last executing test programs: 5.16698485s ago: executing program 0 (id=136): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000004c0)={@cgroup, 0x1f, 0x0, 0xd, &(0x7f0000000180)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000200)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0], &(0x7f00000003c0)}, 0x40) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x94eb2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) 3.255668247s ago: executing program 3 (id=148): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10, 0x0}, 0x0) pselect6(0x40, &(0x7f0000003800)={0x3, 0x6, 0x8, 0x1, 0x4, 0x1, 0x5, 0x7}, 0x0, &(0x7f0000003880)={0x9, 0x3, 0xfffffffffffffffe, 0x8, 0xfffffffffffffc00, 0x8000000000000000, 0x0, 0x5}, &(0x7f00000038c0)={0x0, 0x989680}, 0x0) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000400000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00', r4}, 0x10) ustat(0x801, &(0x7f0000000240)) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) pselect6(0x40, &(0x7f00000003c0)={0x4, 0xc, 0x76, 0x7, 0x7ac9, 0x1, 0x214, 0x7fffffffffffffff}, &(0x7f0000000040)={0x8, 0xbb8, 0x8, 0x8000000000000001, 0x106a, 0xfffffffffffffffd, 0xffffffffffffffff, 0x7fffffff}, &(0x7f0000000140)={0x1, 0x6, 0x9, 0xa, 0x1, 0x9, 0x0, 0x7fff}, &(0x7f0000000300)={r2, r3+60000000}, &(0x7f0000000380)={&(0x7f0000000340)={[0xe4]}, 0x8}) 3.11420051s ago: executing program 0 (id=150): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) bind$can_j1939(r0, &(0x7f0000000b80)={0x1d, 0x0, 0x2, {0x1, 0x0, 0x4}, 0xfe}, 0x18) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000b80)={0x1d, r2, 0x2, {0x1, 0x0, 0x4}, 0xfe}, 0x18) bind$can_j1939(r1, &(0x7f0000000080)={0x1d, r2, 0x8001, {0x0, 0xff, 0x5}, 0x2}, 0x18) 2.920795474s ago: executing program 0 (id=152): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0xffff, 0xb}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x1c, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_ACT={0x4}, @TCA_BPF_FLAGS={0x8}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) 2.155521808s ago: executing program 3 (id=153): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x18) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000080)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r2, 0x0, 0x3}}, 0x20) 2.015836591s ago: executing program 3 (id=156): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000700)=@newlink={0x20, 0x10, 0x437, 0x4, 0x0, {0x0, 0x0, 0x0, r2, 0x50483}}, 0x20}, 0x1, 0x0, 0x0, 0x9005}, 0x4000000) sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000580)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880) 1.874145114s ago: executing program 0 (id=158): setreuid(0xffffffffffffffff, 0xee01) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0}, &(0x7f00000013c0)=0xc) sendmmsg$unix(r0, &(0x7f0000003600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r1, @ANYRES32=r2, @ANYRES64=r1], 0x38, 0x40044}}], 0x1, 0x4) 1.873926104s ago: executing program 1 (id=159): r0 = socket$kcm(0x10, 0x3, 0x0) sendmsg$inet(r0, 0x0, 0x0) 1.744296856s ago: executing program 1 (id=161): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10, 0x0}, 0x0) pselect6(0x40, &(0x7f0000003800)={0x3, 0x6, 0x8, 0x1, 0x4, 0x1, 0x5, 0x7}, 0x0, &(0x7f0000003880)={0x9, 0x3, 0xfffffffffffffffe, 0x8, 0xfffffffffffffc00, 0x8000000000000000, 0x0, 0x5}, &(0x7f00000038c0)={0x0, 0x989680}, 0x0) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000400000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00', r4}, 0x10) ustat(0x801, &(0x7f0000000240)) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) pselect6(0x40, &(0x7f00000003c0)={0x4, 0xc, 0x76, 0x7, 0x7ac9, 0x1, 0x214, 0x7fffffffffffffff}, &(0x7f0000000040)={0x8, 0xbb8, 0x8, 0x8000000000000001, 0x106a, 0xfffffffffffffffd, 0xffffffffffffffff, 0x7fffffff}, &(0x7f0000000140)={0x1, 0x6, 0x9, 0xa, 0x1, 0x9, 0x0, 0x7fff}, &(0x7f0000000300)={r2, r3+60000000}, &(0x7f0000000380)={&(0x7f0000000340)={[0xe4]}, 0x8}) 1.735459356s ago: executing program 3 (id=162): syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000000)='./file0\x00', 0x2010804, &(0x7f0000000400)={[{@fat=@check_strict}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x5}}, {@fat=@quiet}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x6}}, {@fat=@nfs_nostale_ro}, {@fat=@umask={'umask', 0x3d, 0x87}}, {@nodots}, {@fat=@nfs_stale_rw}, {@nodots}, {@dots}, {@dots}, {}, {@fat=@umask={'umask', 0x3d, 0x1}}]}, 0x1, 0x262, &(0x7f0000000040)="$eJzs3UFr02AYB/BnW9dmA3Fn8RDw4mmo36BIBTEgVHrQk4XpZRMhu1RP/Rh+Bj+SH2On3SouoZ1ZFTvTpprfD0oe8s9b3uTQt4fnbd/e/3B68vH8/ezbl0iSNDoR07iMOIrd2IvCTnncvaq7cd00/tydFa4FANZnOBz3m54DNdq5eSrP++P9iOjdSEZfNzMpAAAAAAAAAAAA6ra0/7/SQ1ZX/z8AsB30////8rw/Piy/v/1M/z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQnMvZ7O7sN6+m5wcA1M/6DwDtY/0HgPax/gNA+7x6/eZFP8sGwzRNIi6mk9FkVByL/NnzbPAovXK0GHUxmYz2yzobPC7ytJofluOfLM278fBBkf/Inr7MKnkvTtZ98wAAAAAAAAAAAAAAAAAAALAljtO5yv7+vSI//lVeVNd+H6Cyf78T9zobuw0AAAAAAAAAAAAAAAAAAAD4p51/+nw6Pjt7lysU8+IgbjEqifmZ2wxfrehGxKqjerElj3d9RVLfk2/6kwkAAAAAAAAAAAAAAAAAANpnsem36ZkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQHMW////N8VB+W7Lr2n4FgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICW+B4AAP//C6SJig==") mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) 1.654169628s ago: executing program 0 (id=163): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000008600850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000fedbdf250800000018000280140003801000018004000300080001000f0000000c00018008000100", @ANYRES32], 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000600), 0x1, 0x563, &(0x7f0000000640)="$eJzs3c9vFFUcAPDvm/7gR9EWYlQ8aBNjIFFaWsAQ4wHuhOCPmxdXWgiy/Ait0aIHSPBiYrx4MPHkQfwvlOjVkzcPXjwZEmIMRxPXzHamLHS3tGXXqcznk0w7b95uvm9289038/bNbAC1NZn/ySL2RsTlFDHeUTccReXk8uPu/vXJ6XxJ0Wq99WeKVGwrH5+K/2PFk7dHxC8/ptgztDruwtLV841mc/5KUZ5evHB5emHp6oFzFxpn58/OX5x9dfbokcNHjs4c7Nu+nrjx/ofjn51859uv/04z3/12MsWx2FXUde5Hv0zG5Mpr0il/XY/2O1hFhor96XyL03CFDWJDyvdvJCKeifEYintv3nh8+kaljQMGqpUiWkBNJfkPNVUeB5Tn9oM4Dwa2pjvHlwcAVuf/8PLYYGxvjw3svJuic1gnRUQ/RubyGD//dPJGvsSAxuGA7q5dj4hnu+V/aufmRHsUP8//7L78zyLiVPE/3/7mJuNPPlCW//DfeZT8f7cj/9/bZHz5DwAAAAAAAP1z63hEvNLt+79sZf5PdJn/MxYRx/oQ/+Hf/2W3+xAG6OLO8YjXu87/zcqHTAwVpSfa8wFG0plzzfmDEfFkROyPkW15eWaNGAc+3/NVr7rO+X/5kscv5wIW7bg9vO3+58w1FhuPss/AsjvXI57rOv83rfT/qUv/n38eXF5njD0v3TzVq+7h+Q8MSuubiH1d+/97d65Ia9+fY7p9PDBdHhWs9vzHX3zfK778h+rk/f/OtfN/InXer2dh4zEOLQ23etVt9vh/NL3dvuXMaLHto8bi4pWZiNF0YvX22Y23GR5HZT6U+ZLn//4X1x7/63b8vyMirq0z5tP/jP3eq07/D9XJ839uQ/3/xldmb0780Cv++vr/w+0+fX+xxfgfrG29CVp1OwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/yiLiF2RsqmV9SybmooYi4inYmfWvLSw+PKZSx9cnMvr2r//n5W/9Du+XE7l7/9PdJRnHygfiojdEfHl0I52eer0peZc1TsPAAAAAAAAAAAAAAAAAAAAW8RYj+v/c38MVd06YOCGq24AUBn5D/Ul/6G+5D/Ul/yH+pL/UF/yH+pL/kN9yX+oL/kPAAAAAACPld0v3Po1RcS113a0l9xoUTdSacuAQcuqbgBQGbf4gfoy9Qfqyzk+kB5Sv33TzwQAAAAAAAAAAAAA+mXfXtf/Q125/h/qy/X/UF+u/4f6co4PuP4fAAAAAAAAAAAAALa+haWr5xvN5vwVK1asWFlZqfqTCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKP0bAAD//zn7JB8=") mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) 1.648412818s ago: executing program 2 (id=164): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x18) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000080)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r2, 0x0, 0x3}}, 0x20) 1.415446002s ago: executing program 1 (id=165): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) bind$can_j1939(r0, &(0x7f00000003c0)={0x1d, 0x0, 0x2, {0x1, 0xff}, 0x1}, 0x18) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0xfffffffffffffffc, {0x1, 0xf0, 0x4}, 0x2}, 0x18) bind$can_j1939(r1, &(0x7f0000000180)={0x1d, r3, 0x1, {0x2, 0xff, 0x1}, 0xfc}, 0x18) close(r1) 1.415016532s ago: executing program 3 (id=166): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0xffff, 0xb}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x1c, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_ACT={0x4}, @TCA_BPF_FLAGS={0x8}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) 1.309353695s ago: executing program 1 (id=167): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) bind$can_j1939(r0, &(0x7f00000003c0)={0x1d, 0x0, 0x2, {0x1, 0xff}, 0x1}, 0x18) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0xfffffffffffffffc, {0x1, 0xf0, 0x4}, 0x2}, 0x18) bind$can_j1939(r1, &(0x7f0000000180)={0x1d, r3, 0x1, {0x2, 0xff, 0x1}, 0xfc}, 0x18) 1.210188507s ago: executing program 2 (id=168): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0b00000007000000010001000800000001"], 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 491.505701ms ago: executing program 2 (id=169): r0 = socket$kcm(0x10, 0x3, 0x0) sendmsg$inet(r0, 0x0, 0x0) 408.219522ms ago: executing program 0 (id=170): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket(0x1e, 0x4, 0x0) recvmmsg$unix(r1, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x9, 0x4, 0x8, 0x10}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) mount(0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x4000, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x3200890, 0x0) move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x262) socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, 0x0, 0x0) getsockname$packet(r4, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 365.968473ms ago: executing program 1 (id=171): socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r0}, 0x10) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0xfffff6ea, 0x0, 0x0, 0x3}) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet_udp(0x2, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, 0x0, 0x0}, 0x20) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5393, &(0x7f0000000000)) 318.756024ms ago: executing program 2 (id=172): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 268.114975ms ago: executing program 3 (id=173): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==") 148.045047ms ago: executing program 1 (id=174): syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000400)='kfree\x00', r0}, 0x18) r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0) open_by_handle_at(r1, &(0x7f0000000240)=@reiserfs_2={0x8, 0x2, {0xb}}, 0x0) 82.266379ms ago: executing program 2 (id=175): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x4000) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)={0x20, 0x19, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x8004) 0s ago: executing program 2 (id=176): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000005c0)='kfree_skb\x00', r1}, 0x18) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r2, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, 0x0}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.90' (ED25519) to the list of known hosts. [ 68.319322][ T5774] cgroup: Unknown subsys name 'net' [ 68.460804][ T5774] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 70.132067][ T5774] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.765442][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.772147][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.245883][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.265070][ T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.280464][ T5790] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.305872][ T5791] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.325730][ T5791] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.333582][ T5791] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 72.353434][ T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.354241][ T5791] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.386365][ T5102] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.394484][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.395376][ T5102] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.402884][ T5799] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.414784][ T5795] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.417003][ T5799] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.427299][ T5102] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 72.438298][ T5799] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.446671][ T5799] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.462316][ T5799] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.471162][ T5799] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.481920][ T5799] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 72.489779][ T5799] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.501306][ T5790] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.510511][ T5799] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 72.518157][ T5799] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 72.978646][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 73.034508][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 73.150455][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 73.182766][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.190291][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.198774][ T5793] bridge_slave_0: entered allmulticast mode [ 73.205823][ T5793] bridge_slave_0: entered promiscuous mode [ 73.220035][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.227259][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.235269][ T5793] bridge_slave_1: entered allmulticast mode [ 73.242440][ T5793] bridge_slave_1: entered promiscuous mode [ 73.253518][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 73.376973][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.390156][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.400194][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.408598][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.416016][ T5788] bridge_slave_0: entered allmulticast mode [ 73.422808][ T5788] bridge_slave_0: entered promiscuous mode [ 73.430711][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.438095][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.445448][ T5788] bridge_slave_1: entered allmulticast mode [ 73.452223][ T5788] bridge_slave_1: entered promiscuous mode [ 73.531724][ T5793] team0: Port device team_slave_0 added [ 73.551378][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.559341][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.566751][ T5792] bridge_slave_0: entered allmulticast mode [ 73.573579][ T5792] bridge_slave_0: entered promiscuous mode [ 73.587152][ T5793] team0: Port device team_slave_1 added [ 73.606283][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.615989][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.623196][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.630635][ T5792] bridge_slave_1: entered allmulticast mode [ 73.637462][ T5792] bridge_slave_1: entered promiscuous mode [ 73.682071][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.712055][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.719508][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.726826][ T5784] bridge_slave_0: entered allmulticast mode [ 73.733686][ T5784] bridge_slave_0: entered promiscuous mode [ 73.755517][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.768120][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.778206][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.785295][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.811256][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.825491][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.832478][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.859160][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.870451][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.877922][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.885480][ T5784] bridge_slave_1: entered allmulticast mode [ 73.892250][ T5784] bridge_slave_1: entered promiscuous mode [ 73.965027][ T5788] team0: Port device team_slave_0 added [ 73.990248][ T5792] team0: Port device team_slave_0 added [ 74.001515][ T5793] hsr_slave_0: entered promiscuous mode [ 74.008785][ T5793] hsr_slave_1: entered promiscuous mode [ 74.029764][ T5788] team0: Port device team_slave_1 added [ 74.038263][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.049345][ T5792] team0: Port device team_slave_1 added [ 74.098176][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.144308][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.151298][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.177319][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.201543][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.208659][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.235115][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.248194][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.255272][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.281219][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.300861][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.308008][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.334035][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.348399][ T5784] team0: Port device team_slave_0 added [ 74.358390][ T5784] team0: Port device team_slave_1 added [ 74.427119][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.434661][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.460900][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.479687][ T5796] Bluetooth: hci0: command tx timeout [ 74.485908][ T5799] Bluetooth: hci1: command tx timeout [ 74.503051][ T5792] hsr_slave_0: entered promiscuous mode [ 74.509913][ T5792] hsr_slave_1: entered promiscuous mode [ 74.517369][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.525431][ T5792] Cannot create hsr debugfs directory [ 74.542444][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.549679][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.557218][ T5799] Bluetooth: hci2: command tx timeout [ 74.576120][ T5796] Bluetooth: hci3: command tx timeout [ 74.577748][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.638190][ T5788] hsr_slave_0: entered promiscuous mode [ 74.644706][ T5788] hsr_slave_1: entered promiscuous mode [ 74.650897][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.658640][ T5788] Cannot create hsr debugfs directory [ 74.812155][ T5784] hsr_slave_0: entered promiscuous mode [ 74.819525][ T5784] hsr_slave_1: entered promiscuous mode [ 74.825964][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.833631][ T5784] Cannot create hsr debugfs directory [ 75.015052][ T5793] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 75.028241][ T5793] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 75.058366][ T5793] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 75.079825][ T5793] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 75.192391][ T5792] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 75.227192][ T5792] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 75.239159][ T5792] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 75.256174][ T5792] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 75.349939][ T5788] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.389858][ T5788] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.400399][ T5788] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.410507][ T5788] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.494071][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.508743][ T5784] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 75.520960][ T5784] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 75.544904][ T5784] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 75.555860][ T5784] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 75.607536][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.626955][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.634394][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.678678][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.685863][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.721568][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.790741][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.829953][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.843173][ T1297] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.850390][ T1297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.877361][ T1297] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.884591][ T1297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.929287][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.986677][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.993940][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.029645][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.040771][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.048089][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.077968][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.106536][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.113804][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.144509][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.151897][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.291965][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.486127][ T5793] veth0_vlan: entered promiscuous mode [ 76.510505][ T5793] veth1_vlan: entered promiscuous mode [ 76.554632][ T5799] Bluetooth: hci1: command tx timeout [ 76.554713][ T5796] Bluetooth: hci0: command tx timeout [ 76.636544][ T5796] Bluetooth: hci2: command tx timeout [ 76.642038][ T5796] Bluetooth: hci3: command tx timeout [ 76.664133][ T5793] veth0_macvtap: entered promiscuous mode [ 76.675706][ T5793] veth1_macvtap: entered promiscuous mode [ 76.711369][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.782759][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.801553][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.823118][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.836832][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.849155][ T5793] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.859558][ T5793] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.870125][ T5793] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.881347][ T5793] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.962454][ T5788] veth0_vlan: entered promiscuous mode [ 77.009764][ T5784] veth0_vlan: entered promiscuous mode [ 77.048090][ T5784] veth1_vlan: entered promiscuous mode [ 77.060201][ T5788] veth1_vlan: entered promiscuous mode [ 77.106259][ T5792] veth0_vlan: entered promiscuous mode [ 77.147478][ T5792] veth1_vlan: entered promiscuous mode [ 77.168839][ T1297] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.181955][ T1297] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.233306][ T5788] veth0_macvtap: entered promiscuous mode [ 77.248801][ T5788] veth1_macvtap: entered promiscuous mode [ 77.259344][ T5784] veth0_macvtap: entered promiscuous mode [ 77.288175][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.311353][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.313065][ T5784] veth1_macvtap: entered promiscuous mode [ 77.337932][ T5792] veth0_macvtap: entered promiscuous mode [ 77.361772][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.375188][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.388623][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.409222][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.421728][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.439518][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.449797][ T5792] veth1_macvtap: entered promiscuous mode [ 77.478540][ T5788] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.492448][ T5788] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.501835][ T5788] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.510730][ T5788] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.532796][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.545085][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.555448][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.566496][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.578084][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.587761][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.599293][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.609497][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.620923][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.630896][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.642925][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.655021][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.683118][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.695467][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.705873][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.717164][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.729509][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.739406][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.762514][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.778678][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.789506][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.805595][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.818559][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.831102][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.872776][ T5872] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.897375][ T5784] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.906940][ T5784] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.916486][ T5784] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.927722][ T5784] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.943393][ T5792] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.952624][ T5792] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.961803][ T5792] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.971354][ T5792] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.127907][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.141336][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.211273][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.219587][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.228123][ T992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.245114][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.253290][ T992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.263511][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.341277][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.356434][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.408342][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.444315][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.633977][ T5796] Bluetooth: hci1: command tx timeout [ 78.643949][ T5796] Bluetooth: hci0: command tx timeout [ 78.714253][ T5796] Bluetooth: hci2: command tx timeout [ 78.714277][ T5799] Bluetooth: hci3: command tx timeout [ 78.750144][ T28] audit: type=1326 audit(1757693123.904:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5884 comm="syz.0.5" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2eee58eba9 code=0x0 [ 78.815150][ T5882] capability: warning: `syz.1.2' uses deprecated v2 capabilities in a way that may be insecure [ 79.168868][ T5872] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.480195][ T5900] syz.2.11[5900] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.480446][ T5900] syz.2.11[5900] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.638012][ T5902] netlink: 'syz.1.13': attribute type 4 has an invalid length. [ 79.788039][ T5906] netlink: 4 bytes leftover after parsing attributes in process `syz.0.15'. [ 79.891861][ T5906] veth0_macvtap: left promiscuous mode [ 79.939774][ T5902] netlink: 'syz.1.13': attribute type 4 has an invalid length. [ 80.023384][ T5902] syz.1.13 (5902) used greatest stack depth: 20392 bytes left [ 80.124494][ T5911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.14'. [ 80.716023][ T5799] Bluetooth: hci0: command tx timeout [ 80.721535][ T5799] Bluetooth: hci1: command tx timeout [ 80.764350][ T965] cfg80211: failed to load regulatory.db [ 80.804060][ T5796] Bluetooth: hci2: command tx timeout [ 80.809762][ T5799] Bluetooth: hci3: command tx timeout [ 80.939523][ T5914] netlink: 'syz.1.16': attribute type 13 has an invalid length. [ 81.003443][ T5917] syz.2.17[5917]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 81.050151][ T5918] loop1: detected capacity change from 0 to 512 [ 81.053696][ T5917] loop2: detected capacity change from 0 to 2048 [ 81.126302][ T5918] EXT4-fs error (device loop1): ext4_xattr_inode_iget:445: comm +}[@: error while reading EA inode 32 err=-116 [ 81.142296][ T5918] EXT4-fs (loop1): Remounting filesystem read-only [ 81.150449][ T5918] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 81.165402][ T5918] EXT4-fs warning (device loop1): ext4_evict_inode:255: couldn't mark inode dirty (err -5) [ 81.178842][ T5918] EXT4-fs (loop1): 1 orphan inode deleted [ 81.180132][ T5917] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.186099][ T5918] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.263337][ T5918] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.383114][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.406665][ T5914] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 81.593670][ T5872] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.843188][ T5872] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.323428][ T5933] loop2: detected capacity change from 0 to 128 [ 82.700817][ T5938] loop1: detected capacity change from 0 to 1024 [ 82.709015][ T5938] EXT4-fs: Ignoring removed mblk_io_submit option [ 82.802298][ T5938] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.837154][ T5931] lo speed is unknown, defaulting to 1000 [ 82.843416][ T5931] lo speed is unknown, defaulting to 1000 [ 82.852661][ T5931] lo speed is unknown, defaulting to 1000 [ 82.865189][ T5938] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 82.865643][ T5931] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 82.883931][ T5938] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 82.900198][ T5931] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 82.903490][ T5938] EXT4-fs (loop1): This should not happen!! Data will be lost [ 82.903490][ T5938] [ 82.922256][ T5938] EXT4-fs (loop1): Total free blocks count 0 [ 82.928636][ T5938] EXT4-fs (loop1): Free/Dirty block details [ 82.939326][ T5938] EXT4-fs (loop1): free_blocks=68451041280 [ 82.945640][ T5938] EXT4-fs (loop1): dirty_blocks=80 [ 82.945944][ T5931] lo speed is unknown, defaulting to 1000 [ 82.951053][ T5938] EXT4-fs (loop1): Block reservation details [ 82.966798][ T5931] lo speed is unknown, defaulting to 1000 [ 82.998809][ T5801] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 83.009749][ T5931] lo speed is unknown, defaulting to 1000 [ 83.017151][ T5931] lo speed is unknown, defaulting to 1000 [ 83.093456][ T5938] EXT4-fs (loop1): i_reserved_data_blocks=5 [ 83.381554][ T12] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28 [ 83.441484][ T5872] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.482652][ T5872] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.536620][ T5872] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.591678][ T5872] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.624419][ T5946] netlink: 'syz.1.23': attribute type 1 has an invalid length. [ 83.665573][ T5946] netlink: 4 bytes leftover after parsing attributes in process `syz.1.23'. [ 83.730692][ T5946] vxcan3: entered allmulticast mode [ 84.373690][ T5961] mmap: syz.3.30 (5961) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 84.496995][ T5962] loop0: detected capacity change from 0 to 128 [ 85.175833][ T5964] syz.0.28 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 85.256351][ T28] audit: type=1326 audit(1757693130.184:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5955 comm="syz.0.28" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eee58eba9 code=0x7ffc0000 [ 85.327638][ T28] audit: type=1326 audit(1757693130.184:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5955 comm="syz.0.28" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eee58eba9 code=0x7ffc0000 [ 85.428337][ T28] audit: type=1326 audit(1757693130.184:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5955 comm="syz.0.28" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2eee58eba9 code=0x7ffc0000 [ 85.475663][ T28] audit: type=1326 audit(1757693130.184:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5955 comm="syz.0.28" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eee58eba9 code=0x7ffc0000 [ 85.498625][ T28] audit: type=1326 audit(1757693130.194:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5955 comm="syz.0.28" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eee58eba9 code=0x7ffc0000 [ 85.501343][ T5968] netlink: 8 bytes leftover after parsing attributes in process `syz.1.32'. [ 85.532139][ T28] audit: type=1326 audit(1757693130.194:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5955 comm="syz.0.28" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f2eee58eba9 code=0x7ffc0000 [ 85.540099][ T5966] loop2: detected capacity change from 0 to 512 [ 85.557173][ T5968] netem: change failed [ 85.565073][ T28] audit: type=1326 audit(1757693130.194:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5955 comm="syz.0.28" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eee58eba9 code=0x7ffc0000 [ 85.598460][ T28] audit: type=1326 audit(1757693130.194:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5955 comm="syz.0.28" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eee58eba9 code=0x7ffc0000 [ 85.626679][ T5966] EXT4-fs: Ignoring removed mblk_io_submit option [ 85.663886][ T5966] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 85.683821][ T28] audit: type=1326 audit(1757693130.194:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5955 comm="syz.0.28" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2eee58eba9 code=0x7ffc0000 [ 85.712277][ T5966] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 85.723081][ T28] audit: type=1326 audit(1757693130.194:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5955 comm="syz.0.28" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eee58eba9 code=0x7ffc0000 [ 85.748550][ T5966] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0082] [ 85.759667][ T5966] System zones: 1-12 [ 85.769406][ T5966] EXT4-fs (loop2): 1 truncate cleaned up [ 85.802931][ T5966] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.846638][ T5976] netlink: 'syz.3.33': attribute type 1 has an invalid length. [ 85.857586][ T5976] netlink: 224 bytes leftover after parsing attributes in process `syz.3.33'. [ 85.879699][ T5976] loop3: detected capacity change from 0 to 512 [ 85.961969][ T5976] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.984215][ T5976] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.370752][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.409968][ T5986] loop0: detected capacity change from 0 to 512 [ 86.420000][ T5986] ======================================================= [ 86.420000][ T5986] WARNING: The mand mount option has been deprecated and [ 86.420000][ T5986] and is ignored by this kernel. Remove the mand [ 86.420000][ T5986] option from the mount to silence this warning. [ 86.420000][ T5986] ======================================================= [ 86.746326][ T5988] loop1: detected capacity change from 0 to 2048 [ 86.759643][ T5988] EXT4-fs: Ignoring removed i_version option [ 86.912411][ T5988] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.925258][ T5988] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 87.623734][ C1] sched: RT throttling activated [ 88.430342][ T5796] Bluetooth: hci3: command tx timeout [ 88.458092][ T5986] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.37: Invalid inode bitmap blk 4 in block_group 0 [ 88.553220][ T5986] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.648724][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.017412][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.051244][ T5995] netlink: 24 bytes leftover after parsing attributes in process `syz.2.40'. [ 89.333450][ T6001] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.42'. [ 89.424019][ T5998] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.42'. [ 89.456418][ T5792] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.665236][ T6010] loop1: detected capacity change from 0 to 128 [ 91.035346][ T28] kauditd_printk_skb: 65 callbacks suppressed [ 91.035363][ T28] audit: type=1800 audit(1757693136.204:78): pid=6023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.44" name="file1" dev="loop1" ino=1048594 res=0 errno=0 [ 91.759777][ T6035] netlink: 24 bytes leftover after parsing attributes in process `syz.3.50'. [ 92.089056][ T6054] loop0: detected capacity change from 0 to 128 [ 93.727863][ T6071] loop3: detected capacity change from 0 to 2048 [ 93.845411][ T6071] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.880273][ T6080] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 93.986265][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.996736][ T5796] Bluetooth: hci3: command tx timeout [ 94.116352][ T6083] netlink: 4 bytes leftover after parsing attributes in process `syz.2.73'. [ 94.651044][ T6104] loop3: detected capacity change from 0 to 2048 [ 94.709777][ T6104] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.940385][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.069835][ T6117] loop1: detected capacity change from 0 to 2048 [ 95.332990][ T6119] loop2: detected capacity change from 0 to 2048 [ 95.346321][ T6119] EXT4-fs: Ignoring removed i_version option [ 95.564056][ T6119] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.576873][ T6119] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.104754][ T5796] Bluetooth: hci3: command tx timeout [ 97.135509][ T6117] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.303336][ T6117] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 97.456113][ T6117] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 97.571638][ T6117] EXT4-fs (loop1): This should not happen!! Data will be lost [ 97.571638][ T6117] [ 97.627832][ T6117] EXT4-fs (loop1): Total free blocks count 0 [ 97.633973][ T6117] EXT4-fs (loop1): Free/Dirty block details [ 97.640086][ T6117] EXT4-fs (loop1): free_blocks=66060288 [ 97.646011][ T6117] EXT4-fs (loop1): dirty_blocks=48 [ 97.651191][ T6117] EXT4-fs (loop1): Block reservation details [ 97.657366][ T6117] EXT4-fs (loop1): i_reserved_data_blocks=3 [ 97.921450][ T6132] loop0: detected capacity change from 0 to 1024 [ 98.033160][ T5792] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.073818][ T6070] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 98.295515][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.702853][ T6151] loop0: detected capacity change from 0 to 2048 [ 98.726524][ T6153] Zero length message leads to an empty skb [ 98.780122][ T6151] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.852013][ T6151] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 98.919994][ T6151] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 98.980482][ T6151] EXT4-fs (loop0): This should not happen!! Data will be lost [ 98.980482][ T6151] [ 99.009566][ T6151] EXT4-fs (loop0): Total free blocks count 0 [ 99.026303][ T6151] EXT4-fs (loop0): Free/Dirty block details [ 99.047853][ T6151] EXT4-fs (loop0): free_blocks=66060288 [ 99.053652][ T6151] EXT4-fs (loop0): dirty_blocks=48 [ 99.071582][ T6151] EXT4-fs (loop0): Block reservation details [ 99.089133][ T6151] EXT4-fs (loop0): i_reserved_data_blocks=3 [ 99.134236][ T6167] process 'syz.2.106' launched '/dev/fd/-1' with NULL argv: empty string added [ 99.268844][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.780710][ T6185] loop2: detected capacity change from 0 to 1024 [ 99.783843][ T28] audit: type=1326 audit(1757693144.924:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6186 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879878eba9 code=0x7ffc0000 [ 99.826666][ T28] audit: type=1326 audit(1757693144.924:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6186 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879878eba9 code=0x7ffc0000 [ 99.856895][ T28] audit: type=1326 audit(1757693144.924:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6186 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f879878eba9 code=0x7ffc0000 [ 99.917598][ T6070] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 99.941201][ T28] audit: type=1326 audit(1757693144.924:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6186 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879878eba9 code=0x7ffc0000 [ 100.019840][ T28] audit: type=1326 audit(1757693144.924:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6186 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879878eba9 code=0x7ffc0000 [ 100.086057][ T28] audit: type=1326 audit(1757693144.924:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6186 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f879878eba9 code=0x7ffc0000 [ 100.162383][ T28] audit: type=1326 audit(1757693144.924:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6186 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879878eba9 code=0x7ffc0000 [ 100.220158][ T6194] loop3: detected capacity change from 0 to 2048 [ 100.231584][ T28] audit: type=1326 audit(1757693144.924:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6186 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879878eba9 code=0x7ffc0000 [ 100.278442][ T28] audit: type=1326 audit(1757693144.924:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6186 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f879878eba9 code=0x7ffc0000 [ 100.326236][ T6194] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.347677][ T6194] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 100.364142][ T6194] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 100.364162][ T28] audit: type=1326 audit(1757693144.924:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6186 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f879878eba9 code=0x7ffc0000 [ 100.402084][ T6194] EXT4-fs (loop3): This should not happen!! Data will be lost [ 100.402084][ T6194] [ 100.412225][ T6194] EXT4-fs (loop3): Total free blocks count 0 [ 100.418416][ T6194] EXT4-fs (loop3): Free/Dirty block details [ 100.424484][ T6194] EXT4-fs (loop3): free_blocks=66060288 [ 100.430347][ T6194] EXT4-fs (loop3): dirty_blocks=48 [ 100.435716][ T6194] EXT4-fs (loop3): Block reservation details [ 100.441735][ T6194] EXT4-fs (loop3): i_reserved_data_blocks=3 [ 100.474166][ T5796] Bluetooth: hci3: command tx timeout [ 100.549420][ T5793] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.574000][ T5796] Bluetooth: hci3: command tx timeout [ 102.913417][ T6247] loop2: detected capacity change from 0 to 1024 [ 103.107349][ T6247] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.499457][ T6247] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 103.647187][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.586966][ T6278] netlink: 24 bytes leftover after parsing attributes in process `syz.2.151'. [ 104.634019][ T5796] Bluetooth: hci3: command tx timeout [ 105.881560][ T6303] loop3: detected capacity change from 0 to 512 [ 106.342250][ T6313] loop0: detected capacity change from 0 to 1024 [ 106.600302][ T6313] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.936777][ T6313] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 107.080826][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.424979][ T6334] loop3: detected capacity change from 0 to 512 [ 107.524065][ T6334] [ 107.526468][ T6334] ====================================================== [ 107.533516][ T6334] WARNING: possible circular locking dependency detected [ 107.540565][ T6334] syzkaller #0 Not tainted [ 107.545011][ T6334] ------------------------------------------------------ [ 107.552142][ T6334] syz.3.173/6334 is trying to acquire lock: [ 107.558069][ T6334] ffff888024f70bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x170/0x2f0 [ 107.568227][ T6334] [ 107.568227][ T6334] but task is already holding lock: [ 107.575704][ T6334] ffff888076b71ec8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3dc/0x6e0 [ 107.585600][ T6334] [ 107.585600][ T6334] which lock already depends on the new lock. [ 107.585600][ T6334] [ 107.596057][ T6334] [ 107.596057][ T6334] the existing dependency chain (in reverse order) is: [ 107.605190][ T6334] [ 107.605190][ T6334] -> #1 (&ei->xattr_sem){++++}-{3:3}: [ 107.612805][ T6334] down_write+0x97/0x1f0 [ 107.617625][ T6334] ext4_destroy_inline_data+0x28/0xe0 [ 107.623565][ T6334] ext4_do_writepages+0x4c2/0x38d0 [ 107.629235][ T6334] ext4_writepages+0x1a8/0x2f0 [ 107.634592][ T6334] do_writepages+0x3a2/0x600 [ 107.639756][ T6334] filemap_fdatawrite_wbc+0x122/0x180 [ 107.645794][ T6334] file_write_and_wait_range+0x171/0x240 [ 107.651995][ T6334] generic_buffers_fsync_noflush+0x6f/0x160 [ 107.658465][ T6334] ext4_sync_file+0x454/0xc10 [ 107.663713][ T6334] ext4_buffered_write_iter+0x2c0/0x350 [ 107.669822][ T6334] ext4_file_write_iter+0x1d9/0x1870 [ 107.675666][ T6334] do_iter_write+0x79a/0xc70 [ 107.680817][ T6334] do_pwritev+0x205/0x340 [ 107.685895][ T6334] do_syscall_64+0x55/0xb0 [ 107.690874][ T6334] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 107.697340][ T6334] [ 107.697340][ T6334] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 107.705845][ T6334] __lock_acquire+0x2ddb/0x7c80 [ 107.711532][ T6334] lock_acquire+0x197/0x410 [ 107.716609][ T6334] percpu_down_read+0x44/0x1a0 [ 107.722036][ T6334] ext4_writepages+0x170/0x2f0 [ 107.727368][ T6334] do_writepages+0x3a2/0x600 [ 107.732525][ T6334] __writeback_single_inode+0x153/0xee0 [ 107.738636][ T6334] writeback_single_inode+0x211/0x720 [ 107.744581][ T6334] write_inode_now+0x161/0x1e0 [ 107.749923][ T6334] iput+0x5b2/0x920 [ 107.754293][ T6334] ext4_xattr_block_set+0x273a/0x32a0 [ 107.760238][ T6334] ext4_expand_extra_isize_ea+0x10ea/0x19e0 [ 107.766704][ T6334] __ext4_expand_extra_isize+0x306/0x400 [ 107.772905][ T6334] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 107.778935][ T6334] ext4_evict_inode+0x7ed/0xea0 [ 107.784354][ T6334] evict+0x486/0x870 [ 107.788808][ T6334] ext4_orphan_cleanup+0xbd4/0x1400 [ 107.794575][ T6334] ext4_fill_super+0x5de7/0x66c0 [ 107.800079][ T6334] get_tree_bdev+0x3e4/0x510 [ 107.805229][ T6334] vfs_get_tree+0x8c/0x280 [ 107.810201][ T6334] do_new_mount+0x24b/0xa40 [ 107.815358][ T6334] __se_sys_mount+0x2da/0x3c0 [ 107.820595][ T6334] do_syscall_64+0x55/0xb0 [ 107.825572][ T6334] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 107.832052][ T6334] [ 107.832052][ T6334] other info that might help us debug this: [ 107.832052][ T6334] [ 107.842310][ T6334] Possible unsafe locking scenario: [ 107.842310][ T6334] [ 107.849803][ T6334] CPU0 CPU1 [ 107.855208][ T6334] ---- ---- [ 107.860598][ T6334] lock(&ei->xattr_sem); [ 107.865048][ T6334] lock(&sbi->s_writepages_rwsem); [ 107.872799][ T6334] lock(&ei->xattr_sem); [ 107.879679][ T6334] rlock(&sbi->s_writepages_rwsem); [ 107.885006][ T6334] [ 107.885006][ T6334] *** DEADLOCK *** [ 107.885006][ T6334] [ 107.893438][ T6334] 3 locks held by syz.3.173/6334: [ 107.898484][ T6334] #0: ffff888024f720e0 (&type->s_umount_key#31){++++}-{3:3}, at: get_tree_bdev+0x344/0x510 [ 107.908633][ T6334] #1: ffff888024f72608 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x2b9/0xea0 [ 107.918089][ T6334] #2: ffff888076b71ec8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3dc/0x6e0 [ 107.928417][ T6334] [ 107.928417][ T6334] stack backtrace: [ 107.934350][ T6334] CPU: 0 PID: 6334 Comm: syz.3.173 Not tainted syzkaller #0 [ 107.941665][ T6334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 107.952195][ T6334] Call Trace: [ 107.955472][ T6334] [ 107.958406][ T6334] dump_stack_lvl+0x16c/0x230 [ 107.963092][ T6334] ? load_image+0x3b0/0x3b0 [ 107.967589][ T6334] ? show_regs_print_info+0x20/0x20 [ 107.972795][ T6334] ? print_circular_bug+0x12b/0x1a0 [ 107.977994][ T6334] check_noncircular+0x2bd/0x3c0 [ 107.982927][ T6334] ? look_up_lock_class+0x75/0x140 [ 107.988042][ T6334] ? print_deadlock_bug+0x5d0/0x5d0 [ 107.993258][ T6334] ? lockdep_lock+0xe0/0x220 [ 107.997845][ T6334] ? _find_first_zero_bit+0xd3/0x100 [ 108.003130][ T6334] __lock_acquire+0x2ddb/0x7c80 [ 108.007987][ T6334] ? __lock_acquire+0x1334/0x7c80 [ 108.013008][ T6334] ? verify_lock_unused+0x140/0x140 [ 108.018204][ T6334] ? verify_lock_unused+0x140/0x140 [ 108.023419][ T6334] lock_acquire+0x197/0x410 [ 108.027936][ T6334] ? ext4_writepages+0x170/0x2f0 [ 108.032965][ T6334] ? __might_sleep+0xe0/0xe0 [ 108.037569][ T6334] ? mark_lock+0x94/0x320 [ 108.041906][ T6334] ? read_lock_is_recursive+0x20/0x20 [ 108.047282][ T6334] ? __lock_acquire+0x1334/0x7c80 [ 108.052318][ T6334] percpu_down_read+0x44/0x1a0 [ 108.057099][ T6334] ? ext4_writepages+0x170/0x2f0 [ 108.062048][ T6334] ext4_writepages+0x170/0x2f0 [ 108.066909][ T6334] ? ext4_read_folio+0x2f0/0x2f0 [ 108.071859][ T6334] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 108.077874][ T6334] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 108.083796][ T6334] ? lockdep_hardirqs_on+0x98/0x150 [ 108.089484][ T6334] ? ext4_read_folio+0x2f0/0x2f0 [ 108.094446][ T6334] do_writepages+0x3a2/0x600 [ 108.099066][ T6334] ? folio_clear_dirty_for_io+0xc30/0xc30 [ 108.104800][ T6334] ? writeback_single_inode+0x206/0x720 [ 108.110357][ T6334] ? __lock_acquire+0x7c80/0x7c80 [ 108.115390][ T6334] ? do_raw_spin_lock+0x121/0x2c0 [ 108.120421][ T6334] ? get_tree_bdev+0x3e4/0x510 [ 108.125194][ T6334] __writeback_single_inode+0x153/0xee0 [ 108.130753][ T6334] writeback_single_inode+0x211/0x720 [ 108.136145][ T6334] ? write_inode_now+0x1e0/0x1e0 [ 108.141186][ T6334] write_inode_now+0x161/0x1e0 [ 108.145955][ T6334] ? bdi_split_work_to_wbs+0x890/0x890 [ 108.151510][ T6334] ? do_raw_spin_unlock+0x121/0x230 [ 108.156714][ T6334] iput+0x5b2/0x920 [ 108.160534][ T6334] ext4_xattr_block_set+0x273a/0x32a0 [ 108.165912][ T6334] ? __might_sleep+0xe0/0xe0 [ 108.170519][ T6334] ? xattr_find_entry+0x12b/0x2f0 [ 108.175554][ T6334] ? ext4_xattr_block_find+0x350/0x350 [ 108.181028][ T6334] ? ext4_xattr_block_find+0x2d4/0x350 [ 108.186504][ T6334] ext4_expand_extra_isize_ea+0x10ea/0x19e0 [ 108.192416][ T6334] __ext4_expand_extra_isize+0x306/0x400 [ 108.198150][ T6334] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 108.203619][ T6334] ext4_evict_inode+0x7ed/0xea0 [ 108.208473][ T6334] ? _raw_spin_unlock+0x28/0x40 [ 108.213333][ T6334] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 108.219244][ T6334] ? do_raw_spin_unlock+0x121/0x230 [ 108.224453][ T6334] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 108.230440][ T6334] evict+0x486/0x870 [ 108.234348][ T6334] ? __lock_acquire+0x7c80/0x7c80 [ 108.239394][ T6334] ? proc_nr_inodes+0x230/0x230 [ 108.244258][ T6334] ? do_raw_spin_unlock+0x121/0x230 [ 108.249474][ T6334] ? _raw_spin_unlock+0x28/0x40 [ 108.254332][ T6334] ? iput+0x70a/0x920 [ 108.258329][ T6334] ext4_orphan_cleanup+0xbd4/0x1400 [ 108.263563][ T6334] ? ext4_orphan_del+0xba0/0xba0 [ 108.268513][ T6334] ? ext4_register_li_request+0x183/0x940 [ 108.274257][ T6334] ? errseq_check_and_advance+0x66/0x120 [ 108.279903][ T6334] ext4_fill_super+0x5de7/0x66c0 [ 108.284852][ T6334] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 108.291111][ T6334] ? vscnprintf+0x80/0x80 [ 108.295446][ T6334] ? down_read_killable+0x340/0x340 [ 108.300656][ T6334] ? setup_bdev_super+0x56b/0x660 [ 108.305680][ T6334] get_tree_bdev+0x3e4/0x510 [ 108.310271][ T6334] ? vfs_parse_fs_string+0x160/0x160 [ 108.315572][ T6334] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 108.321828][ T6334] ? setup_bdev_super+0x660/0x660 [ 108.326940][ T6334] ? apparmor_capable+0x137/0x1a0 [ 108.331969][ T6334] ? bpf_lsm_capable+0x9/0x10 [ 108.336653][ T6334] ? security_capable+0x89/0xb0 [ 108.341598][ T6334] vfs_get_tree+0x8c/0x280 [ 108.346022][ T6334] do_new_mount+0x24b/0xa40 [ 108.350536][ T6334] __se_sys_mount+0x2da/0x3c0 [ 108.355219][ T6334] ? __x64_sys_mount+0xc0/0xc0 [ 108.359990][ T6334] ? lockdep_hardirqs_on+0x98/0x150 [ 108.365224][ T6334] ? __x64_sys_mount+0x20/0xc0 [ 108.370002][ T6334] do_syscall_64+0x55/0xb0 [ 108.374442][ T6334] ? clear_bhb_loop+0x40/0x90 [ 108.379127][ T6334] ? clear_bhb_loop+0x40/0x90 [ 108.383830][ T6334] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.389765][ T6334] RIP: 0033:0x7fb3e6b9034a [ 108.394205][ T6334] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.413999][ T6334] RSP: 002b:00007fb3e7a71e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 108.422421][ T6334] RAX: ffffffffffffffda RBX: 00007fb3e7a71ef0 RCX: 00007fb3e6b9034a [ 108.430398][ T6334] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fb3e7a71eb0 [ 108.438409][ T6334] RBP: 0000200000000180 R08: 00007fb3e7a71ef0 R09: 0000000000800700 [ 108.446384][ T6334] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 108.454443][ T6334] R13: 00007fb3e7a71eb0 R14: 0000000000000473 R15: 0000200000000680 [ 108.462427][ T6334] [ 108.485521][ T6334] ------------[ cut here ]------------ [ 108.491174][ T6334] EA inode 11 i_nlink=2 [ 108.491479][ T6334] WARNING: CPU: 0 PID: 6334 at fs/ext4/xattr.c:1070 ext4_xattr_inode_update_ref+0x521/0x580 [ 108.506112][ T6334] Modules linked in: [ 108.510031][ T6334] CPU: 0 PID: 6334 Comm: syz.3.173 Not tainted syzkaller #0 [ 108.518682][ T6334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 108.529095][ T6334] RIP: 0010:ext4_xattr_inode_update_ref+0x521/0x580 [ 108.535815][ T6334] Code: 24 50 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 31 43 9a ff 49 8b 37 48 c7 c7 00 d1 be 8a 44 89 f2 e8 cf 73 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 1f fe ff ff [ 108.555736][ T6334] RSP: 0018:ffffc9000c4af220 EFLAGS: 00010246 [ 108.561841][ T6334] RAX: 45c1d3d1a024f400 RBX: 0000000000000001 RCX: 0000000000080000 [ 108.569891][ T6334] RDX: ffffc9000d82d000 RSI: 000000000007ffff RDI: 0000000000080000 [ 108.577929][ T6334] RBP: ffffc9000c4af318 R08: ffffc9000c4aee27 R09: 1ffff92001895dc4 [ 108.586191][ T6334] R10: dffffc0000000000 R11: fffff52001895dc5 R12: ffff888076b73eb0 [ 108.594575][ T6334] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff888076b73f00 [ 108.602583][ T6334] FS: 00007fb3e7a726c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 108.611949][ T6334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.620291][ T6334] CR2: 00007f6265c16000 CR3: 000000001dae7000 CR4: 00000000003506f0 [ 108.628828][ T6334] Call Trace: [ 108.632140][ T6334] [ 108.635292][ T6334] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 108.640981][ T6334] ? ext4_xattr_inode_iget+0x3df/0x600 [ 108.646579][ T6334] ext4_xattr_set_entry+0xcda/0x1e90 [ 108.651919][ T6334] ext4_xattr_ibody_set+0x254/0x6a0 [ 108.657323][ T6334] ext4_expand_extra_isize_ea+0x113a/0x19e0 [ 108.663361][ T6334] __ext4_expand_extra_isize+0x306/0x400 [ 108.669068][ T6334] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 108.674584][ T6334] ext4_evict_inode+0x7ed/0xea0 [ 108.679446][ T6334] ? _raw_spin_unlock+0x28/0x40 [ 108.684352][ T6334] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 108.690273][ T6334] ? do_raw_spin_unlock+0x121/0x230 [ 108.695538][ T6334] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 108.701464][ T6334] evict+0x486/0x870 [ 108.705442][ T6334] ? __lock_acquire+0x7c80/0x7c80 [ 108.710489][ T6334] ? proc_nr_inodes+0x230/0x230 [ 108.715493][ T6334] ? do_raw_spin_unlock+0x121/0x230 [ 108.721739][ T6334] ? _raw_spin_unlock+0x28/0x40 [ 108.726961][ T6334] ? iput+0x70a/0x920 [ 108.731046][ T6334] ext4_orphan_cleanup+0xbd4/0x1400 [ 108.736390][ T6334] ? ext4_orphan_del+0xba0/0xba0 [ 108.741382][ T6334] ? ext4_register_li_request+0x183/0x940 [ 108.747210][ T6334] ? errseq_check_and_advance+0x66/0x120 [ 108.752872][ T6334] ext4_fill_super+0x5de7/0x66c0 [ 108.757904][ T6334] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 108.764218][ T6334] ? vscnprintf+0x80/0x80 [ 108.768564][ T6334] ? down_read_killable+0x340/0x340 [ 108.773815][ T6334] ? setup_bdev_super+0x56b/0x660 [ 108.778888][ T6334] get_tree_bdev+0x3e4/0x510 [ 108.783478][ T6334] ? vfs_parse_fs_string+0x160/0x160 [ 108.788813][ T6334] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 108.795140][ T6334] ? setup_bdev_super+0x660/0x660 [ 108.800188][ T6334] ? apparmor_capable+0x137/0x1a0 [ 108.805252][ T6334] ? bpf_lsm_capable+0x9/0x10 [ 108.809951][ T6334] ? security_capable+0x89/0xb0 [ 108.814871][ T6334] vfs_get_tree+0x8c/0x280 [ 108.819305][ T6334] do_new_mount+0x24b/0xa40 [ 108.825180][ T6334] __se_sys_mount+0x2da/0x3c0 [ 108.829900][ T6334] ? __x64_sys_mount+0xc0/0xc0 [ 108.835084][ T6334] ? lockdep_hardirqs_on+0x98/0x150 [ 108.840335][ T6334] ? __x64_sys_mount+0x20/0xc0 [ 108.845172][ T6334] do_syscall_64+0x55/0xb0 [ 108.849631][ T6334] ? clear_bhb_loop+0x40/0x90 [ 108.854390][ T6334] ? clear_bhb_loop+0x40/0x90 [ 108.859098][ T6334] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.865134][ T6334] RIP: 0033:0x7fb3e6b9034a [ 108.869576][ T6334] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.890570][ T6334] RSP: 002b:00007fb3e7a71e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 108.899480][ T6334] RAX: ffffffffffffffda RBX: 00007fb3e7a71ef0 RCX: 00007fb3e6b9034a [ 108.907509][ T6334] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fb3e7a71eb0 [ 108.915525][ T6334] RBP: 0000200000000180 R08: 00007fb3e7a71ef0 R09: 0000000000800700 [ 108.923515][ T6334] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 108.932320][ T6334] R13: 00007fb3e7a71eb0 R14: 0000000000000473 R15: 0000200000000680 [ 108.940501][ T6334] [ 108.943544][ T6334] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 108.950909][ T6334] CPU: 0 PID: 6334 Comm: syz.3.173 Not tainted syzkaller #0 [ 108.958188][ T6334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 108.968261][ T6334] Call Trace: [ 108.971643][ T6334] [ 108.974576][ T6334] dump_stack_lvl+0x16c/0x230 [ 108.979270][ T6334] ? show_regs_print_info+0x20/0x20 [ 108.984468][ T6334] ? load_image+0x3b0/0x3b0 [ 108.988971][ T6334] panic+0x2c0/0x710 [ 108.992870][ T6334] ? bpf_jit_dump+0xd0/0xd0 [ 108.997484][ T6334] __warn+0x2e0/0x470 [ 109.001487][ T6334] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 109.007479][ T6334] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 109.013475][ T6334] report_bug+0x2be/0x4f0 [ 109.017811][ T6334] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 109.023801][ T6334] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 109.029807][ T6334] ? ext4_xattr_inode_update_ref+0x523/0x580 [ 109.035796][ T6334] handle_bug+0xcf/0x120 [ 109.040052][ T6334] exc_invalid_op+0x1a/0x50 [ 109.044569][ T6334] asm_exc_invalid_op+0x1a/0x20 [ 109.049429][ T6334] RIP: 0010:ext4_xattr_inode_update_ref+0x521/0x580 [ 109.056115][ T6334] Code: 24 50 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 31 43 9a ff 49 8b 37 48 c7 c7 00 d1 be 8a 44 89 f2 e8 cf 73 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 1f fe ff ff [ 109.075815][ T6334] RSP: 0018:ffffc9000c4af220 EFLAGS: 00010246 [ 109.081975][ T6334] RAX: 45c1d3d1a024f400 RBX: 0000000000000001 RCX: 0000000000080000 [ 109.089951][ T6334] RDX: ffffc9000d82d000 RSI: 000000000007ffff RDI: 0000000000080000 [ 109.097929][ T6334] RBP: ffffc9000c4af318 R08: ffffc9000c4aee27 R09: 1ffff92001895dc4 [ 109.105909][ T6334] R10: dffffc0000000000 R11: fffff52001895dc5 R12: ffff888076b73eb0 [ 109.113973][ T6334] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff888076b73f00 [ 109.121955][ T6334] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 109.127599][ T6334] ? ext4_xattr_inode_iget+0x3df/0x600 [ 109.133076][ T6334] ext4_xattr_set_entry+0xcda/0x1e90 [ 109.138376][ T6334] ext4_xattr_ibody_set+0x254/0x6a0 [ 109.143584][ T6334] ext4_expand_extra_isize_ea+0x113a/0x19e0 [ 109.149498][ T6334] __ext4_expand_extra_isize+0x306/0x400 [ 109.155223][ T6334] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 109.160697][ T6334] ext4_evict_inode+0x7ed/0xea0 [ 109.165558][ T6334] ? _raw_spin_unlock+0x28/0x40 [ 109.170418][ T6334] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 109.176324][ T6334] ? do_raw_spin_unlock+0x121/0x230 [ 109.181637][ T6334] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 109.187537][ T6334] evict+0x486/0x870 [ 109.191458][ T6334] ? __lock_acquire+0x7c80/0x7c80 [ 109.196489][ T6334] ? proc_nr_inodes+0x230/0x230 [ 109.201347][ T6334] ? do_raw_spin_unlock+0x121/0x230 [ 109.206554][ T6334] ? _raw_spin_unlock+0x28/0x40 [ 109.211406][ T6334] ? iput+0x70a/0x920 [ 109.215390][ T6334] ext4_orphan_cleanup+0xbd4/0x1400 [ 109.220607][ T6334] ? ext4_orphan_del+0xba0/0xba0 [ 109.225562][ T6334] ? ext4_register_li_request+0x183/0x940 [ 109.231291][ T6334] ? errseq_check_and_advance+0x66/0x120 [ 109.237020][ T6334] ext4_fill_super+0x5de7/0x66c0 [ 109.241984][ T6334] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 109.248233][ T6334] ? vscnprintf+0x80/0x80 [ 109.252568][ T6334] ? down_read_killable+0x340/0x340 [ 109.257792][ T6334] ? setup_bdev_super+0x56b/0x660 [ 109.262819][ T6334] get_tree_bdev+0x3e4/0x510 [ 109.267415][ T6334] ? vfs_parse_fs_string+0x160/0x160 [ 109.272794][ T6334] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 109.279124][ T6334] ? setup_bdev_super+0x660/0x660 [ 109.284163][ T6334] ? apparmor_capable+0x137/0x1a0 [ 109.289206][ T6334] ? bpf_lsm_capable+0x9/0x10 [ 109.293896][ T6334] ? security_capable+0x89/0xb0 [ 109.298948][ T6334] vfs_get_tree+0x8c/0x280 [ 109.303401][ T6334] do_new_mount+0x24b/0xa40 [ 109.307939][ T6334] __se_sys_mount+0x2da/0x3c0 [ 109.312629][ T6334] ? __x64_sys_mount+0xc0/0xc0 [ 109.317413][ T6334] ? lockdep_hardirqs_on+0x98/0x150 [ 109.322885][ T6334] ? __x64_sys_mount+0x20/0xc0 [ 109.327653][ T6334] do_syscall_64+0x55/0xb0 [ 109.332078][ T6334] ? clear_bhb_loop+0x40/0x90 [ 109.336759][ T6334] ? clear_bhb_loop+0x40/0x90 [ 109.341442][ T6334] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 109.347352][ T6334] RIP: 0033:0x7fb3e6b9034a [ 109.351774][ T6334] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.371389][ T6334] RSP: 002b:00007fb3e7a71e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 109.379813][ T6334] RAX: ffffffffffffffda RBX: 00007fb3e7a71ef0 RCX: 00007fb3e6b9034a [ 109.387789][ T6334] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fb3e7a71eb0 [ 109.395770][ T6334] RBP: 0000200000000180 R08: 00007fb3e7a71ef0 R09: 0000000000800700 [ 109.403746][ T6334] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 109.411722][ T6334] R13: 00007fb3e7a71eb0 R14: 0000000000000473 R15: 0000200000000680 [ 109.419703][ T6334] [ 109.423192][ T6334] Kernel Offset: disabled [ 109.427641][ T6334] Rebooting in 86400 seconds..