kB local_pcp:39528kB free_cma:0kB [ 463.663309][ C1] vkms_vblank_simulate: vblank timer overrun [ 463.683644][T13513] lowmem_reserve[]: 0 0 1 1 1 [ 463.688444][T13513] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 463.763887][T13513] lowmem_reserve[]: 0 0 0 0 0 [ 463.774483][T13513] Node 1 Normal free:3894828kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:22872kB local_pcp:7104kB free_cma:0kB [ 463.841206][T13513] lowmem_reserve[]: 0 0 0 0 0 [ 463.876475][T13513] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 463.930618][T13513] Node 0 DMA32: 207*4kB (ME) 7*8kB (UM) 530*16kB (UME) 1522*32kB (UME) 1162*64kB (UM) 780*128kB (UME) 463*256kB (UME) 217*512kB (UME) 83*1024kB (UME) 8*2048kB (UME) 153*4096kB (UM) = 1189972kB [ 463.979474][T13544] loop2: detected capacity change from 0 to 512 [ 464.016086][T13513] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 464.022899][T13544] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 464.040723][T13513] Node 1 Normal: 219*4kB (UM) 60*8kB (UME) 50*16kB (UME) 84*32kB (UME) 23*64kB (UME) 9*128kB (UME) 5*256kB (UME) 4*512kB (ME) 5*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3894828kB [ 464.063096][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 464.070331][T13513] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 464.086922][T13513] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 464.088628][T13544] ext4 filesystem being mounted at /452/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 464.096281][T13513] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 464.096316][T13513] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 464.130283][T13513] 58906 total pagecache pages [ 464.135876][T13513] 0 pages in swap cache [ 464.140033][T13513] Free swap = 124996kB [ 464.144231][T13513] Total swap = 124996kB [ 464.148392][T13513] 2097051 pages RAM [ 464.152328][T13513] 0 pages HighMem/MovableOnly [ 464.157002][T13513] 429080 pages reserved [ 464.163295][T13513] 0 pages cma reserved [ 464.302501][T13502] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.340303][ T30] audit: type=1800 audit(1760491895.155:1941): pid=13544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2797" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 464.508588][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 464.538886][T13502] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.012490][ T64] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.069349][ T13] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.099666][ T13] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.173579][ T64] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.311910][T13571] netlink: 'syz.2.2810': attribute type 7 has an invalid length. [ 465.350104][T13571] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2810'. [ 465.492851][T13579] netlink: 176 bytes leftover after parsing attributes in process `syz.1.2812'. [ 466.160024][ T30] audit: type=1326 audit(1760491896.975:1942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13594 comm="syz.0.2820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 466.266694][ T30] audit: type=1326 audit(1760491897.015:1943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13594 comm="syz.0.2820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 466.395808][ T30] audit: type=1326 audit(1760491897.015:1944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13594 comm="syz.0.2820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 466.485676][ T30] audit: type=1326 audit(1760491897.015:1945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13594 comm="syz.0.2820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 466.567942][ T30] audit: type=1326 audit(1760491897.015:1946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13594 comm="syz.0.2820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 466.676683][ T30] audit: type=1326 audit(1760491897.015:1947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13594 comm="syz.0.2820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 466.763786][ T30] audit: type=1326 audit(1760491897.015:1948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13594 comm="syz.0.2820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 466.841586][ T30] audit: type=1326 audit(1760491897.025:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13594 comm="syz.0.2820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 466.920942][ T30] audit: type=1326 audit(1760491897.025:1950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13594 comm="syz.0.2820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16998eec9 code=0x7ffc0000 [ 469.575385][T13657] netlink: 7 bytes leftover after parsing attributes in process `syz.1.2848'. [ 469.818440][T13663] netlink: 14593 bytes leftover after parsing attributes in process `syz.4.2851'. [ 470.738616][T13685] loop0: detected capacity change from 0 to 512 [ 470.792823][T13685] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 470.808512][T13685] ext4 filesystem being mounted at /470/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 470.877736][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 470.877761][ T30] audit: type=1800 audit(1760491901.695:1962): pid=13685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2860" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 471.063568][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 471.403603][T13676] infiniband syz!: set active [ 471.408532][T13676] infiniband syz!: added team_slave_0 [ 471.456327][T13676] syz!: rxe_create_cq: returned err = -12 [ 471.484024][T13676] infiniband syz!: Couldn't create ib_mad CQ [ 471.510526][T13676] infiniband syz!: Couldn't open port 1 [ 471.542135][T13702] loop0: detected capacity change from 0 to 512 [ 471.590957][T13702] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 471.636741][T13702] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2852: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 471.641230][T13676] RDS/IB: syz!: added [ 471.689702][ T30] audit: type=1326 audit(1760491902.495:1963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13703 comm="syz.4.2867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f908078eec9 code=0x7ffc0000 [ 471.733872][T13702] EXT4-fs (loop0): 1 truncate cleaned up [ 471.751558][T13702] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 471.771583][T13676] smc: adding ib device syz! with port count 1 [ 471.777901][T13676] smc: ib device syz! port 1 has no pnetid [ 471.808560][ T30] audit: type=1326 audit(1760491902.495:1964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13703 comm="syz.4.2867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f908078eec9 code=0x7ffc0000 [ 471.871491][T13702] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2866'. [ 471.901644][ T30] audit: type=1326 audit(1760491902.495:1965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13703 comm="syz.4.2867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f908078eec9 code=0x7ffc0000 [ 471.990900][ T30] audit: type=1326 audit(1760491902.495:1966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13703 comm="syz.4.2867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f908078eec9 code=0x7ffc0000 [ 472.080885][ T30] audit: type=1326 audit(1760491902.495:1967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13703 comm="syz.4.2867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f908078eec9 code=0x7ffc0000 [ 472.161104][ T30] audit: type=1326 audit(1760491902.495:1968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13703 comm="syz.4.2867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f908078eec9 code=0x7ffc0000 [ 472.220895][ T30] audit: type=1326 audit(1760491902.495:1969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13703 comm="syz.4.2867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f908078eec9 code=0x7ffc0000 [ 472.301578][ T30] audit: type=1326 audit(1760491902.495:1970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13703 comm="syz.4.2867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f908078eec9 code=0x7ffc0000 [ 472.386772][ T30] audit: type=1326 audit(1760491902.495:1971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13703 comm="syz.4.2867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f908078eec9 code=0x7ffc0000 [ 472.586634][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.803014][T13727] loop0: detected capacity change from 0 to 512 [ 472.858997][T13727] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 472.880484][T13727] ext4 filesystem being mounted at /473/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 473.088770][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 473.269377][T13733] 9pnet_fd: p9_fd_create_unix (13733): problem connecting socket: ./file0: -2 [ 476.053301][T13779] 9pnet_fd: p9_fd_create_unix (13779): problem connecting socket: ./file0: -2 [ 476.662036][T13796] loop0: detected capacity change from 0 to 512 [ 476.760333][T13798] loop5: detected capacity change from 0 to 512 [ 476.774621][T13796] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 476.831769][T13798] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 476.843278][T13796] ext4 filesystem being mounted at /478/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 476.872227][T13798] EXT4-fs (loop5): 1 truncate cleaned up [ 476.887443][T13798] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 477.059531][ T5840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 477.222030][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 477.626763][T13826] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2916'. [ 477.776196][T13834] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 477.849133][T13831] 9pnet_fd: p9_fd_create_unix (13831): problem connecting socket: ./file0: -2 [ 478.338395][T13847] loop0: detected capacity change from 0 to 512 [ 478.387161][T13847] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 478.486516][T13856] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 478.486516][T13856] program syz.4.2929 not setting count and/or reply_len properly [ 478.512808][T13847] ext4 filesystem being mounted at /482/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 478.671917][T13862] x_tables: unsorted underflow at hook 2 [ 478.752777][T13864] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2928'. [ 478.755025][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 478.860881][T13864] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2928'. [ 478.900155][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 478.900179][ T30] audit: type=1326 audit(1760491909.715:2006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13865 comm="syz.1.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5db7d8eec9 code=0x7ffc0000 [ 478.972935][ T30] audit: type=1326 audit(1760491909.755:2007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13865 comm="syz.1.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5db7d8eec9 code=0x7ffc0000 [ 479.125488][ T30] audit: type=1326 audit(1760491909.755:2008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13865 comm="syz.1.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5db7d8eec9 code=0x7ffc0000 [ 479.166817][T13864] bond1: entered promiscuous mode [ 479.172063][ T30] audit: type=1326 audit(1760491909.755:2009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13865 comm="syz.1.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5db7d8eec9 code=0x7ffc0000 [ 479.194774][ T30] audit: type=1326 audit(1760491909.755:2010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13865 comm="syz.1.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5db7d8eec9 code=0x7ffc0000 [ 479.222253][T13864] bond1: entered allmulticast mode [ 479.227972][T13864] 8021q: adding VLAN 0 to HW filter on device bond1 [ 479.252791][ T30] audit: type=1326 audit(1760491909.755:2011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13865 comm="syz.1.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5db7d8eec9 code=0x7ffc0000 [ 479.342009][ T30] audit: type=1326 audit(1760491909.755:2012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13865 comm="syz.1.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5db7d8eec9 code=0x7ffc0000 [ 479.410921][ T30] audit: type=1326 audit(1760491909.755:2013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13865 comm="syz.1.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5db7d8eec9 code=0x7ffc0000 [ 479.498827][ T30] audit: type=1326 audit(1760491909.755:2014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13865 comm="syz.1.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5db7d8eec9 code=0x7ffc0000 [ 479.626905][ T30] audit: type=1326 audit(1760491909.755:2015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13865 comm="syz.1.2934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5db7d8d710 code=0x7ffc0000 [ 479.865299][T13901] loop2: detected capacity change from 0 to 512 [ 479.966723][T13901] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 479.988709][T13901] ext4 filesystem being mounted at /463/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 480.144534][T13896] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.152290][T13896] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.167940][T13916] loop3: detected capacity change from 0 to 512 [ 480.217440][T13916] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 480.285847][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 480.296361][T13916] ext4 filesystem being mounted at /485/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 480.472837][T13896] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 480.509041][T13896] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 480.639151][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 480.839876][T13949] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 480.960057][ T64] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.991462][ T6070] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.044101][ T6070] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.086448][ T6070] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.508367][T13976] loop0: detected capacity change from 0 to 512 [ 481.515644][T13975] netlink: 'syz.3.2965': attribute type 13 has an invalid length. [ 481.529910][T13975] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2965'. [ 481.672333][T13976] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 481.751033][T13976] ext4 filesystem being mounted at /490/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 482.628758][T13994] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2972'. [ 482.824379][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 483.337810][T14017] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2980'. [ 483.529288][T14027] loop3: detected capacity change from 0 to 512 [ 483.577886][T14027] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 483.611170][T14027] ext4 filesystem being mounted at /492/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 483.919464][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 484.115255][T14048] loop2: detected capacity change from 0 to 2048 [ 484.166929][T14048] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 484.218687][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 484.218709][ T30] audit: type=1326 audit(1760491915.025:2043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14050 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 484.330198][ T30] audit: type=1326 audit(1760491915.025:2044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14050 comm="syz.3.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 484.368919][ T30] audit: type=1326 audit(1760491915.025:2045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14050 comm="syz.3.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 484.658286][ T30] audit: type=1326 audit(1760491915.025:2046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14050 comm="syz.3.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 484.671296][T14069] loop3: detected capacity change from 0 to 512 [ 484.688283][ T30] audit: type=1326 audit(1760491915.025:2047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14050 comm="syz.3.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 484.710970][ T30] audit: type=1326 audit(1760491915.025:2048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14050 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 484.733126][ T30] audit: type=1326 audit(1760491915.035:2049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14050 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 484.768394][T14069] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 484.781092][ T30] audit: type=1326 audit(1760491915.035:2050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14050 comm="syz.3.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 484.862351][ T30] audit: type=1326 audit(1760491915.035:2051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14050 comm="syz.3.2992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 484.885013][ T30] audit: type=1326 audit(1760491915.145:2052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14061 comm="syz.1.2999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5db7d8eec9 code=0x7ffc0000 [ 484.913062][T14063] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 484.928018][T14063] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 96 with error 28 [ 484.940310][T14063] EXT4-fs (loop2): This should not happen!! Data will be lost [ 484.940310][T14063] [ 484.951179][T14063] EXT4-fs (loop2): Total free blocks count 0 [ 484.957171][T14063] EXT4-fs (loop2): Free/Dirty block details [ 484.964086][T14063] EXT4-fs (loop2): free_blocks=2415919504 [ 484.969816][T14063] EXT4-fs (loop2): dirty_blocks=112 [ 484.975066][T14063] EXT4-fs (loop2): Block reservation details [ 484.981087][T14063] EXT4-fs (loop2): i_reserved_data_blocks=7 [ 485.007670][T14069] EXT4-fs (loop3): 1 truncate cleaned up [ 485.029770][T14069] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 485.268305][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 485.730182][T14091] loop3: detected capacity change from 0 to 1024 [ 485.756375][T14091] EXT4-fs: Ignoring removed orlov option [ 485.779088][T14091] EXT4-fs: Ignoring removed nomblk_io_submit option [ 485.798435][T14093] 9pnet_fd: p9_fd_create_unix (14093): problem connecting socket: ./file0: -2 [ 485.825469][T14091] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 485.852971][ T6070] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 96 with max blocks 224 with error 28 [ 485.928893][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 485.948850][T14097] loop5: detected capacity change from 0 to 1024 [ 485.966139][T14097] EXT4-fs: Ignoring removed bh option [ 485.977320][T14097] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 486.041702][T14097] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 486.108798][T14106] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3014'. [ 486.331493][ T5840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 486.767639][T14127] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.661274][T14133] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3020'. [ 487.670275][T14133] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3020'. [ 487.680184][T14133] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3020'. [ 487.773003][T14138] loop3: detected capacity change from 0 to 2048 [ 487.886837][T14138] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 488.376311][T14154] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 488.384373][T14136] syz.4.3024: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null) [ 488.391448][T14154] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 128 with error 28 [ 488.391494][T14154] EXT4-fs (loop3): This should not happen!! Data will be lost [ 488.391494][T14154] [ 488.391521][T14154] EXT4-fs (loop3): Total free blocks count 0 [ 488.391546][T14154] EXT4-fs (loop3): Free/Dirty block details [ 488.391570][T14154] EXT4-fs (loop3): free_blocks=2415919504 [ 488.391603][T14154] EXT4-fs (loop3): dirty_blocks=144 [ 488.391627][T14154] EXT4-fs (loop3): Block reservation details [ 488.391650][T14154] EXT4-fs (loop3): i_reserved_data_blocks=9 [ 488.484966][T14136] ,cpuset=/,mems_allowed=0-1 [ 488.489642][T14136] CPU: 0 UID: 0 PID: 14136 Comm: syz.4.3024 Not tainted syzkaller #0 PREEMPT(full) [ 488.489688][T14136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 488.489710][T14136] Call Trace: [ 488.489721][T14136] [ 488.489735][T14136] dump_stack_lvl+0x16c/0x1f0 [ 488.489796][T14136] warn_alloc+0x248/0x3a0 [ 488.489863][T14136] ? __pfx_warn_alloc+0x10/0x10 [ 488.489945][T14136] ? xskq_create+0xfb/0x1d0 [ 488.489990][T14136] ? srso_alias_return_thunk+0x5/0xfbef5 [ 488.490035][T14136] ? __vmalloc_node_noprof+0xad/0xf0 [ 488.490097][T14136] __vmalloc_node_range_noprof+0xfe2/0x1480 [ 488.490167][T14136] ? xskq_create+0xfb/0x1d0 [ 488.490227][T14136] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 488.490298][T14136] ? xskq_create+0xfb/0x1d0 [ 488.490352][T14136] vmalloc_user_noprof+0x9e/0xe0 [ 488.490405][T14136] ? xskq_create+0xfb/0x1d0 [ 488.490453][T14136] xskq_create+0xfb/0x1d0 [ 488.490504][T14136] xsk_setsockopt+0x792/0x9a0 [ 488.490551][T14136] ? __pfx_xsk_setsockopt+0x10/0x10 [ 488.490594][T14136] ? srso_alias_return_thunk+0x5/0xfbef5 [ 488.490639][T14136] ? find_held_lock+0x2b/0x80 [ 488.490704][T14136] ? srso_alias_return_thunk+0x5/0xfbef5 [ 488.490747][T14136] ? aa_sock_opt_perm+0xfd/0x1c0 [ 488.490815][T14136] ? __pfx_xsk_setsockopt+0x10/0x10 [ 488.490863][T14136] do_sock_setsockopt+0xf3/0x1d0 [ 488.490909][T14136] __sys_setsockopt+0x1a0/0x230 [ 488.490972][T14136] __x64_sys_setsockopt+0xbd/0x160 [ 488.491023][T14136] ? do_syscall_64+0x91/0xfa0 [ 488.491076][T14136] ? srso_alias_return_thunk+0x5/0xfbef5 [ 488.491120][T14136] ? lockdep_hardirqs_on+0x7c/0x110 [ 488.491177][T14136] do_syscall_64+0xcd/0xfa0 [ 488.491237][T14136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.491274][T14136] RIP: 0033:0x7f908078eec9 [ 488.491302][T14136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.491346][T14136] RSP: 002b:00007f90815bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 488.491380][T14136] RAX: ffffffffffffffda RBX: 00007f90809e6090 RCX: 00007f908078eec9 [ 488.491405][T14136] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000007 [ 488.491428][T14136] RBP: 00007f9080811f91 R08: 0000000000000004 R09: 0000000000000000 [ 488.491451][T14136] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000000 [ 488.491474][T14136] R13: 00007f90809e6128 R14: 00007f90809e6090 R15: 00007ffe531f7e78 [ 488.491527][T14136] [ 488.805961][T14136] Mem-Info: [ 488.809146][T14136] active_anon:14003 inactive_anon:0 isolated_anon:0 [ 488.809146][T14136] active_file:7846 inactive_file:48169 isolated_file:0 [ 488.809146][T14136] unevictable:768 dirty:1003 writeback:0 [ 488.809146][T14136] slab_reclaimable:11738 slab_unreclaimable:102426 [ 488.809146][T14136] mapped:42089 shmem:11085 pagetables:1412 [ 488.809146][T14136] sec_pagetables:0 bounce:0 [ 488.809146][T14136] kernel_misc_reclaimable:0 [ 488.809146][T14136] free:1268545 free_pcp:19440 free_cma:0 [ 488.893032][T14136] Node 0 active_anon:57812kB inactive_anon:0kB active_file:31384kB inactive_file:192476kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:170256kB dirty:4012kB writeback:0kB shmem:44804kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12544kB pagetables:5504kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 488.942405][T14136] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 489.018902][T14136] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 489.098257][T14136] lowmem_reserve[]: 0 2483 2485 2485 2485 [ 489.112432][T14136] Node 0 DMA32 free:1159232kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:61112kB inactive_anon:0kB active_file:31384kB inactive_file:192476kB unevictable:1536kB writepending:4012kB zspages:0kB present:3129332kB managed:2543524kB mlocked:0kB bounce:0kB free_pcp:54592kB local_pcp:30292kB free_cma:0kB [ 489.187058][T14136] lowmem_reserve[]: 0 0 1 1 1 [ 489.199971][T14136] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 489.266643][T14136] lowmem_reserve[]: 0 0 0 0 0 [ 489.276743][T14136] Node 1 Normal free:3896916kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:20768kB local_pcp:6560kB free_cma:0kB [ 489.345102][T14136] lowmem_reserve[]: 0 0 0 0 0 [ 489.354288][T14136] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 489.370820][T14136] Node 0 DMA32: 1*4kB (M) 2*8kB (UM) 2*16kB (UM) 1146*32kB (UME) 1164*64kB (UE) 737*128kB (UME) 452*256kB (UME) 220*512kB (UME) 88*1024kB (UME) 6*2048kB (ME) 152*4096kB (UM) = 1158900kB [ 489.390187][T14136] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 489.402097][T14136] Node 1 Normal: 213*4kB (U) 58*8kB (UME) 49*16kB (UME) 103*32kB (UME) 29*64kB (UME) 8*128kB (UME) 4*256kB (UME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 947*4096kB (M) = 3896916kB [ 489.430902][T14136] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 489.440636][T14136] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 489.495840][T14136] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 489.505878][T14136] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 489.517037][T14136] 62652 total pagecache pages [ 489.522890][T14136] 0 pages in swap cache [ 489.527296][T14136] Free swap = 124996kB [ 489.532251][T14136] Total swap = 124996kB [ 489.536474][T14136] 2097051 pages RAM [ 489.540520][T14136] 0 pages HighMem/MovableOnly [ 489.547427][T14136] 429080 pages reserved [ 489.552695][T14136] 0 pages cma reserved [ 489.778011][T14127] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.858131][T14181] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3043'. [ 489.974429][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 489.974455][ T30] audit: type=1326 audit(1760491920.775:2063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14178 comm="syz.5.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 490.101632][ T30] audit: type=1326 audit(1760491920.785:2064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14178 comm="syz.5.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 490.192810][ T30] audit: type=1326 audit(1760491920.835:2065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14178 comm="syz.5.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 490.241607][ T30] audit: type=1326 audit(1760491920.835:2066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14178 comm="syz.5.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 490.265563][ T30] audit: type=1326 audit(1760491920.835:2067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14178 comm="syz.5.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 490.291992][ T30] audit: type=1326 audit(1760491920.835:2068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14178 comm="syz.5.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 490.342827][T14127] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 490.409531][ T30] audit: type=1326 audit(1760491920.835:2069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14178 comm="syz.5.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 490.477623][ T30] audit: type=1326 audit(1760491920.835:2070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14178 comm="syz.5.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 490.668910][ T30] audit: type=1326 audit(1760491920.865:2071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14178 comm="syz.5.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 490.765569][ T30] audit: type=1326 audit(1760491920.865:2072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14178 comm="syz.5.3042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 490.837796][T14127] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.133178][ T1002] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 491.186414][ T1002] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 128 with max blocks 1440 with error 28 [ 491.196394][T14209] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3051'. [ 491.247167][T14135] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 491.300993][T14135] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 491.342657][T14135] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 491.370041][T14212] loop0: detected capacity change from 0 to 512 [ 491.483405][T14212] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 491.561583][T14212] ext4 filesystem being mounted at /506/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 491.678688][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 491.700653][T14229] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12) [ 491.707273][T14229] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 491.751072][T14229] vhci_hcd vhci_hcd.0: Device attached [ 491.810562][T14235] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(14) [ 491.817193][T14235] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 491.848764][T14235] vhci_hcd vhci_hcd.0: Device attached [ 491.848764][T14229] vhci_hcd vhci_hcd.0: pdev(5) rhport(2) sockfd(17) [ 491.848799][T14229] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 491.890230][T14235] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 491.924276][T14229] vhci_hcd vhci_hcd.0: Device attached [ 491.943543][T14235] vhci_hcd vhci_hcd.0: pdev(5) rhport(4) sockfd(21) [ 491.950159][T14235] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 491.980160][T14247] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 492.004875][T14235] vhci_hcd vhci_hcd.0: Device attached [ 492.022762][T13935] usb 43-1: new low-speed USB device number 3 using vhci_hcd [ 492.041291][T14229] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(19) [ 492.047920][T14229] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 492.064121][T14229] vhci_hcd vhci_hcd.0: Device attached [ 492.123459][T14229] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 492.153292][T14229] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 492.193010][T14229] vhci_hcd vhci_hcd.0: port 0 already used [ 492.256636][T14251] vhci_hcd: connection closed [ 492.257217][T14135] vhci_hcd: stop threads [ 492.268884][T14245] vhci_hcd: connection closed [ 492.269083][T14238] vhci_hcd: connection closed [ 492.274378][T14236] vhci_hcd: connection closed [ 492.274513][T14232] vhci_hcd: connection reset by peer [ 492.303998][T14135] vhci_hcd: release socket [ 492.323915][T14135] vhci_hcd: disconnect device [ 492.329782][T14135] vhci_hcd: stop threads [ 492.338612][T14135] vhci_hcd: release socket [ 492.348821][T14135] vhci_hcd: disconnect device [ 492.356340][T14135] vhci_hcd: stop threads [ 492.365176][T14135] vhci_hcd: release socket [ 492.374331][T14135] vhci_hcd: disconnect device [ 492.385695][T14135] vhci_hcd: stop threads [ 492.396302][T14135] vhci_hcd: release socket [ 492.405568][T14135] vhci_hcd: disconnect device [ 492.419771][T14135] vhci_hcd: stop threads [ 492.562884][T14268] netlink: 'syz.4.3070': attribute type 2 has an invalid length. [ 492.599782][T14268] netlink: 'syz.4.3070': attribute type 1 has an invalid length. [ 492.698595][T14135] vhci_hcd: release socket [ 492.703761][T14135] vhci_hcd: disconnect device [ 493.167630][T14276] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3068'. [ 493.176725][T14276] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3068'. [ 493.186487][T14276] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3068'. [ 494.302435][T14298] loop5: detected capacity change from 0 to 1024 [ 494.360400][T14298] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 494.362894][T14301] lo speed is unknown, defaulting to 1000 [ 494.394327][T14301] lo speed is unknown, defaulting to 1000 [ 494.502511][T14301] lo speed is unknown, defaulting to 1000 [ 494.552391][T14301] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 494.614629][T14301] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 494.818240][T14301] lo speed is unknown, defaulting to 1000 [ 494.859889][T14301] lo speed is unknown, defaulting to 1000 [ 494.877981][T14301] lo speed is unknown, defaulting to 1000 [ 494.899427][T14301] lo speed is unknown, defaulting to 1000 [ 494.953278][T14301] lo speed is unknown, defaulting to 1000 [ 494.998746][T14301] lo speed is unknown, defaulting to 1000 [ 496.088740][T14312] lo speed is unknown, defaulting to 1000 [ 496.321862][T14324] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 496.329118][T14324] IPv6: NLM_F_CREATE should be set when creating new route [ 496.367204][ T30] kauditd_printk_skb: 41 callbacks suppressed [ 496.367223][ T30] audit: type=1326 audit(1760491927.185:2114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 496.458410][ T30] audit: type=1326 audit(1760491927.225:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 496.601021][ T30] audit: type=1326 audit(1760491927.225:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 496.717442][ T30] audit: type=1326 audit(1760491927.225:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 496.801745][ T30] audit: type=1326 audit(1760491927.235:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 496.897879][ T30] audit: type=1326 audit(1760491927.235:2119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 496.988612][ T30] audit: type=1326 audit(1760491927.235:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 497.099954][ T30] audit: type=1326 audit(1760491927.235:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 497.131065][T13935] vhci_hcd: vhci_device speed not set [ 497.160951][ T30] audit: type=1326 audit(1760491927.385:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 497.292939][ T30] audit: type=1326 audit(1760491927.385:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14326 comm="syz.3.3089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7fec79d8eec9 code=0x7ffc0000 [ 497.345240][T14343] loop2: detected capacity change from 0 to 512 [ 497.403087][T14343] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 497.462461][T14343] EXT4-fs (loop2): 1 truncate cleaned up [ 497.470265][T14343] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 497.569274][T14355] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 497.724303][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 497.974524][T14361] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.424434][T13955] usb usb44-port1: attempt power cycle [ 498.529280][ T5840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 499.033348][T13955] usb usb44-port1: unable to enumerate USB device [ 499.642480][T14364] syz.2.3104: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 499.731018][T14364] CPU: 0 UID: 0 PID: 14364 Comm: syz.2.3104 Not tainted syzkaller #0 PREEMPT(full) [ 499.731067][T14364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 499.731088][T14364] Call Trace: [ 499.731100][T14364] [ 499.731113][T14364] dump_stack_lvl+0x16c/0x1f0 [ 499.731176][T14364] warn_alloc+0x248/0x3a0 [ 499.731243][T14364] ? __pfx_warn_alloc+0x10/0x10 [ 499.731325][T14364] ? xskq_create+0xfb/0x1d0 [ 499.731369][T14364] ? srso_alias_return_thunk+0x5/0xfbef5 [ 499.731412][T14364] ? __vmalloc_node_noprof+0xad/0xf0 [ 499.731474][T14364] __vmalloc_node_range_noprof+0xfe2/0x1480 [ 499.731544][T14364] ? xskq_create+0xfb/0x1d0 [ 499.731603][T14364] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 499.731683][T14364] ? xskq_create+0xfb/0x1d0 [ 499.731730][T14364] vmalloc_user_noprof+0x9e/0xe0 [ 499.731782][T14364] ? xskq_create+0xfb/0x1d0 [ 499.731829][T14364] xskq_create+0xfb/0x1d0 [ 499.731880][T14364] xsk_setsockopt+0x792/0x9a0 [ 499.731927][T14364] ? __pfx_xsk_setsockopt+0x10/0x10 [ 499.731969][T14364] ? srso_alias_return_thunk+0x5/0xfbef5 [ 499.732013][T14364] ? find_held_lock+0x2b/0x80 [ 499.732077][T14364] ? srso_alias_return_thunk+0x5/0xfbef5 [ 499.732121][T14364] ? aa_sock_opt_perm+0xfd/0x1c0 [ 499.732184][T14364] ? __pfx_xsk_setsockopt+0x10/0x10 [ 499.732231][T14364] do_sock_setsockopt+0xf3/0x1d0 [ 499.732298][T14364] __sys_setsockopt+0x1a0/0x230 [ 499.732361][T14364] __x64_sys_setsockopt+0xbd/0x160 [ 499.732412][T14364] ? do_syscall_64+0x91/0xfa0 [ 499.732468][T14364] ? srso_alias_return_thunk+0x5/0xfbef5 [ 499.732511][T14364] ? lockdep_hardirqs_on+0x7c/0x110 [ 499.732568][T14364] do_syscall_64+0xcd/0xfa0 [ 499.732629][T14364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.732670][T14364] RIP: 0033:0x7f243ab8eec9 [ 499.732698][T14364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.732734][T14364] RSP: 002b:00007f2438df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 499.732768][T14364] RAX: ffffffffffffffda RBX: 00007f243ade6180 RCX: 00007f243ab8eec9 [ 499.732793][T14364] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006 [ 499.732815][T14364] RBP: 00007f243ac11f91 R08: 0000000000000004 R09: 0000000000000000 [ 499.732838][T14364] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000000 [ 499.732861][T14364] R13: 00007f243ade6218 R14: 00007f243ade6180 R15: 00007ffd51f29d38 [ 499.732913][T14364] [ 499.733066][T14364] Mem-Info: [ 499.980093][T14398] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 500.139554][T14364] active_anon:8629 inactive_anon:0 isolated_anon:0 [ 500.139554][T14364] active_file:7846 inactive_file:47332 isolated_file:0 [ 500.139554][T14364] unevictable:768 dirty:248 writeback:0 [ 500.139554][T14364] slab_reclaimable:11777 slab_unreclaimable:103574 [ 500.139554][T14364] mapped:35751 shmem:5609 pagetables:1404 [ 500.139554][T14364] sec_pagetables:0 bounce:0 [ 500.139554][T14364] kernel_misc_reclaimable:0 [ 500.139554][T14364] free:1274704 free_pcp:18484 free_cma:0 [ 500.251298][T14364] Node 0 active_anon:30492kB inactive_anon:0kB active_file:31384kB inactive_file:189128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:143016kB dirty:1000kB writeback:0kB shmem:17180kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12540kB pagetables:5448kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 500.402341][T14364] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 500.491922][T14364] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 500.562947][T14364] lowmem_reserve[]: 0 2483 2485 2485 2485 [ 500.579221][T14364] Node 0 DMA32 free:1196916kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:25760kB inactive_anon:0kB active_file:31384kB inactive_file:189128kB unevictable:1536kB writepending:900kB zspages:0kB present:3129332kB managed:2543524kB mlocked:0kB bounce:0kB free_pcp:54156kB local_pcp:17116kB free_cma:0kB [ 500.673358][T14364] lowmem_reserve[]: 0 0 1 1 1 [ 500.678151][T14364] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 500.718956][T14364] lowmem_reserve[]: 0 0 0 0 0 [ 500.723785][T14364] Node 1 Normal free:3896420kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:21200kB local_pcp:14928kB free_cma:0kB [ 500.785446][T14364] lowmem_reserve[]: 0 0 0 0 0 [ 500.795484][T14364] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 500.845531][T14364] Node 0 DMA32: 1594*4kB (UM) 666*8kB (UM) 395*16kB (UME) 1374*32kB (UM) 1279*64kB (UME) 783*128kB (UME) 450*256kB (UME) 218*512kB (UME) 89*1024kB (UME) 6*2048kB (ME) 152*4096kB (UM) = 1196904kB [ 500.865613][T14364] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 500.879029][T14364] Node 1 Normal: 22*4kB (U) 58*8kB (UME) 49*16kB (UME) 107*32kB (UME) 30*64kB (UME) 9*128kB (UME) 4*256kB (UME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 947*4096kB (M) = 3896472kB [ 500.941669][T14364] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 500.960903][T14364] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 501.001545][T14364] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 501.048561][T14364] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 501.150627][T14364] 62518 total pagecache pages [ 501.182946][T14364] 0 pages in swap cache [ 501.219051][T14364] Free swap = 124996kB [ 501.260111][T14364] Total swap = 124996kB [ 501.294720][T14364] 2097051 pages RAM [ 501.346090][T14364] 0 pages HighMem/MovableOnly [ 501.406431][T14364] 429080 pages reserved [ 501.554766][T14364] 0 pages cma reserved [ 501.875878][T14361] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.959225][T14375] sch_tbf: peakrate 7 is lower than or equals to rate 7 ! [ 502.367295][T14414] lo speed is unknown, defaulting to 1000 [ 502.822087][T14361] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 502.847921][T14421] netlink: 'syz.0.3124': attribute type 10 has an invalid length. [ 502.951738][T14424] netlink: 'syz.0.3124': attribute type 10 has an invalid length. [ 503.064493][T14421] team0: Port device dummy0 added [ 503.138501][T14424] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 503.172443][T14424] team0: Failed to send options change via netlink (err -105) [ 503.188964][T14424] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 503.217227][T14424] team0: Port device dummy0 removed [ 503.234677][T14424] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 503.271202][T14433] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3129'. [ 503.303343][T14433] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3129'. [ 503.404985][T14361] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.561512][T14438] loop0: detected capacity change from 0 to 512 [ 503.616278][T14438] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 503.671042][T14438] ext4 filesystem being mounted at /518/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 503.759857][ T6011] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.803060][T14449] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3135'. [ 503.929344][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 504.016363][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 504.016388][ T30] audit: type=1326 audit(1760491934.835:2125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14451 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 504.048270][ T6011] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 504.157790][ T30] audit: type=1326 audit(1760491934.865:2126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14451 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 504.165955][ T6011] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 504.211670][T14460] loop3: detected capacity change from 0 to 512 [ 504.229696][ T30] audit: type=1326 audit(1760491934.865:2127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14451 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f870218ef03 code=0x7ffc0000 [ 504.230948][ T6011] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 504.305990][T14460] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 504.321710][ T30] audit: type=1326 audit(1760491934.865:2128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14451 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f870218ef03 code=0x7ffc0000 [ 504.368100][ T30] audit: type=1326 audit(1760491934.865:2129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14451 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 504.406791][T14460] ext4 filesystem being mounted at /518/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 504.431083][ T30] audit: type=1326 audit(1760491934.865:2130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14451 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 504.525138][ T30] audit: type=1326 audit(1760491934.865:2131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14451 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 504.569404][ T30] audit: type=1326 audit(1760491934.865:2132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14451 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 504.631392][T14475] EXT4-fs (loop3): shut down requested (0) [ 504.645431][ T30] audit: type=1326 audit(1760491935.015:2133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14451 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 504.682667][ T30] audit: type=1326 audit(1760491935.015:2134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14451 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 504.893424][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 505.306878][T14485] loop2: detected capacity change from 0 to 512 [ 505.455926][T14485] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 505.491065][T14485] ext4 filesystem being mounted at /492/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 505.569426][T14493] loop0: detected capacity change from 0 to 512 [ 505.623531][T14493] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 505.669639][T14495] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3150'. [ 505.712713][T14493] EXT4-fs (loop0): 1 truncate cleaned up [ 505.720501][T14493] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 505.778245][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 505.813452][T14502] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3156'. [ 506.003231][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 506.172233][T14509] 9pnet_fd: p9_fd_create_unix (14509): problem connecting socket: ./file0: -2 [ 506.518395][T14523] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 506.532555][T14523] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 506.540400][T14523] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 506.551860][T14523] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 506.562556][T14523] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 506.622208][T14526] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 506.743607][T14530] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3168'. [ 507.321281][T14522] lo speed is unknown, defaulting to 1000 [ 507.385074][T14540] pim6reg: entered allmulticast mode [ 507.401435][T14540] pim6reg: left allmulticast mode [ 507.483313][T14549] 9pnet_fd: p9_fd_create_unix (14549): problem connecting socket: ./file0: -2 [ 507.587853][T14546] netlink: 'syz.4.3175': attribute type 6 has an invalid length. [ 507.613263][T14546] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3175'. [ 507.851477][T14560] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3177'. [ 507.863001][T14522] chnl_net:caif_netlink_parms(): no params data found [ 508.194656][T14522] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.202070][T14575] syz.2.3185 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 508.242497][T14577] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 508.253256][T14522] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.262635][T14522] bridge_slave_0: entered allmulticast mode [ 508.313107][T14522] bridge_slave_0: entered promiscuous mode [ 508.358225][T14522] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.365410][T14522] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.393774][T14522] bridge_slave_1: entered allmulticast mode [ 508.422605][T14522] bridge_slave_1: entered promiscuous mode [ 508.436433][T13933] Process accounting resumed [ 508.606130][T14522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 508.652662][T14522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 508.705005][ T5844] Bluetooth: hci4: command tx timeout [ 508.936294][T14596] loop0: detected capacity change from 0 to 512 [ 509.514592][T14522] team0: Port device team_slave_0 added [ 509.521681][T14596] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 509.575442][T14522] team0: Port device team_slave_1 added [ 509.592552][T14602] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3194'. [ 509.602562][T14596] ext4 filesystem being mounted at /528/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 509.838368][T14522] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 509.858184][T14522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 509.903657][T14522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 509.939185][T14522] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 509.951143][T14608] loop5: detected capacity change from 0 to 512 [ 509.968059][T14522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 510.049505][T14608] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 510.061414][T14522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 510.064522][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 510.137021][T14608] ext4 filesystem being mounted at /525/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 510.237073][T14608] capability: warning: `syz.5.3196' uses 32-bit capabilities (legacy support in use) [ 510.261145][T14522] hsr_slave_0: entered promiscuous mode [ 510.294505][T14522] hsr_slave_1: entered promiscuous mode [ 510.318894][T14522] debugfs: 'hsr0' already exists in 'hsr' [ 510.346807][T14522] Cannot create hsr debugfs directory [ 510.400626][ T5840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 510.820809][ T5844] Bluetooth: hci4: command tx timeout [ 510.866219][T14624] loop2: detected capacity change from 0 to 512 [ 510.908019][T14624] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 510.945696][T14624] EXT4-fs (loop2): 1 truncate cleaned up [ 510.985792][T14624] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 511.169934][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 511.176334][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 511.571278][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 512.027704][T14639] loop2: detected capacity change from 0 to 2048 [ 512.117937][T14639] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 512.192599][ T30] kauditd_printk_skb: 110 callbacks suppressed [ 512.192623][ T30] audit: type=1326 audit(1760491942.847:2245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14641 comm="syz.5.3208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 512.329178][ T30] audit: type=1326 audit(1760491942.847:2246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14641 comm="syz.5.3208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=67 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 512.378489][T14649] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 512.423874][ T30] audit: type=1326 audit(1760491942.847:2247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14641 comm="syz.5.3208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 512.497695][ T30] audit: type=1326 audit(1760491942.856:2248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14641 comm="syz.5.3208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f870218eec9 code=0x7ffc0000 [ 512.620532][T14522] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 512.702151][T14522] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 512.783886][T14654] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 512.798997][T14654] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28 [ 512.811345][T14654] EXT4-fs (loop2): This should not happen!! Data will be lost [ 512.811345][T14654] [ 512.821018][T14654] EXT4-fs (loop2): Total free blocks count 0 [ 512.829188][T14654] EXT4-fs (loop2): Free/Dirty block details [ 512.835175][T14654] EXT4-fs (loop2): free_blocks=2415919504 [ 512.840914][T14654] EXT4-fs (loop2): dirty_blocks=80 [ 512.846092][T14654] EXT4-fs (loop2): Block reservation details [ 512.852529][T14654] EXT4-fs (loop2): i_reserved_data_blocks=5 [ 512.995619][ T5844] Bluetooth: hci4: command tx timeout [ 513.002948][T14522] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 513.098646][T14653] lo speed is unknown, defaulting to 1000 [ 513.099252][T14522] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 513.173247][T14658] loop0: detected capacity change from 0 to 1024 [ 513.352973][T14658] EXT4-fs: inline encryption not supported [ 513.382935][T14658] EXT4-fs: Ignoring removed i_version option [ 513.498658][T14658] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 514.511012][T14658] ext4: Unknown parameter ' Z* m.Dc8'@C9G9?9S{1Jլ5 æԌqqY糔' [ 514.536532][T14522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 514.671933][T14522] 8021q: adding VLAN 0 to HW filter on device team0 [ 514.720921][ T5836] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 514.736758][ T1002] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.743995][ T1002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 514.802437][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.809681][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 514.956945][T14674] loop5: detected capacity change from 0 to 512 [ 515.022052][T14135] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 64 with max blocks 544 with error 28 [ 515.081543][ T5844] Bluetooth: hci4: command tx timeout [ 515.103316][T14674] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 515.132930][T14674] ext4 filesystem being mounted at /532/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 515.395138][ T5840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 515.741564][T14522] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 515.849461][T14700] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6 [ 516.062320][ T6011] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.076911][ T6011] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.204541][ T1002] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.255345][T14522] veth0_vlan: entered promiscuous mode [ 516.301949][T14522] veth1_vlan: entered promiscuous mode [ 516.476729][ T6011] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.509074][T14522] veth0_macvtap: entered promiscuous mode [ 516.538356][T14522] veth1_macvtap: entered promiscuous mode [ 516.612479][T14522] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 516.770012][T14522] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 516.786162][T14729] SET target dimension over the limit! [ 516.857885][ T6070] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.878249][ T6070] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.886990][ T6070] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.955437][T14707] syz.0.3223: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 516.975048][ T6070] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.062830][T14707] CPU: 0 UID: 0 PID: 14707 Comm: syz.0.3223 Not tainted syzkaller #0 PREEMPT(full) [ 517.062879][T14707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 517.062900][T14707] Call Trace: [ 517.062911][T14707] [ 517.062925][T14707] dump_stack_lvl+0x16c/0x1f0 [ 517.062985][T14707] warn_alloc+0x248/0x3a0 [ 517.063049][T14707] ? __pfx_warn_alloc+0x10/0x10 [ 517.063129][T14707] ? xskq_create+0xfb/0x1d0 [ 517.063172][T14707] ? srso_alias_return_thunk+0x5/0xfbef5 [ 517.063215][T14707] ? __vmalloc_node_noprof+0xad/0xf0 [ 517.063286][T14707] __vmalloc_node_range_noprof+0xfe2/0x1480 [ 517.063355][T14707] ? xskq_create+0xfb/0x1d0 [ 517.063418][T14707] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 517.063487][T14707] ? xskq_create+0xfb/0x1d0 [ 517.063533][T14707] vmalloc_user_noprof+0x9e/0xe0 [ 517.063584][T14707] ? xskq_create+0xfb/0x1d0 [ 517.063631][T14707] xskq_create+0xfb/0x1d0 [ 517.063687][T14707] xsk_setsockopt+0x792/0x9a0 [ 517.063733][T14707] ? __pfx_xsk_setsockopt+0x10/0x10 [ 517.063775][T14707] ? srso_alias_return_thunk+0x5/0xfbef5 [ 517.063818][T14707] ? find_held_lock+0x2b/0x80 [ 517.063882][T14707] ? srso_alias_return_thunk+0x5/0xfbef5 [ 517.063925][T14707] ? aa_sock_opt_perm+0xfd/0x1c0 [ 517.063986][T14707] ? __pfx_xsk_setsockopt+0x10/0x10 [ 517.064032][T14707] do_sock_setsockopt+0xf3/0x1d0 [ 517.064075][T14707] __sys_setsockopt+0x1a0/0x230 [ 517.064136][T14707] __x64_sys_setsockopt+0xbd/0x160 [ 517.064187][T14707] ? do_syscall_64+0x91/0xfa0 [ 517.064239][T14707] ? srso_alias_return_thunk+0x5/0xfbef5 [ 517.064291][T14707] ? lockdep_hardirqs_on+0x7c/0x110 [ 517.064347][T14707] do_syscall_64+0xcd/0xfa0 [ 517.064426][T14707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.064463][T14707] RIP: 0033:0x7fc16998eec9 [ 517.064490][T14707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 517.064524][T14707] RSP: 002b:00007fc1677f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 517.064557][T14707] RAX: ffffffffffffffda RBX: 00007fc169be6270 RCX: 00007fc16998eec9 [ 517.064581][T14707] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000a [ 517.064603][T14707] RBP: 00007fc169a11f91 R08: 0000000000000004 R09: 0000000000000000 [ 517.064625][T14707] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000000 [ 517.064647][T14707] R13: 00007fc169be6308 R14: 00007fc169be6270 R15: 00007ffe3959ca38 [ 517.064697][T14707] [ 517.064709][T14707] Mem-Info: [ 517.317584][T14707] active_anon:9287 inactive_anon:0 isolated_anon:0 [ 517.317584][T14707] active_file:7846 inactive_file:47339 isolated_file:0 [ 517.317584][T14707] unevictable:768 dirty:230 writeback:0 [ 517.317584][T14707] slab_reclaimable:12108 slab_unreclaimable:104247 [ 517.317584][T14707] mapped:39683 shmem:6329 pagetables:1393 [ 517.317584][T14707] sec_pagetables:0 bounce:0 [ 517.317584][T14707] kernel_misc_reclaimable:0 [ 517.317584][T14707] free:1274125 free_pcp:16649 free_cma:0 [ 517.376098][T14707] Node 0 active_anon:37148kB inactive_anon:0kB active_file:31384kB inactive_file:189156kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:158732kB dirty:920kB writeback:0kB shmem:23780kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12968kB pagetables:5428kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 517.535033][T14707] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 517.631717][T14707] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 517.663125][ T6070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 517.670971][ T6070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 517.795500][ T30] audit: type=1326 audit(1760491948.367:2249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14739 comm="syz.2.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243ab8eec9 code=0x7ffc0000 [ 517.855072][T14707] lowmem_reserve[]: 0 2483 2485 2485 2485 [ 517.860935][T14707] Node 0 DMA32 free:1183620kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:37184kB inactive_anon:0kB active_file:31384kB inactive_file:189164kB unevictable:1536kB writepending:956kB zspages:0kB present:3129332kB managed:2543524kB mlocked:0kB bounce:0kB free_pcp:45952kB local_pcp:23424kB free_cma:0kB [ 517.909628][T14740] loop2: detected capacity change from 0 to 512 [ 517.915092][ T6070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 517.924104][ T30] audit: type=1326 audit(1760491948.387:2250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14739 comm="syz.2.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243ab8eec9 code=0x7ffc0000 [ 517.924168][ T30] audit: type=1326 audit(1760491948.387:2251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14739 comm="syz.2.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f243ab8eec9 code=0x7ffc0000 [ 517.924229][ T30] audit: type=1326 audit(1760491948.406:2252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14739 comm="syz.2.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243ab8eec9 code=0x7ffc0000 [ 517.924287][ T30] audit: type=1326 audit(1760491948.406:2253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14739 comm="syz.2.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f243ab8eec9 code=0x7ffc0000 [ 517.924345][ T30] audit: type=1326 audit(1760491948.406:2254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14739 comm="syz.2.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243ab8eec9 code=0x7ffc0000 [ 517.924401][ T30] audit: type=1326 audit(1760491948.416:2255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14739 comm="syz.2.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f243ab8eec9 code=0x7ffc0000 [ 517.924471][ T30] audit: type=1326 audit(1760491948.416:2256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14739 comm="syz.2.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243ab8eec9 code=0x7ffc0000 [ 517.924529][ T30] audit: type=1326 audit(1760491948.416:2257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14739 comm="syz.2.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243ab8eec9 code=0x7ffc0000 [ 517.924588][ T30] audit: type=1326 audit(1760491948.416:2258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14739 comm="syz.2.3240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f243ab8eec9 code=0x7ffc0000 [ 517.925008][T14707] lowmem_reserve[]: 0 0 1 1 1 [ 517.925074][T14707] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 517.925163][T14707] lowmem_reserve[]: 0 0 0 0 0 [ 517.925225][T14707] Node 1 Normal free:3895236kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:22436kB local_pcp:15904kB free_cma:0kB [ 517.925319][T14707] lowmem_reserve[]: 0 0 0 0 0 [ 517.925380][T14707] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 517.925591][T14707] Node 0 DMA32: 1*4kB [ 517.947628][ T6070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 517.970835][T14707] (M) 284*8kB (M) 349*16kB (M) 1066*32kB (UME) 1277*64kB (UME) 764*128kB (UME) 465*256kB (UME) 227*512kB (UME) 88*1024kB (UM) 7*2048kB (UME) 152*4096kB (UM) = 1183796kB [ 517.971150][T14707] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 517.972976][T14707] Node 1 Normal: 87*4kB (U) 23*8kB (UME) 11*16kB (UME) 88*32kB (UME) 30*64kB (UME) 9*128kB (UME) 4*256kB (UME) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 947*4096kB (M) = 3895236kB [ 518.348666][T14740] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 518.361936][T14740] ext4 filesystem being mounted at /510/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 518.379147][T14707] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 518.391047][T14707] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 518.401364][T14707] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 518.414210][T14707] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 518.423798][T14707] 61570 total pagecache pages [ 518.432493][T14707] 0 pages in swap cache [ 518.436811][T14707] Free swap = 124996kB [ 518.446258][T14740] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #2: comm syz.2.3240: corrupted inode contents [ 518.458603][T14707] Total swap = 124996kB [ 518.462812][T14707] 2097051 pages RAM [ 518.501539][T14707] 0 pages HighMem/MovableOnly [ 518.528380][T14740] EXT4-fs error (device loop2): ext4_dirty_inode:6509: inode #2: comm syz.2.3240: mark_inode_dirty error [ 518.544412][T14707] 429080 pages reserved [ 518.554690][T14707] 0 pages cma reserved [ 518.694735][T14740] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #2: comm syz.2.3240: corrupted inode contents [ 518.866474][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 520.172583][T14773] loop1: detected capacity change from 0 to 1764 [ 520.291790][T14777] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.595124][T14788] loop3: detected capacity change from 0 to 512 [ 520.651502][T14788] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 520.747537][T14788] ext4 filesystem being mounted at /530/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 521.070053][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 521.789970][T14777] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.264490][T14785] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3255'. [ 522.429032][T14777] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.531293][T14812] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3266'. [ 522.593081][T14812] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3266'. [ 522.847180][T14816] loop2: detected capacity change from 0 to 512 [ 522.873327][T14777] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.948501][T14816] [ 522.950843][T14816] ====================================================== [ 522.957856][T14816] WARNING: possible circular locking dependency detected [ 522.964866][T14816] syzkaller #0 Not tainted [ 522.969275][T14816] ------------------------------------------------------ [ 522.976277][T14816] syz.2.3268/14816 is trying to acquire lock: [ 522.982329][T14816] ffff88807838ab98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x27a/0x600 [ 522.992202][T14816] [ 522.992202][T14816] but task is already holding lock: [ 522.999632][T14816] ffff888056a83098 (&ei->xattr_sem){++++}-{4:4}, at: __ext4_mark_inode_dirty+0x4ba/0x870 [ 523.009508][T14816] [ 523.009508][T14816] which lock already depends on the new lock. [ 523.009508][T14816] [ 523.019895][T14816] [ 523.019895][T14816] the existing dependency chain (in reverse order) is: [ 523.028891][T14816] [ 523.028891][T14816] -> #1 (&ei->xattr_sem){++++}-{4:4}: [ 523.036468][T14816] down_write+0x92/0x200 [ 523.041231][T14816] ext4_destroy_inline_data+0x2d/0xe0 [ 523.047126][T14816] ext4_do_writepages+0x1154/0x3cf0 [ 523.052867][T14816] ext4_writepages+0x37a/0x7d0 [ 523.058172][T14816] do_writepages+0x27a/0x600 [ 523.063305][T14816] filemap_fdatawrite_wbc+0x104/0x160 [ 523.069210][T14816] __filemap_fdatawrite_range+0xb9/0x100 [ 523.075362][T14816] file_write_and_wait_range+0xca/0x140 [ 523.081442][T14816] generic_buffers_fsync_noflush+0x76/0x310 [ 523.087882][T14816] ext4_sync_file+0x896/0xf10 [ 523.093093][T14816] vfs_fsync_range+0x139/0x220 [ 523.098384][T14816] ext4_buffered_write_iter+0x2e0/0x440 [ 523.104468][T14816] ext4_file_write_iter+0xa4c/0x1d10 [ 523.110286][T14816] vfs_write+0x7d3/0x11d0 [ 523.115155][T14816] ksys_write+0x12a/0x250 [ 523.120024][T14816] do_syscall_64+0xcd/0xfa0 [ 523.125070][T14816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.131486][T14816] [ 523.131486][T14816] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 523.139928][T14816] __lock_acquire+0x126f/0x1c90 [ 523.145310][T14816] lock_acquire+0x179/0x350 [ 523.150343][T14816] ext4_writepages+0x224/0x7d0 [ 523.155654][T14816] do_writepages+0x27a/0x600 [ 523.160777][T14816] __writeback_single_inode+0x160/0xfb0 [ 523.166862][T14816] writeback_single_inode+0x2bc/0x550 [ 523.172779][T14816] write_inode_now+0x170/0x1e0 [ 523.178058][T14816] iput.part.0+0x487/0xb00 [ 523.183006][T14816] iput+0x35/0x40 [ 523.187169][T14816] ext4_xattr_block_set+0x67c/0x3650 [ 523.192993][T14816] ext4_expand_extra_isize_ea+0x1442/0x1ab0 [ 523.199422][T14816] __ext4_expand_extra_isize+0x346/0x480 [ 523.205585][T14816] __ext4_mark_inode_dirty+0x544/0x870 [ 523.211586][T14816] ext4_evict_inode+0x74e/0x18e0 [ 523.217039][T14816] evict+0x3e6/0x920 [ 523.221640][T14816] iput.part.0+0x6a9/0xb00 [ 523.226589][T14816] iput+0x35/0x40 [ 523.230751][T14816] ext4_orphan_cleanup+0x731/0x11e0 [ 523.236489][T14816] ext4_fill_super+0x8db7/0xaf70 [ 523.241948][T14816] get_tree_bdev_flags+0x38c/0x620 [ 523.247578][T14816] vfs_get_tree+0x8e/0x340 [ 523.252530][T14816] path_mount+0x7b9/0x23a0 [ 523.257478][T14816] __x64_sys_mount+0x293/0x310 [ 523.262775][T14816] do_syscall_64+0xcd/0xfa0 [ 523.267813][T14816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.274225][T14816] [ 523.274225][T14816] other info that might help us debug this: [ 523.274225][T14816] [ 523.284437][T14816] Possible unsafe locking scenario: [ 523.284437][T14816] [ 523.291872][T14816] CPU0 CPU1 [ 523.297219][T14816] ---- ---- [ 523.302568][T14816] lock(&ei->xattr_sem); [ 523.306895][T14816] lock(&sbi->s_writepages_rwsem); [ 523.314614][T14816] lock(&ei->xattr_sem); [ 523.321459][T14816] rlock(&sbi->s_writepages_rwsem); [ 523.326741][T14816] [ 523.326741][T14816] *** DEADLOCK *** [ 523.326741][T14816] [ 523.334864][T14816] 3 locks held by syz.2.3268/14816: [ 523.340054][T14816] #0: ffff8880783880e0 (&type->s_umount_key#28/1){+.+.}-{4:4}, at: alloc_super+0x1e3/0xb60 [ 523.350204][T14816] #1: ffff888078388610 (sb_internal){++++}-{0:0}, at: evict+0x3e6/0x920 [ 523.358692][T14816] #2: ffff888056a83098 (&ei->xattr_sem){++++}-{4:4}, at: __ext4_mark_inode_dirty+0x4ba/0x870 [ 523.369452][T14816] [ 523.369452][T14816] stack backtrace: [ 523.375333][T14816] CPU: 0 UID: 0 PID: 14816 Comm: syz.2.3268 Not tainted syzkaller #0 PREEMPT(full) [ 523.375371][T14816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 523.375391][T14816] Call Trace: [ 523.375403][T14816] [ 523.375415][T14816] dump_stack_lvl+0x116/0x1f0 [ 523.375471][T14816] print_circular_bug+0x275/0x350 [ 523.375514][T14816] check_noncircular+0x14c/0x170 [ 523.375560][T14816] __lock_acquire+0x126f/0x1c90 [ 523.375605][T14816] ? __lock_acquire+0x622/0x1c90 [ 523.375649][T14816] lock_acquire+0x179/0x350 [ 523.375689][T14816] ? do_writepages+0x27a/0x600 [ 523.375735][T14816] ? __pfx___might_resched+0x10/0x10 [ 523.375795][T14816] ext4_writepages+0x224/0x7d0 [ 523.375846][T14816] ? do_writepages+0x27a/0x600 [ 523.375890][T14816] ? __pfx_ext4_writepages+0x10/0x10 [ 523.375941][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.375980][T14816] ? __lock_acquire+0xb8a/0x1c90 [ 523.376029][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.376071][T14816] ? __pfx_ext4_writepages+0x10/0x10 [ 523.376125][T14816] do_writepages+0x27a/0x600 [ 523.376172][T14816] ? __pfx_do_writepages+0x10/0x10 [ 523.376221][T14816] __writeback_single_inode+0x160/0xfb0 [ 523.376278][T14816] ? __pfx___writeback_single_inode+0x10/0x10 [ 523.376331][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.376370][T14816] ? do_raw_spin_unlock+0x172/0x230 [ 523.376422][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.376470][T14816] writeback_single_inode+0x2bc/0x550 [ 523.376528][T14816] write_inode_now+0x170/0x1e0 [ 523.376558][T14816] ? __pfx_write_inode_now+0x10/0x10 [ 523.376615][T14816] ? find_held_lock+0x2b/0x80 [ 523.376669][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.376710][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.376754][T14816] iput.part.0+0x487/0xb00 [ 523.376805][T14816] iput+0x35/0x40 [ 523.376848][T14816] ext4_xattr_block_set+0x67c/0x3650 [ 523.376903][T14816] ? __pfx_ext4_xattr_block_set+0x10/0x10 [ 523.376950][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.376989][T14816] ? xattr_find_entry+0x289/0x330 [ 523.377032][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.377071][T14816] ? ext4_xattr_block_find+0x59/0x430 [ 523.377115][T14816] ext4_expand_extra_isize_ea+0x1442/0x1ab0 [ 523.377178][T14816] ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10 [ 523.377233][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.377273][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.377312][T14816] ? dquot_initialize_needed+0x183/0x2a0 [ 523.377362][T14816] __ext4_expand_extra_isize+0x346/0x480 [ 523.377408][T14816] __ext4_mark_inode_dirty+0x544/0x870 [ 523.377469][T14816] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 523.377525][T14816] ? __pfx___might_resched+0x10/0x10 [ 523.377586][T14816] ? ext4_journal_check_start+0x22b/0x340 [ 523.377637][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.377677][T14816] ? __ext4_journal_start_sb+0x19e/0x690 [ 523.377726][T14816] ? ext4_evict_inode+0x5cf/0x18e0 [ 523.377759][T14816] ext4_evict_inode+0x74e/0x18e0 [ 523.377793][T14816] ? __pfx_ext4_evict_inode+0x10/0x10 [ 523.377824][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.377868][T14816] ? __pfx_ext4_evict_inode+0x10/0x10 [ 523.377899][T14816] evict+0x3e6/0x920 [ 523.377945][T14816] ? __pfx_evict+0x10/0x10 [ 523.377989][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.378034][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.378080][T14816] iput.part.0+0x6a9/0xb00 [ 523.378125][T14816] ? __pfx_ext4_drop_inode+0x10/0x10 [ 523.378172][T14816] iput+0x35/0x40 [ 523.378216][T14816] ext4_orphan_cleanup+0x731/0x11e0 [ 523.378278][T14816] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 523.378336][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.378375][T14816] ? ext4_register_li_request+0xec/0x9b0 [ 523.378415][T14816] ext4_fill_super+0x8db7/0xaf70 [ 523.378471][T14816] ? __pfx_ext4_fill_super+0x10/0x10 [ 523.378505][T14816] ? do_raw_spin_lock+0x12c/0x2b0 [ 523.378552][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.378591][T14816] ? find_held_lock+0x2b/0x80 [ 523.378647][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.378687][T14816] ? sb_set_blocksize+0x176/0x1d0 [ 523.378726][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.378766][T14816] ? setup_bdev_super+0x369/0x730 [ 523.378799][T14816] get_tree_bdev_flags+0x38c/0x620 [ 523.378841][T14816] ? __pfx_ext4_fill_super+0x10/0x10 [ 523.378877][T14816] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 523.378916][T14816] ? apparmor_capable+0x114/0x1d0 [ 523.378952][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.378997][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.379036][T14816] ? security_capable+0x7e/0x260 [ 523.379092][T14816] vfs_get_tree+0x8e/0x340 [ 523.379143][T14816] path_mount+0x7b9/0x23a0 [ 523.379190][T14816] ? __pfx_path_mount+0x10/0x10 [ 523.379234][T14816] ? putname+0x154/0x1a0 [ 523.379283][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 523.379322][T14816] ? putname+0x154/0x1a0 [ 523.379368][T14816] ? __x64_sys_mount+0x293/0x310 [ 523.379410][T14816] __x64_sys_mount+0x293/0x310 [ 523.379460][T14816] ? __pfx___x64_sys_mount+0x10/0x10 [ 523.379502][T14816] ? xfd_validate_state+0x61/0x180 [ 523.379549][T14816] do_syscall_64+0xcd/0xfa0 [ 523.379601][T14816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.379635][T14816] RIP: 0033:0x7f243ab9066a [ 523.379660][T14816] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 523.379693][T14816] RSP: 002b:00007f243b9a4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 523.379724][T14816] RAX: ffffffffffffffda RBX: 00007f243b9a4ef0 RCX: 00007f243ab9066a [ 523.379746][T14816] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f243b9a4eb0 [ 523.379769][T14816] RBP: 0000200000000180 R08: 00007f243b9a4ef0 R09: 0000000000800700 [ 523.379791][T14816] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 523.379813][T14816] R13: 00007f243b9a4eb0 R14: 0000000000000473 R15: 0000200000000680 [ 523.379848][T14816] [ 524.175573][T14816] ------------[ cut here ]------------ [ 524.181122][T14816] EA inode 11 i_nlink=2 [ 524.181757][T14816] WARNING: CPU: 1 PID: 14816 at fs/ext4/xattr.c:1056 ext4_xattr_inode_update_ref+0x4ec/0x610 [ 524.198356][T14816] Modules linked in: [ 524.202275][T14816] CPU: 1 UID: 0 PID: 14816 Comm: syz.2.3268 Not tainted syzkaller #0 PREEMPT(full) [ 524.211702][T14816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 524.221977][T14816] RIP: 0010:ext4_xattr_inode_update_ref+0x4ec/0x610 [ 524.229321][T14816] Code: df 48 8d 7b 40 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 23 01 00 00 48 8b 73 40 44 89 e2 48 c7 c7 c0 5d a8 8b e8 35 00 ed fe 90 <0f> 0b 90 90 e9 d9 fe ff ff e8 36 cb 2e ff 44 0f b6 2d 22 8b dd 0d [ 524.248977][T14816] RSP: 0018:ffffc9000af1f178 EFLAGS: 00010282 [ 524.255058][T14816] RAX: 0000000000000000 RBX: ffff88804f34e238 RCX: ffffc9000bd7b000 [ 524.263798][T14816] RDX: 0000000000080000 RSI: ffffffff817b5ef5 RDI: 0000000000000001 [ 524.271824][T14816] RBP: ffffc9000af1f240 R08: 0000000000000001 R09: 0000000000000000 [ 524.279876][T14816] R10: 0000000000000001 R11: 000000002d2d2d2d R12: 0000000000000002 [ 524.289423][T14816] R13: 0000000000000000 R14: 1ffff920015e3e32 R15: ffff88804f34e428 [ 524.298139][T14816] FS: 00007f243b9a56c0(0000) GS:ffff888124ada000(0000) knlGS:0000000000000000 [ 524.307090][T14816] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 524.313711][T14816] CR2: 00007fec79fb3ad8 CR3: 0000000045b94000 CR4: 0000000000350ef0 [ 524.322465][T14816] Call Trace: [ 524.325750][T14816] [ 524.328724][T14816] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 524.335094][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.340787][T14816] ? ext4_xattr_inode_iget+0x1ee/0x400 [ 524.346292][T14816] ext4_xattr_set_entry+0x158f/0x1f00 [ 524.352639][T14816] ? __pfx_ext4_xattr_set_entry+0x10/0x10 [ 524.358430][T14816] ? xattr_find_entry+0x289/0x330 [ 524.363776][T14816] ext4_xattr_ibody_set+0x3d6/0x5d0 [ 524.369062][T14816] ext4_expand_extra_isize_ea+0x148c/0x1ab0 [ 524.375021][T14816] ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10 [ 524.382135][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.387795][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.394326][T14816] ? dquot_initialize_needed+0x183/0x2a0 [ 524.400724][T14816] __ext4_expand_extra_isize+0x346/0x480 [ 524.406393][T14816] __ext4_mark_inode_dirty+0x544/0x870 [ 524.412671][T14816] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 524.418715][T14816] ? __pfx___might_resched+0x10/0x10 [ 524.424134][T14816] ? ext4_journal_check_start+0x22b/0x340 [ 524.430451][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.436115][T14816] ? __ext4_journal_start_sb+0x19e/0x690 [ 524.441869][T14816] ? ext4_evict_inode+0x5cf/0x18e0 [ 524.446999][T14816] ext4_evict_inode+0x74e/0x18e0 [ 524.452721][T14816] ? __pfx_ext4_evict_inode+0x10/0x10 [ 524.458111][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.463796][T14816] ? __pfx_ext4_evict_inode+0x10/0x10 [ 524.469182][T14816] evict+0x3e6/0x920 [ 524.473185][T14816] ? __pfx_evict+0x10/0x10 [ 524.477717][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.484060][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.489747][T14816] iput.part.0+0x6a9/0xb00 [ 524.495011][T14816] ? __pfx_ext4_drop_inode+0x10/0x10 [ 524.501045][T14816] iput+0x35/0x40 [ 524.504709][T14816] ext4_orphan_cleanup+0x731/0x11e0 [ 524.509954][T14816] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 524.516330][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.521989][T14816] ? ext4_register_li_request+0xec/0x9b0 [ 524.527640][T14816] ext4_fill_super+0x8db7/0xaf70 [ 524.532631][T14816] ? __pfx_ext4_fill_super+0x10/0x10 [ 524.537922][T14816] ? do_raw_spin_lock+0x12c/0x2b0 [ 524.543725][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.549385][T14816] ? find_held_lock+0x2b/0x80 [ 524.554141][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.559798][T14816] ? sb_set_blocksize+0x176/0x1d0 [ 524.564889][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.570551][T14816] ? setup_bdev_super+0x369/0x730 [ 524.576336][T14816] get_tree_bdev_flags+0x38c/0x620 [ 524.581503][T14816] ? __pfx_ext4_fill_super+0x10/0x10 [ 524.586809][T14816] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 524.592519][T14816] ? apparmor_capable+0x114/0x1d0 [ 524.598351][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.605469][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.611169][T14816] ? security_capable+0x7e/0x260 [ 524.616153][T14816] vfs_get_tree+0x8e/0x340 [ 524.620615][T14816] path_mount+0x7b9/0x23a0 [ 524.625097][T14816] ? __pfx_path_mount+0x10/0x10 [ 524.629985][T14816] ? putname+0x154/0x1a0 [ 524.634989][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.640652][T14816] ? putname+0x154/0x1a0 [ 524.644964][T14816] ? __x64_sys_mount+0x293/0x310 [ 524.649935][T14816] __x64_sys_mount+0x293/0x310 [ 524.654791][T14816] ? __pfx___x64_sys_mount+0x10/0x10 [ 524.660116][T14816] ? xfd_validate_state+0x61/0x180 [ 524.665998][T14816] do_syscall_64+0xcd/0xfa0 [ 524.670553][T14816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.676488][T14816] RIP: 0033:0x7f243ab9066a [ 524.680914][T14816] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 524.701274][T14816] RSP: 002b:00007f243b9a4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 524.710556][T14816] RAX: ffffffffffffffda RBX: 00007f243b9a4ef0 RCX: 00007f243ab9066a [ 524.719283][T14816] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f243b9a4eb0 [ 524.727956][T14816] RBP: 0000200000000180 R08: 00007f243b9a4ef0 R09: 0000000000800700 [ 524.735962][T14816] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 524.743966][T14816] R13: 00007f243b9a4eb0 R14: 0000000000000473 R15: 0000200000000680 [ 524.751965][T14816] [ 524.755771][T14816] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 524.763065][T14816] CPU: 1 UID: 0 PID: 14816 Comm: syz.2.3268 Not tainted syzkaller #0 PREEMPT(full) [ 524.772458][T14816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 524.782523][T14816] Call Trace: [ 524.785799][T14816] [ 524.788726][T14816] dump_stack_lvl+0x3d/0x1f0 [ 524.793347][T14816] vpanic+0x640/0x6f0 [ 524.797350][T14816] ? ext4_xattr_inode_update_ref+0x4ec/0x610 [ 524.803349][T14816] panic+0xca/0xd0 [ 524.807088][T14816] ? __pfx_panic+0x10/0x10 [ 524.811529][T14816] check_panic_on_warn+0xab/0xb0 [ 524.816489][T14816] __warn+0xf6/0x3c0 [ 524.820398][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.826043][T14816] ? ext4_xattr_inode_update_ref+0x4ec/0x610 [ 524.832038][T14816] report_bug+0x3c3/0x580 [ 524.836386][T14816] ? ext4_xattr_inode_update_ref+0x4ec/0x610 [ 524.842383][T14816] handle_bug+0x184/0x210 [ 524.846717][T14816] exc_invalid_op+0x17/0x50 [ 524.851229][T14816] asm_exc_invalid_op+0x1a/0x20 [ 524.856084][T14816] RIP: 0010:ext4_xattr_inode_update_ref+0x4ec/0x610 [ 524.862691][T14816] Code: df 48 8d 7b 40 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 23 01 00 00 48 8b 73 40 44 89 e2 48 c7 c7 c0 5d a8 8b e8 35 00 ed fe 90 <0f> 0b 90 90 e9 d9 fe ff ff e8 36 cb 2e ff 44 0f b6 2d 22 8b dd 0d [ 524.882318][T14816] RSP: 0018:ffffc9000af1f178 EFLAGS: 00010282 [ 524.888400][T14816] RAX: 0000000000000000 RBX: ffff88804f34e238 RCX: ffffc9000bd7b000 [ 524.896376][T14816] RDX: 0000000000080000 RSI: ffffffff817b5ef5 RDI: 0000000000000001 [ 524.904356][T14816] RBP: ffffc9000af1f240 R08: 0000000000000001 R09: 0000000000000000 [ 524.912333][T14816] R10: 0000000000000001 R11: 000000002d2d2d2d R12: 0000000000000002 [ 524.920308][T14816] R13: 0000000000000000 R14: 1ffff920015e3e32 R15: ffff88804f34e428 [ 524.928296][T14816] ? __warn_printk+0x1a5/0x350 [ 524.933082][T14816] ? ext4_xattr_inode_update_ref+0x4eb/0x610 [ 524.939085][T14816] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 524.945437][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.951083][T14816] ? ext4_xattr_inode_iget+0x1ee/0x400 [ 524.956559][T14816] ext4_xattr_set_entry+0x158f/0x1f00 [ 524.961956][T14816] ? __pfx_ext4_xattr_set_entry+0x10/0x10 [ 524.967692][T14816] ? xattr_find_entry+0x289/0x330 [ 524.972735][T14816] ext4_xattr_ibody_set+0x3d6/0x5d0 [ 524.977954][T14816] ext4_expand_extra_isize_ea+0x148c/0x1ab0 [ 524.983883][T14816] ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10 [ 524.990152][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 524.995799][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 525.001450][T14816] ? dquot_initialize_needed+0x183/0x2a0 [ 525.007113][T14816] __ext4_expand_extra_isize+0x346/0x480 [ 525.012770][T14816] __ext4_mark_inode_dirty+0x544/0x870 [ 525.018263][T14816] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 525.024273][T14816] ? __pfx___might_resched+0x10/0x10 [ 525.029591][T14816] ? ext4_journal_check_start+0x22b/0x340 [ 525.035346][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 525.040997][T14816] ? __ext4_journal_start_sb+0x19e/0x690 [ 525.046653][T14816] ? ext4_evict_inode+0x5cf/0x18e0 [ 525.051775][T14816] ext4_evict_inode+0x74e/0x18e0 [ 525.056720][T14816] ? __pfx_ext4_evict_inode+0x10/0x10 [ 525.062099][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 525.067748][T14816] ? __pfx_ext4_evict_inode+0x10/0x10 [ 525.073122][T14816] evict+0x3e6/0x920 [ 525.077036][T14816] ? __pfx_evict+0x10/0x10 [ 525.081470][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 525.087117][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 525.092768][T14816] iput.part.0+0x6a9/0xb00 [ 525.097204][T14816] ? __pfx_ext4_drop_inode+0x10/0x10 [ 525.102512][T14816] iput+0x35/0x40 [ 525.106162][T14816] ext4_orphan_cleanup+0x731/0x11e0 [ 525.111395][T14816] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 525.117067][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 525.122716][T14816] ? ext4_register_li_request+0xec/0x9b0 [ 525.128362][T14816] ext4_fill_super+0x8db7/0xaf70 [ 525.133328][T14816] ? __pfx_ext4_fill_super+0x10/0x10 [ 525.138620][T14816] ? do_raw_spin_lock+0x12c/0x2b0 [ 525.143674][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 525.149319][T14816] ? find_held_lock+0x2b/0x80 [ 525.154030][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 525.159679][T14816] ? sb_set_blocksize+0x176/0x1d0 [ 525.165501][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 525.171154][T14816] ? setup_bdev_super+0x369/0x730 [ 525.176187][T14816] get_tree_bdev_flags+0x38c/0x620 [ 525.181328][T14816] ? __pfx_ext4_fill_super+0x10/0x10 [ 525.186620][T14816] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 525.192266][T14816] ? apparmor_capable+0x114/0x1d0 [ 525.197320][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 525.202962][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 525.208606][T14816] ? security_capable+0x7e/0x260 [ 525.213574][T14816] vfs_get_tree+0x8e/0x340 [ 525.218060][T14816] path_mount+0x7b9/0x23a0 [ 525.222502][T14816] ? __pfx_path_mount+0x10/0x10 [ 525.227373][T14816] ? putname+0x154/0x1a0 [ 525.231635][T14816] ? srso_alias_return_thunk+0x5/0xfbef5 [ 525.237282][T14816] ? putname+0x154/0x1a0 [ 525.241543][T14816] ? __x64_sys_mount+0x293/0x310 [ 525.246495][T14816] __x64_sys_mount+0x293/0x310 [ 525.251273][T14816] ? __pfx___x64_sys_mount+0x10/0x10 [ 525.256572][T14816] ? xfd_validate_state+0x61/0x180 [ 525.261787][T14816] do_syscall_64+0xcd/0xfa0 [ 525.266321][T14816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.272237][T14816] RIP: 0033:0x7f243ab9066a [ 525.276669][T14816] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 525.296369][T14816] RSP: 002b:00007f243b9a4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 525.304792][T14816] RAX: ffffffffffffffda RBX: 00007f243b9a4ef0 RCX: 00007f243ab9066a [ 525.312769][T14816] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f243b9a4eb0 [ 525.320740][T14816] RBP: 0000200000000180 R08: 00007f243b9a4ef0 R09: 0000000000800700 [ 525.328712][T14816] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 525.336686][T14816] R13: 00007f243b9a4eb0 R14: 0000000000000473 R15: 0000200000000680 [ 525.344761][T14816] [ 525.347986][T14816] Kernel Offset: disabled [ 525.352320][T14816] Rebooting in 86400 seconds..