last executing test programs: 6.660415984s ago: executing program 2 (id=645): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) syz_open_dev$tty1(0xc, 0x4, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.731922266s ago: executing program 1 (id=646): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000280)='netlink_extack\x00', r4}, 0x10) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001540)={0x14, 0x1d, 0x21, 0x70bd2b, 0x3, {0x7}}, 0x14}}, 0x0) 5.553066167s ago: executing program 2 (id=647): symlinkat(0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013"], 0x80}}, 0x0) sendmmsg(r2, &(0x7f0000000180), 0x400008a, 0x0) 5.463784314s ago: executing program 2 (id=649): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x8010}, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000240)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa210104, @local}, {{0x0, 0x400, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) 4.462629378s ago: executing program 4 (id=654): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a000000030000000800000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000500), &(0x7f0000000580)}, 0x20) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x2, 0x13, 0x7, 0x6, 0x2, 0x0, 0x70bd29, 0x25dfdbfc}, 0x10}}, 0x0) 4.341544538s ago: executing program 2 (id=656): r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0xc}, 0x5}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000003c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x2ff, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x2}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 3.507811212s ago: executing program 4 (id=657): socket$inet6(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xeb38e000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000ec0)={@multicast2, @loopback}, 0xc) setsockopt$inet_mreqsrc(r3, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @local}, 0xc) 3.452470012s ago: executing program 3 (id=658): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYRES32, @ANYBLOB="000000000000000000000000db00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r2, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r3, 0x0, 0x0}, 0x10) 3.140668925s ago: executing program 3 (id=659): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pipe2(&(0x7f0000000000), 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) syz_emit_ethernet(0x41, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606410a6000b0000fe80000000000000000000000000001efe8000"], 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB='ya\x00\x00\x00\x00\x00\b\x00\x00~\x00\x00\x00\b\x00', @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4008084}, 0x0) 2.659909906s ago: executing program 2 (id=661): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) socketpair$unix(0x1, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000008200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r4) 2.634153127s ago: executing program 0 (id=662): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000002e80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) unshare(0x8000000) 2.604938021s ago: executing program 0 (id=663): bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0a00000084000000000100000100000000000000", @ANYBLOB="00000000fdfffffffffffffff62e", @ANYBLOB="e45f", @ANYRES32], 0x50) 2.531973043s ago: executing program 0 (id=664): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x4}, @NFTA_MATCH_NAME={0x8, 0x1, 'u32\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800) 2.510609404s ago: executing program 0 (id=665): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079104800000000006104000000000000950000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) close(r4) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000380)='~', 0x1}], 0x1}, 0x0) 2.42330714s ago: executing program 0 (id=666): r0 = socket$packet(0x11, 0x3, 0x300) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fspick(r1, &(0x7f0000000000)='.\x00', 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r2, 0x3, 0x6}, 0x10) 2.409564564s ago: executing program 4 (id=667): sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = socket(0x80000000000000a, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000030000850000001b000000b7000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "00000000000f0000000100000e00"}}}]}, 0x48}}, 0x0) r8 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) r9 = fsmount(r0, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r4, r9, 0x1, 0x0, @void}, 0x10) bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0) 2.275641922s ago: executing program 0 (id=668): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000000040de28421100000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="001005"], 0x0, 0x0, 0x0, 0x0}, 0x0) 2.034818208s ago: executing program 3 (id=669): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x7fff, 0x269, 0x0, 0x25, 0x19dd, 0x9}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80003, {0x0, 0x0, 0x0, r6, {0x0, 0xe}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4008000) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.931471339s ago: executing program 3 (id=670): r0 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x8, 0x2, 0x2}, 0x10) write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f0000000000", 0x15) recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) 1.755960086s ago: executing program 2 (id=671): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='utf8=1,utf8=1,utf8\x00\x00,utf8=1,shortname=win95,errors=remount-ro,uni_xlate=1,\x00'], 0x3, 0x236, &(0x7f0000000380)="$eJzs2r+LHGUYB/BnLomJFy574i8SEF+0UJshd7VFDrmAuKBoVoiCZOLN6rLj7rGzHKyIuUpb/wRrsbQTJaXNNf4FFnbXXJlCHEl2Y3JhLYKYXfXzafaBZ7/M8+67vLzFHL761Sf9bp13i3GsZFmsXIr9uJXFeqzEXfvxyktXf3runavvvbHVbm+/ndLlrSsbmymlc8//+P5n375wc3z23e/OfX86DtY/ODza/PXgmYPzh79f+bhXp16dBsNxKtL14XBcXK/KtNOr+3lKb1VlUZepN6jL0bF+txru7k5SMdhZW90dlXWdisEk9ctJGg/TeDRJxUdFb5DyPE9rq8Hf0fnmVtPEUXPqWjRN8/jXcfZmrP0SrcieSNmTl7Knr2XP7mfnj5qmtehR+UfY//+3+w71MxHVl3udvc70c9rf6kYvqijjYrTit7j9N5mZ1pdfb29fTHesxxfVjVn+xl7nxPH8RrRifX5+Y5pPx/OnYzXiVMQsvxmteGpO/ofY3pybPxMvv3jf8/Noxc8fxjCq2Inb2XvP/3wjpdfebD+Qv3DnewAA/zV5+tPc+1ue/1V/mn+I++ED96uTceHkYtdORD35tF9UVTn6txd3F7Qs8yxr8dic1onZb7ccEyqWoljcmcSjc2/TFz0JAAAAAAAAAAAAD+NRvE646DUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADL7Y8AAAD//+u8zfo=") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x7, 0x4, 0x8, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r3) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) writev(r2, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec988ca", 0xe}], 0x1) 1.680318826s ago: executing program 1 (id=672): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x28011, r2, 0x0) quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000800)=@rnullb, 0x0, 0x0) 1.666957754s ago: executing program 1 (id=673): gettid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000002001000001"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a0000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) syz_mount_image$ext4(0x0, &(0x7f0000000580)='./file0\x00', 0x19560c0, 0x0, 0x0, 0x0, 0x0) faccessat2(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x3, 0x300) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0xc) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf}) 1.276063852s ago: executing program 4 (id=674): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000016c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe40400000056bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a05cbee30ff0000001989425f5d0b79f6584d0416d7c4bb9f547b328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c3157f00000000000000a06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c3630000000002232017810e743bdaf879946547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e6dafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e097585ab91d20baca005472b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92fe8bad99ca332af00f191b66b6a6f732a91f0e2e9190e4b448da7de018c58e950767f9b320be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c52573d9308a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb50409fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4d8521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060fd2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3bca426a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e4a9f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db00000000000001f915268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f00000021f8547d393dabe616fbbde21c90be00b5a22671395c7a69c6dd4d022ffc97ddb6aa025131652d409da1d8cfc3d219d4b1c1b7b8170d7c33d91db2b73f7ae02485a209a2474b5d0790d05c01bec623056e4d3f4d3149373a28b26a15a1fcce73d57e6eaf7e6f315fe275ebc9ef7aeca277dde01dde724f419803a2172a7833ceab38d21ca4f1dea5e1f4d8824167b21dd289dd4e6ecfba9e163bdbc48e1e758ecde000006c06d4d551e81ee73459cf1c00000000000000000000628a663ed417be6ff5b172cba4a1ec629a39ec253c087b1e9ce84e25b8717ae8581bf28c16a8bbda8d69358e885ddf5387e419c64847b8953070cdefe7d6a35197638e929f8f3c005f9de3fe351def9ed5"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r0, 0x0, 0x62, 0xfffffffffffffe74, &(0x7f0000000140)="cb74445b7d4c0b24676c6c71ae37efcedaf40242309766deb4e793f90000000000000000dbc856cbc664650634231454ca2d8034c4ca29e0d99c3b6615e91835a600c08f989af45438a54981be310aad92ae545b1c961e5f3762a51fe4c736edec6f", &(0x7f0000000cc0)=""/265, 0xcb95, 0x0, 0xff, 0x194, &(0x7f0000000980)="ffc4438e5c3081d0e133e812196ec0ed923733aa8b5aba32c8650e7a66d6136853773dfbc6226be13039e230d511f1ac50cc7811aac0400e4c833fedf842ae2918e6fddb550729246fcf4c0a01bc64989ea3985fb362751a83991bd56e761379caa64f6148893ff25f38d5cd6dd695bbf9ca709a9960e0e6b054d5e2239bcb7c0fb2ac66dc4c8f534e439ff20ccaf0d48a98c19c92a3b437a699350f49606d21a403f8c112c46fea5486bf367a854b0f6c1e563b656e4794f6793a08bb3656c391643f6df71d0255054368a938d38503d064da82d5dbf395ad47ed3932669168d324ed0f6de8360d499042ddc7d02b6c0772128257702bfe6d0971f00fea85da062cdc", &(0x7f00000007c0)="4c87fe555ceb79157b1e507ff4d3cc053321e42ae89f596427188b4877ab8f1776c0685784f1174c6401ecc1dd6e2a77bc79238f87ad9215a92ff203a30099e77c543e702b4a4438d358616381745f24f74e585498af129c4b173b242f445b08135f7fa40eb7ba78160ff4f0c80e1b324d0c234cb7f43a3ff9e9535dc16000c797113a039f4508a09144090000009f38a90a24f173b3e68377e4272950a80cfcd3aa6850e917bc7e57370060f5e6db941d67fc98a1e98103830b821657438325578d2af822dd4fc13ea7a7eef8d9be4e715aec8fd6cadc41c8da5ce9da2b9e1559d92a1936fc2b3a00000000000000000072200e10ba6269b634f10f7098c65ba67ba65c0e2687637e131fb8d5ba6c12c09c8356853c434a44ff0878e496dcf9a4f5ca02c293279948f37ebb28843f92c87c057a3b410e04418557d5deda7ddd3bd1d384d64ec980187e8b64a0696571a49e847db79349c9b3c3fab5f1f977bde4d802d9026ae0c11744eb1525c5195fd215d7a432497f35c2f2cfcd2b6336b26dfef0cb968c910ea2af5cdd4d58cc08535d5514", 0x2, 0x0, 0x3ff}, 0x24) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) 1.170407436s ago: executing program 4 (id=675): bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x3, 0x3, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80000001}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380), 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) ioctl$TIOCSTI(r0, 0x5412, 0x0) sched_setaffinity(0x0, 0x0, 0x0) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) r5 = fsopen(&(0x7f0000000280)='configfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$pppl2tp(0x18, 0x1, 0x1) sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f0000005040)={0x0, 0x0, &(0x7f0000005000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000020303003b083f7300094b89895c6b0000"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x80) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) readv(0xffffffffffffffff, 0x0, 0x0) write$input_event(0xffffffffffffffff, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) 162.749699ms ago: executing program 1 (id=676): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x4}, @NFTA_MATCH_NAME={0x8, 0x1, 'u32\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800) 161.725317ms ago: executing program 3 (id=677): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079104800000000006104000000000000950000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) close(r4) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000380)='~', 0x1}], 0x1}, 0x0) 108.923044ms ago: executing program 4 (id=678): socket$inet6(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xeb38e000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000ec0)={@multicast2, @loopback}, 0xc) setsockopt$inet_mreqsrc(r3, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @local}, 0xc) 88.618355ms ago: executing program 1 (id=679): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) pidfd_send_signal(r2, 0x0, 0x0, 0x0) 67.578761ms ago: executing program 3 (id=680): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x980, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2a0471a, &(0x7f00000000c0)={[{@quota}, {@bsdgroups}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@oldalloc}, {@stripe={'stripe', 0x3d, 0x5}}]}, 0x2, 0x46b, &(0x7f0000000580)="$eJzs3M1vFOUfAPDvzLbw+/HWivgColaJsfGlpQWVgxeNJh4wmugB9VTbQgiFGloTIUSqMXgxMSR6Vo8m/gXevBj1ZGLiSe+GhCgX0FPNzM5Ad9ltt3TZrd3PJxl4nn2e7TzfPvPMPDPPbgPoWUPZP0nEtoj4LSIGqtnaCkPV/65dOTf595Vzk0ksLr72Z5LXu3rl3GRZtXzf1iIznEakHyXFTmrNnTl7YmJmZvp0kR+dP/nO6NyZs08ePzlxbPrY9KnxQ4cOHhh75unxp9oSZxbX1T3vz+7d/dIbF1+ePHLx7R+/ydq7rShfGsct2XTzS0NZ4H8t5urLHon/r2l36832Jemkr4sNYVUqEZF1V38+/geiEjc6byBe/LCrjQNuq+zatLl58cIisIEl0e0WAN1RXuiz+99y69DUY124/Fz1BiiL+1qxVUv6Ii3q9Nfd37bTUEQcWfjni2yLdjyHAABYwSeTnx+OJxrN/9K4e0m9HcUaymBE3BEROyPizojYFRF3ReR174mIe1e5//qloZvnP+mlWwqsRdn879libat2/lfO/mKwUuS25/H3J0ePz0zvL34nw9G/OcuPLbOP71745dNmZUvnf9mW7b+cCxbtuNRX94BuamJ+Ip+UtsHlDyL29DWKP7m+EpBExO6I2LO6H72jTBx/7Ou9zSqtHP8y2rDOtPhVxKPV/l+IuvhLyfLrk6P/i5np/aPlUXGzn36+8Gqz/a8p/jbI+n9L7fFflHx5pkgMvrV0vXYuVr1yeeH3j5ve09zq8b8peT0/H5XLru9NzM+fHovYlBzO8zWvj994b5kv62fxD+9rPP53Fu/J+v++iMgO4vsj4oGIeLBo+0MR8XBE7Fsm/h+eb162Hvp/quH57/rxP5jU9P/qE5UT33/bbP+t9f/BPDVcvJKf/1bQagPX8rsDAACA/4o0/wx8ko5cT6fpyEj1M/y7Yks6Mzs3//jR2XdPTVU/Kz8Y/Wn5pGtgyfPQsWSh+InV/HjxrLgsP1A8N/6sEnl+ZHJ2ZqrLsUOv29pk/Gf+qHS7dcBt12gdbbzBF9qAjad+/Ke12fOvdLIxQEf5vjb0rhXGf9qpdgCd5/oPvavR+D9fl7cWABuT6z/0LuMfepfxD72rbvxX4tdutQTooLV8r1+ilxORrotmtJRo/e9B3O7Em+ujGS0kun1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI9/AwAA//9sbvBf") chdir(&(0x7f0000000140)='./file0\x00') r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000e50000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300001e334185850000007300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) pwrite64(r4, &(0x7f0000000140)='2', 0x1, 0x8080c61) ioctl$EXT4_IOC_MOVE_EXT(r4, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0x7, 0x1000fffff, 0x400, 0xa}) 0s ago: executing program 1 (id=681): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000000c0)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\f\x00\x00\x00\a'], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000006c0)={0x18, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): ve_1 added [ 31.928666][ T6554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.933394][ T6550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.933420][ T6550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.933445][ T6550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.952776][ T6554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.962457][ T6560] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.962482][ T6560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.962498][ T6560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.963032][ T6560] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.963040][ T6560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.963055][ T6560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.971119][ T6561] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.971130][ T6561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.971144][ T6561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.971723][ T6561] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.971730][ T6561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.971741][ T6561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.990867][ T6554] team0: Port device team_slave_0 added [ 31.991543][ T6554] team0: Port device team_slave_1 added [ 31.997563][ T6550] hsr_slave_0: entered promiscuous mode [ 31.998815][ T6550] hsr_slave_1: entered promiscuous mode [ 32.000026][ T6550] debugfs: 'hsr0' already exists in 'hsr' [ 32.001076][ T6550] Cannot create hsr debugfs directory [ 32.006808][ T6560] hsr_slave_0: entered promiscuous mode [ 32.007108][ T6560] hsr_slave_1: entered promiscuous mode [ 32.007311][ T6560] debugfs: 'hsr0' already exists in 'hsr' [ 32.007323][ T6560] Cannot create hsr debugfs directory [ 32.019632][ T6554] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 32.019655][ T6554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.019671][ T6554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 32.022382][ T6561] hsr_slave_0: entered promiscuous mode [ 32.022672][ T6561] hsr_slave_1: entered promiscuous mode [ 32.022857][ T6561] debugfs: 'hsr0' already exists in 'hsr' [ 32.022869][ T6561] Cannot create hsr debugfs directory [ 32.031616][ T6554] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 32.031642][ T6554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.031656][ T6554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 32.104153][ T6554] hsr_slave_0: entered promiscuous mode [ 32.104719][ T6554] hsr_slave_1: entered promiscuous mode [ 32.104918][ T6554] debugfs: 'hsr0' already exists in 'hsr' [ 32.104928][ T6554] Cannot create hsr debugfs directory [ 32.154393][ T6556] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 32.157994][ T6556] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 32.160959][ T6556] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 32.165713][ T6556] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 32.205706][ T6556] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.205759][ T6556] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.205933][ T6556] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.205961][ T6556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.220906][ T6550] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 32.224371][ T6550] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 32.228903][ T6550] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 32.231827][ T6556] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.233238][ T6550] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 32.245359][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.247015][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.260454][ T6556] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.266856][ T6560] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 32.274715][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.274759][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.278463][ T6560] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 32.290399][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.290445][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.295924][ T6560] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 32.303770][ T6560] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 32.319910][ T6561] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 32.326169][ T6561] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 32.346923][ T6561] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 32.349463][ T6561] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 32.356529][ T6550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.373978][ T6550] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.381045][ T6556] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.385558][ T6554] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 32.388550][ T6554] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 32.391022][ T6554] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 32.394643][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.394681][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.397639][ T6554] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 32.412761][ T6556] veth0_vlan: entered promiscuous mode [ 32.421030][ T6556] veth1_vlan: entered promiscuous mode [ 32.427462][ T4467] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.427508][ T4467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.439389][ T6560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.443465][ T6556] veth0_macvtap: entered promiscuous mode [ 32.455281][ T6560] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.459035][ T6556] veth1_macvtap: entered promiscuous mode [ 32.475298][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.475334][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.482011][ T6556] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.482682][ T4467] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.482703][ T4467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.492201][ T6556] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.504168][ T42] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.504520][ T42] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.504536][ T42] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.504549][ T42] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.516630][ T6554] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.521414][ T6561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.539014][ T6561] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.550732][ T6554] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.561788][ T6561] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 32.563583][ T6561] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.569807][ T4731] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.569855][ T4731] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.570737][ T4731] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.570753][ T4731] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.598807][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.598854][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.621949][ T6554] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 32.623956][ T6554] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.630682][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.630726][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.644883][ T1774] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.644923][ T1774] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.659250][ T6561] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.670606][ T6561] veth0_vlan: entered promiscuous mode [ 32.680780][ T243] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.680809][ T243] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.683231][ T6561] veth1_vlan: entered promiscuous mode [ 32.692088][ T6561] veth0_macvtap: entered promiscuous mode [ 32.694837][ T6550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.705814][ T6550] veth0_vlan: entered promiscuous mode [ 32.712873][ T6554] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.725716][ T6561] veth1_macvtap: entered promiscuous mode [ 32.729934][ T6561] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.733485][ T6560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.742240][ T6550] veth1_vlan: entered promiscuous mode [ 32.745296][ T6561] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.750687][ T243] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.750895][ T243] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.750952][ T243] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.750995][ T243] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.764341][ T6560] veth0_vlan: entered promiscuous mode [ 32.770020][ T6556] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 32.794164][ T6560] veth1_vlan: entered promiscuous mode [ 32.804117][ T6560] veth0_macvtap: entered promiscuous mode [ 32.811203][ T6560] veth1_macvtap: entered promiscuous mode [ 32.834213][ T6554] veth0_vlan: entered promiscuous mode [ 32.842520][ T6560] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.844783][ T6560] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.853010][ T6550] veth0_macvtap: entered promiscuous mode [ 32.862720][ T6550] veth1_macvtap: entered promiscuous mode [ 32.865920][ T6550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.867750][ T243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.867764][ T243] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.870014][ T6554] veth1_vlan: entered promiscuous mode [ 32.875362][ T243] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.875433][ T243] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.875472][ T243] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.875506][ T243] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.893636][ T6666] loop1: detected capacity change from 0 to 512 [ 32.900486][ T6666] EXT4-fs: Ignoring removed oldalloc option [ 32.901795][ T6666] ext4: Unknown parameter 'seclabel' [ 32.909063][ T6550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.921316][ T6554] veth0_macvtap: entered promiscuous mode [ 32.922465][ T6554] veth1_macvtap: entered promiscuous mode [ 32.925408][ T6554] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.933832][ T6554] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.950223][ T4731] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.950474][ T4731] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.950498][ T4731] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.950517][ T4731] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.971834][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.971877][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.975978][ T42] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.976026][ T42] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.976063][ T42] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.976088][ T42] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.000320][ T243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.000350][ T243] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.018275][ T4731] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.018298][ T4731] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.070858][ T243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.070895][ T243] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.075065][ T4731] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.075095][ T4731] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.096883][ T4731] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.096915][ T4731] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.154001][ T4731] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.154017][ T4731] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.189182][ T6675] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 33.516961][ T6685] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'. [ 33.679580][ T6557] Bluetooth: hci2: command tx timeout [ 33.686130][ T6120] Bluetooth: hci4: command tx timeout [ 33.686411][ T6120] Bluetooth: hci0: command tx timeout [ 33.686584][ T6120] Bluetooth: hci1: command tx timeout [ 33.686850][ T6120] Bluetooth: hci3: command tx timeout [ 34.142142][ T2320] cfg80211: failed to load regulatory.db [ 35.907269][ T6698] loop1: detected capacity change from 0 to 128 [ 35.907949][ T6698] vfat: Unknown parameter '' [ 36.183546][ T6559] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 36.183953][ T6559] Bluetooth: hci3: command tx timeout [ 36.183980][ T6559] Bluetooth: hci1: command tx timeout [ 36.183997][ T6559] Bluetooth: hci0: command tx timeout [ 36.184014][ T6559] Bluetooth: hci4: command tx timeout [ 36.184029][ T6559] Bluetooth: hci2: command tx timeout [ 36.595266][ T31] audit: type=1107 audit(36.570:2): pid=6706 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 37.117924][ T6729] Zero length message leads to an empty skb [ 37.120498][ T6729] overlayfs: missing 'lowerdir' [ 38.251634][ T6723] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 38.254028][ T6723] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 38.261222][ T6557] Bluetooth: hci2: command tx timeout [ 38.261263][ T6557] Bluetooth: hci4: command tx timeout [ 38.261293][ T6557] Bluetooth: hci0: command tx timeout [ 38.261312][ T6557] Bluetooth: hci1: command tx timeout [ 38.261328][ T6557] Bluetooth: hci3: command tx timeout [ 38.331736][ T6744] syzkaller0: entered promiscuous mode [ 38.331775][ T6744] syzkaller0: entered allmulticast mode [ 39.020570][ T6759] loop3: detected capacity change from 0 to 40427 [ 39.030165][ T6759] F2FS-fs (loop3): invalid crc value [ 39.044746][ T6759] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 39.047122][ T6759] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 39.051828][ T6759] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 40.566677][ T6559] Bluetooth: hci3: command tx timeout [ 40.567524][ T6559] Bluetooth: hci1: command tx timeout [ 40.567560][ T6559] Bluetooth: hci0: command tx timeout [ 40.567583][ T6559] Bluetooth: hci4: command tx timeout [ 40.567600][ T6559] Bluetooth: hci2: command tx timeout [ 41.434086][ T6774] loop0: detected capacity change from 0 to 16 [ 41.516083][ T6780] netlink: 'syz.4.34': attribute type 4 has an invalid length. [ 41.516121][ T6780] netlink: 17 bytes leftover after parsing attributes in process `syz.4.34'. [ 41.592915][ T6774] erofs (device loop0): mounted with root inode @ nid 36. [ 41.909588][ T6772] erofs (device loop0): invalid de[0].nameoff 0 @ nid 36 [ 42.721882][ T6804] loop3: detected capacity change from 0 to 40427 [ 42.724699][ T6804] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(3330) root(3) [ 42.724747][ T6804] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 42.733534][ T6804] F2FS-fs (loop3): invalid crc value [ 42.756520][ T6804] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 42.760192][ T6804] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 42.760241][ T6804] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 42.931845][ T6811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 42.932296][ T6811] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 43.155043][ T6816] loop4: detected capacity change from 0 to 40427 [ 43.157923][ T6816] f2fs: Unknown parameter 'nodisard' [ 43.443126][ T6823] cgroup: Unknown subsys name 'cpuset' [ 43.662861][ T6561] syz-executor: attempt to access beyond end of device [ 43.662861][ T6561] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 43.670551][ T6561] CPU: 0 UID: 0 PID: 6561 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 43.670575][ T6561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 43.670582][ T6561] Call trace: [ 43.670587][ T6561] show_stack+0x2c/0x3c (C) [ 43.670605][ T6561] __dump_stack+0x30/0x40 [ 43.670615][ T6561] dump_stack_lvl+0xd8/0x12c [ 43.670622][ T6561] dump_stack+0x1c/0x28 [ 43.670630][ T6561] f2fs_handle_critical_error+0x34c/0x4b8 [ 43.670640][ T6561] f2fs_stop_checkpoint+0x5c/0x70 [ 43.670648][ T6561] f2fs_write_end_io+0x768/0xa70 [ 43.670655][ T6561] bio_endio+0x804/0x840 [ 43.670662][ T6561] submit_bio_noacct+0x158/0x176c [ 43.670669][ T6561] submit_bio+0x3b4/0x550 [ 43.670675][ T6561] f2fs_submit_write_bio+0x13c/0x324 [ 43.670681][ T6561] __submit_merged_bio+0x254/0x704 [ 43.670687][ T6561] __submit_merged_write_cond+0x23c/0x4ac [ 43.670695][ T6561] f2fs_write_data_pages+0x1d28/0x2634 [ 43.670703][ T6561] do_writepages+0x270/0x468 [ 43.670710][ T6561] filemap_fdatawrite+0x14c/0x1f4 [ 43.670717][ T6561] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 43.670722][ T6561] f2fs_write_checkpoint+0x690/0x16a0 [ 43.670727][ T6561] kill_f2fs_super+0x21c/0x584 [ 43.670733][ T6561] deactivate_locked_super+0xc4/0x12c [ 43.670741][ T6561] deactivate_super+0xe0/0x100 [ 43.670747][ T6561] cleanup_mnt+0x31c/0x3ac [ 43.670753][ T6561] __cleanup_mnt+0x20/0x30 [ 43.670758][ T6561] task_work_run+0x1dc/0x260 [ 43.670764][ T6561] do_notify_resume+0x174/0x1f4 [ 43.670770][ T6561] el0_svc+0xb8/0x180 [ 43.670777][ T6561] el0t_64_sync_handler+0x84/0x12c [ 43.670783][ T6561] el0t_64_sync+0x198/0x19c [ 43.685430][ T6561] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 43.995854][ T6827] loop0: detected capacity change from 0 to 512 [ 44.015740][ T6827] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 44.015852][ T6827] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 44.065884][ T6827] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 44.074376][ T6827] EXT4-fs (loop0): 1 truncate cleaned up [ 44.079506][ T6827] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.612817][ T6838] binder: 6836:6838 tried to acquire reference to desc 0, got 1 instead [ 44.621717][ T6838] binder: 6836:6838 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 44.621749][ T6838] binder: 6838 RLIMIT_NICE not set [ 44.621762][ T6838] binder: 6838 RLIMIT_NICE not set [ 44.621935][ T6838] binder: 6838 RLIMIT_NICE not set [ 44.621974][ T6838] binder_alloc: 6836: binder_alloc_buf, no vma [ 44.621998][ T6838] binder: cannot allocate buffer: vma cleared, target dead or dying [ 44.622019][ T6838] binder: 6836:6838 transaction reply to 6836:6838 failed 6/29189/-3, code 0 size 0-0 line 3335 [ 44.622037][ T6838] binder: send failed reply for transaction 5 to 6836:6838 [ 44.632564][ T6562] binder: undelivered TRANSACTION_COMPLETE [ 44.632606][ T6562] binder: undelivered TRANSACTION_ERROR: 29189 [ 44.710159][ T24] binder: undelivered TRANSACTION_ERROR: 29190 [ 44.724238][ T31] audit: type=1326 audit(44.690:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6832 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 44.724296][ T31] audit: type=1326 audit(44.700:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6832 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 44.724311][ T31] audit: type=1326 audit(44.700:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6832 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 44.724325][ T31] audit: type=1326 audit(44.700:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6832 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=426 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 44.724337][ T31] audit: type=1326 audit(44.700:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6832 comm="syz.4.51" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 44.735889][ T6560] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.103629][ T6850] loop0: detected capacity change from 0 to 2048 [ 45.129070][ T6850] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.503118][ T6865] loop3: detected capacity change from 0 to 512 [ 45.504827][ T6865] ======================================================= [ 45.504827][ T6865] WARNING: The mand mount option has been deprecated and [ 45.504827][ T6865] and is ignored by this kernel. Remove the mand [ 45.504827][ T6865] option from the mount to silence this warning. [ 45.504827][ T6865] ======================================================= [ 45.515968][ T6865] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 45.738042][ T6871] fuse: Unknown parameter 'user_id00000000000000000000' [ 45.754218][ T6873] loop4: detected capacity change from 0 to 128 [ 45.756831][ T6873] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 45.763954][ T6873] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 46.529221][ T6850] fs-verity (loop0, inode 13): Error -4 building Merkle tree [ 46.719172][ T6560] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.743737][ T6880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 46.743917][ T6880] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 46.748576][ T4756] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 46.778000][ T31] audit: type=1326 audit(46.760:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6882 comm="syz.0.65" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 46.792846][ T31] audit: type=1326 audit(46.760:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6882 comm="syz.0.65" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=152 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 46.792893][ T31] audit: type=1326 audit(46.760:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6882 comm="syz.0.65" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 48.234173][ T6897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.234358][ T6897] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.263569][ T6902] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 48.499742][ T6905] loop3: detected capacity change from 0 to 512 [ 49.448464][ T6906] loop0: detected capacity change from 0 to 2048 [ 49.667279][ T6906] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.674270][ T6905] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.75: corrupted in-inode xattr: invalid ea_ino [ 49.706763][ T6905] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.75: couldn't read orphan inode 15 (err -117) [ 49.714130][ T6905] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000001000000 r/w without journal. Quota mode: writeback. [ 49.891169][ T6561] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000001000000. [ 49.993956][ T6918] netem: incorrect ge model size [ 49.993992][ T6918] netem: change failed [ 50.110614][ T6926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.114095][ T6926] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.486956][ T6930] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.486968][ T6560] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.487174][ T6930] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.553400][ T31] audit: type=1326 audit(50.530:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.0.85" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 50.553442][ T31] audit: type=1326 audit(50.530:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.0.85" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 50.561998][ T31] audit: type=1326 audit(50.540:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.0.85" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 50.567472][ T31] audit: type=1326 audit(50.540:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.0.85" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 50.569835][ T31] audit: type=1326 audit(50.550:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.0.85" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 50.569857][ T31] audit: type=1326 audit(50.550:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.0.85" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 50.570291][ T31] audit: type=1326 audit(50.550:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.0.85" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 50.570305][ T31] audit: type=1326 audit(50.550:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.0.85" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=200 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 50.570317][ T31] audit: type=1326 audit(50.550:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.0.85" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 50.570329][ T31] audit: type=1326 audit(50.550:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6935 comm="syz.0.85" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 51.126927][ T6947] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 51.127118][ T6947] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 51.150552][ T6947] loop4: detected capacity change from 0 to 1024 [ 51.154979][ T6947] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 51.155018][ T6947] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (49802!=20869) [ 51.155073][ T6947] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 51.155786][ T6947] EXT4-fs error (device loop4): ext4_get_journal_inode:5796: inode #5: comm syz.4.89: unexpected bad inode w/o EXT4_IGET_BAD [ 51.156012][ T6947] EXT4-fs (loop4): no journal found [ 51.156021][ T6947] EXT4-fs (loop4): can't get journal size [ 51.318840][ T6947] EXT4-fs (loop4): corrupt root inode, run e2fsck [ 51.318909][ T6947] EXT4-fs (loop4): mount failed [ 51.560192][ T6953] loop3: detected capacity change from 0 to 512 [ 51.573262][ T6953] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.90: bad orphan inode 11862016 [ 51.574441][ T6953] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 51.695335][ T6561] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 51.756975][ T6963] binfmt_misc: register: failed to install interpreter file ./file0 [ 51.897194][ T6968] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 52.051267][ T6973] loop2: detected capacity change from 0 to 40427 [ 52.057591][ T6973] F2FS-fs (loop2): invalid crc value [ 52.074680][ T6980] loop1: detected capacity change from 0 to 512 [ 52.136707][ T6980] EXT4-fs (loop1): Test dummy encryption mode enabled [ 52.145145][ T6980] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.96: corrupted in-inode xattr: invalid ea_ino [ 52.149526][ T6980] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.96: couldn't read orphan inode 15 (err -117) [ 52.152158][ T6973] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 52.154231][ T6973] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 52.158275][ T6980] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.712300][ T6988] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 52.712331][ T6988] IPv6: NLM_F_CREATE should be set when creating new route [ 52.767038][ T6668] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 52.901553][ T6995] process 'syz.2.102' launched './file0' with NULL argv: empty string added [ 52.916352][ T6668] usb 1-1: Using ep0 maxpacket: 32 [ 52.931439][ T6668] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 52.931476][ T6668] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 52.931513][ T6668] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 52.931525][ T6668] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.934058][ T6668] usb 1-1: config 0 descriptor?? [ 52.943313][ T6668] hub 1-1:0.0: bad descriptor, ignoring hub [ 52.943348][ T6668] hub 1-1:0.0: probe with driver hub failed with error -5 [ 52.944610][ T6557] Bluetooth: hci4: unexpected subevent 0x01 length: 37 > 18 [ 52.948975][ T6668] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 52.978450][ T7001] capability: warning: `syz.4.105' uses deprecated v2 capabilities in a way that may be insecure [ 53.162249][ T7005] loop2: detected capacity change from 0 to 256 [ 53.508714][ T7005] FAT-fs (loop2): Directory bread(block 64) failed [ 53.508823][ T7005] FAT-fs (loop2): Directory bread(block 65) failed [ 53.508949][ T7005] FAT-fs (loop2): Directory bread(block 66) failed [ 53.509019][ T7005] FAT-fs (loop2): Directory bread(block 67) failed [ 53.509174][ T7005] FAT-fs (loop2): Directory bread(block 68) failed [ 53.509233][ T7005] FAT-fs (loop2): Directory bread(block 69) failed [ 53.509367][ T7005] FAT-fs (loop2): Directory bread(block 70) failed [ 53.509427][ T7005] FAT-fs (loop2): Directory bread(block 71) failed [ 53.509526][ T7005] FAT-fs (loop2): Directory bread(block 72) failed [ 53.509538][ T7005] FAT-fs (loop2): Directory bread(block 73) failed [ 53.920873][ T7009] loop4: detected capacity change from 0 to 128 [ 53.921330][ T7009] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 53.926674][ T7009] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 54.295095][ T7014] loop2: detected capacity change from 0 to 256 [ 54.308964][ T7012] loop3: detected capacity change from 0 to 40427 [ 54.311066][ T7012] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 54.312364][ T7012] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 54.329164][ T7012] F2FS-fs (loop3): invalid crc value [ 54.334331][ T7014] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 54.334535][ T7014] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 54.367294][ T7012] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 54.369422][ T7012] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 54.369977][ T7012] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 54.481403][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.966418][ T6559] Bluetooth: hci4: command tx timeout [ 55.395975][ T7038] syz.1.113: attempt to access beyond end of device [ 55.395975][ T7038] loop3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 55.396066][ T7038] FAT-fs (loop3): unable to read boot sector [ 55.851155][ T7045] loop3: detected capacity change from 0 to 512 [ 55.853700][ T7045] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 55.863502][ T6559] Bluetooth: hci1: unexpected subevent 0x01 length: 37 > 18 [ 55.879754][ T7045] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.115: corrupted in-inode xattr: overlapping e_value [ 55.880200][ T7045] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.115: couldn't read orphan inode 15 (err -117) [ 55.880812][ T7045] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.954263][ T24] usb 1-1: USB disconnect, device number 2 [ 55.972778][ T6561] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.306075][ T7050] loop0: detected capacity change from 0 to 40427 [ 56.310956][ T7060] fuse: Unknown parameter '0x0000000000000004' [ 56.339707][ T7050] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 56.339742][ T7050] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 56.517704][ T7065] loop1: detected capacity change from 0 to 128 [ 57.560301][ T7067] loop3: detected capacity change from 0 to 256 [ 57.961570][ T7065] syz.1.121: attempt to access beyond end of device [ 57.961570][ T7065] loop1: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 57.996938][ T6557] Bluetooth: hci1: command tx timeout [ 58.650886][ T4467] kworker/u8:6: attempt to access beyond end of device [ 58.650886][ T4467] loop1: rw=1, sector=145, nr_sectors = 48 limit=128 [ 58.789140][ T7079] loop3: detected capacity change from 0 to 512 [ 59.666942][ T7079] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.124: corrupted in-inode xattr: invalid ea_ino [ 59.672105][ T7079] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.124: couldn't read orphan inode 15 (err -117) [ 59.674544][ T7079] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.678243][ T7083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 59.685116][ T7083] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 59.699750][ T7084] loop2: detected capacity change from 0 to 1024 [ 59.724660][ T7076] loop1: detected capacity change from 0 to 512 [ 59.728239][ T7076] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 59.735663][ T7084] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.756150][ T7076] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.859489][ T6561] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.863157][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.895226][ T7097] fuse: Unknown parameter '0x0000000000000004' [ 59.917522][ T7100] loop3: detected capacity change from 0 to 2048 [ 59.965261][ T7102] loop0: detected capacity change from 0 to 512 [ 59.966809][ T4707] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 15) [ 59.973036][ T4707] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 59.973074][ T4707] EXT4-fs (loop2): This should not happen!! Data will be lost [ 59.973074][ T4707] [ 59.978918][ T6550] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.981561][ T7102] EXT4-fs (loop0): Test dummy encryption mode enabled [ 59.990579][ T7102] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.134: corrupted in-inode xattr: invalid ea_ino [ 59.993123][ T7102] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.134: couldn't read orphan inode 15 (err -117) [ 59.993728][ T7100] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.999345][ T7102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 60.249097][ T6560] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.271192][ T6561] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.326907][ T7113] loop0: detected capacity change from 0 to 512 [ 60.837463][ T7113] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002] [ 60.837515][ T7113] System zones: 1-12 [ 60.837884][ T7113] EXT4-fs (loop0): 1 truncate cleaned up [ 60.838321][ T7113] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 60.932838][ T7121] loop3: detected capacity change from 0 to 128 [ 60.937237][ T7121] EXT4-fs (loop3): Test dummy encryption mode enabled [ 60.994742][ T7121] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 61.262413][ T7124] loop2: detected capacity change from 0 to 2048 [ 61.376998][ T7124] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 61.664628][ T6561] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 61.700139][ T7126] loop1: detected capacity change from 0 to 40427 [ 61.745769][ T7126] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 61.753367][ T7126] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 62.387201][ T7124] fs-verity (loop2, inode 13): Error -4 building Merkle tree [ 62.416508][ T6668] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 62.449091][ T7146] loop3: detected capacity change from 0 to 128 [ 62.449486][ T7146] vfat: Unknown parameter '' [ 62.492818][ T6556] syz-executor: attempt to access beyond end of device [ 62.492818][ T6556] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 62.495662][ T6556] CPU: 0 UID: 0 PID: 6556 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 62.495689][ T6556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 62.495701][ T6556] Call trace: [ 62.495707][ T6556] show_stack+0x2c/0x3c (C) [ 62.495727][ T6556] __dump_stack+0x30/0x40 [ 62.495734][ T6556] dump_stack_lvl+0xd8/0x12c [ 62.495740][ T6556] dump_stack+0x1c/0x28 [ 62.495746][ T6556] f2fs_handle_critical_error+0x34c/0x4b8 [ 62.495754][ T6556] f2fs_stop_checkpoint+0x5c/0x70 [ 62.495761][ T6556] f2fs_write_end_io+0x768/0xa70 [ 62.495767][ T6556] bio_endio+0x804/0x840 [ 62.495774][ T6556] submit_bio_noacct+0x158/0x176c [ 62.495779][ T6556] submit_bio+0x3b4/0x550 [ 62.495784][ T6556] f2fs_submit_write_bio+0x13c/0x324 [ 62.495790][ T6556] __submit_merged_bio+0x254/0x704 [ 62.495796][ T6556] __submit_merged_write_cond+0x23c/0x4ac [ 62.495803][ T6556] f2fs_write_data_pages+0x1d28/0x2634 [ 62.495809][ T6556] do_writepages+0x270/0x468 [ 62.495816][ T6556] filemap_fdatawrite+0x14c/0x1f4 [ 62.495824][ T6556] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 62.495829][ T6556] f2fs_write_checkpoint+0x690/0x16a0 [ 62.495834][ T6556] kill_f2fs_super+0x21c/0x584 [ 62.495840][ T6556] deactivate_locked_super+0xc4/0x12c [ 62.495847][ T6556] deactivate_super+0xe0/0x100 [ 62.495854][ T6556] cleanup_mnt+0x31c/0x3ac [ 62.495859][ T6556] __cleanup_mnt+0x20/0x30 [ 62.495864][ T6556] task_work_run+0x1dc/0x260 [ 62.495870][ T6556] do_notify_resume+0x174/0x1f4 [ 62.495876][ T6556] el0_svc+0xb8/0x180 [ 62.495883][ T6556] el0t_64_sync_handler+0x84/0x12c [ 62.495889][ T6556] el0t_64_sync+0x198/0x19c [ 62.523786][ T6556] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 62.558281][ T6550] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.596303][ T6668] usb 1-1: Using ep0 maxpacket: 32 [ 62.604092][ T6668] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 62.605714][ T6668] usb 1-1: can't read configurations, error -61 [ 62.618399][ T7150] loop4: detected capacity change from 0 to 128 [ 62.620269][ T7150] EXT4-fs: Ignoring removed nomblk_io_submit option [ 62.621541][ T7150] EXT4-fs: Ignoring removed nomblk_io_submit option [ 62.716554][ T7150] EXT4-fs (loop4): Test dummy encryption mode enabled [ 62.716601][ T7150] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities [ 62.740464][ T6668] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 62.789740][ T7148] loop2: detected capacity change from 0 to 40427 [ 62.795605][ T7148] F2FS-fs (loop2): invalid crc value [ 62.888239][ T6668] usb 1-1: Using ep0 maxpacket: 32 [ 62.903689][ T6668] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 62.903744][ T6668] usb 1-1: can't read configurations, error -61 [ 62.906949][ T6668] usb usb1-port1: attempt power cycle [ 62.937853][ T7148] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 62.940140][ T7148] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 63.458147][ T7160] loop4: detected capacity change from 0 to 256 [ 63.851871][ T7164] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 63.853658][ T7164] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 64.232781][ T7162] loop3: detected capacity change from 0 to 128 [ 64.233166][ T7162] vfat: Unknown parameter '' [ 64.605092][ T2413] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.605149][ T2413] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.648302][ T7160] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 65.496161][ T7170] loop4: detected capacity change from 0 to 256 [ 65.989449][ T6668] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 66.286359][ T7182] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 66.355757][ T7185] loop1: detected capacity change from 0 to 2048 [ 66.381807][ T7185] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 66.824456][ T7198] loop3: detected capacity change from 0 to 256 [ 67.259160][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.393512][ T7208] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.395566][ T7208] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.789285][ T6668] usb 1-1: device descriptor read/8, error -71 [ 68.472026][ T6560] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.560009][ T7228] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 68.560187][ T7228] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.373787][ T7241] loop4: detected capacity change from 0 to 128 [ 69.374255][ T7241] EXT4-fs: Ignoring removed nomblk_io_submit option [ 69.374279][ T7241] EXT4-fs: Ignoring removed nomblk_io_submit option [ 69.458621][ T7238] loop2: detected capacity change from 0 to 40427 [ 69.467049][ T7241] EXT4-fs (loop4): Test dummy encryption mode enabled [ 69.479572][ T7238] F2FS-fs (loop2): invalid crc value [ 69.508565][ T7241] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 69.518689][ T7241] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-ce" [ 69.524398][ T7241] fscrypt: AES-256-XTS using implementation "xts-aes-ce" [ 69.590751][ T7238] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 69.599380][ T7238] F2FS-fs (loop2): Start checkpoint disabled! [ 69.618542][ T7238] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 69.814489][ T7259] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.814659][ T7259] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.881034][ T7257] F2FS-fs (loop2): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled [ 69.922896][ T6554] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 69.971864][ T243] kworker/u8:4: attempt to access beyond end of device [ 69.971864][ T243] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 69.972039][ T243] CPU: 0 UID: 0 PID: 243 Comm: kworker/u8:4 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 69.972048][ T243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 69.972052][ T243] Workqueue: writeback wb_workfn (flush-7:2) [ 69.972069][ T243] Call trace: [ 69.972071][ T243] show_stack+0x2c/0x3c (C) [ 69.972082][ T243] __dump_stack+0x30/0x40 [ 69.972087][ T243] dump_stack_lvl+0xd8/0x12c [ 69.972097][ T243] dump_stack+0x1c/0x28 [ 69.972102][ T243] f2fs_handle_critical_error+0x34c/0x4b8 [ 69.972110][ T243] f2fs_stop_checkpoint+0x5c/0x70 [ 69.972116][ T243] f2fs_write_end_io+0x768/0xa70 [ 69.972122][ T243] bio_endio+0x804/0x840 [ 69.972129][ T243] submit_bio_noacct+0x158/0x176c [ 69.972134][ T243] submit_bio+0x3b4/0x550 [ 69.972138][ T243] f2fs_submit_write_bio+0x13c/0x324 [ 69.972144][ T243] __submit_merged_bio+0x254/0x704 [ 69.972149][ T243] __submit_merged_write_cond+0x23c/0x4ac [ 69.972154][ T243] f2fs_write_data_pages+0x1d28/0x2634 [ 69.972160][ T243] do_writepages+0x270/0x468 [ 69.972167][ T243] __writeback_single_inode+0x15c/0x13e8 [ 69.972174][ T243] writeback_sb_inodes+0x55c/0xe40 [ 69.972180][ T243] wb_writeback+0x3cc/0xd70 [ 69.972186][ T243] wb_workfn+0x338/0xdc0 [ 69.972191][ T243] process_one_work+0x7e8/0x155c [ 69.972196][ T243] worker_thread+0x958/0xed8 [ 69.972201][ T243] kthread+0x5fc/0x75c [ 69.972207][ T243] ret_from_fork+0x10/0x20 [ 69.972214][ T243] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 70.707070][ T7267] loop2: detected capacity change from 0 to 40427 [ 70.725646][ T7267] F2FS-fs (loop2): invalid crc value [ 70.811444][ T7267] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 70.815156][ T7267] F2FS-fs (loop2): Start checkpoint disabled! [ 70.819481][ T7267] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 71.771853][ T7287] loop3: detected capacity change from 0 to 512 [ 71.802392][ T7287] EXT4-fs (loop3): 1 orphan inode deleted [ 71.805475][ T7287] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.825910][ T4756] __quota_error: 5 callbacks suppressed [ 71.825947][ T4756] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 71.825991][ T4756] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:10: Failed to release dquot type 1 [ 71.833851][ T7293] loop1: detected capacity change from 0 to 1024 [ 71.834242][ T7293] EXT4-fs: Ignoring removed nomblk_io_submit option [ 71.863671][ T7293] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.881773][ T7299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.881954][ T7299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.915947][ T6561] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.931825][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.999635][ T7309] netlink: 4 bytes leftover after parsing attributes in process `syz.0.191'. [ 72.475125][ T7314] wg2: entered promiscuous mode [ 72.477487][ T7314] wg2: entered allmulticast mode [ 72.678934][ T7320] loop3: detected capacity change from 0 to 128 [ 72.680812][ T7320] vfat: Unknown parameter '' [ 73.780386][ T31] audit: type=1326 audit(73.760:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7325 comm="syz.0.197" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 73.784221][ T31] audit: type=1326 audit(73.760:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7325 comm="syz.0.197" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 73.788173][ T31] audit: type=1326 audit(73.770:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7325 comm="syz.0.197" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=87 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 73.793803][ T31] audit: type=1326 audit(73.770:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7325 comm="syz.0.197" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8275c0a8 code=0x7ffc0000 [ 73.998117][ T7341] loop0: detected capacity change from 0 to 512 [ 73.998674][ T7341] EXT4-fs: Ignoring removed oldalloc option [ 74.198302][ T7341] EXT4-fs (loop0): 1 truncate cleaned up [ 74.201350][ T7341] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.844394][ T7350] tipc: Started in network mode [ 74.844427][ T7350] tipc: Node identity 7e71e3dd6f1, cluster identity 4711 [ 74.844535][ T7350] tipc: Enabled bearer , priority 0 [ 74.966652][ T7352] netlink: 8 bytes leftover after parsing attributes in process `syz.2.204'. [ 74.968755][ T7352] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 74.968809][ T7352] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 75.155359][ T7350] syzkaller0: entered promiscuous mode [ 75.155393][ T7350] syzkaller0: entered allmulticast mode [ 75.176528][ T6560] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.193885][ T7350] tipc: Resetting bearer [ 75.206045][ T7349] tipc: Resetting bearer [ 75.214966][ T7349] tipc: Disabling bearer [ 75.637714][ T7364] loop2: detected capacity change from 0 to 2048 [ 75.659056][ T7364] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.666344][ T6611] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 75.683233][ T6550] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.704626][ T7361] loop4: detected capacity change from 0 to 40427 [ 75.707942][ T7361] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 75.707989][ T7361] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 75.721933][ T7361] F2FS-fs (loop4): invalid crc value [ 75.739312][ T7361] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 75.743919][ T7361] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 75.744078][ T7361] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 75.751067][ T31] audit: type=1326 audit(75.730:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7373 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbab5c0a8 code=0x7ffc0000 [ 75.755096][ T31] audit: type=1326 audit(75.730:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7373 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbab5c0a8 code=0x7ffc0000 [ 75.759229][ T31] audit: type=1326 audit(75.740:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7373 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=80 compat=0 ip=0xffffbab5c0a8 code=0x7ffc0000 [ 75.763236][ T31] audit: type=1326 audit(75.740:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7373 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbab5c0a8 code=0x7ffc0000 [ 75.767697][ T31] audit: type=1326 audit(75.750:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7373 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbab5c0a8 code=0x7ffc0000 [ 75.816356][ T6611] usb 1-1: Using ep0 maxpacket: 32 [ 75.818783][ T6611] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 75.820887][ T6611] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 75.822737][ T6611] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.887640][ T6611] usb 1-1: config 0 descriptor?? [ 75.899239][ T6611] hub 1-1:0.0: bad descriptor, ignoring hub [ 75.900497][ T6611] hub 1-1:0.0: probe with driver hub failed with error -5 [ 75.904610][ T6611] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 75.925247][ T7379] syz.4.209: attempt to access beyond end of device [ 75.925247][ T7379] loop4: rw=2049, sector=77824, nr_sectors = 2056 limit=40427 [ 75.930693][ T7379] syz.4.209: attempt to access beyond end of device [ 75.930693][ T7379] loop4: rw=2049, sector=79880, nr_sectors = 24 limit=40427 [ 75.944360][ T7360] syz.4.209: attempt to access beyond end of device [ 75.944360][ T7360] loop4: rw=524288, sector=77824, nr_sectors = 256 limit=40427 [ 75.947594][ T7360] syz.4.209: attempt to access beyond end of device [ 75.947594][ T7360] loop4: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 75.950171][ T7360] syz.4.209: attempt to access beyond end of device [ 75.950171][ T7360] loop4: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 75.953211][ T7360] syz.4.209: attempt to access beyond end of device [ 75.953211][ T7360] loop4: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 75.953269][ T7360] syz.4.209: attempt to access beyond end of device [ 75.953269][ T7360] loop4: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 75.953302][ T7360] syz.4.209: attempt to access beyond end of device [ 75.953302][ T7360] loop4: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 75.960923][ T7361] syz.4.209: attempt to access beyond end of device [ 75.960923][ T7361] loop4: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 75.963561][ T7361] syz.4.209: attempt to access beyond end of device [ 75.963561][ T7361] loop4: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 75.994572][ T7382] loop2: detected capacity change from 0 to 256 [ 76.008509][ T7382] FAT-fs (loop2): Directory bread(block 64) failed [ 76.008545][ T7382] FAT-fs (loop2): Directory bread(block 65) failed [ 76.008570][ T7382] FAT-fs (loop2): Directory bread(block 66) failed [ 76.008581][ T7382] FAT-fs (loop2): Directory bread(block 67) failed [ 76.008602][ T7382] FAT-fs (loop2): Directory bread(block 68) failed [ 76.008611][ T7382] FAT-fs (loop2): Directory bread(block 69) failed [ 76.009057][ T7382] FAT-fs (loop2): Directory bread(block 70) failed [ 76.009090][ T7382] FAT-fs (loop2): Directory bread(block 71) failed [ 76.009155][ T7382] FAT-fs (loop2): Directory bread(block 72) failed [ 76.009179][ T7382] FAT-fs (loop2): Directory bread(block 73) failed [ 76.388817][ T7396] bridge0: port 3(gretap0) entered blocking state [ 76.388903][ T7396] bridge0: port 3(gretap0) entered disabled state [ 76.389477][ T7396] gretap0: entered allmulticast mode [ 76.390678][ T7396] gretap0: entered promiscuous mode [ 76.391142][ T7396] bridge0: port 3(gretap0) entered blocking state [ 76.391372][ T7396] bridge0: port 3(gretap0) entered forwarding state [ 76.919684][ T7394] loop2: detected capacity change from 0 to 40427 [ 77.156739][ T7393] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.169217][ T7394] F2FS-fs (loop2): Invalid log blocks per segment (83886089) [ 77.169277][ T7394] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 77.179394][ T7394] F2FS-fs (loop2): invalid crc value [ 77.184667][ T7393] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.586297][ T7394] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 77.588343][ T7394] F2FS-fs (loop2): Start checkpoint disabled! [ 77.591908][ T7394] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 77.591931][ T7394] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 77.628746][ T7405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.628927][ T7405] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.680509][ T7409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.224'. [ 77.680727][ T7409] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 77.680738][ T7409] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 78.039775][ T7414] vhci_hcd: default hub control req: 0315 v0005 i0003 l4 [ 78.453467][ T7428] loop0: detected capacity change from 0 to 16 [ 78.459027][ T7428] erofs (device loop0): mounted with root inode @ nid 36. [ 78.527512][ T6668] usb 1-1: USB disconnect, device number 7 [ 79.147927][ T7442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 79.148179][ T7442] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 79.344882][ T7449] loop1: detected capacity change from 0 to 512 [ 79.345231][ T7449] EXT4-fs: Ignoring removed mblk_io_submit option [ 79.345241][ T7449] EXT4-fs: inline encryption not supported [ 79.345263][ T7449] EXT4-fs: Ignoring removed mblk_io_submit option [ 79.348216][ T7449] EXT4-fs (loop1): Test dummy encryption mode enabled [ 79.348225][ T7449] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 79.356323][ T7449] EXT4-fs (loop1): 1 truncate cleaned up [ 79.357935][ T7449] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.374551][ T7453] netlink: 'syz.4.238': attribute type 3 has an invalid length. [ 79.378372][ T7453] netlink: 'syz.4.238': attribute type 3 has an invalid length. [ 79.395334][ T7449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 79.395683][ T7449] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 79.397774][ T7449] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 79.955211][ T6632] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 80.115167][ T6632] usb 1-1: Using ep0 maxpacket: 32 [ 80.117899][ T6632] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.117935][ T6632] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.117951][ T6632] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 80.117961][ T6632] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.124618][ T6632] usb 1-1: config 0 descriptor?? [ 80.127955][ T6632] hub 1-1:0.0: USB hub found [ 80.201542][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.210386][ T7469] loop2: detected capacity change from 0 to 40427 [ 80.214734][ T7469] F2FS-fs (loop2): invalid crc value [ 80.241839][ T7469] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 80.242165][ T7469] F2FS-fs (loop2): Start checkpoint disabled! [ 80.289319][ T7469] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 80.331015][ T6632] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 80.906784][ T6632] usbhid 1-1:0.0: can't add hid device: -71 [ 80.954885][ T6632] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 80.986165][ T6632] usb 1-1: USB disconnect, device number 8 [ 81.017340][ T4731] bio_check_eod: 4 callbacks suppressed [ 81.017754][ T4731] kworker/u8:9: attempt to access beyond end of device [ 81.017754][ T4731] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 81.017786][ T4731] CPU: 0 UID: 0 PID: 4731 Comm: kworker/u8:9 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 81.017794][ T4731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 81.017799][ T4731] Workqueue: writeback wb_workfn (flush-7:2) [ 81.017817][ T4731] Call trace: [ 81.017820][ T4731] show_stack+0x2c/0x3c (C) [ 81.017830][ T4731] __dump_stack+0x30/0x40 [ 81.017836][ T4731] dump_stack_lvl+0xd8/0x12c [ 81.017841][ T4731] dump_stack+0x1c/0x28 [ 81.017846][ T4731] f2fs_handle_critical_error+0x34c/0x4b8 [ 81.017853][ T4731] f2fs_stop_checkpoint+0x5c/0x70 [ 81.017860][ T4731] f2fs_write_end_io+0x768/0xa70 [ 81.017866][ T4731] bio_endio+0x804/0x840 [ 81.017873][ T4731] submit_bio_noacct+0x158/0x176c [ 81.017878][ T4731] submit_bio+0x3b4/0x550 [ 81.017883][ T4731] f2fs_submit_write_bio+0x13c/0x324 [ 81.017889][ T4731] __submit_merged_bio+0x254/0x704 [ 81.017895][ T4731] __submit_merged_write_cond+0x23c/0x4ac [ 81.017900][ T4731] f2fs_write_data_pages+0x1d28/0x2634 [ 81.017906][ T4731] do_writepages+0x270/0x468 [ 81.017914][ T4731] __writeback_single_inode+0x15c/0x13e8 [ 81.017920][ T4731] writeback_sb_inodes+0x55c/0xe40 [ 81.017927][ T4731] wb_writeback+0x3cc/0xd70 [ 81.017933][ T4731] wb_workfn+0x338/0xdc0 [ 81.017938][ T4731] process_one_work+0x7e8/0x155c [ 81.017944][ T4731] worker_thread+0x958/0xed8 [ 81.017949][ T4731] kthread+0x5fc/0x75c [ 81.017955][ T4731] ret_from_fork+0x10/0x20 [ 81.017962][ T4731] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 81.150292][ T7487] loop1: detected capacity change from 0 to 1024 [ 82.893428][ T7526] vhci_hcd: invalid port number 96 [ 82.893466][ T7526] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 82.894191][ T7526] netlink: 28 bytes leftover after parsing attributes in process `syz.1.260'. [ 82.894216][ T7526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.260'. [ 83.228900][ T7532] loop4: detected capacity change from 0 to 256 [ 84.098279][ T6611] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 84.126113][ T7534] loop3: detected capacity change from 0 to 1024 [ 84.126494][ T7534] EXT4-fs: Ignoring removed orlov option [ 84.130334][ T7534] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 84.149541][ T7534] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.177922][ T7539] loop1: detected capacity change from 0 to 512 [ 84.178403][ T7539] EXT4-fs: Ignoring removed oldalloc option [ 84.219037][ T7539] EXT4-fs (loop1): 1 truncate cleaned up [ 84.219503][ T7539] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.230642][ T7539] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.265: invalid indirect mapped block 234881024 (level 0) [ 84.231201][ T7539] EXT4-fs (loop1): Remounting filesystem read-only [ 84.996810][ T6611] usb 1-1: Using ep0 maxpacket: 32 [ 85.008017][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.011078][ T6611] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 85.011119][ T6611] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 85.011141][ T6611] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 85.011155][ T6611] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.033998][ T6611] usb 1-1: config 0 descriptor?? [ 85.044575][ T6611] hub 1-1:0.0: USB hub found [ 85.071914][ T7545] loop4: detected capacity change from 0 to 512 [ 85.082244][ T7545] EXT4-fs (loop4): Test dummy encryption mode enabled [ 85.085811][ T7545] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 85.094666][ T7545] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.268: bad orphan inode 131083 [ 85.097199][ T7545] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.146561][ T6554] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.151699][ T7546] overlayfs: failed to resolve './file0': -2 [ 85.227421][ T6561] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.249305][ T6611] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 85.292271][ T7553] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 85.293283][ T7553] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 85.299021][ T31] kauditd_printk_skb: 44 callbacks suppressed [ 85.300251][ T31] audit: type=1326 audit(341.272:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7552 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf75c0a8 code=0x7ffc0000 [ 85.300353][ T31] audit: type=1326 audit(341.272:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7552 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffaf75c0a8 code=0x7ffc0000 [ 85.300379][ T31] audit: type=1326 audit(341.272:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7552 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf75c0a8 code=0x7ffc0000 [ 85.300397][ T31] audit: type=1326 audit(341.272:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7552 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=201 compat=0 ip=0xffffaf75c0a8 code=0x7ffc0000 [ 85.300428][ T31] audit: type=1326 audit(341.272:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7552 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf75c0a8 code=0x7ffc0000 [ 85.300446][ T31] audit: type=1326 audit(341.272:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7552 comm="syz.3.270" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf75c0a8 code=0x7ffc0000 [ 85.465609][ T6611] usbhid 1-1:0.0: can't add hid device: -71 [ 85.465686][ T6611] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 85.484201][ T7559] binder: 7558:7559 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 85.484235][ T7559] binder: 7559 RLIMIT_NICE not set [ 85.492938][ T6611] usb 1-1: USB disconnect, device number 9 [ 85.775742][ T7569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 85.775917][ T7569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 85.849576][ T6669] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.853018][ T6669] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 86.486581][ T7586] loop0: detected capacity change from 0 to 512 [ 86.490534][ T7586] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 86.676449][ T7586] EXT4-fs (loop0): 1 truncate cleaned up [ 86.677580][ T7586] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.077787][ T7599] tipc: Started in network mode [ 87.077822][ T7599] tipc: Node identity 26092544fe58, cluster identity 4711 [ 87.077883][ T7599] tipc: Enabled bearer , priority 0 [ 87.078260][ T7599] syzkaller0: entered promiscuous mode [ 87.078276][ T7599] syzkaller0: entered allmulticast mode [ 87.099955][ T7599] tipc: Resetting bearer [ 87.148160][ T7598] tipc: Resetting bearer [ 87.158312][ T7598] tipc: Disabling bearer [ 87.205670][ T6560] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.273369][ T7605] syzkaller0: entered promiscuous mode [ 87.276407][ T7605] syzkaller0: entered allmulticast mode [ 87.310179][ T7603] loop4: detected capacity change from 0 to 2048 [ 87.498793][ T7603] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.047994][ T7620] syz.2.290 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 88.175809][ T31] audit: type=1326 audit(344.154:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf75c0a8 code=0x7ffc0000 [ 88.181110][ T31] audit: type=1326 audit(344.164:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf75c0a8 code=0x7ffc0000 [ 88.185342][ T31] audit: type=1326 audit(344.164:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaf75c0a8 code=0x7ffc0000 [ 88.187691][ T7622] syzkaller0: entered promiscuous mode [ 88.187705][ T7622] syzkaller0: entered allmulticast mode [ 88.191777][ T31] audit: type=1326 audit(344.164:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaf75c0a8 code=0x7ffc0000 [ 88.457039][ T7637] loop1: detected capacity change from 0 to 256 [ 88.498621][ T6554] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.642003][ T7641] loop4: detected capacity change from 0 to 1024 [ 88.642520][ T7641] EXT4-fs: Ignoring removed nobh option [ 88.644575][ T7641] EXT4-fs: Ignoring removed bh option [ 88.654988][ T7641] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.842246][ T7636] netlink: 'syz.3.295': attribute type 3 has an invalid length. [ 88.842457][ T7636] netlink: 'syz.3.295': attribute type 3 has an invalid length. [ 88.874933][ T6554] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.895520][ T7645] loop3: detected capacity change from 0 to 2048 [ 88.924621][ T7645] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.944421][ T7652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.946713][ T7652] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.982890][ T7647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.984957][ T7647] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.847355][ T7676] loop1: detected capacity change from 0 to 512 [ 89.876286][ T7676] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 89.935583][ T6561] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.996072][ T7676] EXT4-fs (loop1): 1 truncate cleaned up [ 89.998991][ T7676] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.532816][ T7688] hub 8-0:1.0: USB hub found [ 90.534075][ T7688] hub 8-0:1.0: 8 ports detected [ 91.302814][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.348297][ T7692] loop2: detected capacity change from 0 to 256 [ 91.372002][ T7692] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 91.533666][ T7701] loop0: detected capacity change from 0 to 128 [ 91.605818][ T7701] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 91.780899][ T6560] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 92.628243][ T7726] loop2: detected capacity change from 0 to 40427 [ 92.736789][ T7726] F2FS-fs (loop2): Invalid log blocks per segment (83886089) [ 92.736865][ T7726] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 92.758486][ T7726] F2FS-fs (loop2): invalid crc value [ 92.954008][ T7726] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 92.957066][ T7726] F2FS-fs (loop2): Start checkpoint disabled! [ 92.965837][ T7726] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 92.965893][ T7726] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 93.523890][ T7724] loop3: detected capacity change from 0 to 40427 [ 93.539029][ T7724] F2FS-fs (loop3): invalid crc value [ 93.592467][ T7742] netlink: 20 bytes leftover after parsing attributes in process `syz.4.335'. [ 93.592500][ T7742] netlink: 40 bytes leftover after parsing attributes in process `syz.4.335'. [ 93.593452][ T7724] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 93.598945][ T7724] F2FS-fs (loop3): Start checkpoint disabled! [ 93.606371][ T7724] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 93.915252][ T243] kworker/u8:4: attempt to access beyond end of device [ 93.915252][ T243] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 93.920411][ T243] CPU: 1 UID: 0 PID: 243 Comm: kworker/u8:4 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 93.920436][ T243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 93.920443][ T243] Workqueue: writeback wb_workfn (flush-7:3) [ 93.920467][ T243] Call trace: [ 93.920471][ T243] show_stack+0x2c/0x3c (C) [ 93.920483][ T243] __dump_stack+0x30/0x40 [ 93.920490][ T243] dump_stack_lvl+0xd8/0x12c [ 93.920495][ T243] dump_stack+0x1c/0x28 [ 93.920500][ T243] f2fs_handle_critical_error+0x34c/0x4b8 [ 93.920508][ T243] f2fs_stop_checkpoint+0x5c/0x70 [ 93.920515][ T243] f2fs_write_end_io+0x768/0xa70 [ 93.920521][ T243] bio_endio+0x804/0x840 [ 93.920528][ T243] submit_bio_noacct+0x158/0x176c [ 93.920533][ T243] submit_bio+0x3b4/0x550 [ 93.920538][ T243] f2fs_submit_write_bio+0x13c/0x324 [ 93.920543][ T243] __submit_merged_bio+0x254/0x704 [ 93.920549][ T243] __submit_merged_write_cond+0x23c/0x4ac [ 93.920554][ T243] f2fs_write_data_pages+0x1d28/0x2634 [ 93.920560][ T243] do_writepages+0x270/0x468 [ 93.920568][ T243] __writeback_single_inode+0x15c/0x13e8 [ 93.920574][ T243] writeback_sb_inodes+0x55c/0xe40 [ 93.920581][ T243] wb_writeback+0x3cc/0xd70 [ 93.920587][ T243] wb_workfn+0x338/0xdc0 [ 93.920592][ T243] process_one_work+0x7e8/0x155c [ 93.920598][ T243] worker_thread+0x958/0xed8 [ 93.920603][ T243] kthread+0x5fc/0x75c [ 93.920609][ T243] ret_from_fork+0x10/0x20 [ 93.923469][ T243] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 94.033947][ T7752] loop4: detected capacity change from 0 to 512 [ 94.057705][ T7752] EXT4-fs (loop4): blocks per group (95) and clusters per group (32768) inconsistent [ 94.754020][ T7755] loop0: detected capacity change from 0 to 512 [ 94.919096][ T7755] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.274883][ T31] kauditd_printk_skb: 15 callbacks suppressed [ 95.274925][ T31] audit: type=1326 audit(607.260:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7769 comm="syz.4.341" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 95.275302][ T31] audit: type=1326 audit(607.260:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7769 comm="syz.4.341" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=112 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 95.275993][ T31] audit: type=1326 audit(607.260:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7769 comm="syz.4.341" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 95.589986][ T6560] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.663247][ T7789] loop1: detected capacity change from 0 to 512 [ 95.665260][ T7789] vfat: Bad value for 'shortname' [ 95.677603][ T7783] syzkaller0: entered promiscuous mode [ 95.677638][ T7783] syzkaller0: entered allmulticast mode [ 95.829299][ T7786] loop0: detected capacity change from 0 to 40427 [ 95.833863][ T7786] F2FS-fs (loop0): invalid crc value [ 95.845461][ T31] audit: type=1326 audit(607.820:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.1.352" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 95.845512][ T31] audit: type=1326 audit(607.820:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.1.352" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 95.855639][ T31] audit: type=1326 audit(607.840:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.1.352" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=217 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 95.855689][ T31] audit: type=1326 audit(607.840:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.1.352" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 95.855709][ T31] audit: type=1326 audit(607.840:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.1.352" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 95.855726][ T31] audit: type=1326 audit(607.840:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.1.352" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=219 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 95.855741][ T31] audit: type=1326 audit(607.840:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.1.352" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 95.874714][ T7786] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 95.880116][ T7786] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 95.911613][ T7808] loop2: detected capacity change from 0 to 512 [ 95.912003][ T7808] EXT4-fs: Ignoring removed oldalloc option [ 95.953142][ T7808] EXT4-fs (loop2): 1 truncate cleaned up [ 95.953587][ T7808] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.885864][ T7829] loop0: detected capacity change from 0 to 2048 [ 96.922959][ T7829] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.416587][ T7798] tipc: Enabling of bearer rejected, failed to enable media [ 97.420234][ T7826] ip6gretap0: entered promiscuous mode [ 97.474120][ T7835] loop1: detected capacity change from 0 to 1024 [ 97.484190][ T7835] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 97.484225][ T7835] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 97.484284][ T7835] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 97.494321][ T7835] EXT4-fs error (device loop1): ext4_get_journal_inode:5796: inode #5: comm syz.1.356: unexpected bad inode w/o EXT4_IGET_BAD [ 97.497126][ T7835] EXT4-fs (loop1): no journal found [ 97.498840][ T7835] EXT4-fs (loop1): can't get journal size [ 97.534106][ T7835] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 97.555423][ T7840] loop3: detected capacity change from 0 to 512 [ 97.559023][ T7840] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 97.569717][ T7840] EXT4-fs (loop3): 1 truncate cleaned up [ 97.573229][ T7840] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.582255][ T7840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.249062][ T6560] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.681855][ T7849] netlink: 8 bytes leftover after parsing attributes in process `syz.3.359'. [ 98.698287][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.081873][ T7855] loop1: detected capacity change from 0 to 40427 [ 99.083644][ T7855] f2fs: Unknown parameter 'whint_mode' [ 99.420251][ T7867] loop3: detected capacity change from 0 to 256 [ 99.549876][ T7867] FAT-fs (loop3): Directory bread(block 64) failed [ 99.549992][ T7867] FAT-fs (loop3): Directory bread(block 65) failed [ 99.550105][ T7867] FAT-fs (loop3): Directory bread(block 66) failed [ 99.550172][ T7867] FAT-fs (loop3): Directory bread(block 67) failed [ 99.550287][ T7867] FAT-fs (loop3): Directory bread(block 68) failed [ 99.550348][ T7867] FAT-fs (loop3): Directory bread(block 69) failed [ 99.550909][ T7867] FAT-fs (loop3): Directory bread(block 70) failed [ 99.550970][ T7867] FAT-fs (loop3): Directory bread(block 71) failed [ 99.551111][ T7867] FAT-fs (loop3): Directory bread(block 72) failed [ 99.551182][ T7867] FAT-fs (loop3): Directory bread(block 73) failed [ 100.342043][ T6550] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.389947][ T7878] tipc: Started in network mode [ 100.389988][ T7878] tipc: Node identity c272e474f51b, cluster identity 4711 [ 100.390083][ T7878] tipc: Enabled bearer , priority 0 [ 100.390398][ T7878] syzkaller0: entered promiscuous mode [ 100.390408][ T7878] syzkaller0: entered allmulticast mode [ 100.393302][ T7878] tipc: Resetting bearer [ 100.400048][ T7876] tipc: Resetting bearer [ 100.406177][ T7876] tipc: Disabling bearer [ 100.665215][ T7890] futex_wake_op: syz.3.371 tries to shift op by 36; fix this program [ 101.217470][ T6562] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 101.270424][ T7896] TCP: tcp_parse_options: Illegal window scaling value 67 > 14 received [ 101.415858][ T6562] usb 1-1: Using ep0 maxpacket: 32 [ 101.417745][ T6562] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.417778][ T6562] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.417796][ T6562] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 101.417807][ T6562] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.420586][ T6562] usb 1-1: config 0 descriptor?? [ 101.421668][ T6562] hub 1-1:0.0: USB hub found [ 101.885740][ T7906] netlink: 'syz.2.377': attribute type 49 has an invalid length. [ 101.887224][ T7906] netlink: 'syz.2.377': attribute type 49 has an invalid length. [ 101.934897][ T6562] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 102.218263][ T6562] usbhid 1-1:0.0: can't add hid device: -71 [ 102.218359][ T6562] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 102.235494][ T6562] usb 1-1: USB disconnect, device number 10 [ 102.258327][ T7914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.258502][ T7914] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.815080][ T7921] loop3: detected capacity change from 0 to 256 [ 103.788453][ T7933] loop1: detected capacity change from 0 to 256 [ 105.562937][ T7958] loop1: detected capacity change from 0 to 512 [ 105.563342][ T7958] EXT4-fs: Ignoring removed oldalloc option [ 105.672093][ T7958] EXT4-fs (loop1): 1 truncate cleaned up [ 105.675437][ T7958] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.776896][ T7958] netlink: 96 bytes leftover after parsing attributes in process `syz.1.395'. [ 106.556421][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.601380][ T7970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 106.601557][ T7970] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 106.663095][ T7974] binfmt_misc: register: failed to install interpreter file ./file0 [ 107.200440][ T7980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.401'. [ 107.200674][ T7980] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 107.200697][ T7980] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 107.455909][ T7986] loop4: detected capacity change from 0 to 512 [ 108.260488][ T7992] loop2: detected capacity change from 0 to 512 [ 108.268849][ T7992] ext3: Unknown parameter 'pcr' [ 108.296078][ T7986] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 108.864239][ T7986] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.084286][ T6554] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.299929][ T8011] loop2: detected capacity change from 0 to 512 [ 109.303511][ T8011] EXT4-fs: Ignoring removed oldalloc option [ 109.313235][ T6562] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 109.441254][ T8011] EXT4-fs (loop2): 1 truncate cleaned up [ 109.445791][ T8011] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.484883][ T31] kauditd_printk_skb: 18 callbacks suppressed [ 110.770547][ T31] audit: type=1326 audit(622.468:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 110.773952][ T31] audit: type=1326 audit(622.468:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 110.777549][ T31] audit: type=1326 audit(622.468:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 110.777603][ T31] audit: type=1326 audit(622.468:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 110.777636][ T31] audit: type=1326 audit(622.468:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 110.777667][ T31] audit: type=1326 audit(622.468:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 110.777692][ T31] audit: type=1326 audit(622.468:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 110.777711][ T31] audit: type=1326 audit(622.468:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 110.777729][ T31] audit: type=1326 audit(622.468:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=441 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 110.777748][ T31] audit: type=1326 audit(622.468:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 110.814454][ T6562] usb 1-1: config 0 interface 0 has no altsetting 0 [ 110.814495][ T6562] usb 1-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 110.814523][ T6562] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.824390][ T6562] usb 1-1: config 0 descriptor?? [ 110.889579][ T8024] loop1: detected capacity change from 0 to 512 [ 110.893075][ T8024] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 110.898307][ T8024] EXT4-fs (loop1): orphan cleanup on readonly fs [ 110.906476][ T8024] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.417: Failed to acquire dquot type 1 [ 110.914166][ T8027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.914379][ T8027] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.919430][ T8024] EXT4-fs (loop1): 1 truncate cleaned up [ 110.925558][ T8024] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 110.943917][ T6550] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.106756][ T8033] loop2: detected capacity change from 0 to 512 [ 111.107754][ T8033] EXT4-fs: Ignoring removed oldalloc option [ 111.113114][ T8033] EXT4-fs (loop2): 1 truncate cleaned up [ 111.114644][ T8033] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.121439][ T8033] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.420: invalid indirect mapped block 234881024 (level 0) [ 111.121968][ T8033] EXT4-fs (loop2): Remounting filesystem read-only [ 111.235607][ T6562] logitech 0003:046D:C294.0002: unknown main item tag 0x6 [ 111.237259][ T6562] logitech 0003:046D:C294.0002: item fetching failed at offset 5/7 [ 111.237477][ T6562] logitech 0003:046D:C294.0002: parse failed [ 111.237512][ T6562] logitech 0003:046D:C294.0002: probe with driver logitech failed with error -22 [ 111.672850][ T8039] loop4: detected capacity change from 0 to 512 [ 112.307844][ T8039] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 112.310133][ T6562] usb 1-1: USB disconnect, device number 11 [ 112.314611][ T6550] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.329796][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.342082][ T8039] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.362184][ T8045] bridge: RTM_NEWNEIGH with invalid ether address [ 113.086376][ T6554] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.131037][ T8059] tmpfs: Unknown parameter '-q' [ 113.195000][ T8064] loop3: detected capacity change from 0 to 128 [ 113.203010][ T8064] EXT4-fs: Ignoring removed nomblk_io_submit option [ 113.204183][ T8064] EXT4-fs: Ignoring removed nomblk_io_submit option [ 113.221719][ T8064] EXT4-fs (loop3): Test dummy encryption mode enabled [ 114.129752][ T8068] fuse: Unknown parameter 'grou' [ 114.841364][ T8064] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 115.132097][ T8083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.132318][ T8083] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.685111][ T8097] input: syz0 as /devices/virtual/input/input3 [ 115.796800][ T8102] loop4: detected capacity change from 0 to 256 [ 115.820963][ T8102] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f41, chksum : 0x2f9e4978, utbl_chksum : 0xe619d30d) [ 115.858905][ T8107] loop1: detected capacity change from 0 to 512 [ 115.930736][ T8107] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 115.930855][ T8107] EXT4-fs (loop1): orphan cleanup on readonly fs [ 115.934157][ T8107] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 115.938259][ T8107] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 115.938429][ T8107] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #13: comm syz.1.446: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 115.938604][ T8107] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.446: couldn't read orphan inode 13 (err -117) [ 115.939169][ T8107] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 116.081901][ T8107] EXT4-fs error (device loop1): ext4_lookup:1787: comm syz.1.446: inode #15: comm syz.1.446: iget: illegal inode # [ 116.238827][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.429886][ T8124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 116.430054][ T8124] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.063945][ T8141] pim6reg1: entered promiscuous mode [ 117.065546][ T8141] pim6reg1: entered allmulticast mode [ 117.109747][ T6561] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 117.558311][ T8162] loop0: detected capacity change from 0 to 512 [ 117.707436][ T8162] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 117.707584][ T8162] EXT4-fs (loop0): orphan cleanup on readonly fs [ 117.712028][ T8162] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 117.718503][ T8162] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 117.719983][ T8162] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #13: comm syz.0.465: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 117.723989][ T8162] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.465: couldn't read orphan inode 13 (err -117) [ 118.662690][ T8162] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 118.954624][ T6560] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.053041][ T8173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.057629][ T8173] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.448406][ T8202] loop1: detected capacity change from 0 to 512 [ 120.450211][ T8202] EXT4-fs: Ignoring removed mblk_io_submit option [ 120.452578][ T8202] EXT4-fs: inline encryption not supported [ 120.452621][ T8202] EXT4-fs: Ignoring removed mblk_io_submit option [ 120.459111][ T8202] EXT4-fs (loop1): Test dummy encryption mode enabled [ 120.459140][ T8202] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 121.434532][ T8202] EXT4-fs (loop1): 1 truncate cleaned up [ 121.435001][ T8202] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.531621][ T8198] usb usb8: usbfs: process 8198 (syz.0.466) did not claim interface 0 before use [ 121.824904][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.882382][ T8218] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.882549][ T8218] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.066485][ T6669] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 122.245817][ T6669] usb 1-1: Using ep0 maxpacket: 8 [ 122.247369][ T6669] usb 1-1: unable to get BOS descriptor or descriptor too short [ 122.248094][ T6669] usb 1-1: config 11 has an invalid interface number: 72 but max is 0 [ 122.248115][ T6669] usb 1-1: config 11 has no interface number 0 [ 122.248132][ T6669] usb 1-1: config 11 interface 72 has no altsetting 0 [ 122.249615][ T6669] usb 1-1: New USB device found, idVendor=07c4, idProduct=a004, bcdDevice=b2.44 [ 122.249626][ T6669] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.249633][ T6669] usb 1-1: Product: syz [ 122.249638][ T6669] usb 1-1: Manufacturer: syz [ 122.249643][ T6669] usb 1-1: SerialNumber: syz [ 122.417867][ T8226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.420771][ T8226] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.474938][ T6669] ums-datafab 1-1:11.72: USB Mass Storage device detected [ 122.571314][ T6669] usb 1-1: USB disconnect, device number 12 [ 122.766403][ T8240] netlink: 12 bytes leftover after parsing attributes in process `syz.1.489'. [ 123.234780][ T8249] evm: overlay not supported [ 123.610657][ T31] kauditd_printk_skb: 2 callbacks suppressed [ 123.610698][ T31] audit: type=1326 audit(635.604:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8259 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbab5c0a8 code=0x7ffc0000 [ 123.610722][ T31] audit: type=1326 audit(635.604:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8259 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbab5c0a8 code=0x7ffc0000 [ 123.612002][ T31] audit: type=1326 audit(635.604:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8259 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=148 compat=0 ip=0xffffbab5c0a8 code=0x7ffc0000 [ 123.612049][ T31] audit: type=1326 audit(635.604:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8259 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbab5c0a8 code=0x7ffc0000 [ 123.612078][ T31] audit: type=1326 audit(635.604:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8259 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbab5c0a8 code=0x7ffc0000 [ 123.974054][ T8264] loop2: detected capacity change from 0 to 1024 [ 124.006398][ T8264] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 124.105924][ T6550] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 124.374751][ T8275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.376627][ T8275] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.549872][ T8281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.550071][ T8281] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.566979][ T8253] loop0: detected capacity change from 0 to 131072 [ 124.576962][ T8283] loop1: detected capacity change from 0 to 512 [ 124.583840][ T8283] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 124.601816][ T8253] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 124.607401][ T8253] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 124.611341][ T8283] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.045849][ T2413] ieee802154 phy0 wpan0: encryption failed: -22 [ 126.052360][ T2413] ieee802154 phy1 wpan1: encryption failed: -22 [ 126.254900][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.052676][ T8336] loop2: detected capacity change from 0 to 128 [ 127.057004][ T8336] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0002] [ 127.057075][ T8336] System zones: 1-3, 19-19, 35-36 [ 127.060839][ T8336] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 127.065008][ T8336] EXT4-fs warning (device loop2): ext4_group_extend:1862: can't shrink FS - resize aborted [ 127.240498][ T6550] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 128.243462][ T8359] loop4: detected capacity change from 0 to 40427 [ 128.244296][ T8359] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 128.244318][ T8359] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 128.245081][ T8359] F2FS-fs (loop4): invalid crc value [ 128.257713][ T8359] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 128.260274][ T8359] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 128.262185][ T8359] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 128.292931][ T6551] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 128.333095][ T8380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.336436][ T8380] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 128.354926][ T8378] loop1: detected capacity change from 0 to 8192 [ 128.374093][ T8359] syz.4.525: attempt to access beyond end of device [ 128.374093][ T8359] loop4: rw=2049, sector=77824, nr_sectors = 2048 limit=40427 [ 128.384313][ T8359] syz.4.525: attempt to access beyond end of device [ 128.384313][ T8359] loop4: rw=2049, sector=79872, nr_sectors = 2048 limit=40427 [ 128.393339][ T8359] syz.4.525: attempt to access beyond end of device [ 128.393339][ T8359] loop4: rw=2049, sector=49152, nr_sectors = 2504 limit=40427 [ 128.402374][ T8359] syz.4.525: attempt to access beyond end of device [ 128.402374][ T8359] loop4: rw=2049, sector=51656, nr_sectors = 1592 limit=40427 [ 128.413690][ T8359] syz.4.525: attempt to access beyond end of device [ 128.413690][ T8359] loop4: rw=2049, sector=57344, nr_sectors = 3040 limit=40427 [ 128.449976][ T8358] syz.4.525: attempt to access beyond end of device [ 128.449976][ T8358] loop4: rw=524288, sector=77824, nr_sectors = 256 limit=40427 [ 128.452648][ T8358] syz.4.525: attempt to access beyond end of device [ 128.452648][ T8358] loop4: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 128.455125][ T8358] syz.4.525: attempt to access beyond end of device [ 128.455125][ T8358] loop4: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 128.457605][ T8358] syz.4.525: attempt to access beyond end of device [ 128.457605][ T8358] loop4: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 128.459981][ T8358] syz.4.525: attempt to access beyond end of device [ 128.459981][ T8358] loop4: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 128.501963][ T6551] usb 1-1: Using ep0 maxpacket: 32 [ 128.505287][ T6551] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 128.505318][ T6551] usb 1-1: config 0 has no interface number 0 [ 128.505331][ T6551] usb 1-1: config 0 interface 184 has no altsetting 0 [ 128.508634][ T6551] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 128.508645][ T6551] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.508653][ T6551] usb 1-1: Product: syz [ 128.508660][ T6551] usb 1-1: Manufacturer: syz [ 128.508666][ T6551] usb 1-1: SerialNumber: syz [ 128.512906][ T6551] usb 1-1: config 0 descriptor?? [ 128.514277][ T6551] smsc75xx v1.0.0 [ 129.630534][ T8393] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 130.260728][ T8415] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 130.715593][ T8423] block device autoloading is deprecated and will be removed. [ 132.064386][ T6551] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 132.064424][ T6551] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 132.068183][ T6551] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 132.068224][ T6551] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 132.068245][ T6551] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 132.068258][ T6551] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 132.068454][ T6551] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 132.091513][ T6551] usb 1-1: USB disconnect, device number 13 [ 132.208403][ T8427] loop4: detected capacity change from 0 to 40427 [ 132.214155][ T8427] F2FS-fs (loop4): Fix alignment : internally, start(4096) end(16896) block(12288) [ 132.222126][ T8427] F2FS-fs (loop4): invalid crc value [ 132.224197][ T8427] F2FS-fs (loop4): invalid crc value [ 132.224233][ T8427] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 132.416689][ T31] audit: type=1326 audit(644.419:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 132.416739][ T31] audit: type=1326 audit(644.419:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 132.426498][ T31] audit: type=1326 audit(644.429:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 132.426575][ T31] audit: type=1326 audit(644.429:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 132.426637][ T31] audit: type=1326 audit(644.429:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 132.427242][ T31] audit: type=1326 audit(644.429:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=149 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 132.430848][ T31] audit: type=1326 audit(644.429:153): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=8448 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 132.430880][ T31] audit: type=1326 audit(644.429:154): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=8448 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9035c0a8 code=0x7ffc0000 [ 132.460314][ T8453] binder: 8452:8453 tried to acquire reference to desc 0, got 1 instead [ 132.514405][ T8457] binder: 8452:8457 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 132.514443][ T8457] binder: 8457 RLIMIT_NICE not set [ 132.514453][ T8457] binder: 8457 RLIMIT_NICE not set [ 132.516970][ T8457] binder: 8457 RLIMIT_NICE not set [ 132.516991][ T8457] binder_alloc: 8452: binder_alloc_buf, no vma [ 132.517001][ T8457] binder: cannot allocate buffer: vma cleared, target dead or dying [ 132.517413][ T8457] binder: 8452:8457 transaction reply to 8452:8453 failed 14/29189/-3, code 0 size 0-0 line 3335 [ 132.517443][ T8457] binder: send failed reply for transaction 13 to 8452:8453 [ 132.524874][ T6562] binder: undelivered TRANSACTION_COMPLETE [ 132.524889][ T6562] binder: undelivered TRANSACTION_ERROR: 29189 [ 132.541350][ T6551] binder: undelivered TRANSACTION_ERROR: 29190 [ 132.969360][ T6669] hid-generic 0008:0001:0002.0003: unknown main item tag 0x0 [ 132.969394][ T6669] hid-generic 0008:0001:0002.0003: unknown main item tag 0x0 [ 132.969404][ T6669] hid-generic 0008:0001:0002.0003: unknown main item tag 0x0 [ 132.969414][ T6669] hid-generic 0008:0001:0002.0003: unknown main item tag 0x0 [ 132.969423][ T6669] hid-generic 0008:0001:0002.0003: item fetching failed at offset 8/14 [ 132.969542][ T6669] hid-generic 0008:0001:0002.0003: probe with driver hid-generic failed with error -22 [ 133.643221][ T8476] loop2: detected capacity change from 0 to 128 [ 133.645164][ T8476] vfat: Unknown parameter '' [ 134.407464][ T8468] loop3: detected capacity change from 0 to 40427 [ 134.426447][ T8468] F2FS-fs (loop3): Invalid log blocks per segment (83886089) [ 134.426511][ T8468] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 134.433973][ T8468] F2FS-fs (loop3): invalid crc value [ 134.486895][ T8468] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 134.489450][ T8468] F2FS-fs (loop3): Start checkpoint disabled! [ 134.492227][ T8468] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 134.495754][ T8468] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 134.522783][ T8482] : renamed from vlan1 (while UP) [ 134.647633][ T8493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.647898][ T8493] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.650360][ T8493] loop2: detected capacity change from 0 to 512 [ 134.655069][ T8493] EXT4-fs (loop2): blocks per group (95) and clusters per group (32768) inconsistent [ 134.865704][ T8502] loop4: detected capacity change from 0 to 4096 [ 134.867954][ T8502] EXT4-fs: Ignoring removed mblk_io_submit option [ 134.877785][ T6551] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 134.880270][ T8502] EXT4-fs (loop4): Test dummy encryption mode enabled [ 134.913067][ T8502] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.039466][ T6551] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 135.039507][ T6551] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 135.039521][ T6551] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 135.039529][ T6551] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 135.039543][ T6551] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 135.039551][ T6551] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.042914][ T6551] usb 1-1: config 0 descriptor?? [ 135.684660][ T6551] usbhid 1-1:0.0: can't add hid device: -71 [ 135.684731][ T6551] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 135.689568][ T6551] usb 1-1: USB disconnect, device number 14 [ 135.768008][ T8513] hub 8-0:1.0: USB hub found [ 135.769506][ T8513] hub 8-0:1.0: 8 ports detected [ 136.133736][ T6554] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.152627][ T8516] bridge_slave_1: left allmulticast mode [ 136.153865][ T8516] bridge_slave_1: left promiscuous mode [ 136.155094][ T8516] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.194944][ T8519] loop4: detected capacity change from 0 to 128 [ 136.206287][ T8519] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 136.215026][ T8519] EXT4-fs error (device loop4): htree_dirblock_to_tree:1051: inode #2: comm syz.4.577: Directory block failed checksum [ 136.231938][ T6554] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 136.363554][ T8530] vhci_hcd: default hub control req: 0315 v0005 i0003 l0 [ 136.581249][ T8538] loop3: detected capacity change from 0 to 256 [ 137.064585][ T8550] loop3: detected capacity change from 0 to 512 [ 137.100164][ T8550] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 137.255799][ T8550] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.824983][ T8557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 137.825182][ T8557] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.832139][ T8558] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 137.832308][ T8558] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.912987][ T6561] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.937083][ T8564] netlink: 32 bytes leftover after parsing attributes in process `syz.1.594'. [ 138.029760][ T8576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 138.029963][ T8576] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 138.059799][ T8580] syzkaller0: entered promiscuous mode [ 138.060771][ T8580] syzkaller0: entered allmulticast mode [ 138.650644][ T8594] loop4: detected capacity change from 0 to 512 [ 138.685440][ T8594] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 138.812914][ T8594] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.705659][ T6554] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.875083][ T8607] loop2: detected capacity change from 0 to 40427 [ 139.880284][ T8607] f2fs: Unknown parameter 'whint_mode' [ 140.075376][ T6562] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 140.263645][ T8621] loop4: detected capacity change from 0 to 40427 [ 140.264556][ T8621] f2fs: Unknown parameter 'whint_mode' [ 140.367413][ T8635] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 140.367635][ T8635] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 140.456436][ T6562] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 140.458729][ T6562] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 140.461255][ T6562] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 140.463392][ T6562] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 140.466145][ T6562] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 140.468037][ T6562] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.472905][ T6562] usb 1-1: config 0 descriptor?? [ 140.907345][ T8640] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 140.907448][ T8640] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 141.042497][ T6562] usbhid 1-1:0.0: can't add hid device: -71 [ 141.043697][ T6562] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 141.049781][ T6562] usb 1-1: USB disconnect, device number 15 [ 141.303326][ T8645] loop3: detected capacity change from 0 to 512 [ 141.318392][ T8645] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 142.137286][ T8645] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.283747][ T8662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.284905][ T8662] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.337865][ T6561] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.422522][ T8666] loop1: detected capacity change from 0 to 512 [ 142.425069][ T8666] EXT4-fs: Ignoring removed oldalloc option [ 142.787896][ T8669] loop4: detected capacity change from 0 to 40427 [ 142.866677][ T8669] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 142.876725][ T8669] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 142.937709][ T8666] EXT4-fs (loop1): 1 truncate cleaned up [ 142.940345][ T8666] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.318645][ T6554] bio_check_eod: 285 callbacks suppressed [ 143.318801][ T6554] syz-executor: attempt to access beyond end of device [ 143.318801][ T6554] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 143.318851][ T6554] CPU: 1 UID: 0 PID: 6554 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 143.318863][ T6554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 143.318868][ T6554] Call trace: [ 143.318870][ T6554] show_stack+0x2c/0x3c (C) [ 143.318885][ T6554] __dump_stack+0x30/0x40 [ 143.318891][ T6554] dump_stack_lvl+0xd8/0x12c [ 143.318896][ T6554] dump_stack+0x1c/0x28 [ 143.318901][ T6554] f2fs_handle_critical_error+0x34c/0x4b8 [ 143.318909][ T6554] f2fs_stop_checkpoint+0x5c/0x70 [ 143.318917][ T6554] f2fs_write_end_io+0x768/0xa70 [ 143.318923][ T6554] bio_endio+0x804/0x840 [ 143.318929][ T6554] submit_bio_noacct+0x158/0x176c [ 143.318934][ T6554] submit_bio+0x3b4/0x550 [ 143.318939][ T6554] f2fs_submit_write_bio+0x13c/0x324 [ 143.318944][ T6554] __submit_merged_bio+0x254/0x704 [ 143.318950][ T6554] __submit_merged_write_cond+0x23c/0x4ac [ 143.318955][ T6554] f2fs_write_data_pages+0x1d28/0x2634 [ 143.318961][ T6554] do_writepages+0x270/0x468 [ 143.318968][ T6554] filemap_fdatawrite+0x14c/0x1f4 [ 143.318975][ T6554] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 143.318980][ T6554] f2fs_write_checkpoint+0x690/0x16a0 [ 143.318985][ T6554] kill_f2fs_super+0x21c/0x584 [ 143.318991][ T6554] deactivate_locked_super+0xc4/0x12c [ 143.318999][ T6554] deactivate_super+0xe0/0x100 [ 143.319005][ T6554] cleanup_mnt+0x31c/0x3ac [ 143.319010][ T6554] __cleanup_mnt+0x20/0x30 [ 143.319015][ T6554] task_work_run+0x1dc/0x260 [ 143.319021][ T6554] do_notify_resume+0x174/0x1f4 [ 143.319027][ T6554] el0_svc+0xb8/0x180 [ 143.319034][ T6554] el0t_64_sync_handler+0x84/0x12c [ 143.319039][ T6554] el0t_64_sync+0x198/0x19c [ 143.320852][ T6554] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 143.395497][ T8683] loop3: detected capacity change from 0 to 512 [ 143.397076][ T8683] EXT4-fs: Ignoring removed oldalloc option [ 143.401630][ T8683] EXT4-fs: inline encryption not supported [ 143.402734][ T8683] EXT4-fs: Ignoring removed mblk_io_submit option [ 143.405167][ T8683] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 143.431260][ T8683] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.634: bg 0: block 64: padding at end of block bitmap is not set [ 143.442470][ T8683] Quota error (device loop3): write_blk: dquota write failed [ 143.446608][ T8683] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 143.446661][ T8683] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.634: Failed to acquire dquot type 0 [ 143.450528][ T8683] EXT4-fs (loop3): 1 truncate cleaned up [ 143.452697][ T8683] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.531972][ T6556] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.591302][ T8683] Quota error (device loop3): do_check_range: Getting block 144 out of range 0-5 [ 143.617986][ T8694] loop1: detected capacity change from 0 to 128 [ 143.646601][ T8694] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 143.658358][ T6561] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.671201][ T6556] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 146.580080][ T8745] loop3: detected capacity change from 0 to 128 [ 147.482880][ T4756] kworker/u8:10: attempt to access beyond end of device [ 147.482880][ T4756] loop3: rw=1, sector=145, nr_sectors = 896 limit=128 [ 148.002903][ T8761] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 148.002932][ T8761] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 148.515343][ T8778] veth0: entered promiscuous mode [ 148.536190][ T8777] veth0: left promiscuous mode [ 148.920847][ T24] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 149.071897][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.071936][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 149.071952][ T24] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 149.071962][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.074039][ T24] usb 1-1: config 0 descriptor?? [ 149.134952][ T8791] loop2: detected capacity change from 0 to 128 [ 149.291560][ T31] audit: type=1326 audit(661.307:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8794 comm="syz.1.673" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 149.291614][ T31] audit: type=1326 audit(661.307:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8794 comm="syz.1.673" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 149.292405][ T31] audit: type=1326 audit(661.307:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8794 comm="syz.1.673" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=34 compat=0 ip=0xffffaed5a4b4 code=0x7ffc0000 [ 149.292429][ T31] audit: type=1326 audit(661.307:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8794 comm="syz.1.673" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 149.292583][ T31] audit: type=1326 audit(661.307:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8794 comm="syz.1.673" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 149.293441][ T31] audit: type=1326 audit(661.307:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8794 comm="syz.1.673" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=439 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 149.293455][ T31] audit: type=1326 audit(661.307:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8794 comm="syz.1.673" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 149.293480][ T31] audit: type=1326 audit(661.307:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8794 comm="syz.1.673" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 149.293894][ T31] audit: type=1326 audit(661.307:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8794 comm="syz.1.673" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=119 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 149.293912][ T31] audit: type=1326 audit(661.307:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8794 comm="syz.1.673" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffaed5c0a8 code=0x7ffc0000 [ 149.639502][ T24] hid-steam 0003:28DE:1142.0004: unknown main item tag 0x0 [ 149.643188][ T24] hid-steam 0003:28DE:1142.0004: unknown main item tag 0x0 [ 149.643209][ T24] hid-steam 0003:28DE:1142.0004: unknown main item tag 0x0 [ 149.643221][ T24] hid-steam 0003:28DE:1142.0004: unknown main item tag 0x0 [ 149.643231][ T24] hid-steam 0003:28DE:1142.0004: unknown main item tag 0x0 [ 149.649206][ T24] hid-steam 0003:28DE:1142.0004: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0 [ 149.908130][ T8805] netlink: 8 bytes leftover after parsing attributes in process `syz.4.675'. [ 150.693118][ T24] usb 1-1: USB disconnect, device number 16 [ 150.907735][ T8818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.907901][ T8818] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.995228][ T8821] loop3: detected capacity change from 0 to 512 [ 150.995607][ T8821] EXT4-fs: Ignoring removed oldalloc option [ 151.064354][ T8821] EXT4-fs (loop3): 1 truncate cleaned up [ 151.067735][ T8821] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.092593][ T8821] ------------[ cut here ]------------ [ 151.092613][ T8821] verifier bug: not inlined functions bpf_probe_read_kernel_str#115 is missing func(1) [ 151.092669][ T8821] WARNING: CPU: 0 PID: 8821 at kernel/bpf/verifier.c:22840 bpf_check+0x1559c/0x15d8c [ 151.101215][ T8821] Modules linked in: [ 151.101816][ T8821] CPU: 0 UID: 0 PID: 8821 Comm: syz.3.680 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 151.103407][ T8821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 151.104828][ T8821] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 151.105977][ T8821] pc : bpf_check+0x1559c/0x15d8c [ 151.106716][ T8821] lr : bpf_check+0x1559c/0x15d8c [ 151.107472][ T8821] sp : ffff8000a2477480 [ 151.108075][ T8821] x29: ffff8000a2477980 x28: dfff800000000000 x27: 0000000000000006 [ 151.109390][ T8821] x26: 1ffff00013957612 x25: ffff80009cabb094 x24: ffff0000d9598008 [ 151.110676][ T8821] x23: ffff80009cabb090 x22: ffff80008b144200 x21: ffff800092df4000 [ 151.111909][ T8821] x20: ffff80009cabb094 x19: 1ffff00013957612 x18: 1fffe0003379be88 [ 151.113224][ T8821] x17: ffff80008f7be000 x16: ffff80008b007230 x15: 0000000000000001 [ 151.114553][ T8821] x14: 1fffe0003379e908 x13: 0000000000000000 x12: 0000000000000000 [ 151.115912][ T8821] x11: 0000000000080000 x10: 0000000000000003 x9 : 2d04af6ab997ec00 [ 151.117282][ T8821] x8 : 2d04af6ab997ec00 x7 : ffff800080491074 x6 : 0000000000000000 [ 151.118660][ T8821] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 151.119972][ T8821] x2 : ffff8000a2477040 x1 : ffff80008b6577c0 x0 : 0000000000000001 [ 151.121334][ T8821] Call trace: [ 151.121868][ T8821] bpf_check+0x1559c/0x15d8c (P) [ 151.122721][ T8821] bpf_prog_load+0xec8/0x13fc [ 151.123562][ T8821] __sys_bpf+0x450/0x628 [ 151.124249][ T8821] __arm64_sys_bpf+0x80/0x98 [ 151.124967][ T8821] invoke_syscall+0x98/0x2b8 [ 151.125736][ T8821] el0_svc_common+0x130/0x23c [ 151.126424][ T8821] do_el0_svc+0x48/0x58 [ 151.127101][ T8821] el0_svc+0x58/0x180 [ 151.127770][ T8821] el0t_64_sync_handler+0x84/0x12c [ 151.128627][ T8821] el0t_64_sync+0x198/0x19c [ 151.129363][ T8821] irq event stamp: 9290 [ 151.130010][ T8821] hardirqs last enabled at (9289): [] finish_lock_switch+0xb0/0x1c0 [ 151.131579][ T8821] hardirqs last disabled at (9290): [] el1_brk64+0x1c/0x48 [ 151.132947][ T8821] softirqs last enabled at (8344): [] local_bh_enable+0x10/0x34 [ 151.134358][ T8821] softirqs last disabled at (8342): [] local_bh_disable+0x10/0x34 [ 151.135868][ T8821] ---[ end trace 0000000000000000 ]--- [ 151.168810][ T8821] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.680: invalid indirect mapped block 234881024 (level 0) [ 151.169403][ T8821] EXT4-fs (loop3): Remounting filesystem read-only [ 151.874934][ T6561] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.568837][ T8824] Bluetooth: hci0: command 0x0406 tx timeout [ 153.648362][ T6557] Bluetooth: hci3: command 0x0406 tx timeout [ 153.648379][ T6566] Bluetooth: hci1: command 0x0406 tx timeout [ 153.648412][ T52] Bluetooth: hci4: command 0x0406 tx timeout [ 153.651302][ T8824] Bluetooth: hci2: command 0x0406 tx timeout