last executing test programs: 1.268720329s ago: executing program 4 (id=463): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) r1 = gettid() r2 = socket(0x40000000015, 0x5, 0x0) recvmmsg(r2, &(0x7f0000003c40)=[{{0x0, 0x0, 0x0}, 0x80000000}], 0x1, 0x60010002, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r3, 0x0, 0x3}, 0x18) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r5, 0x0, 0xa55d}, 0x18) ioctl$EXT4_IOC_SWAP_BOOT(r4, 0x6611) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa1", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x18) r8 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 600.200275ms ago: executing program 3 (id=485): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kfree\x00', r4}, 0x18) sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32=r1], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0) 598.572255ms ago: executing program 1 (id=486): prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) ioprio_set$pid(0x3, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$vfat(&(0x7f0000000180), &(0x7f00000000c0)='./file0\x00', 0x1000000, &(0x7f00000003c0)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c756e695f786c6174653d312c636865636b3d7374726963742c646f733178666c6f7070792c757466383d312c757466383d312c757466383d302c696f636861727365743d6370313235de26302c696f636861727365743d69736f383835392d342c696f636861727365743d64656661756c742c73686f72746e616d653d6d69786564", @ANYRES8=0x0], 0xfe, 0x19c, &(0x7f0000000200)="$eJzs281qE1EYBuA3tdW2LtKFK3Ex4MZVaHsFFqkgBgSlCwVBsQ1IRwIWArqw2bnwJrwct3olLrsQRppp7Q+piNoMJM+zyQfnvMl3DiSZMzAvbr3Z3e7v9Z73vmSx1crc3arKQSsrmcuxYQCAaXJQVfleVVV1bZilz6mqqumOAIDL5v8fAGbPk6fPHm50u5uPi2IxKT8OtgZb9Ws9vtHL65TZyWra+ZHDC4QjdX3/QXdztRhZyady/yi/P9i6cja/lnZWxufX6nxxNr+Q5dP59bRzY3x+fWz+au7cPpXvpJ1vr9JPme0cZk/yH9aK4t6j7rn89dE8AAAAmAad4pex5/dO56LxOr/R+uP7A+fO1/O5Od/s2gFgVu29e7/7six33jZWJBn+Zs7X5brRyTVW/GX8eEub3Mx/K5by/995Ic2va3qK/txlf8RiklHR4I8SMBEn3/6mOwEAAAAAAAAAAAAAAC4yiUeXml4jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALPnZwAAAP//RL2Oaw==") execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) 545.498152ms ago: executing program 3 (id=487): capset(0x0, &(0x7f0000000280)={0x0, 0x0, 0x10000, 0xfffffffd}) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0x0, 0x60008082, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) prlimit64(0x0, 0x8, &(0x7f0000001080)={0x4, 0x7}, 0x0) sendto$inet(r0, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 543.896612ms ago: executing program 3 (id=489): bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x4d, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="58010000100013070000000000000000fe80000000000000000000000000001e00000000000000000000ffff0a01010100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="e0000001000000000000000000000000000004d533000000e0000001000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff00000000000000000000000000000000020000000000000000000000000000000000000000000000000000002000000000000000000000000000000002000000000000000000000067001400636d61632861657329"], 0x158}}, 0x0) 458.191486ms ago: executing program 1 (id=490): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x20000000000001d2, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000001000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80400) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000100000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r2}, &(0x7f0000000540), &(0x7f0000000580)=r3}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r2, &(0x7f0000000780)}, 0x20) 457.612654ms ago: executing program 3 (id=491): socket(0x2, 0x80805, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) socket$unix(0x1, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x18) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a30000000160a0103000000000000000003000006040003800900020073797a3a000000040900010073797a3000000000140000001100010000000000000000000300000a"], 0x58}}, 0x4000000) r4 = syz_open_procfs$pagemap(0x0, &(0x7f0000000180)) ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000100)={0x60, 0x1, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0xf8f, 0x0, 0x0, 0x0, 0x0, 0x2}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r6}, 0x18) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31000000000900010073797a3100000000340008800c00024000000000000080010c00024000000000000000040c00014000000000000000000c00014000000000000000014c000480080002404c82f47c080001400000000008000140000000010800014000000003080002404f32945f080001400000000308000140000000020800024019885f270800014000000003fd000c00a03ac330bf11a2145946e6d945deece8485ee69dbc29a8dd5dbce127f829a3adf5c4171b4bedbbc9b913a67b9ee679020f0200000064419faae0136b893d91d95b1174f115798a1abfdc06983fb83f2116a85a00dd35cdf9d8f81683e5e2ebcca132a712e0be44c12c02ac92fbbb86ed717ce0cbd6a0134f899e23ca6d2f063d26be86555cc0e9c7a25d77e6c0f4217794be96b5d797e3116d874c3adfb096e0567ec28bd1e4d8d6713109695f1f3a877d89d20e19304501aeb851d14c4f9b2d769d554fe5308810d19bb040c1977bce50b894f2c45a1f0e80c8256b6dcb072f9d91d94a67bba9f62eb2f192fa4b3786d9a774b99aa332dfbb000000080007"], 0x25c}}, 0x0) syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES32], 0x1, 0x2b2, &(0x7f00000006c0)="$eJzs3NFLU28cx/Hvz6mbE91+EEFB9aVu6uag6w+oEQrRoDAn1UVwzLMaO21yzlgsIncT3fZ3SJfdBdU/4E100313EgTdeBGd8Jwd3XTa1M2t+X6BnO/xeT4+jzrlewSf9XtvnhZyrpEzyzIUUxkSqcmGSHKzqvuvfh3y61FpVJMr4z+/nrt7/8GtdCYzM6c6m56/mlLVyQsfnr14e/FTeXzh3eT7qKwlH67/SH1bO712Zv33/JO8q3lXi6WymrpYKpXNRdvSpbxbMFTv2JbpWpovupbTNJ6zS8vLVTWLSxPxZcdyXTWLVS1YVS2XtOxU1Xxs5otqGIZOxOVkG25jTnZ1bs5M7znsRTq6I3RetPl2rNUcx0nXWg9mV7u1LwAA0L/27/+DXn/v/j+zEFw73P+L0P93Sa3p7i/9PwaC46TNeP3ntxn9PwAAAAAAAAAAAAAAAAAAAAAA/4INz0t4npcIr+FbVERiIhLe93qf6I5Dfv+v9Wi76LCGf9yLidivK9lKNrgG4+mc5MUWS6YkIb/810NdUM/ezMxMqW+k/iE38yuVbMQ/m8DPh5Kt8uf/nw7yKh83c5V6fkTijeunJCGnWq+f2s6HxyGsVLKjcvlSQ96QhHx+JCWxZcl/XW/nX06r3rid2bH+mD8PAAAAAIBBYOiWZPPzb3D2o+FPiMnu8SB/gL8P7Hi+Hpaz7RxRCQAAAAAAjsytPi+Ytm05hyiiInKE+KAWEemLbeworotIH2zjuIqYiATv0cPEv2/F20p5bcwZFpGef1kOUPT6NxMAAACATttu+g8Q+vKqizsCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODkafc8sHD+rqFwYJ94w3KRY/8EAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD7yJwAA//+j7Rqj") r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000002200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1a4a438, &(0x7f0000000480)=ANY=[@ANYRESOCT=r8, @ANYRES16, @ANYRES32, @ANYRES64], 0xb, 0x0, &(0x7f0000000000)) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, 0x0) renameat2(r8, &(0x7f0000000b40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r8, &(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 455.105541ms ago: executing program 4 (id=493): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0x9}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet(0xa, 0x801, 0x84) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r2, 0x8) r3 = accept4(r2, 0x0, 0x0, 0x0) writev(r3, &(0x7f00000006c0)=[{&(0x7f0000002680)='3', 0x1}], 0x1) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x4, 0xed7c}}, @func_proto]}}, &(0x7f0000000080)=""/3, 0x3e, 0x3, 0x1, 0x4}, 0x28) close(r3) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r4 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) sendfile(r4, r4, 0x0, 0x800000009) r5 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc) mount$9p_fd(0x0, 0x0, 0x0, 0x200450, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {}, 0x2c, {[], [{@smackfsroot={'smackfsroot', 0x3d, 'GPL\x00'}}]}}) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r5, 0x1000) fallocate(r5, 0x0, 0x0, 0x8800000) r6 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db) preadv(r6, &(0x7f0000000080)=[{&(0x7f0000002600)=""/4106, 0x100a}], 0x1, 0x76, 0x3fe0) 334.309656ms ago: executing program 2 (id=495): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(r1, 0x400454d9, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'pimreg0\x00', 0x0}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r3, 0x25, 0x0, @void}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 333.963115ms ago: executing program 1 (id=496): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000440)={@val, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x86dd, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef) 333.642034ms ago: executing program 0 (id=497): r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000280)=0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6b) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e20, @dev}, 0x10) close(r0) 301.885695ms ago: executing program 0 (id=498): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port1\x00', 0x62, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810da}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f00000001c0)={0x800000, 0x0, 0xfdfffffd, 0x5, 0x3ffd, 0x7}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r1}, 0x18) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x39, &(0x7f0000001600)=""/222, &(0x7f0000000000)=0xde) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f0000000300)={0x800080, 0x7ff, 0x2, 0xfff, 0xfd, 0x4}) 299.165892ms ago: executing program 4 (id=499): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x8, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfea1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) r1 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000080)={0x8, 0x4690, 0x4}) 267.623948ms ago: executing program 0 (id=500): capset(0x0, &(0x7f0000000280)={0x0, 0x0, 0x10000, 0xfffffffd}) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0x0, 0x60008082, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) prlimit64(0x0, 0x8, &(0x7f0000001080)={0x4, 0x7}, 0x0) sendto$inet(r0, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 265.928762ms ago: executing program 0 (id=501): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18) rt_sigqueueinfo(0x0, 0x21, 0x0) 218.008641ms ago: executing program 0 (id=502): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x37e2f4aba9289b81, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a3000000000e4000000160a01000000000000000000010000010900010073797a30000000000900020073797a3000000000b80003800800014000000000a400038014000100776c616e3000000000000000000000001400010076657468305f746f5f62617461647600120001006d6163766c616e3100000000000000001400010067656e657665310000000000000000000a0001006772653000000000000000000000000014000100776c616e3100000000000000000000001400010076657468315f766972745f77696669001400010076657468305f746f5f626f6e64000000080002400000000604020000180a0101000b000000000000010000000900010073797a3000000000e800038008000140000000000800014000000000cc0003801400010069703665727370616e3000000000000014000100776732000000000000000000000000001400010076657468305f6d61637674617000000014000100626f6e645f736c6176655f310000000014000100626f6e645f736c6176655f300000000014000100636169663000000000000000000000001400010070696d726567300000000000000000001400010070696d726567310000000000000000001400010076657468315f746f5f7465616d0000001400010070696d3672656731000000000000000008000140000000200900020073797a3000000000d80003"], 0x330}}, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) 217.72638ms ago: executing program 4 (id=503): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x3, 0x8d}, &(0x7f0000000380)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)=""/6, 0x6}], 0x1, 0x0, 0x1}) io_uring_enter(r2, 0x567, 0x0, 0x0, 0x0, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000040)={0xd, 0x0, 0xe9, 0x9}, 0x8) ppoll(&(0x7f0000000300)=[{r1, 0x3328}], 0x1, 0x0, 0x0, 0x0) close(r0) 214.801601ms ago: executing program 2 (id=504): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2c}, @NFTA_SET_DESC={0x8, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x4}]}]}], {0x14, 0x10}}, 0x6c}}, 0x0) 175.074664ms ago: executing program 3 (id=505): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4000, &(0x7f00000001c0)={[{@nombcache}, {@max_batch_time={'max_batch_time', 0x3d, 0xad82}}, {@noquota}, {@nomblk_io_submit}, {@data_ordered}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@abort}]}, 0xd, 0x5f6, &(0x7f0000001340)="$eJzs3c9rHFUcAPDvbH40aapJi6j1YBdEWtAmTdpKEQ/tVUqoP/DixdiktXbbhiaiqUJTqBdBvIgInjxYwT9Ci732pCB48OJJCkWlR8GV2cyk2exufmyTbOx8PrDNzHsz8950882befvebACFVU7/KUXsjYjpJGIwmV/M644ss7yw3b2/PzqdvpKoVl/7M4kkS8u3T7KfA9nOfRHx049J7OlqLHdm7sr5iUpl6nK2PjJ7YXpkZu7KwXMXJs5OnZ26OPbC2LGjR44eGz3U1nldbZJ28vq77w9+Mv7mN1/9k4x++9t4Esfj5WzDpecREb+U2iq1XjnKtf+TpDFr4NgGHH876Mp+T5a+xUl3ByvEuuTvX09EPBGD0RX337zB+PiVjlYO2FTVJKIKFFQi/qGg8uuA/N5+2X1wbMR9MLA93T2x0AHQGP/dC32D0VfrG9h5L4ml3TpJRLTXM1dvV0TcvjV+/cyt8evR2A8HbKL5axHxZLP4T2rxPxR9MVSL/1Jd/KfXBaeyn2n6q22Wv7yruDH+D7d5ZGA1C/Hft2L8R4v4f2tJ/L/dZvnl+4vv9NfFf3+7pwQAAAAAAACFdfNERDzf7PP/0uL4n2gy/mcgIo5vQPnlZeuNn/+X7mxAMUATd09EvNR0/G8pH/071JUtPVIbD9CTnDlXmToUEY9GxIHo2ZGuj65QxsFP93zZKq+cjf/LX2n5t7OxgFk97nTvqN9ncmJ24kHPG4i4ey3iqabjf5PF9j9p0v6nfw+m11jGnmdvnGqVt3r8A5ul+nXE/qbt//2nViQrP59jpHY9MJJfFTR6+sPPvm9Vfrvx7xET8ODS9n/nyvE/lCx9Xs/M+ss4PNddbZXX7vV/b/J67ZEzvVnaBxOzs5dHI3qTk11pal362PrrDA+jPB7yeEnj/8AzK/f/Nbv+74+I+WXHTv6qn1Oce/zfgd9b1cf1P3ROGv+T62r/178wdmPoh1blr639P1Jr6w9kKfr/YMEXeZj21qc3RuFiQNdlbXV9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBhUIqIXZGUhheXS6Xh4YiBiHgsdpYql2Zmnztz6b2Lk2le7fv/S/k3/Q4urCf59/8PLVkfW7Z+OCJ2R8TnXf219eHTlyqTnT55AAAAAAAAAAAAAAAAAAAA2CYGWsz/T/3R1enaAZuuu9MVADqmSfz/3Il6AFtP+w/FJf6huMQ/FJf4h+IS/1Bc4h+KS/xDcYl/AAAAAAB4qOzed/PXJCLmX+yvvVK9WV5PR2sGbLZSpysAdIxH/EBxGfoDxeUeH0hWye9rudNqe65k+vQD7AwAAAAAAAAAAAAAhbN/r/n/UFTm/0Nxmf8PxZXP/9/X4XoAW889PhCrzORvOv9/1b0AAAAAAAAAAAAAgI00M3fl/ESlMnV5Ixd2xBo3/m4zSm934Y3tUY2tXKhWq1fT34LtUp//+UI+FH6LS++OtW2cz/Vb25E79zcJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACo918AAAD//x99I+M=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x2000) 173.239838ms ago: executing program 1 (id=506): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="17000000000000000084000001"], 0x48) unshare(0x26000400) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000400)={r1, 0x0, 0x20000000}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001e80)=@newtaction={0x48, 0x31, 0x1, 0xfffffffd, 0x25dfdbfb, {0x0, 0x0, 0x11}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x3, {0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x0) 160.77453ms ago: executing program 2 (id=507): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) 94.219465ms ago: executing program 1 (id=508): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1010040, &(0x7f00000003c0)={[{@noquota}, {@debug}, {@jqfmt_vfsv0}, {@noauto_da_alloc}, {@resgid}]}, 0x3, 0x4eb, &(0x7f0000001fc0)="$eJzs3d9rW20dAPDvSX9u62ynXsyBc+ikG7ikXd1WvJgVRK8Gznlfa5uW0rQpbbqtZUiHf4Ag/kKvvPJG8FoE2Z8gwkDvRUQZus0LL973zUuSk3ddlrYpa5q2+Xzg6XnOj57v90k4T/LkHM4JoGtdiYipiOiJiOsRMZwuz6Qltmulst2rl09mKyWJcvnBf5JI0mX1fSXp9Fz6b4MR8d1vR/wgeTfu+ubW0kyhkF9L53Ol5dXc+ubWjcXlmYX8Qn5lamL89uSdyVuTY4fW1rvf/OfPf/zbb93901ce/X3639d+WElrKF23sx2t2G5xu1rT+6qvRV1vRKwdJNgx1pO2p6/TiQAA0JLKd/xPR8QXI+L1rzqdDQAAANAO5a8PxQdJRBkAAAA4tTLVa2CTTDa9FmAoMplstnYN72fjbKbQHxHzxY2Vudq1siPRl5lfLOTH0muFR6IvqcyPV+tv5m82zE9ExIWI+Onwmep8drZYmOv0jx8AAADQJc41jP//N1wb/wMAAACnzMgBtm1yLy8AAADgBDjI+B8AAAA4mXYd/ye9R5sIAAAA0A7fuXevUsr151/PPdzcWCo+vDGXX1/KLm/MZmeLa6vZhWJxoXrPvuX99lcoFle/Gisbj3Ol/Hopt765Nb1c3FgpTVef6z2d95xoAAAAOHoXvvDsb0lEbH/tTLVU9KfrWhirT7U3O6CdMgfb3N0/4BTp6XQCQMc0XODb36k8gKPnfDywz8D+Zw3zB/zZAAAAOA5GP/de5/+dD4QTzEAeupfz/9C93OALupfz/9DlBvbfZHC3FX8+5FwAAIC2GaqWJJNNzwUORSaTzUacrz4WoC+ZXyzkxyLiUxHx1+G+gcr8eKeTBgAAAAAAAAAAAAAAAAAAAAAAAIATplxOogwAAACcahGZfyXpg/xHh68ONf4+0J/8f7g6jYhHv37wi8czpdLaeGX5fz9ZXvpluvxmfQkAAADQSfVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH6dXLJ7P1cpRxX3wjIkaaxe+Nwep08A/DEXH2dRK9O/4viYieQ4i//TQiLr4dvyeNMFJNrZZFY/xMRJxpU/xoMf65Q4gP3exZpf+Zqhx/fQ3HXyauVKfNj7/etLyvF1d26/8y9f6v2s816//O773rwXrl0vPf53aN/zTiUm/z/qceP3nP/vf739va2m1d+TcRo/t8/lRi5UrLq7n1za0bi8szC/mF/MrExPjtyTuTtybHcvOLhXz6t2mMn3z+jx/t1f6zTePX+t+92n/13d0NNIvx4fPHLz+zR/xrX2r+/l/cI37ltf9y+jlQWT9ar2/X6jtd/t1fLu/V/rld2r/f+39tt502uH7/R/9ocVMA4Aisb24tzRQK+bWTUYmofSs/Lvl0tnI+jkUaKq1VhtJjbseqnrYHvf9u0NYqneuTAACA9njzpb/TmQAAAAAAAAAAAAAAAAAAAED3avudzwbevrPAYOeaCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwp48DAAD//85EyV0=") prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000193c0)={0x11, 0x13, &(0x7f0000019300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000206a932500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000000)='sys_enter\x00', r0, 0x0, 0x91}, 0x18) listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x26) 93.780452ms ago: executing program 2 (id=509): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0xa, r2, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000740)='id\xf7\xff\xffe{') 86.792158ms ago: executing program 3 (id=510): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000200)={'tunl0\x00', &(0x7f0000000100)={'gre0\x00', 0x0, 0x20, 0x20, 0x0, 0x7ff, {{0x5, 0x4, 0x1, 0x20, 0x14, 0x64, 0x0, 0xf, 0x29, 0x0, @rand_addr=0x64010100, @multicast1}}}}) 74.031618ms ago: executing program 2 (id=511): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f00000002c0)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x1c, 0x0, "246575a4000000004fb62fe6bce0eef5607264c7f28557a8046964d292934c2a2bb1dcc5a80c0107040000000000001e0000009000000000000800"}, 0xf0) 18.380515ms ago: executing program 4 (id=512): capset(0x0, &(0x7f0000000280)={0x0, 0x0, 0x10000, 0xfffffffd}) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0x0, 0x60008082, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) prlimit64(0x0, 0x8, &(0x7f0000001080)={0x4, 0x7}, 0x0) sendto$inet(r0, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 18.029863ms ago: executing program 2 (id=513): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x40900, 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x5eab, 0x8, 0x8000, 0x400250}, &(0x7f0000000080)=0x0, &(0x7f0000000400)=0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x2007, @fd=r0, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(r1, 0x74d1, 0x4c3, 0x43, 0x0, 0xfffffffffffffd1d) 17.786944ms ago: executing program 1 (id=514): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000002c0)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@grpquota}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x46f, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==") 15.863623ms ago: executing program 4 (id=515): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(r1, 0x400454d9, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'pimreg0\x00', 0x0}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r3, 0x25, 0x0, @void}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 0 (id=516): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r0) sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)={0x1c, r1, 0x1, 0x1d, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.239' (ED25519) to the list of known hosts. [ 25.834908][ T6517] cgroup: Unknown subsys name 'net' [ 25.954708][ T6517] cgroup: Unknown subsys name 'cpuset' [ 25.956733][ T6517] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 26.121808][ T6517] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 28.154767][ T6534] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 28.164261][ T6541] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 28.165181][ T6541] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 28.165377][ T6541] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 28.165843][ T6541] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 28.166073][ T6541] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 28.166309][ T6541] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 28.166537][ T6541] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 28.166917][ T6541] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 28.167094][ T6541] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 28.167824][ T6541] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 28.168386][ T6541] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 28.168564][ T6541] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 28.168720][ T6541] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 28.169605][ T6541] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 28.171381][ T6542] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 28.178304][ T6542] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 28.183779][ T6543] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 28.183878][ T6543] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 28.186690][ T6542] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 28.186792][ T6542] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 28.187588][ T6543] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 28.187783][ T6543] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 28.194921][ T6534] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 28.207286][ T6534] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 28.299725][ T6533] chnl_net:caif_netlink_parms(): no params data found [ 28.366549][ T6533] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.368111][ T6533] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.369393][ T6533] bridge_slave_0: entered allmulticast mode [ 28.370777][ T6533] bridge_slave_0: entered promiscuous mode [ 28.382804][ T6533] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.384170][ T6533] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.385450][ T6533] bridge_slave_1: entered allmulticast mode [ 28.386813][ T6533] bridge_slave_1: entered promiscuous mode [ 28.395020][ T6532] chnl_net:caif_netlink_parms(): no params data found [ 28.407679][ T6533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.409217][ T6527] chnl_net:caif_netlink_parms(): no params data found [ 28.425438][ T6533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.451472][ T6538] chnl_net:caif_netlink_parms(): no params data found [ 28.455941][ T6533] team0: Port device team_slave_0 added [ 28.456758][ T6533] team0: Port device team_slave_1 added [ 28.472559][ T6533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.472588][ T6533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.472612][ T6533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.496157][ T6533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.497410][ T6533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.501302][ T6533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.505141][ T6529] chnl_net:caif_netlink_parms(): no params data found [ 28.506877][ T6532] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.507395][ T6532] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.507461][ T6532] bridge_slave_0: entered allmulticast mode [ 28.507890][ T6532] bridge_slave_0: entered promiscuous mode [ 28.508423][ T6527] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.508446][ T6527] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.508498][ T6527] bridge_slave_0: entered allmulticast mode [ 28.508906][ T6527] bridge_slave_0: entered promiscuous mode [ 28.509549][ T6527] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.509563][ T6527] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.509619][ T6527] bridge_slave_1: entered allmulticast mode [ 28.510381][ T6527] bridge_slave_1: entered promiscuous mode [ 28.531342][ T6532] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.531398][ T6532] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.531480][ T6532] bridge_slave_1: entered allmulticast mode [ 28.532474][ T6532] bridge_slave_1: entered promiscuous mode [ 28.553887][ T6533] hsr_slave_0: entered promiscuous mode [ 28.555194][ T6533] hsr_slave_1: entered promiscuous mode [ 28.560582][ T6527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.567064][ T6538] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.567136][ T6538] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.567226][ T6538] bridge_slave_0: entered allmulticast mode [ 28.567632][ T6538] bridge_slave_0: entered promiscuous mode [ 28.568316][ T6538] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.568354][ T6538] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.568410][ T6538] bridge_slave_1: entered allmulticast mode [ 28.568778][ T6538] bridge_slave_1: entered promiscuous mode [ 28.577467][ T6532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.578491][ T6532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.579593][ T6527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.600656][ T6527] team0: Port device team_slave_0 added [ 28.602080][ T6527] team0: Port device team_slave_1 added [ 28.609646][ T6538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.611165][ T6538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.617695][ T6532] team0: Port device team_slave_0 added [ 28.618477][ T6532] team0: Port device team_slave_1 added [ 28.621810][ T6529] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.623020][ T6529] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.624295][ T6529] bridge_slave_0: entered allmulticast mode [ 28.624717][ T6529] bridge_slave_0: entered promiscuous mode [ 28.644225][ T6529] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.645493][ T6529] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.646786][ T6529] bridge_slave_1: entered allmulticast mode [ 28.648255][ T6529] bridge_slave_1: entered promiscuous mode [ 28.650481][ T6538] team0: Port device team_slave_0 added [ 28.651219][ T6538] team0: Port device team_slave_1 added [ 28.662969][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.666074][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.666107][ T6527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.670028][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.670038][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.670052][ T6527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.680097][ T6538] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.680117][ T6538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.680145][ T6538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.682891][ T6532] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.682899][ T6532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.682911][ T6532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.688641][ T6538] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.688653][ T6538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.688662][ T6538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.697853][ T6529] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.698145][ T6532] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.698153][ T6532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.698167][ T6532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.715183][ T6529] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.739537][ T6527] hsr_slave_0: entered promiscuous mode [ 28.739811][ T6527] hsr_slave_1: entered promiscuous mode [ 28.740491][ T6527] debugfs: 'hsr0' already exists in 'hsr' [ 28.740534][ T6527] Cannot create hsr debugfs directory [ 28.741793][ T6538] hsr_slave_0: entered promiscuous mode [ 28.742026][ T6538] hsr_slave_1: entered promiscuous mode [ 28.742178][ T6538] debugfs: 'hsr0' already exists in 'hsr' [ 28.742186][ T6538] Cannot create hsr debugfs directory [ 28.747938][ T6529] team0: Port device team_slave_0 added [ 28.762287][ T6529] team0: Port device team_slave_1 added [ 28.784158][ T6532] hsr_slave_0: entered promiscuous mode [ 28.784476][ T6532] hsr_slave_1: entered promiscuous mode [ 28.784654][ T6532] debugfs: 'hsr0' already exists in 'hsr' [ 28.784664][ T6532] Cannot create hsr debugfs directory [ 28.792711][ T6529] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.794108][ T6529] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.798229][ T6529] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.800511][ T6529] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.801426][ T6529] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.801443][ T6529] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.856056][ T6533] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 28.867528][ T6529] hsr_slave_0: entered promiscuous mode [ 28.867840][ T6529] hsr_slave_1: entered promiscuous mode [ 28.868030][ T6529] debugfs: 'hsr0' already exists in 'hsr' [ 28.868038][ T6529] Cannot create hsr debugfs directory [ 28.871797][ T6533] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 28.874970][ T6533] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 28.878682][ T6533] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 28.938170][ T6533] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.938217][ T6533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.938393][ T6533] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.938435][ T6533] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.944789][ T6538] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 28.946890][ T6538] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 28.949861][ T6538] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 28.963515][ T6538] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 28.972385][ T6532] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 28.977871][ T6532] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 28.980174][ T6532] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 28.982959][ T6532] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 28.989640][ T6533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.998488][ T6533] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.001375][ T2210] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.002844][ T2210] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.025247][ T2167] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.025298][ T2167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.030913][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.030956][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.040202][ T6533] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.042042][ T6533] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.061276][ T6538] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.063012][ T6529] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 29.071751][ T6529] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 29.077083][ T6529] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 29.079572][ T6529] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 29.095714][ T6538] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.116236][ T6532] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.118394][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.118435][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.126691][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.126727][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.142192][ T6533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.157161][ T6527] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 29.161105][ T6527] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 29.171422][ T6532] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.175725][ T6529] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.179635][ T6529] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.185344][ T6527] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 29.188011][ T6527] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 29.192325][ T2210] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.192383][ T2210] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.192710][ T2210] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.192725][ T2210] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.193005][ T2210] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.193025][ T2210] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.197527][ T2210] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.197548][ T2210] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.232073][ T6533] veth0_vlan: entered promiscuous mode [ 29.259466][ T6527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.270755][ T6527] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.274227][ T6533] veth1_vlan: entered promiscuous mode [ 29.283258][ T6532] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.285985][ T6532] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.291376][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.291422][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.292262][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.292278][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.310526][ T6538] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.328884][ T6527] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.329769][ T6527] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.340629][ T6533] veth0_macvtap: entered promiscuous mode [ 29.341699][ T6533] veth1_macvtap: entered promiscuous mode [ 29.359469][ T6529] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.369021][ T6538] veth0_vlan: entered promiscuous mode [ 29.372529][ T6532] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.381108][ T6533] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.382111][ T6533] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.386968][ T6538] veth1_vlan: entered promiscuous mode [ 29.398034][ T6538] veth0_macvtap: entered promiscuous mode [ 29.400113][ T6538] veth1_macvtap: entered promiscuous mode [ 29.416131][ T14] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.416341][ T14] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.416357][ T14] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.416369][ T14] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.422922][ T6538] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.439799][ T6527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.451612][ T6538] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.471831][ T6527] veth0_vlan: entered promiscuous mode [ 29.474081][ T2167] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.474569][ T2167] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.474962][ T2167] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.475340][ T2167] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.479287][ T6527] veth1_vlan: entered promiscuous mode [ 29.491466][ T6529] veth0_vlan: entered promiscuous mode [ 29.494342][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 29.494360][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 29.507366][ T2210] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 29.507396][ T2210] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 29.513038][ T6532] veth0_vlan: entered promiscuous mode [ 29.516238][ T6532] veth1_vlan: entered promiscuous mode [ 29.525206][ T6529] veth1_vlan: entered promiscuous mode [ 29.538788][ T6527] veth0_macvtap: entered promiscuous mode [ 29.548908][ T6527] veth1_macvtap: entered promiscuous mode [ 29.555582][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 29.557004][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 29.565338][ T6529] veth0_macvtap: entered promiscuous mode [ 29.567525][ T6529] veth1_macvtap: entered promiscuous mode [ 29.576407][ T6533] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 29.580008][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.588069][ T6532] veth0_macvtap: entered promiscuous mode [ 29.589055][ T6532] veth1_macvtap: entered promiscuous mode [ 29.591614][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.595903][ T6529] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.600400][ T6529] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.603062][ T2210] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.603139][ T2210] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.603185][ T2210] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.603253][ T2210] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.609226][ T6532] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.611258][ T6532] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.621302][ T42] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.621573][ T2167] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.621595][ T2167] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.621612][ T2167] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.627482][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 29.627506][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 29.630693][ T6641] loop3: detected capacity change from 0 to 512 [ 29.645961][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.647225][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.647251][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.647266][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.654017][ T6641] Quota error (device loop3): v2_read_file_info: Free block number 1 out of range (1, 6). [ 29.654099][ T6641] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 29.662352][ T6641] EXT4-fs (loop3): mount failed [ 29.734534][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 29.734558][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 29.743222][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 29.743252][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 29.770038][ T2167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 29.770073][ T2167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 29.782930][ T6653] sctp: [Deprecated]: syz.2.8 (pid 6653) Use of int in max_burst socket option deprecated. [ 29.782930][ T6653] Use struct sctp_assoc_value instead [ 29.789814][ T263] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 29.789847][ T263] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 29.795680][ T2167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 29.795708][ T2167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 29.892543][ T263] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 29.892572][ T263] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 29.897448][ T6663] loop2: detected capacity change from 0 to 128 [ 29.921881][ T6663] syz.2.12: attempt to access beyond end of device [ 29.921881][ T6663] loop2: rw=2049, sector=138, nr_sectors = 2 limit=128 [ 30.174278][ T6534] Bluetooth: hci3: command tx timeout [ 30.199648][ T6666] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 30.201132][ T6666] vhci_hcd: invalid port number 96 [ 30.202092][ T6666] vhci_hcd: default hub control req: 0311 v0005 i0060 l7 [ 30.226250][ T31] audit: type=1326 audit(30.190:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6671 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935c068 code=0x7ffc0000 [ 30.226351][ T31] audit: type=1326 audit(30.190:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6671 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935c068 code=0x7ffc0000 [ 30.226382][ T31] audit: type=1326 audit(30.200:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6671 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9935c068 code=0x7ffc0000 [ 30.226396][ T31] audit: type=1326 audit(30.200:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6671 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935c068 code=0x7ffc0000 [ 30.226408][ T31] audit: type=1326 audit(30.200:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6671 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935c068 code=0x7ffc0000 [ 30.226420][ T31] audit: type=1326 audit(30.200:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6671 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9935c068 code=0x7ffc0000 [ 30.226431][ T31] audit: type=1326 audit(30.200:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6671 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935c068 code=0x7ffc0000 [ 30.226442][ T31] audit: type=1326 audit(30.200:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6671 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935c068 code=0x7ffc0000 [ 30.226453][ T31] audit: type=1326 audit(30.200:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6671 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9935c068 code=0x7ffc0000 [ 30.254338][ T52] Bluetooth: hci0: command tx timeout [ 30.254533][ T6534] Bluetooth: hci2: command tx timeout [ 30.254607][ T52] Bluetooth: hci1: command tx timeout [ 30.254663][ T6534] Bluetooth: hci4: command tx timeout [ 30.376333][ T6684] loop0: detected capacity change from 0 to 164 [ 30.387991][ T6684] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 30.410920][ T6684] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 30.511756][ T6691] netlink: 12 bytes leftover after parsing attributes in process `syz.1.21'. [ 30.511799][ T6691] netlink: 12 bytes leftover after parsing attributes in process `syz.1.21'. [ 30.971349][ T6718] netlink: 12 bytes leftover after parsing attributes in process `syz.3.33'. [ 31.367765][ T6726] random: crng reseeded on system resumption [ 31.404283][ T6726] Restarting kernel threads ... [ 31.409325][ T6726] Done restarting kernel threads. [ 31.414047][ T6605] IPVS: starting estimator thread 0... [ 31.513522][ T6733] IPVS: using max 56 ests per chain, 134400 per kthread [ 31.519255][ T6739] usb usb1: usbfs: process 6739 (syz.0.41) did not claim interface 4 before use [ 31.868203][ T6764] pim6reg: entered allmulticast mode [ 31.873232][ T6764] pim6reg: left allmulticast mode [ 31.962950][ T6771] random: crng reseeded on system resumption [ 32.038970][ T6780] loop3: detected capacity change from 0 to 1024 [ 32.076785][ T6780] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.123099][ T6533] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.189377][ T6790] loop2: detected capacity change from 0 to 2048 [ 32.208940][ T6794] loop1: detected capacity change from 0 to 1024 [ 32.210495][ T6794] ======================================================= [ 32.210495][ T6794] WARNING: The mand mount option has been deprecated and [ 32.210495][ T6794] and is ignored by this kernel. Remove the mand [ 32.210495][ T6794] option from the mount to silence this warning. [ 32.210495][ T6794] ======================================================= [ 32.214760][ T6794] EXT4-fs: inline encryption not supported [ 32.214819][ T6794] EXT4-fs: Ignoring removed bh option [ 32.219688][ T6649] loop2: p1 < > p4 [ 32.221302][ T6649] loop2: p4 size 8388608 extends beyond EOD, truncated [ 32.237142][ T6790] loop2: p1 < > p4 [ 32.238994][ T6790] loop2: p4 size 8388608 extends beyond EOD, [ 32.240317][ T6794] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.243212][ T6790] truncated [ 32.253261][ T6790] netlink: 204 bytes leftover after parsing attributes in process `syz.2.63'. [ 32.253711][ T6534] Bluetooth: hci3: command tx timeout [ 32.318631][ T6527] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.335310][ T52] Bluetooth: hci1: command tx timeout [ 32.335358][ T52] Bluetooth: hci2: command tx timeout [ 32.335388][ T52] Bluetooth: hci0: command tx timeout [ 32.338219][ T6534] Bluetooth: hci4: command tx timeout [ 32.347635][ T6649] udevd[6649]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 32.362621][ T6805] udevd[6805]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 32.407186][ T6815] loop1: detected capacity change from 0 to 128 [ 32.445516][ T6817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.75'. [ 32.450467][ T6805] udevd[6805]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 32.454623][ T6649] udevd[6649]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 32.580851][ T6831] futex_wake_op: syz.2.80 tries to shift op by -1; fix this program [ 32.634627][ T6833] loop2: detected capacity change from 0 to 8192 [ 32.845528][ T6854] loop2: detected capacity change from 0 to 512 [ 32.850110][ T6854] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 32.852561][ T6854] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 32.862531][ T6854] EXT4-fs (loop2): 1 truncate cleaned up [ 32.863005][ T6854] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.883231][ T6854] EXT4-fs error (device loop2): ext4_ext_precache:632: inode #15: comm syz.2.92: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964) [ 32.895063][ T6857] syz.4.93 uses obsolete (PF_INET,SOCK_PACKET) [ 32.907845][ T6538] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.974764][ T6867] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125 [ 33.050579][ T6877] netlink: 4 bytes leftover after parsing attributes in process `syz.3.102'. [ 33.122550][ T6885] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.182572][ T6890] netlink: 64 bytes leftover after parsing attributes in process `syz.3.108'. [ 33.282546][ T6901] loop0: detected capacity change from 0 to 2048 [ 33.303403][ T6908] loop1: detected capacity change from 0 to 1024 [ 33.361035][ T6901] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.372897][ T6912] loop1: detected capacity change from 0 to 512 [ 33.378407][ T6912] EXT4-fs: Ignoring removed oldalloc option [ 33.399096][ T6912] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.118: Parent and EA inode have the same ino 15 [ 33.410715][ T6912] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 33.410859][ T6912] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.118: Parent and EA inode have the same ino 15 [ 33.430078][ T6912] EXT4-fs (loop1): 1 orphan inode deleted [ 33.430856][ T6912] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.470847][ T6532] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.502621][ T6527] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.599247][ T6938] netlink: 128 bytes leftover after parsing attributes in process `syz.3.130'. [ 33.599352][ T6938] netlink: 'syz.3.130': attribute type 5 has an invalid length. [ 33.625954][ T6941] netlink: 8 bytes leftover after parsing attributes in process `syz.1.124'. [ 33.625990][ T6941] netlink: 8 bytes leftover after parsing attributes in process `syz.1.124'. [ 33.846611][ T6967] netlink: 'syz.3.143': attribute type 21 has an invalid length. [ 33.879552][ T6965] bridge0: port 3(syz_tun) entered blocking state [ 33.879719][ T6965] bridge0: port 3(syz_tun) entered disabled state [ 33.879860][ T6965] syz_tun: entered allmulticast mode [ 33.880424][ T6965] syz_tun: entered promiscuous mode [ 33.880949][ T6965] bridge0: port 3(syz_tun) entered blocking state [ 33.880978][ T6965] bridge0: port 3(syz_tun) entered forwarding state [ 33.977823][ T6976] netlink: 'syz.0.142': attribute type 10 has an invalid length. [ 34.167425][ T6973] loop2: detected capacity change from 0 to 8192 [ 34.197030][ T6980] loop1: detected capacity change from 0 to 1024 [ 34.223529][ T6980] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 34.241236][ T6534] Bluetooth: hci3: command tx timeout [ 34.257195][ T6980] EXT4-fs error (device loop1): ext4_free_blocks:6696: comm syz.1.145: Freeing blocks not in datazone - block = 0, count = 16 [ 34.268893][ T6980] EXT4-fs (loop1): Remounting filesystem read-only [ 34.305970][ T6527] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 34.319589][ T6986] loop3: detected capacity change from 0 to 1764 [ 34.327211][ T6534] Bluetooth: hci4: command tx timeout [ 34.328125][ T6534] Bluetooth: hci0: command tx timeout [ 34.328162][ T6534] Bluetooth: hci2: command tx timeout [ 34.328194][ T6534] Bluetooth: hci1: command tx timeout [ 34.491096][ T6989] loop2: detected capacity change from 0 to 8192 [ 34.555007][ T31] kauditd_printk_skb: 368 callbacks suppressed [ 34.556220][ T31] audit: type=1326 audit(805.635:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6997 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8015c068 code=0x7ffc0000 [ 34.559852][ T31] audit: type=1326 audit(805.635:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6997 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8015c068 code=0x7ffc0000 [ 34.559910][ T31] audit: type=1326 audit(805.635:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6997 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8015c068 code=0x7ffc0000 [ 34.559948][ T31] audit: type=1326 audit(805.635:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6997 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8015c068 code=0x7ffc0000 [ 34.570696][ T31] audit: type=1326 audit(805.635:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6997 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8015c068 code=0x7ffc0000 [ 34.570721][ T31] audit: type=1326 audit(805.635:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6997 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8015c068 code=0x7ffc0000 [ 34.570734][ T31] audit: type=1326 audit(805.635:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6997 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8015c068 code=0x7ffc0000 [ 34.570747][ T31] audit: type=1326 audit(805.635:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6997 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8015c068 code=0x7ffc0000 [ 34.570759][ T31] audit: type=1326 audit(805.635:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6997 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8015c068 code=0x7ffc0000 [ 34.570771][ T31] audit: type=1326 audit(805.635:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6997 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8015c068 code=0x7ffc0000 [ 34.667407][ T7008] loop0: detected capacity change from 0 to 1024 [ 34.690956][ T7008] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.695996][ T7011] loop2: detected capacity change from 0 to 128 [ 34.709833][ T7008] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 34.713679][ T7008] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 34.713707][ T7008] EXT4-fs (loop0): This should not happen!! Data will be lost [ 34.713707][ T7008] [ 34.713727][ T7008] EXT4-fs (loop0): Total free blocks count 0 [ 34.713741][ T7008] EXT4-fs (loop0): Free/Dirty block details [ 34.713756][ T7008] EXT4-fs (loop0): free_blocks=4293918720 [ 34.713770][ T7008] EXT4-fs (loop0): dirty_blocks=16 [ 34.713780][ T7008] EXT4-fs (loop0): Block reservation details [ 34.713788][ T7008] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 34.731420][ T6532] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.739327][ T7016] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 34.745354][ T7016] vhci_hcd: invalid port number 96 [ 34.745405][ T7016] vhci_hcd: default hub control req: 0311 v0005 i0060 l7 [ 34.753155][ T7018] Zero length message leads to an empty skb [ 34.831515][ T7031] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 34.877600][ T7037] loop0: detected capacity change from 0 to 1024 [ 34.895889][ T7037] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.959222][ T6532] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.117653][ T7061] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125 [ 35.239788][ T7083] netlink: 'syz.1.191': attribute type 3 has an invalid length. [ 35.401773][ T7104] loop1: detected capacity change from 0 to 512 [ 35.409976][ T7104] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.201: corrupted in-inode xattr: invalid ea_ino [ 35.410671][ T7104] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.201: couldn't read orphan inode 15 (err -117) [ 35.415444][ T7104] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.985070][ T6527] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.222737][ T6121] Bluetooth: hci3: command tx timeout [ 36.247615][ T7141] binfmt_misc: register: failed to install interpreter file ./file0 [ 36.297908][ T7136] __nla_validate_parse: 2 callbacks suppressed [ 36.297949][ T7136] netlink: 8 bytes leftover after parsing attributes in process `syz.1.214'. [ 36.298313][ T6121] Bluetooth: hci1: command tx timeout [ 36.298344][ T6121] Bluetooth: hci2: command tx timeout [ 36.298366][ T6121] Bluetooth: hci0: command tx timeout [ 36.298387][ T6121] Bluetooth: hci4: command tx timeout [ 36.339691][ T7144] loop3: detected capacity change from 0 to 8192 [ 36.384139][ T6805] loop3: p1 < > p3 < > p4 [ 36.385013][ T6805] loop3: partition table partially beyond EOD, truncated [ 36.386376][ T6805] loop3: p1 start 4294967040 is beyond EOD, truncated [ 36.392696][ T7144] loop3: p1 < > p3 < > p4 [ 36.394595][ T7144] loop3: partition table partially beyond EOD, truncated [ 36.395891][ T7144] loop3: p1 start 4294967040 is beyond EOD, truncated [ 36.429601][ T7155] binfmt_misc: register: failed to install interpreter file ./file2 [ 36.543950][ T6805] udevd[6805]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 36.577474][ T6649] udevd[6649]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 36.700232][ T6805] udevd[6805]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 36.706249][ T6649] udevd[6649]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 36.888519][ T7201] loop1: detected capacity change from 0 to 1024 [ 36.903385][ T7201] EXT4-fs: Ignoring removed nobh option [ 36.903418][ T7201] EXT4-fs: Ignoring removed bh option [ 36.978948][ T7212] capability: warning: `syz.4.247' uses 32-bit capabilities (legacy support in use) [ 36.993252][ T7201] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.028995][ T6527] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.141680][ T7225] loop2: detected capacity change from 0 to 1024 [ 37.143281][ T7225] EXT4-fs: Ignoring removed nobh option [ 37.145547][ T7225] EXT4-fs: Ignoring removed bh option [ 37.181643][ T7225] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.242993][ T6538] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.451311][ T7248] netlink: 16 bytes leftover after parsing attributes in process `syz.2.263'. [ 37.494748][ T9] kernel write not supported for file bpf-prog (pid: 9 comm: kworker/0:0) [ 37.655669][ T7277] vhci_hcd: invalid port number 96 [ 37.656618][ T7277] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 37.788914][ T7298] netlink: 'syz.4.284': attribute type 10 has an invalid length. [ 37.791336][ T7298] netlink: 40 bytes leftover after parsing attributes in process `syz.4.284'. [ 38.403442][ T7357] mmap: syz.2.311 (7357) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 38.551866][ T7380] loop3: detected capacity change from 0 to 1024 [ 38.555177][ T7378] Driver unsupported XDP return value 0 on prog (id 20) dev N/A, expect packet loss! [ 38.582487][ T7380] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 38.582530][ T7380] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 38.582590][ T7380] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 38.588521][ T7380] EXT4-fs error (device loop3): ext4_get_journal_inode:5800: inode #32: comm syz.3.320: iget: special inode unallocated [ 38.591252][ T7380] EXT4-fs (loop3): no journal found [ 38.591281][ T7380] EXT4-fs (loop3): can't get journal size [ 38.605710][ T7380] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 38.610976][ T7386] loop0: detected capacity change from 0 to 128 [ 38.618620][ T7386] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 38.619373][ T7386] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 38.633477][ T7380] EXT4-fs error (device loop3): ext4_inlinedir_to_tree:1314: inode #12: block 16: comm syz.3.320: path /62/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=20, inode=13, rec_len=16, size=60 fake=0 [ 38.666158][ T6533] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.047314][ T7447] loop3: detected capacity change from 0 to 164 [ 39.394779][ T7481] capability: warning: `syz.3.363' uses deprecated v2 capabilities in a way that may be insecure [ 39.454573][ T31] kauditd_printk_skb: 95 callbacks suppressed [ 39.454629][ T31] audit: type=1326 audit(810.779:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7486 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c35c068 code=0x7ffc0000 [ 39.454667][ T31] audit: type=1326 audit(810.779:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7486 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c35c068 code=0x7ffc0000 [ 39.466729][ T31] audit: type=1326 audit(810.790:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7486 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff8c35c068 code=0x7ffc0000 [ 39.466775][ T31] audit: type=1326 audit(810.790:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7486 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c35c068 code=0x7ffc0000 [ 39.473923][ T31] audit: type=1326 audit(810.800:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7486 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c35c068 code=0x7ffc0000 [ 39.474081][ T31] audit: type=1326 audit(810.800:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7486 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff8c35c068 code=0x7ffc0000 [ 39.474136][ T31] audit: type=1326 audit(810.800:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7486 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c35c068 code=0x7ffc0000 [ 39.483761][ T31] audit: type=1326 audit(810.811:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7486 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=165 compat=0 ip=0xffff8c35c068 code=0x7ffc0000 [ 39.483818][ T31] audit: type=1326 audit(810.811:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7486 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8c35c068 code=0x7ffc0000 [ 39.491497][ T31] audit: type=1326 audit(810.821:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7486 comm="syz.3.366" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=206 compat=0 ip=0xffff8c35c068 code=0x7ffc0000 [ 39.660246][ T7507] netlink: 8 bytes leftover after parsing attributes in process `syz.4.376'. [ 39.664037][ T7507] ip6gre1: entered allmulticast mode [ 40.056668][ T7561] loop4: detected capacity change from 0 to 512 [ 40.056972][ T7558] netlink: 256 bytes leftover after parsing attributes in process `syz.3.395'. [ 40.056985][ T7558] netlink: 72 bytes leftover after parsing attributes in process `syz.3.395'. [ 40.074397][ T7561] ext4: Unknown parameter 'measure' [ 40.283642][ T7588] loop4: detected capacity change from 0 to 1024 [ 40.287245][ T7588] EXT4-fs: Ignoring removed nomblk_io_submit option [ 40.303482][ T7590] process 'syz.1.403' launched './file1' with NULL argv: empty string added [ 40.322404][ T7588] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.354467][ T7596] netlink: 24 bytes leftover after parsing attributes in process `syz.3.404'. [ 40.434678][ T6529] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.815859][ T7619] sctp: [Deprecated]: syz.3.409 (pid 7619) Use of struct sctp_assoc_value in delayed_ack socket option. [ 40.815859][ T7619] Use struct sctp_sack_info instead [ 40.872061][ T7627] tipc: Started in network mode [ 40.872103][ T7627] tipc: Node identity 0296ec1e90bc, cluster identity 4711 [ 40.872211][ T7627] tipc: Enabled bearer , priority 0 [ 40.877164][ T7627] tipc: Disabling bearer [ 40.983104][ T7639] syz.4.417 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 41.077614][ T7651] 9pnet: p9_errstr2errno: server reported unknown error [ 41.188752][ T7662] autofs4:pid:7662:validate_dev_ioctl: invalid path supplied for cmd(0xc0189374) [ 41.208715][ T7664] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 41.218141][ T7664] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 41.337136][ T7672] tipc: Started in network mode [ 41.337176][ T7672] tipc: Node identity 0ac94b4be99d, cluster identity 4711 [ 41.337492][ T7672] tipc: Enabled bearer , priority 0 [ 41.340537][ T7671] tipc: Resetting bearer [ 41.872582][ T7671] tipc: Disabling bearer [ 42.100299][ T7741] loop0: detected capacity change from 0 to 512 [ 42.100912][ T7741] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 42.398460][ T7773] netlink: 336 bytes leftover after parsing attributes in process `syz.1.473'. [ 42.699730][ T7793] hub 2-0:1.0: USB hub found [ 42.699873][ T7793] hub 2-0:1.0: 8 ports detected [ 42.835379][ T7801] loop1: detected capacity change from 0 to 128 [ 42.843381][ T7801] FAT-fs (loop1): Directory bread(block 32) failed [ 42.844994][ T7801] FAT-fs (loop1): Directory bread(block 33) failed [ 42.846490][ T7801] FAT-fs (loop1): Directory bread(block 34) failed [ 42.847653][ T7801] FAT-fs (loop1): Directory bread(block 35) failed [ 42.848968][ T7801] FAT-fs (loop1): Directory bread(block 36) failed [ 42.860775][ T7801] FAT-fs (loop1): Directory bread(block 37) failed [ 42.861355][ T7801] FAT-fs (loop1): Directory bread(block 38) failed [ 42.861378][ T7801] FAT-fs (loop1): Directory bread(block 39) failed [ 42.861408][ T7801] FAT-fs (loop1): Directory bread(block 40) failed [ 42.861423][ T7801] FAT-fs (loop1): Directory bread(block 41) failed [ 42.883472][ T7801] syz.1.486: attempt to access beyond end of device [ 42.883472][ T7801] loop1: rw=0, sector=4112, nr_sectors = 4 limit=128 [ 42.886116][ T7801] Buffer I/O error on dev loop1, logical block 1028, async page read [ 42.887605][ T7801] syz.1.486: attempt to access beyond end of device [ 42.887605][ T7801] loop1: rw=0, sector=167964, nr_sectors = 4 limit=128 [ 42.890009][ T7801] Buffer I/O error on dev loop1, logical block 41991, async page read [ 42.891770][ T7801] FAT-fs (loop1): Filesystem has been set read-only [ 42.893218][ T7801] syz.1.486: attempt to access beyond end of device [ 42.893218][ T7801] loop1: rw=0, sector=4112, nr_sectors = 4 limit=128 [ 42.895622][ T7801] Buffer I/O error on dev loop1, logical block 1028, async page read [ 42.897086][ T7801] syz.1.486: attempt to access beyond end of device [ 42.897086][ T7801] loop1: rw=0, sector=167964, nr_sectors = 4 limit=128 [ 42.901406][ T7801] Buffer I/O error on dev loop1, logical block 41991, async page read [ 42.901699][ T7805] netlink: 12 bytes leftover after parsing attributes in process `syz.2.488'. [ 43.065052][ T7828] loop3: detected capacity change from 0 to 128 [ 43.065513][ T7828] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 43.065949][ T7828] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 43.074841][ T7815] loop4: detected capacity change from 0 to 1024 [ 43.079792][ T2167] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 43.105815][ T7815] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.123786][ T6529] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.207241][ T7845] netlink: 24 bytes leftover after parsing attributes in process `syz.0.502'. [ 43.207272][ T7845] netlink: 212 bytes leftover after parsing attributes in process `syz.0.502'. [ 43.261785][ T7852] netlink: 'syz.1.506': attribute type 3 has an invalid length. [ 43.275437][ T7853] loop3: detected capacity change from 0 to 1024 [ 43.275882][ T7853] EXT4-fs: Ignoring removed nomblk_io_submit option [ 43.297186][ T7853] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.298871][ T7857] loop1: detected capacity change from 0 to 512 [ 43.302423][ T7857] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 43.321983][ T7857] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 43.322028][ T7857] System zones: 0-2, 18-18, 34-34 [ 43.325759][ T7857] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.333035][ T6533] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.378568][ T6527] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.417495][ T7874] loop1: detected capacity change from 0 to 512 [ 43.424595][ T7874] [ 43.424985][ T7874] ====================================================== [ 43.426106][ T7874] WARNING: possible circular locking dependency detected [ 43.427173][ T7874] syzkaller #0 Not tainted [ 43.427856][ T7874] ------------------------------------------------------ [ 43.428999][ T7874] syz.1.514/7874 is trying to acquire lock: [ 43.429899][ T7874] ffff0000d1cf4b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x150/0x2a0 [ 43.431457][ T7874] [ 43.431457][ T7874] but task is already holding lock: [ 43.432583][ T7874] ffff0000dd9169f8 (&ei->xattr_sem){++++}-{4:4}, at: __ext4_mark_inode_dirty+0x358/0x6fc [ 43.434199][ T7874] [ 43.434199][ T7874] which lock already depends on the new lock. [ 43.434199][ T7874] [ 43.435822][ T7874] [ 43.435822][ T7874] the existing dependency chain (in reverse order) is: [ 43.437149][ T7874] [ 43.437149][ T7874] -> #2 (&ei->xattr_sem){++++}-{4:4}: [ 43.438268][ T7874] down_write+0x50/0xc0 [ 43.438983][ T7874] ext4_xattr_set_handle+0x11c/0x1260 [ 43.439849][ T7874] ext4_initxattrs+0xa4/0x11c [ 43.440634][ T7874] security_inode_init_security+0x6dc/0x7f4 [ 43.441501][ T7874] ext4_init_security+0x44/0x58 [ 43.442235][ T7874] __ext4_new_inode+0x27f4/0x3190 [ 43.443074][ T7874] ext4_create+0x1f8/0x3fc [ 43.443816][ T7874] path_openat+0x12d8/0x2c40 [ 43.444657][ T7874] do_filp_open+0x18c/0x36c [ 43.445501][ T7874] do_sys_openat2+0x11c/0x1b4 [ 43.446346][ T7874] __arm64_sys_openat+0x120/0x158 [ 43.447213][ T7874] invoke_syscall+0x98/0x2b8 [ 43.447996][ T7874] el0_svc_common+0x130/0x23c [ 43.448746][ T7874] do_el0_svc+0x48/0x58 [ 43.449460][ T7874] el0_svc+0x58/0x180 [ 43.450170][ T7874] el0t_64_sync_handler+0x84/0x12c [ 43.451110][ T7874] el0t_64_sync+0x198/0x19c [ 43.451896][ T7874] [ 43.451896][ T7874] -> #1 (jbd2_handle){++++}-{0:0}: [ 43.453085][ T7874] start_this_handle+0xe74/0x10dc [ 43.454240][ T7874] jbd2__journal_start+0x288/0x51c [ 43.455174][ T7874] __ext4_journal_start_sb+0x378/0x88c [ 43.456147][ T7874] ext4_do_writepages+0xb94/0x39b4 [ 43.457020][ T7874] ext4_writepages+0x178/0x2a0 [ 43.457755][ T7874] do_writepages+0x270/0x468 [ 43.458486][ T7874] file_write_and_wait_range+0x1d0/0x2c4 [ 43.459389][ T7874] ext4_sync_file+0x274/0xb44 [ 43.460173][ T7874] __arm64_sys_fsync+0x170/0x1d4 [ 43.461009][ T7874] invoke_syscall+0x98/0x2b8 [ 43.461820][ T7874] el0_svc_common+0x130/0x23c [ 43.462665][ T7874] do_el0_svc+0x48/0x58 [ 43.463450][ T7874] el0_svc+0x58/0x180 [ 43.464203][ T7874] el0t_64_sync_handler+0x84/0x12c [ 43.465121][ T7874] el0t_64_sync+0x198/0x19c [ 43.465905][ T7874] [ 43.465905][ T7874] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 43.467249][ T7874] __lock_acquire+0x1774/0x30a4 [ 43.468096][ T7874] lock_acquire+0x14c/0x2e0 [ 43.468887][ T7874] percpu_down_read_internal+0x5c/0x298 [ 43.469885][ T7874] ext4_writepages+0x150/0x2a0 [ 43.470691][ T7874] do_writepages+0x270/0x468 [ 43.471471][ T7874] __writeback_single_inode+0x15c/0x13e8 [ 43.472441][ T7874] writeback_single_inode+0x18c/0x54c [ 43.473315][ T7874] write_inode_now+0x13c/0x1a4 [ 43.474078][ T7874] iput+0x570/0x83c [ 43.474735][ T7874] ext4_xattr_block_set+0x13dc/0x24bc [ 43.475713][ T7874] ext4_expand_extra_isize_ea+0xeb4/0x182c [ 43.476721][ T7874] __ext4_expand_extra_isize+0x2a0/0x37c [ 43.477660][ T7874] __ext4_mark_inode_dirty+0x3c0/0x6fc [ 43.478550][ T7874] ext4_evict_inode+0x930/0x1084 [ 43.479391][ T7874] evict+0x414/0x928 [ 43.480092][ T7874] iput+0x6e4/0x83c [ 43.480747][ T7874] ext4_process_orphan+0x240/0x2b4 [ 43.481646][ T7874] ext4_orphan_cleanup+0x930/0x107c [ 43.482560][ T7874] ext4_fill_super+0x4724/0x4ea4 [ 43.483398][ T7874] get_tree_bdev_flags+0x360/0x414 [ 43.484275][ T7874] get_tree_bdev+0x2c/0x3c [ 43.485019][ T7874] ext4_get_tree+0x28/0x38 [ 43.485737][ T7874] vfs_get_tree+0x90/0x28c [ 43.486417][ T7874] do_new_mount+0x278/0x7f4 [ 43.487079][ T7874] path_mount+0x5b4/0xde0 [ 43.487833][ T7874] __arm64_sys_mount+0x3e8/0x468 [ 43.488711][ T7874] invoke_syscall+0x98/0x2b8 [ 43.489594][ T7874] el0_svc_common+0x130/0x23c [ 43.490401][ T7874] do_el0_svc+0x48/0x58 [ 43.491110][ T7874] el0_svc+0x58/0x180 [ 43.491798][ T7874] el0t_64_sync_handler+0x84/0x12c [ 43.492771][ T7874] el0t_64_sync+0x198/0x19c [ 43.493628][ T7874] [ 43.493628][ T7874] other info that might help us debug this: [ 43.493628][ T7874] [ 43.495346][ T7874] Chain exists of: [ 43.495346][ T7874] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 43.495346][ T7874] [ 43.497566][ T7874] Possible unsafe locking scenario: [ 43.497566][ T7874] [ 43.498717][ T7874] CPU0 CPU1 [ 43.499515][ T7874] ---- ---- [ 43.500304][ T7874] lock(&ei->xattr_sem); [ 43.500926][ T7874] lock(jbd2_handle); [ 43.501967][ T7874] lock(&ei->xattr_sem); [ 43.503052][ T7874] rlock(&sbi->s_writepages_rwsem); [ 43.503877][ T7874] [ 43.503877][ T7874] *** DEADLOCK *** [ 43.503877][ T7874] [ 43.505071][ T7874] 3 locks held by syz.1.514/7874: [ 43.505857][ T7874] #0: ffff0000d1cf60e0 (&type->s_umount_key#26/1){+.+.}-{4:4}, at: alloc_super+0x1a0/0x80c [ 43.507314][ T7874] #1: ffff0000d1cf6618 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x2b0/0x1084 [ 43.508874][ T7874] #2: ffff0000dd9169f8 (&ei->xattr_sem){++++}-{4:4}, at: __ext4_mark_inode_dirty+0x358/0x6fc [ 43.510507][ T7874] [ 43.510507][ T7874] stack backtrace: [ 43.511467][ T7874] CPU: 0 UID: 0 PID: 7874 Comm: syz.1.514 Not tainted syzkaller #0 PREEMPT [ 43.512834][ T7874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 43.514428][ T7874] Call trace: [ 43.514924][ T7874] show_stack+0x2c/0x3c (C) [ 43.515614][ T7874] __dump_stack+0x30/0x40 [ 43.516288][ T7874] dump_stack_lvl+0xd8/0x12c [ 43.516956][ T7874] dump_stack+0x1c/0x28 [ 43.517576][ T7874] print_circular_bug+0x324/0x32c [ 43.518413][ T7874] check_noncircular+0x154/0x174 [ 43.519200][ T7874] __lock_acquire+0x1774/0x30a4 [ 43.519986][ T7874] lock_acquire+0x14c/0x2e0 [ 43.520754][ T7874] percpu_down_read_internal+0x5c/0x298 [ 43.521695][ T7874] ext4_writepages+0x150/0x2a0 [ 43.522423][ T7874] do_writepages+0x270/0x468 [ 43.523201][ T7874] __writeback_single_inode+0x15c/0x13e8 [ 43.524100][ T7874] writeback_single_inode+0x18c/0x54c [ 43.525006][ T7874] write_inode_now+0x13c/0x1a4 [ 43.525788][ T7874] iput+0x570/0x83c [ 43.526412][ T7874] ext4_xattr_block_set+0x13dc/0x24bc [ 43.527317][ T7874] ext4_expand_extra_isize_ea+0xeb4/0x182c [ 43.528202][ T7874] __ext4_expand_extra_isize+0x2a0/0x37c [ 43.529083][ T7874] __ext4_mark_inode_dirty+0x3c0/0x6fc [ 43.529974][ T7874] ext4_evict_inode+0x930/0x1084 [ 43.530713][ T7874] evict+0x414/0x928 [ 43.531295][ T7874] iput+0x6e4/0x83c [ 43.531905][ T7874] ext4_process_orphan+0x240/0x2b4 [ 43.532700][ T7874] ext4_orphan_cleanup+0x930/0x107c [ 43.533504][ T7874] ext4_fill_super+0x4724/0x4ea4 [ 43.534249][ T7874] get_tree_bdev_flags+0x360/0x414 [ 43.535054][ T7874] get_tree_bdev+0x2c/0x3c [ 43.535726][ T7874] ext4_get_tree+0x28/0x38 [ 43.536388][ T7874] vfs_get_tree+0x90/0x28c [ 43.537030][ T7874] do_new_mount+0x278/0x7f4 [ 43.537688][ T7874] path_mount+0x5b4/0xde0 [ 43.538348][ T7874] __arm64_sys_mount+0x3e8/0x468 [ 43.539069][ T7874] invoke_syscall+0x98/0x2b8 [ 43.539806][ T7874] el0_svc_common+0x130/0x23c [ 43.540622][ T7874] do_el0_svc+0x48/0x58 [ 43.541351][ T7874] el0_svc+0x58/0x180 [ 43.541993][ T7874] el0t_64_sync_handler+0x84/0x12c [ 43.542756][ T7874] el0t_64_sync+0x198/0x19c [ 43.582181][ T7874] ------------[ cut here ]------------ [ 43.582205][ T7874] EA inode 11 i_nlink=2 [ 43.582291][ T7874] WARNING: CPU: 1 PID: 7874 at fs/ext4/xattr.c:1053 ext4_xattr_inode_update_ref+0x444/0x488 [ 43.585441][ T7874] Modules linked in: [ 43.586063][ T7874] CPU: 1 UID: 0 PID: 7874 Comm: syz.1.514 Not tainted syzkaller #0 PREEMPT [ 43.587368][ T7874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 43.588807][ T7874] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 43.589964][ T7874] pc : ext4_xattr_inode_update_ref+0x444/0x488 [ 43.590778][ T7874] lr : ext4_xattr_inode_update_ref+0x444/0x488 [ 43.591717][ T7874] sp : ffff80009ef06dc0 [ 43.592304][ T7874] x29: ffff80009ef06e50 x28: 0000000000000000 x27: 1fffe0001bb3cdb7 [ 43.593619][ T7874] x26: dfff800000000000 x25: ffff80009ef06dc0 x24: ffff700013de0db8 [ 43.594792][ T7874] x23: ffff800092e12000 x22: ffff0000dd9e6c08 x21: 0000000000000002 [ 43.595908][ T7874] x20: 0000000000000001 x19: ffff0000dd9e6bc8 x18: 1fffe0003379be88 [ 43.597046][ T7874] x17: ffff80008f7de000 x16: ffff80008b0141e8 x15: 0000000000000001 [ 43.598163][ T7874] x14: 1ffff00013de0d28 x13: 0000000000000000 x12: 0000000000000000 [ 43.599433][ T7874] x11: 0000000000080000 x10: 00000000000602d5 x9 : be6de3072d451200 [ 43.600664][ T7874] x8 : be6de3072d451200 x7 : 0000000000000000 x6 : ffff800080563d30 [ 43.602064][ T7874] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807de9b0 [ 43.603353][ T7874] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 0000000000000000 [ 43.604565][ T7874] Call trace: [ 43.605024][ T7874] ext4_xattr_inode_update_ref+0x444/0x488 (P) [ 43.605919][ T7874] ext4_xattr_set_entry+0x928/0x15c0 [ 43.606664][ T7874] ext4_xattr_ibody_set+0x204/0x5fc [ 43.607373][ T7874] ext4_expand_extra_isize_ea+0xefc/0x182c [ 43.608314][ T7874] __ext4_expand_extra_isize+0x2a0/0x37c [ 43.609225][ T7874] __ext4_mark_inode_dirty+0x3c0/0x6fc [ 43.610086][ T7874] ext4_evict_inode+0x930/0x1084 [ 43.610852][ T7874] evict+0x414/0x928 [ 43.611440][ T7874] iput+0x6e4/0x83c [ 43.612040][ T7874] ext4_process_orphan+0x240/0x2b4 [ 43.612830][ T7874] ext4_orphan_cleanup+0x930/0x107c [ 43.613583][ T7874] ext4_fill_super+0x4724/0x4ea4 [ 43.614350][ T7874] get_tree_bdev_flags+0x360/0x414 [ 43.615151][ T7874] get_tree_bdev+0x2c/0x3c [ 43.615849][ T7874] ext4_get_tree+0x28/0x38 [ 43.616566][ T7874] vfs_get_tree+0x90/0x28c [ 43.617230][ T7874] do_new_mount+0x278/0x7f4 [ 43.617916][ T7874] path_mount+0x5b4/0xde0 [ 43.618556][ T7874] __arm64_sys_mount+0x3e8/0x468 [ 43.619298][ T7874] invoke_syscall+0x98/0x2b8 [ 43.619985][ T7874] el0_svc_common+0x130/0x23c [ 43.620722][ T7874] do_el0_svc+0x48/0x58 [ 43.621308][ T7874] el0_svc+0x58/0x180 [ 43.621955][ T7874] el0t_64_sync_handler+0x84/0x12c [ 43.622806][ T7874] el0t_64_sync+0x198/0x19c [ 43.623502][ T7874] irq event stamp: 1773 [ 43.624131][ T7874] hardirqs last enabled at (1773): [] _raw_spin_unlock_irqrestore+0x38/0x98 [ 43.625702][ T7874] hardirqs last disabled at (1772): [] _raw_spin_lock_irqsave+0x2c/0x7c [ 43.627201][ T7874] softirqs last enabled at (984): [] local_bh_enable+0x10/0x34 [ 43.628574][ T7874] softirqs last disabled at (982): [] local_bh_disable+0x10/0x34 [ 43.629933][ T7874] ---[ end trace 0000000000000000 ]--- [ 43.635577][ T7874] EXT4-fs (loop1): 1 orphan inode deleted [ 43.636874][ T7874] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.647583][ T6527] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.