last executing test programs: 5.386382368s ago: executing program 4 (id=4297): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x6}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70b925, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xb, 0xb}, {0x0, 0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x33a34d5a, 0x0, 0xb, 0x1, 0xffffffff, 0xffff, 0x5, 0x7, 0x22}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2001c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 5.336392819s ago: executing program 0 (id=4299): r0 = memfd_create(&(0x7f00000001c0)='\x02A\xbb\xccu\x83\xce\xb6k\xe5!\x85', 0x6) lseek(r0, 0xe, 0x2) 5.093419654s ago: executing program 4 (id=4300): openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x0, 0xb0, 0x9, 0x8000000000000000, 0x3b9ac9ff, 0x0, 0x0, 0x0, 0xd}) 5.001648175s ago: executing program 0 (id=4302): bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200087fc, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93, 0xe8}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0xfffffffc}, {0x10001, 0x0, 0x0, 0x4000000, 0x7, 0x4}, {0x8, 0x5, 0x0, 0xfffffffc, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x4, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x10, 0x6, 0x0, 0x0, 0xfffffff9}, {0x0, 0x7, 0x1, 0x8000000}, {0x0, 0xffffffff, 0x0, 0x0, 0xfffffffd}, {0x2, 0x0, 0x400000, 0x0, 0x6}, {0x0, 0x0, 0x0, 0x8}, {}, {}, {0x800, 0x4, 0x0, 0x8000000}, {0x0, 0x0, 0x0, 0xafc}, {0x0, 0x0, 0x0, 0x0, 0x20}, {0xfffffffd, 0x3}, {}, {0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x9}, {0x0, 0x2000, 0x0, 0x0, 0x10001}, {}, {0x0, 0x401, 0x0, 0x0, 0xffffffff}, {0x0, 0x1000, 0x0, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffd}, {0xffffffff}, {}, {0x0, 0x0, 0xc, 0x0, 0x0, 0x6}, {0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0x5}, {0xffffffff, 0x0, 0xffffff1d, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x1, 0xff}, {0x80, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x5, 0x1}, {0x5}, {0x1, 0x8, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x4, 0x0, 0x0, 0x0, 0x3}, {}, {}, {0xfffffffd, 0x15, 0x0, 0x48510}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, {}, {0x0, 0x0, 0x0, 0x0, 0x1, 0x203b}, {0x9, 0x0, 0x0, 0x0, 0xd, 0xffffffff}, {0x100}, {0x0, 0x0, 0x80}, {0x0, 0xfffefffd, 0x100000, 0xffffffff}, {0x0, 0x0, 0x4, 0x2}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x6}, {0x5, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0xad}, {0x0, 0xfffffffc, 0x0, 0x3ff, 0x40000000}, {0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x400000}, {0x4, 0x0, 0x200}, {0x0, 0x0, 0x1fd}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x5}, {}, {0x0, 0x0, 0x0, 0x4000, 0x0, 0xfb3}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xfdffffff}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x100000, 0x4000004, 0x9}, {0xfffffffe}, {0x0, 0x0, 0x1, 0x0, 0x1}, {0x0, 0x2}, {}, {}, {}, {0x800000, 0x7, 0x0, 0x0, 0x0, 0x56}, {0x0, 0x40, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffefffff}, {0x0, 0xfffffffe}, {0x0, 0x0, 0x6, 0x0, 0x4}, {0x0, 0x0, 0x2}, {}, {0x0, 0xfffffffd, 0x0, 0xffffffff}, {0x6}, {0x7f, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x2, 0x10000, 0x0, 0x0, 0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x4000000, 0x0, 0x8}, {0x2, 0x0, 0x20000000, 0x0, 0x1}, {0x0, 0xfffffffc, 0x0, 0x2}, {}, {0x0, 0x4, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x9, 0xfffffffc, 0x0, 0x9, 0x101}, {0xfffffffb, 0x5, 0x0, 0x0, 0x1}, {0x0, 0x5, 0x0, 0x0, 0x6}, {0x0, 0x0, 0x0, 0x3, 0x80, 0xfffffffc}, {0x10000000, 0x0, 0x0, 0x4, 0x4}, {0x0, 0x2e9c, 0x0, 0x0, 0x7}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3, 0x0, 0x0, 0x4}, {0x10, 0x0, 0xfffffffe, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8, 0x1, 0x6}, {0x5}, {0x0, 0x0, 0x0, 0x1000000}, {0x0, 0xf}, {0xfffffffe, 0x0, 0x0, 0x0, 0x8000, 0x2}, {0x7fff, 0x1, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x80, 0xd70, 0x0, 0xfffffffc}, {0x0, 0x8000, 0x0, 0xfffffff2}, {0x0, 0x0, 0x10000, 0x0, 0xfffffffc, 0x2}, {0x0, 0x80000000, 0x0, 0x7dff800}, {}, {}, {0x5, 0x0, 0x0, 0x9}], [{}, {}, {0x0, 0x1}, {}, {}, {0x4}, {}, {0x0, 0x1}, {}, {}, {}, {0x3}, {0x0, 0x1}, {}, {}, {}, {0x2, 0x1}, {0x2, 0x1}, {}, {}, {}, {0x4}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x1, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {0x4}, {0x1}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {0x3}, {0x0, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {0x4}, {0x7}, {0x2}, {}, {}, {}, {}, {0x3}, {0x4}, {}, {0x0, 0x1}, {0x3}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {0x3}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {0x3}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {0x3}, {}, {}, {}, {0x4}, {0x2}, {}, {}, {0x4}, {0x3}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x2}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) 4.531814904s ago: executing program 1 (id=4305): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50) syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001fc, 0x301) prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0) r5 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) sendfile(r5, r4, 0x0, 0x3a) 3.381404636s ago: executing program 3 (id=4306): socket$nl_generic(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xc0042, 0x1) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x17, &(0x7f0000000080)=0x1, 0x4) unshare(0x2040400) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x4, 0x7f, 0x1}, 0x48) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8002, 0x0) io_setup(0x4, &(0x7f00000003c0)) 3.381178656s ago: executing program 1 (id=4307): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b8706b4242ef66ba420066b8e20066ef0f29902cbb000066bad004ec666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x45}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.256343558s ago: executing program 4 (id=4308): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x6111451, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socket$can_bcm(0x1d, 0x2, 0x2) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="0500"], 0x48}}, 0x4000802) sendmsg$can_bcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\a'], 0x38}}, 0x0) 3.256155228s ago: executing program 2 (id=4309): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10) 3.246225419s ago: executing program 0 (id=4310): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4020ae46, &(0x7f00000001c0)=ANY=[@ANYBLOB="01"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000000)=0x4000) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x8000000000000001, 0x8000000000000000, 0x10, 0x2, 0x1, 0x4, 0x2, 0x4, 0x401, 0x1000, 0x8, 0x3, 0x9, 0x8000, 0x5, 0x10000], 0x2000, 0x2300}) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x181900, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000140)={0x1, 0x0, @ioapic={0x1, 0x9, 0x6, 0x7, 0x0, [{0x6, 0x1, 0x7, '\x00', 0xed}, {0x9, 0x7, 0xfd, '\x00', 0x9}, {0x4, 0x3d, 0xe6, '\x00', 0x94}, {0x60, 0x7f, 0x7, '\x00', 0x7b}, {0x40, 0xa, 0x4, '\x00', 0x7}, {0x8, 0x6, 0x81, '\x00', 0xd}, {0xf9, 0x7, 0x7, '\x00', 0xd4}, {0x10, 0xc, 0x4, '\x00', 0x3}, {0xc, 0x4, 0x9, '\x00', 0x9}, {0x2, 0x5, 0x2, '\x00', 0xb5}, {0xc, 0xf, 0x3, '\x00', 0x6}, {0x0, 0xc, 0x68, '\x00', 0x1}, {0xc0, 0xc3, 0xd, '\x00', 0xd}, {0xf2, 0x8, 0x0, '\x00', 0x8}, {0x1, 0x3b, 0x7, '\x00', 0x29}, {0x89, 0x0, 0x9}, {0xd0, 0x1, 0x2, '\x00', 0x31}, {0x4, 0x3, 0xff, '\x00', 0x1}, {0xb7, 0x2, 0x30, '\x00', 0xfa}, {0x0, 0x5, 0x88}, {0x8, 0xf8, 0x21, '\x00', 0x2}, {0x8, 0x7, 0x65, '\x00', 0x3}, {0xf8, 0xff, 0xfe, '\x00', 0xa}, {0x34, 0x9, 0x4, '\x00', 0x9}]}}) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) 3.245981878s ago: executing program 2 (id=4311): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$xdp(0x2c, 0x3, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r4, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0xc044) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020100008500000043000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) mkdir(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newtfilter={0x5c, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffd}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x6}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x2}, {0x800, 0x40}}}]}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 2.846823726s ago: executing program 0 (id=4312): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$AUDIT_GET(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x42, 0x1fe) fallocate(r4, 0x10, 0x3, 0x7ffd) write$P9_RFSYNC(r4, &(0x7f0000000300)={0x7, 0x33, 0x1}, 0x7) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a) fallocate(r5, 0x20, 0x2000, 0x8000) mkdirat(0xffffffffffffff9c, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(0xffffffffffffffff, 0x0) 1.908495374s ago: executing program 4 (id=4313): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() ptrace$getenv(0x4201, r0, 0x7, &(0x7f0000000100)) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x37, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000c80)=@generic={0x0, 0x0, 0x10}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x0, 0x0, &(0x7f0000000380)='GPL\x00', 0x36, 0x8e, &(0x7f00000008c0)=""/142, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x8, &(0x7f0000000bc0)={0x0, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000d40), 0x0, 0x10, 0x200000}, 0x94) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000400)={0xa, 0x2, 0xf, @loopback, 0x9}, 0x1c) setsockopt$inet6_tcp_int(r3, 0x6, 0xa, &(0x7f0000001100)=0x804, 0x4) sendto$inet6(r3, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) 1.904755044s ago: executing program 2 (id=4314): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r3, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) 1.904606604s ago: executing program 3 (id=4315): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x20, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) syz_emit_ethernet(0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x10, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.780125756s ago: executing program 0 (id=4316): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x108) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x8, &(0x7f0000000080)=ANY=[]) syz_mount_image$msdos(&(0x7f0000003a40), &(0x7f0000000100)='./file0\x00', 0x1a4a438, &(0x7f0000000080)=ANY=[], 0x4b, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, 0x0, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10) recvmmsg(r3, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x2d}], 0x20, 0x40, 0x0) 1.779977726s ago: executing program 1 (id=4317): syz_mount_image$ext4(&(0x7f00000006c0)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x800, &(0x7f0000000700), 0x3f, 0x540, &(0x7f0000000c80)="$eJzs3d9rZFcdAPDvvclks7upk6pILViLrewW3ZlNY9sgovVFnwpqfV9jMhvCzmSWzKRuQrEp/Q9EUPDJJ18E/wBB+uAfIIWCvogPoqKIbhURqr3l3rlDt/MjCd3JTDf5fODunHN/fc+5Q86ce+/ZewM4tx6PiOcjYi4inoqIajk/Lacbeeawt95bd1/eyKcksuzFfySRlPP6+8rz8xFxubdJLEbEt74e8d1kOG5n/+DWerPZ2C3z9W7rdr2zf3Btu7W+1dhq7Kyurjy79tzaM2vXs9J91XO5n/jZ1778q89/7483/nb1+3mxvvSJqMRAPSapV/VKcSz68mO0exrBZmCurE9l1gUBAOBE8j7+RyPiM0X/vxpzRW9uwNwsSgYAAABMSvaVpfhfEpEBAAAAZ1YaEUuRpLVyLMBSpOlCeW3g43EpbbY73c/dbO/tbObLIpajkt7cbjaul2OFl6OS5PmVcoxtP//0QH41Ih6OiB9WLxb52ka7uTnjax8AAABwXlweOP//dzUt0scr/p9AetrlAwAAACZkeWwGAAAAOCuc8gMAAMDZN3j+73n/AAAAcKZ844UX8inrv/9686X9vVvtl65tNjq3aq29jdpGe/d2bavd3iqe2dc6bn/Ndvv2F2Jn70692+h06539gxut9t5O98b2+16BDQAAAEzRw59+/XdJRBx+8WIxhYf6AaP8edYFACbpPof66SrAA2x+1gUAZqYy6wIAM5ccs9zgHQAAePBd+eTw/f/++/9dG4CzzQ08ADh/3P+H86syOALwP7MqCTBt8+U1gI/0shfGrTf2/v9vThopyyLeqN47x/VFAACYrqViStJaeR6wFGlaq0U8FJEuRyW5ud1sXC/PD35brVzI8yvFlsmxY4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAAzrSI9K/J21E8y/9K9cmlwesDC8l/q/GXMvOTF390Z73b3V3J5/+zeJfXQkR0f1zOf3rs68MAAACASUsOxy7qnaeXnytTLRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA58Bbd1/e6E/TjPv3r0bE8qj487FYfC5GJSIu/SuJ+Xu2SyJibgLxD1+NiEdGxU/inSx7JcpSjIp/8ZTjLxeHZnT8NCIuTyA+nGev5+3P86P+/tJ4vPgc/fc3X073a3z7l5aRH4nqmPbnoaG9tUbGePTNX9R7qcpw/FcjHp0f3f70299kTPwnhvb2dpZlw/G/8+2Dg3H1z34acWXk70/yvlj1but2vbN/cG27tb7V2GrsrK6uPLv23Noza9frN7ebjfLfkTF+8KlfvjMufl7/SyPi/+H3vfb3qPo/OXKPw79K/3/zzt2P9ZJDX0Ae/+oTI39/F2NM/LSM8tkynS+/0k8f9tL3euznbzx2VP03xxz/477/q+N2OuCpb772pxOuCgBMQWf/4NZ6s9nYPSKxeIJ1jkjk/Yj72Px0EpVo7P56cebF+ACJ7JXeN/dhKc8HTeS91ffm9Gv1ISjYPYlsKrEuFP35k261MNnoAy3Aa2W7sN48SeuxcFrNEgAAcAre6/3PuiQAAAAAAAAAAAAAAAAAAABwfk3jUWqDMQ9nU1UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCO9GwAA///rlNhr") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) fallocate(r0, 0x10, 0x17e, 0x1000f) lseek(r0, 0x3, 0x3) 868.516403ms ago: executing program 2 (id=4318): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001ac0)=""/191, 0x0, 0xffff1000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 752.030896ms ago: executing program 4 (id=4319): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0xfffffffffffffdf0, 0x0, 0x0, 0x0, 0x4, 0x0, @local, @broadcast}}}}) 486.213631ms ago: executing program 4 (id=4320): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f00000ac000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) read$char_usb(r1, &(0x7f0000000040)=""/188, 0xbc) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0) read$FUSE(r2, &(0x7f0000001b40)={0x2020}, 0x205c) timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 485.96142ms ago: executing program 3 (id=4321): unshare(0x22020600) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, 0x0, &(0x7f0000000040)) 485.693891ms ago: executing program 3 (id=4322): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f00000002c0)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe16, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 480.916211ms ago: executing program 0 (id=4323): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000004c0)={0xffffffffffffffff}) read$FUSE(r1, &(0x7f0000000540)={0x2020}, 0x90) 467.260641ms ago: executing program 3 (id=4324): prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffa000/0x3000)=nil) 341.519403ms ago: executing program 3 (id=4325): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) timer_settime(0x0, 0x1, &(0x7f000006b000)={{0x0, 0x3938700}, {0x0, 0x9}}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') read$FUSE(r4, &(0x7f0000002780)={0x2020}, 0x5ecfb203) 340.440733ms ago: executing program 1 (id=4326): r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000440)={0x2, 0x4e24, @remote}, 0x10) sendto$inet(r0, &(0x7f0000000280)="97d937bcfd66a4ef9af12601488eec0027763a528f66c27c25b91dc9d7fc46bfd5b58df5d8fe55f218528ca42fe730f40425", 0x32, 0x810, &(0x7f00000001c0)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x10) 106.136578ms ago: executing program 1 (id=4327): bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x10, 0x4, 0x4, 0x2}, 0x50) 44.469339ms ago: executing program 1 (id=4328): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) r2 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(r2, 0x2) r3 = open(&(0x7f0000000300)='.\x00', 0x102000, 0x0) flock(r3, 0x1) r4 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(r4, 0x2) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) syz_open_dev$usbfs(0x0, 0x20800000000076, 0x61341) 27.566589ms ago: executing program 2 (id=4329): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000001c0)=@keyring={'key_or_keyring:', r0}) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000280)=@chain={'key_or_keyring:', r2}) 0s ago: executing program 2 (id=4330): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7000000002060500000000000000000000000000120003006269746d61703a69702c6d6163000000050004000000000009000200f3797a3000000000240007800c0002800800014000008e020c0001800800014000000000080008400000001005000500020000000500010006"], 0x70}}, 0x800) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x3, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) kernel console output (not intermixed with test programs): 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1165.791392][ T6] usb 1-1: config 0 descriptor?? [ 1165.807166][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1165.832163][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1165.840997][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1165.849621][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1165.858012][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1165.866841][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1165.875400][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1166.023227][T14185] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4006'. [ 1166.202171][T14185] loop4: detected capacity change from 0 to 512 [ 1166.212459][T14185] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1166.264153][ T8744] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1166.310635][T14185] EXT4-fs (loop4): can't mount with journal_async_commit, fs mounted w/o journal [ 1166.328196][ T8744] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1166.339356][ T8744] usb 4-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1166.349527][ T8744] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1167.423024][ T8744] usb 4-1: config 0 descriptor?? [ 1167.576920][ T60] usb 3-1: USB disconnect, device number 59 [ 1168.051283][T14193] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8296 sclass=netlink_route_socket pid=14193 comm=syz.3.4005 [ 1168.285380][T14195] netlink: 'syz.2.4008': attribute type 27 has an invalid length. [ 1168.301806][T14195] bridge0: port 2(bridge_slave_1) entered disabled state [ 1168.309058][T14195] bridge0: port 1(bridge_slave_0) entered disabled state [ 1168.443094][ T60] usb 1-1: USB disconnect, device number 59 [ 1168.479847][T14195] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1168.498153][T14200] loop4: detected capacity change from 0 to 16 [ 1168.514705][T14195] device veth0_vlan left promiscuous mode [ 1168.521246][T14195] device veth0_vlan entered promiscuous mode [ 1168.527701][T14200] erofs: (device loop4): mounted with root inode @ nid 36. [ 1168.529928][T14195] device veth1_macvtap left promiscuous mode [ 1168.541894][T14195] device veth1_macvtap entered promiscuous mode [ 1168.555773][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1168.566599][T14202] loop1: detected capacity change from 0 to 512 [ 1168.584522][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1168.592296][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1168.600807][ T340] bridge0: port 1(bridge_slave_0) entered blocking state [ 1168.607897][ T340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1168.636649][T14202] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1168.641847][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1168.657094][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1168.659296][T14202] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1168.666655][ T340] bridge0: port 2(bridge_slave_1) entered blocking state [ 1168.680994][ T340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1168.691669][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1168.697364][T14202] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2195: inode #15: comm syz.1.4011: corrupted in-inode xattr [ 1168.700569][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 1168.712471][T14202] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.4011: couldn't read orphan inode 15 (err -117) [ 1168.720232][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1168.732900][T14202] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1168.750516][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 1168.765935][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1168.774365][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1168.782993][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1168.792511][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1168.808333][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1168.808361][T10192] EXT4-fs (loop1): unmounting filesystem. [ 1168.817169][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1168.830527][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1168.839098][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1168.853065][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1168.863658][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1168.872306][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1168.880901][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1168.889508][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1168.898009][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1168.906178][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1168.914141][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1168.921829][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1168.942323][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1168.952936][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1168.960961][ T60] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 1168.969508][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1168.977586][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1169.147547][ T60] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1169.158522][ T60] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1169.301962][ T28] audit: type=1400 audit(1759549461.974:279): avc: denied { bind } for pid=14214 comm="syz.1.4014" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1169.343291][ T28] audit: type=1400 audit(1759549461.974:280): avc: denied { node_bind } for pid=14214 comm="syz.1.4014" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 1169.473743][ T60] usb 3-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1169.483025][ T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1169.498705][ T60] usb 3-1: config 0 descriptor?? [ 1169.603200][ T60] usb 4-1: USB disconnect, device number 62 [ 1169.751258][T14226] netlink: 'syz.4.4018': attribute type 27 has an invalid length. [ 1169.768218][T14226] bridge0: port 2(bridge_slave_1) entered disabled state [ 1169.775434][T14226] bridge0: port 1(bridge_slave_0) entered disabled state [ 1169.817336][T14227] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1169.833227][T14227] device veth0_vlan left promiscuous mode [ 1169.839239][T14227] device veth0_vlan entered promiscuous mode [ 1169.846269][T14227] device veth1_macvtap left promiscuous mode [ 1169.853057][T14227] device veth1_macvtap entered promiscuous mode [ 1169.885746][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1169.896430][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1169.904556][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1169.913855][ T340] bridge0: port 1(bridge_slave_0) entered blocking state [ 1169.921048][ T340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1169.929267][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1169.937753][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1169.946254][ T340] bridge0: port 2(bridge_slave_1) entered blocking state [ 1169.953368][ T340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1169.960866][ T8744] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 1169.968827][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1169.977657][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 1169.986290][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1169.994668][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 1170.002865][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1170.011057][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1170.019290][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1170.027382][ T60] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 1170.027964][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1170.043735][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1170.052187][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1170.060398][T14233] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8296 sclass=netlink_route_socket pid=14233 comm=syz.2.4012 [ 1170.067114][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1170.081780][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1170.090012][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1170.098196][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1170.106320][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1170.114599][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1170.123203][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1170.131869][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1170.140172][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1170.148150][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1170.155763][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1170.163217][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1170.171500][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1170.176863][ T8744] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1170.179855][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1170.189617][ T339] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 1170.197487][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1170.211966][ T8744] usb 1-1: config 0 has no interfaces? [ 1170.217610][ T8744] usb 1-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1170.226760][ T8744] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1170.226897][ T60] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1170.245215][ T60] usb 4-1: config 0 has no interfaces? [ 1170.248746][ T8744] usb 1-1: config 0 descriptor?? [ 1170.251273][ T60] usb 4-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1170.264799][ T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1170.273556][ T60] usb 4-1: config 0 descriptor?? [ 1170.416955][ T339] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1170.427198][ T339] usb 2-1: config 0 has no interfaces? [ 1170.432711][ T339] usb 2-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1170.441823][ T339] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1170.450556][ T339] usb 2-1: config 0 descriptor?? [ 1171.702557][ T339] usb 3-1: USB disconnect, device number 60 [ 1171.744322][T14238] loop4: detected capacity change from 0 to 1024 [ 1171.752245][T14238] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1171.765848][T14238] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (4000000) [ 1171.778875][T14238] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4021'. [ 1171.798646][T14238] loop4: detected capacity change from 0 to 512 [ 1172.137834][T14244] netlink: 'syz.2.4022': attribute type 3 has an invalid length. [ 1172.161559][T14238] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.4021: error while reading EA inode 32 err=-116 [ 1172.180005][T14238] EXT4-fs (loop4): Remounting filesystem read-only [ 1172.188315][T14238] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.4021: error while reading EA inode 32 err=-116 [ 1172.201337][T14238] EXT4-fs (loop4): Remounting filesystem read-only [ 1172.208372][T14238] EXT4-fs (loop4): 1 orphan inode deleted [ 1172.214309][T14238] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1172.295678][T14238] loop4: detected capacity change from 512 to 64 [ 1172.310298][ T9933] EXT4-fs (loop4): unmounting filesystem. [ 1172.318163][ T28] audit: type=1400 audit(1759549465.114:281): avc: denied { unmount } for pid=9933 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 1172.382328][T14255] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4023'. [ 1172.525710][T14260] loop4: detected capacity change from 0 to 128 [ 1172.558565][T14260] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1172.568101][T14260] ext4 filesystem being mounted at /212/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1172.581956][T14260] FAULT_INJECTION: forcing a failure. [ 1172.581956][T14260] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 1172.595443][T14260] CPU: 1 PID: 14260 Comm: syz.4.4026 Not tainted syzkaller #0 [ 1172.602937][T14260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1172.613031][T14260] Call Trace: [ 1172.616328][T14260] [ 1172.619313][T14260] __dump_stack+0x21/0x24 [ 1172.623758][T14260] dump_stack_lvl+0xee/0x150 [ 1172.628372][T14260] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1172.633419][T14260] dump_stack+0x15/0x24 [ 1172.637591][T14260] should_fail_ex+0x3d4/0x520 [ 1172.642360][T14260] should_fail+0xb/0x10 [ 1172.646545][T14260] should_fail_usercopy+0x1a/0x20 [ 1172.651605][T14260] _copy_to_user+0x1e/0x90 [ 1172.656111][T14260] simple_read_from_buffer+0xe9/0x160 [ 1172.661542][T14260] proc_fail_nth_read+0x19a/0x210 [ 1172.666604][T14260] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 1172.672156][T14260] ? security_file_permission+0x94/0xb0 [ 1172.677754][T14260] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 1172.683309][T14260] vfs_read+0x26e/0x8c0 [ 1172.687521][T14260] ? __cfi_vfs_read+0x10/0x10 [ 1172.692206][T14260] ? __kasan_check_write+0x14/0x20 [ 1172.697346][T14260] ? mutex_lock+0x8d/0x1a0 [ 1172.701816][T14260] ? __cfi_mutex_lock+0x10/0x10 [ 1172.706762][T14260] ? __fdget_pos+0x2cd/0x380 [ 1172.711382][T14260] ? ksys_read+0x71/0x240 [ 1172.715743][T14260] ksys_read+0x140/0x240 [ 1172.720016][T14260] ? __cfi_ksys_read+0x10/0x10 [ 1172.724790][T14260] ? fput+0x154/0x1a0 [ 1172.728820][T14260] ? debug_smp_processor_id+0x17/0x20 [ 1172.734228][T14260] __x64_sys_read+0x7b/0x90 [ 1172.738740][T14260] x64_sys_call+0x2f/0x9a0 [ 1172.743157][T14260] do_syscall_64+0x4c/0xa0 [ 1172.747572][T14260] ? clear_bhb_loop+0x30/0x80 [ 1172.752309][T14260] ? clear_bhb_loop+0x30/0x80 [ 1172.756994][T14260] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1172.762898][T14260] RIP: 0033:0x7fcca4d8d8dc [ 1172.767325][T14260] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1172.786941][T14260] RSP: 002b:00007fcca5bee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1172.795361][T14260] RAX: ffffffffffffffda RBX: 00007fcca4fe5fa0 RCX: 00007fcca4d8d8dc [ 1172.803360][T14260] RDX: 000000000000000f RSI: 00007fcca5bee0a0 RDI: 0000000000000005 [ 1172.811430][T14260] RBP: 00007fcca5bee090 R08: 0000000000000000 R09: 0000000000000000 [ 1172.819437][T14260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1172.827418][T14260] R13: 00007fcca4fe6038 R14: 00007fcca4fe5fa0 R15: 00007ffdcfc4fff8 [ 1172.835405][T14260] [ 1172.878925][ T339] usb 1-1: USB disconnect, device number 60 [ 1172.885908][T14124] usb 4-1: USB disconnect, device number 63 [ 1172.908070][T14264] loop3: detected capacity change from 0 to 16 [ 1172.922607][T14264] erofs: (device loop3): mounted with root inode @ nid 36. [ 1172.946270][ T9933] EXT4-fs (loop4): unmounting filesystem. [ 1173.300096][T14267] loop0: detected capacity change from 0 to 8192 [ 1174.896454][T14273] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 1175.048437][T14124] usb 2-1: USB disconnect, device number 50 [ 1175.216199][T14271] FAULT_INJECTION: forcing a failure. [ 1175.216199][T14271] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1175.265618][T14271] CPU: 1 PID: 14271 Comm: syz.1.4030 Not tainted syzkaller #0 [ 1175.273136][T14271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1175.283391][T14271] Call Trace: [ 1175.286682][T14271] [ 1175.289634][T14271] __dump_stack+0x21/0x24 [ 1175.293993][T14271] dump_stack_lvl+0xee/0x150 [ 1175.298606][T14271] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1175.303656][T14271] dump_stack+0x15/0x24 [ 1175.307838][T14271] should_fail_ex+0x3d4/0x520 [ 1175.312546][T14271] should_fail+0xb/0x10 [ 1175.316732][T14271] should_fail_usercopy+0x1a/0x20 [ 1175.321795][T14271] _copy_from_user+0x1e/0xc0 [ 1175.326413][T14271] iovec_from_user+0x1aa/0x2e0 [ 1175.331375][T14271] __import_iovec+0x71/0x470 [ 1175.336001][T14271] import_iovec+0x7c/0xb0 [ 1175.340367][T14271] do_readv+0x1fe/0x3e0 [ 1175.344561][T14271] ? generic_file_rw_checks+0x2a0/0x2a0 [ 1175.350158][T14271] ? __kasan_check_write+0x14/0x20 [ 1175.355309][T14271] ? fput+0x154/0x1a0 [ 1175.359385][T14271] ? debug_smp_processor_id+0x17/0x20 [ 1175.364806][T14271] __x64_sys_readv+0x7d/0x90 [ 1175.369428][T14271] x64_sys_call+0x3bd/0x9a0 [ 1175.373963][T14271] do_syscall_64+0x4c/0xa0 [ 1175.378414][T14271] ? clear_bhb_loop+0x30/0x80 [ 1175.383235][T14271] ? clear_bhb_loop+0x30/0x80 [ 1175.387949][T14271] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1175.393881][T14271] RIP: 0033:0x7fd824b8eec9 [ 1175.398323][T14271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1175.417963][T14271] RSP: 002b:00007fd825a84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1175.426411][T14271] RAX: ffffffffffffffda RBX: 00007fd824de5fa0 RCX: 00007fd824b8eec9 [ 1175.434435][T14271] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000005 [ 1175.442439][T14271] RBP: 00007fd825a84090 R08: 0000000000000000 R09: 0000000000000000 [ 1175.450442][T14271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1175.458443][T14271] R13: 00007fd824de6038 R14: 00007fd824de5fa0 R15: 00007ffc30dcf448 [ 1175.466449][T14271] [ 1175.864459][T14291] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4033'. [ 1176.056728][T14292] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4034'. [ 1176.260073][ T28] audit: type=1400 audit(1759549469.054:282): avc: denied { write } for pid=14295 comm="syz.2.4036" name="ptp0" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1176.284512][T14296] FAULT_INJECTION: forcing a failure. [ 1176.284512][T14296] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1176.318264][T14296] CPU: 0 PID: 14296 Comm: syz.2.4036 Not tainted syzkaller #0 [ 1176.325777][T14296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1176.335856][T14296] Call Trace: [ 1176.339150][T14296] [ 1176.342094][T14296] __dump_stack+0x21/0x24 [ 1176.346444][T14296] dump_stack_lvl+0xee/0x150 [ 1176.351051][T14296] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1176.356095][T14296] ? kstrtoull+0x137/0x1d0 [ 1176.360551][T14296] dump_stack+0x15/0x24 [ 1176.364738][T14296] should_fail_ex+0x3d4/0x520 [ 1176.369451][T14296] should_fail+0xb/0x10 [ 1176.373637][T14296] should_fail_usercopy+0x1a/0x20 [ 1176.378723][T14296] _copy_from_user+0x1e/0xc0 [ 1176.383439][T14296] core_sys_select+0x2d1/0x650 [ 1176.388311][T14296] ? __cfi_core_sys_select+0x10/0x10 [ 1176.393626][T14296] ? __cfi_set_user_sigmask+0x10/0x10 [ 1176.399119][T14296] ? irq_work_queue+0xc1/0x150 [ 1176.403998][T14296] __se_sys_pselect6+0x287/0x310 [ 1176.408958][T14296] ? __x64_sys_pselect6+0x100/0x100 [ 1176.414208][T14296] ? ksys_write+0x1eb/0x240 [ 1176.418743][T14296] ? __cfi_ksys_write+0x10/0x10 [ 1176.423640][T14296] __x64_sys_pselect6+0xe5/0x100 [ 1176.428613][T14296] x64_sys_call+0x1b0/0x9a0 [ 1176.433154][T14296] do_syscall_64+0x4c/0xa0 [ 1176.437622][T14296] ? clear_bhb_loop+0x30/0x80 [ 1176.442328][T14296] ? clear_bhb_loop+0x30/0x80 [ 1176.447039][T14296] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1176.452961][T14296] RIP: 0033:0x7f0bc4b8eec9 [ 1176.457411][T14296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1176.475866][T14124] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 1176.477035][T14296] RSP: 002b:00007f0bc596a038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 1176.493099][T14296] RAX: ffffffffffffffda RBX: 00007f0bc4de5fa0 RCX: 00007f0bc4b8eec9 [ 1176.501103][T14296] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 1176.509104][T14296] RBP: 00007f0bc596a090 R08: 0000000000000000 R09: 0000000000000000 [ 1176.517105][T14296] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 1176.525094][T14296] R13: 00007f0bc4de6038 R14: 00007f0bc4de5fa0 R15: 00007ffd6ef5e9e8 [ 1176.533110][T14296] [ 1176.583973][T14299] loop2: detected capacity change from 0 to 256 [ 1176.636051][T14299] exfat: Unknown parameter 'allow_uti0000000020000000001' [ 1176.656659][T14124] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1176.674786][T14124] usb 4-1: config 0 has no interfaces? [ 1176.689902][ T28] audit: type=1400 audit(1759549469.484:283): avc: denied { ioctl } for pid=14298 comm="syz.2.4037" path="/dev/fuse" dev="devtmpfs" ino=93 ioctlcmd=0x940f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 1176.690521][T14124] usb 4-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1176.815603][T14124] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1176.836143][T14124] usb 4-1: config 0 descriptor?? [ 1177.613989][T14311] loop4: detected capacity change from 0 to 512 [ 1177.638777][T14311] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.4040: casefold flag without casefold feature [ 1177.675715][T14311] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.4040: couldn't read orphan inode 15 (err -117) [ 1177.687957][T14311] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1177.955755][T14320] overlayfs: unrecognized mount option "verity=require" or missing value [ 1178.230092][T14320] netlink: 80 bytes leftover after parsing attributes in process `syz.1.4041'. [ 1178.896781][ T28] audit: type=1400 audit(1759549471.374:284): avc: denied { setopt } for pid=14310 comm="syz.4.4040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 1179.174942][T10076] usb 5-1: new full-speed USB device number 60 using dummy_hcd [ 1179.184904][ T60] usb 4-1: USB disconnect, device number 64 [ 1179.208495][T14331] loop3: detected capacity change from 0 to 16 [ 1179.228593][T14331] erofs: (device loop3): mounted with root inode @ nid 36. [ 1179.397259][T10076] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1179.408063][T10076] usb 5-1: not running at top speed; connect to a high speed hub [ 1179.425770][T10076] usb 5-1: config 3 has an invalid interface number: 98 but max is 0 [ 1179.441759][T10076] usb 5-1: config 3 has no interface number 0 [ 1179.455752][T10076] usb 5-1: config 3 interface 98 altsetting 10 endpoint 0x2 has an invalid bInterval 0, changing to 4 [ 1179.480360][T10076] usb 5-1: config 3 interface 98 altsetting 10 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1179.500685][T10076] usb 5-1: config 3 interface 98 has no altsetting 0 [ 1179.516891][T10076] usb 5-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=b9.a8 [ 1179.535035][T10076] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1179.553565][T10076] usb 5-1: Product: syz [ 1179.558117][T10076] usb 5-1: Manufacturer: syz [ 1179.562738][T10076] usb 5-1: SerialNumber: syz [ 1179.785788][ T28] audit: type=1400 audit(1759549472.584:285): avc: denied { nlmsg_read } for pid=14310 comm="syz.4.4040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1180.077493][T14345] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4048'. [ 1180.086504][T14345] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4048'. [ 1180.110301][T14345] device gretap0 entered promiscuous mode [ 1180.116355][T14345] device macsec1 entered promiscuous mode [ 1180.279430][T14347] netlink: 'syz.1.4049': attribute type 27 has an invalid length. [ 1180.297459][T14347] bridge0: port 2(bridge_slave_1) entered disabled state [ 1180.304766][T14347] bridge0: port 1(bridge_slave_0) entered disabled state [ 1180.325827][ T8744] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 1180.374189][T14348] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1180.394547][T14348] bridge0: port 1(bridge_slave_0) entered blocking state [ 1180.401748][T14348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1180.411789][T14348] bridge0: port 2(bridge_slave_1) entered blocking state [ 1180.418898][T14348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1180.434363][T14348] device veth0_vlan left promiscuous mode [ 1180.440800][T14348] device veth0_vlan entered promiscuous mode [ 1180.448385][T14348] device veth1_macvtap left promiscuous mode [ 1180.455397][T14348] device veth1_macvtap entered promiscuous mode [ 1180.464938][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1180.473040][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1180.482015][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1180.491059][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1180.500288][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1180.509143][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1180.517864][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1180.526850][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1180.535534][ T8744] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1180.546481][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1180.554681][ T8744] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1180.564444][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1180.572881][ T8744] usb 3-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1180.582801][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1180.590892][ T8744] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1180.593456][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1180.607661][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1180.611510][ T8744] usb 3-1: config 0 descriptor?? [ 1180.616596][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1180.629111][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1180.681275][ T28] audit: type=1400 audit(1759549473.474:286): avc: denied { create } for pid=14353 comm="syz.1.4051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 1180.702044][ T28] audit: type=1400 audit(1759549473.474:287): avc: denied { ioctl } for pid=14353 comm="syz.1.4051" path="socket:[58953]" dev="sockfs" ino=58953 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 1180.752841][T14357] xt_hashlimit: size too large, truncated to 1048576 [ 1180.813185][ T28] audit: type=1400 audit(1759549473.604:288): avc: denied { lock } for pid=14356 comm="syz.1.4052" path="socket:[59562]" dev="sockfs" ino=59562 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 1180.857455][ T28] audit: type=1400 audit(1759549473.634:289): avc: denied { sqpoll } for pid=14356 comm="syz.1.4052" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 1180.904332][ T9933] EXT4-fs (loop4): unmounting filesystem. [ 1180.910040][T10076] usb 5-1: USB disconnect, device number 60 [ 1181.285827][T14366] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4047'. [ 1181.410118][T14371] FAULT_INJECTION: forcing a failure. [ 1181.410118][T14371] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 1181.487267][T14371] CPU: 1 PID: 14371 Comm: syz.4.4054 Not tainted syzkaller #0 [ 1181.494799][T14371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1181.504888][T14371] Call Trace: [ 1181.508191][T14371] [ 1181.511145][T14371] __dump_stack+0x21/0x24 [ 1181.515516][T14371] dump_stack_lvl+0xee/0x150 [ 1181.520144][T14371] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1181.525202][T14371] ? kasan_save_stack+0x4c/0x60 [ 1181.530170][T14371] ? kasan_save_stack+0x3a/0x60 [ 1181.535055][T14371] ? __kasan_record_aux_stack+0xb6/0xc0 [ 1181.540646][T14371] dump_stack+0x15/0x24 [ 1181.544845][T14371] should_fail_ex+0x3d4/0x520 [ 1181.549567][T14371] should_fail_alloc_page+0x61/0x90 [ 1181.554878][T14371] prepare_alloc_pages+0x148/0x5f0 [ 1181.560019][T14371] ? __alloc_pages_bulk+0x9c0/0x9c0 [ 1181.565251][T14371] __alloc_pages+0x124/0x450 [ 1181.569864][T14371] ? __cfi___alloc_pages+0x10/0x10 [ 1181.575002][T14371] ? __kasan_check_read+0x11/0x20 [ 1181.580051][T14371] ? call_rcu+0xb83/0xf90 [ 1181.584493][T14371] __folio_alloc+0x12/0x40 [ 1181.588948][T14371] handle_mm_fault+0x18ef/0x2640 [ 1181.594003][T14371] ? __cfi_handle_mm_fault+0x10/0x10 [ 1181.599344][T14371] ? lock_vma_under_rcu+0x3eb/0x4d0 [ 1181.604591][T14371] ? ksys_read+0x71/0x240 [ 1181.608967][T14371] ? ksys_read+0x110/0x240 [ 1181.613421][T14371] do_user_addr_fault+0x905/0x1050 [ 1181.618568][T14371] exc_page_fault+0x51/0xb0 [ 1181.623112][T14371] asm_exc_page_fault+0x27/0x30 [ 1181.627985][T14371] RIP: 0033:0x7fcca4d3c3ab [ 1181.632420][T14371] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01 [ 1181.652052][T14371] RSP: 002b:00007fcca5ba9e10 EFLAGS: 00010246 [ 1181.658148][T14371] RAX: 00007fcca5babf30 RBX: 00007fcca4fb7640 RCX: 0000000000000000 [ 1181.666145][T14371] RDX: 00007fcca5babf78 RSI: 00007fcca4deedf8 RDI: 00007fcca5ba9e30 [ 1181.674147][T14371] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 1181.682141][T14371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1181.690136][T14371] R13: 00007fcca4fe6218 R14: 00007fcca4fe6180 R15: 00007ffdcfc4fff8 [ 1181.698135][T14371] [ 1181.712017][T14371] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 1181.766652][T14373] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4056'. [ 1181.816799][T14381] FAULT_INJECTION: forcing a failure. [ 1181.816799][T14381] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1181.830685][T14381] CPU: 0 PID: 14381 Comm: syz.3.4058 Not tainted syzkaller #0 [ 1181.838195][T14381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1181.848273][T14381] Call Trace: [ 1181.851581][T14381] [ 1181.854533][T14381] __dump_stack+0x21/0x24 [ 1181.858900][T14381] dump_stack_lvl+0xee/0x150 [ 1181.863524][T14381] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1181.868581][T14381] dump_stack+0x15/0x24 [ 1181.872762][T14381] should_fail_ex+0x3d4/0x520 [ 1181.877476][T14381] should_fail+0xb/0x10 [ 1181.881664][T14381] should_fail_usercopy+0x1a/0x20 [ 1181.886898][T14381] _copy_from_user+0x1e/0xc0 [ 1181.891530][T14381] iovec_from_user+0x1aa/0x2e0 [ 1181.896322][T14381] ? __kasan_check_write+0x14/0x20 [ 1181.901455][T14381] __import_iovec+0x71/0x470 [ 1181.906098][T14381] import_iovec+0x7c/0xb0 [ 1181.910469][T14381] do_preadv+0x1bd/0x330 [ 1181.914740][T14381] ? vfs_writev+0x590/0x590 [ 1181.919271][T14381] ? __kasan_check_write+0x14/0x20 [ 1181.924404][T14381] ? fput+0x154/0x1a0 [ 1181.928415][T14381] __x64_sys_preadv+0x9e/0xb0 [ 1181.933113][T14381] x64_sys_call+0x370/0x9a0 [ 1181.937641][T14381] do_syscall_64+0x4c/0xa0 [ 1181.942080][T14381] ? clear_bhb_loop+0x30/0x80 [ 1181.946787][T14381] ? clear_bhb_loop+0x30/0x80 [ 1181.951503][T14381] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1181.957429][T14381] RIP: 0033:0x7f622818eec9 [ 1181.961873][T14381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1181.981507][T14381] RSP: 002b:00007f6228f4b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1181.990036][T14381] RAX: ffffffffffffffda RBX: 00007f62283e5fa0 RCX: 00007f622818eec9 [ 1181.998035][T14381] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 1182.006030][T14381] RBP: 00007f6228f4b090 R08: 0000000000000000 R09: 0000000000000000 [ 1182.014020][T14381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1182.022010][T14381] R13: 00007f62283e6038 R14: 00007f62283e5fa0 R15: 00007ffe1d0248f8 [ 1182.030009][T14381] [ 1182.623183][T14391] loop1: detected capacity change from 0 to 16 [ 1182.638438][T14391] erofs: (device loop1): mounted with root inode @ nid 36. [ 1182.680299][T14394] netlink: 'syz.0.4062': attribute type 27 has an invalid length. [ 1182.702328][T14394] bridge0: port 2(bridge_slave_1) entered disabled state [ 1182.709574][T14394] bridge0: port 1(bridge_slave_0) entered disabled state [ 1182.748216][T14394] device macsec1 left promiscuous mode [ 1182.757960][T14396] device gretap0 left promiscuous mode [ 1182.767858][T14396] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1182.811188][T14396] device veth0_vlan left promiscuous mode [ 1182.832434][T14124] usb 3-1: USB disconnect, device number 61 [ 1182.839076][T14396] device veth0_vlan entered promiscuous mode [ 1182.847911][T14396] device veth1_macvtap left promiscuous mode [ 1182.858386][T14396] device veth1_macvtap entered promiscuous mode [ 1182.869341][T14396] device gretap0 entered promiscuous mode [ 1182.877377][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): macsec1: link becomes ready [ 1182.887884][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1182.902014][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1182.965149][T14401] loop3: detected capacity change from 0 to 256 [ 1182.965378][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1182.996682][T14401] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x76936814, utbl_chksum : 0xe619d30d) [ 1183.009704][ T7363] bridge0: port 1(bridge_slave_0) entered blocking state [ 1183.016801][ T7363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1183.040470][ T28] audit: type=1400 audit(1759549475.834:290): avc: denied { setopt } for pid=14400 comm="syz.3.4065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1183.054799][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1183.064339][ T28] audit: type=1400 audit(1759549475.854:291): avc: denied { write } for pid=14400 comm="syz.3.4065" name="softnet_stat" dev="proc" ino=4026532478 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 1183.090481][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1183.118218][ T7363] bridge0: port 2(bridge_slave_1) entered blocking state [ 1183.125338][ T7363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1183.158783][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1183.167397][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 1183.175655][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1183.184359][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 1183.192627][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1183.201516][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1183.209796][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1183.218266][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1183.226761][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1183.235449][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1183.244276][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1183.279285][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1183.328250][T14124] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 1183.340581][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1183.374983][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1183.416921][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1183.553010][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1183.553882][T14124] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1183.561493][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1183.579513][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1183.587993][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1183.596467][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1183.604700][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1183.609621][T14124] usb 3-1: config 0 has no interfaces? [ 1183.618371][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1183.625958][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1183.633504][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1183.642020][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1183.646600][T14124] usb 3-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1183.650365][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1183.677569][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1183.694874][T14124] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1183.722973][T14124] usb 3-1: config 0 descriptor?? [ 1183.747965][T14403] loop0: detected capacity change from 0 to 40427 [ 1183.769567][T14403] F2FS-fs (loop0): invalid crc value [ 1183.792564][T14403] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1183.851370][ T28] audit: type=1326 audit(1759549476.644:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14409 comm="syz.4.4067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca4d8eec9 code=0x7ffc0000 [ 1183.869736][T14403] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 1183.875085][ T28] audit: type=1326 audit(1759549476.644:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14409 comm="syz.4.4067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fcca4d8eec9 code=0x7ffc0000 [ 1183.906829][ T28] audit: type=1326 audit(1759549476.644:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14409 comm="syz.4.4067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca4d8eec9 code=0x7ffc0000 [ 1183.930707][ T28] audit: type=1326 audit(1759549476.644:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14409 comm="syz.4.4067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fcca4d8eec9 code=0x7ffc0000 [ 1183.954462][ T28] audit: type=1326 audit(1759549476.644:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14409 comm="syz.4.4067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca4d8eec9 code=0x7ffc0000 [ 1183.998964][ T28] audit: type=1326 audit(1759549476.644:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14409 comm="syz.4.4067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fcca4d8eec9 code=0x7ffc0000 [ 1184.308793][ T28] audit: type=1326 audit(1759549476.644:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14409 comm="syz.4.4067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca4d8eec9 code=0x7ffc0000 [ 1185.176187][T10358] syz-executor: attempt to access beyond end of device [ 1185.176187][T10358] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1185.233961][ T28] audit: type=1326 audit(1759549476.644:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14409 comm="syz.4.4067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fcca4d8eec9 code=0x7ffc0000 [ 1185.394906][T14431] FAULT_INJECTION: forcing a failure. [ 1185.394906][T14431] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1185.408172][T14431] CPU: 1 PID: 14431 Comm: syz.0.4069 Not tainted syzkaller #0 [ 1185.415672][T14431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1185.425746][T14431] Call Trace: [ 1185.429038][T14431] [ 1185.431966][T14431] __dump_stack+0x21/0x24 [ 1185.436322][T14431] dump_stack_lvl+0xee/0x150 [ 1185.440929][T14431] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1185.445976][T14431] dump_stack+0x15/0x24 [ 1185.450135][T14431] should_fail_ex+0x3d4/0x520 [ 1185.454825][T14431] should_fail+0xb/0x10 [ 1185.458983][T14431] should_fail_usercopy+0x1a/0x20 [ 1185.464014][T14431] _copy_from_user+0x1e/0xc0 [ 1185.468609][T14431] __sys_bpf+0x277/0x780 [ 1185.472936][T14431] ? bpf_link_show_fdinfo+0x320/0x320 [ 1185.478324][T14431] ? __cfi_ksys_write+0x10/0x10 [ 1185.483260][T14431] ? debug_smp_processor_id+0x17/0x20 [ 1185.488750][T14431] __x64_sys_bpf+0x7c/0x90 [ 1185.493281][T14431] x64_sys_call+0x488/0x9a0 [ 1185.497797][T14431] do_syscall_64+0x4c/0xa0 [ 1185.502393][T14431] ? clear_bhb_loop+0x30/0x80 [ 1185.507082][T14431] ? clear_bhb_loop+0x30/0x80 [ 1185.511776][T14431] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1185.517678][T14431] RIP: 0033:0x7f58c4b8eec9 [ 1185.522095][T14431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1185.541818][T14431] RSP: 002b:00007f58c598e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1185.550249][T14431] RAX: ffffffffffffffda RBX: 00007f58c4de5fa0 RCX: 00007f58c4b8eec9 [ 1185.558244][T14431] RDX: 0000000000000020 RSI: 00002000000000c0 RDI: 0000000000000005 [ 1185.566224][T14431] RBP: 00007f58c598e090 R08: 0000000000000000 R09: 0000000000000000 [ 1185.574220][T14431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1185.582209][T14431] R13: 00007f58c4de6038 R14: 00007f58c4de5fa0 R15: 00007ffe5987fc08 [ 1185.590188][T14431] [ 1185.625625][ T306] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 1185.792420][T14436] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 1185.946534][ T306] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1185.957741][ T306] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1185.968922][ T306] usb 4-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1185.979101][ T306] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1186.014124][ T306] usb 4-1: config 0 descriptor?? [ 1186.315641][ T306] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 1186.337537][T14124] usb 3-1: USB disconnect, device number 62 [ 1186.929043][T14449] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8296 sclass=netlink_route_socket pid=14449 comm=syz.3.4070 [ 1187.075675][T14451] netlink: 'syz.4.4076': attribute type 27 has an invalid length. [ 1187.133962][T14451] bridge0: port 2(bridge_slave_1) entered disabled state [ 1187.141269][T14451] bridge0: port 1(bridge_slave_0) entered disabled state [ 1187.282688][T14453] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1187.309620][T14453] device veth0_vlan left promiscuous mode [ 1187.316156][T14453] device veth0_vlan entered promiscuous mode [ 1187.323560][T14453] device veth1_macvtap left promiscuous mode [ 1187.331124][T14453] device veth1_macvtap entered promiscuous mode [ 1187.342411][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1187.350756][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1187.365067][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1187.390113][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 1187.397234][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1187.464406][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1187.472960][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1187.490730][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 1187.497823][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1187.506304][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1187.514958][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 1187.523131][ T306] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1187.533885][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1187.542449][ T306] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1187.552059][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 1187.560142][ T306] usb 2-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1187.569788][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1187.579064][ T306] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1187.588141][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1187.598324][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1187.606869][ T306] usb 2-1: config 0 descriptor?? [ 1187.618599][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1187.627071][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1187.635810][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1187.644382][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1187.653078][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1187.661965][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1187.670372][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1187.678830][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1187.688827][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1187.697496][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1187.706042][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1187.714357][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1187.722525][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1187.730212][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1187.738657][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1187.747069][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1187.755363][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1187.763330][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1188.231905][T14469] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4073'. [ 1188.722816][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 1188.722833][ T28] audit: type=1400 audit(1759549481.514:309): avc: denied { load_policy } for pid=14470 comm="syz.4.4080" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 1188.751464][T14471] ------------[ cut here ]------------ [ 1188.757080][T14471] WARNING: CPU: 1 PID: 14471 at mm/page_alloc.c:5841 __alloc_pages+0x272/0x450 [ 1188.766110][T14471] Modules linked in: [ 1188.770019][T14471] CPU: 1 PID: 14471 Comm: syz.4.4080 Not tainted syzkaller #0 [ 1188.777607][T14471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1188.787712][T14471] RIP: 0010:__alloc_pages+0x272/0x450 [ 1188.793120][T14471] Code: 0c 25 28 00 00 00 48 3b 8c 24 c0 00 00 00 0f 85 a3 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 c6 05 f2 79 bf 05 01 <0f> 0b eb a5 a9 00 00 08 00 48 8b 54 24 08 75 17 44 89 f6 81 e6 7f [ 1188.812768][T14471] RSP: 0018:ffffc90008e475a0 EFLAGS: 00010246 [ 1188.818879][T14471] RAX: ffffc90008e47600 RBX: 0000000000000016 RCX: 0000000000000000 [ 1188.826909][T14471] RDX: 0000000000000018 RSI: 0000000000000000 RDI: ffffc90008e47628 [ 1188.834900][T14471] RBP: ffffc90008e476b8 R08: dffffc0000000000 R09: ffffc90008e47610 [ 1188.843177][T14471] R10: fffff520011c8ec5 R11: 1ffff920011c8ec2 R12: dffffc0000000000 [ 1188.851319][T14471] R13: 0000000000000000 R14: 0000000000040dc0 R15: 1ffff920011c8eb8 [ 1188.859347][T14471] FS: 00007fcca5bee6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 1188.868329][T14471] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1188.874942][T14471] CR2: 0000200000000281 CR3: 000000010fada000 CR4: 00000000003506a0 [ 1188.882969][T14471] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 1188.891002][T14471] DR3: ffffffffefffff15 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1188.899128][T14471] Call Trace: [ 1188.902425][T14471] [ 1188.905368][T14471] ? __cfi___alloc_pages+0x10/0x10 [ 1188.910547][T14471] __kmalloc_large_node+0xa1/0x1c0 [ 1188.915848][T14471] ? hashtab_init+0xcd/0x160 [ 1188.920529][T14471] __kmalloc+0xe0/0x1e0 [ 1188.924735][T14471] hashtab_init+0xcd/0x160 [ 1188.929225][T14471] symtab_init+0x40/0x60 [ 1188.929710][ T339] usb 4-1: USB disconnect, device number 65 [ 1188.933488][T14471] class_read+0x1f5/0xab0 [ 1188.943770][T14471] ? kasan_poison+0x62/0x70 [ 1188.948359][T14471] ? __kasan_kmalloc_large+0xa4/0xb0 [ 1188.953414][ T28] audit: type=1400 audit(1759549481.744:310): avc: denied { getopt } for pid=14470 comm="syz.4.4080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1188.953717][T14471] ? __cfi_class_read+0x10/0x10 [ 1188.978585][T14471] ? __kmalloc+0x129/0x1e0 [ 1188.983059][T14471] ? __cfi_class_read+0x10/0x10 [ 1188.988365][T14471] policydb_read+0xb0f/0x25e0 [ 1188.993453][T14471] ? __cfi_policydb_read+0x10/0x10 [ 1188.999201][T14471] ? __kasan_kmalloc+0x95/0xb0 [ 1188.999290][T14478] netlink: 'syz.3.4083': attribute type 27 has an invalid length. [ 1189.004730][T14471] ? security_load_policy+0x118/0xea0 [ 1189.017656][T14471] ? kmalloc_trace+0x40/0xb0 [ 1189.022298][T14471] security_load_policy+0x153/0xea0 [ 1189.026362][T14478] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1189.027565][T14471] ? __kasan_check_write+0x14/0x20 [ 1189.039944][T14471] ? _raw_spin_lock+0x8e/0xe0 [ 1189.044660][T14471] ? __cfi__raw_spin_lock+0x10/0x10 [ 1189.049944][T14471] ? __cfi___vmalloc_node_range+0x10/0x10 [ 1189.055729][T14471] ? __cfi_security_load_policy+0x10/0x10 [ 1189.061479][T14471] ? __kasan_check_write+0x14/0x20 [ 1189.066672][T14471] sel_write_load+0x36f/0x5e0 [ 1189.071474][T14471] ? __cfi_sel_write_load+0x10/0x10 [ 1189.076870][T14471] ? security_file_permission+0x94/0xb0 [ 1189.082469][T14471] ? __cfi_sel_write_load+0x10/0x10 [ 1189.087781][T14471] vfs_write+0x40c/0xca0 [ 1189.092100][T14471] ? slab_free_freelist_hook+0xc2/0x190 [ 1189.097720][T14471] ? __cfi_vfs_write+0x10/0x10 [ 1189.102619][T14471] ? __kasan_check_write+0x14/0x20 [ 1189.107802][T14471] ? mutex_lock+0x8d/0x1a0 [ 1189.112297][T14471] ? __cfi_mutex_lock+0x10/0x10 [ 1189.117238][T14471] ? __fdget_pos+0x2cd/0x380 [ 1189.121860][T14471] ? ksys_write+0x71/0x240 [ 1189.126348][T14471] ksys_write+0x140/0x240 [ 1189.130714][T14471] ? __cfi_ksys_write+0x10/0x10 [ 1189.135623][T14471] ? fpregs_restore_userregs+0x128/0x260 [ 1189.138953][T14479] loop4: detected capacity change from 0 to 1024 [ 1189.141300][T14471] __x64_sys_write+0x7b/0x90 [ 1189.152254][T14471] x64_sys_call+0x27b/0x9a0 [ 1189.156853][T14471] do_syscall_64+0x4c/0xa0 [ 1189.161338][T14471] ? clear_bhb_loop+0x30/0x80 [ 1189.166124][T14471] ? clear_bhb_loop+0x30/0x80 [ 1189.170869][T14471] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1189.176846][T14471] RIP: 0033:0x7fcca4d8eec9 [ 1189.181293][T14471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1189.201012][T14471] RSP: 002b:00007fcca5bee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1189.209516][T14471] RAX: ffffffffffffffda RBX: 00007fcca4fe5fa0 RCX: 00007fcca4d8eec9 [ 1189.217611][T14471] RDX: 0000000000000065 RSI: 0000200000000280 RDI: 0000000000000004 [ 1189.225624][T14471] RBP: 00007fcca4e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1189.233647][T14471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1189.242834][T14471] R13: 00007fcca4fe6038 R14: 00007fcca4fe5fa0 R15: 00007ffdcfc4fff8 [ 1189.250982][T14471] [ 1189.254027][T14471] ---[ end trace 0000000000000000 ]--- [ 1189.268452][T14471] SELinux: failed to load policy [ 1189.277510][T14478] device veth0_vlan left promiscuous mode [ 1189.307670][T14478] device veth0_vlan entered promiscuous mode [ 1189.317021][T14478] device veth1_macvtap left promiscuous mode [ 1189.323890][T14478] device veth1_macvtap entered promiscuous mode [ 1189.366293][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1189.377743][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1189.394224][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1189.412950][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 1189.420102][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1189.434339][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1189.443284][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1189.451945][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 1189.459046][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1189.467111][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1189.492581][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 1189.557196][T14492] loop0: detected capacity change from 0 to 1024 [ 1189.600064][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1189.608234][ T339] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1189.725085][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 1189.801651][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1189.837421][ T339] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1189.878901][ T339] usb 5-1: config 0 has no interfaces? [ 1189.903825][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1189.930534][ T339] usb 5-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1189.956540][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1189.976530][ T339] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1189.985164][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1190.044557][ T339] usb 5-1: config 0 descriptor?? [ 1190.061471][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1190.101611][ T339] usb 2-1: USB disconnect, device number 51 [ 1190.124673][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1190.171158][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1190.230566][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1192.249578][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1192.268534][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1192.286014][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1192.304103][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1192.321553][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1192.338834][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1192.355933][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1192.372223][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1192.388049][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1192.403858][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1192.421022][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1192.435947][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1192.452487][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1192.527937][T14504] netlink: 'syz.1.4088': attribute type 27 has an invalid length. [ 1192.567818][T14504] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.575088][T14504] bridge0: port 1(bridge_slave_0) entered disabled state [ 1192.737017][T14508] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1192.780084][T14508] bridge0: port 1(bridge_slave_0) entered blocking state [ 1192.787234][T14508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1192.815330][T14508] bridge0: port 2(bridge_slave_1) entered blocking state [ 1192.822468][T14508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1192.863796][T14508] device veth0_vlan left promiscuous mode [ 1192.876278][T14508] device veth0_vlan entered promiscuous mode [ 1192.892375][T14508] device veth1_macvtap left promiscuous mode [ 1192.908030][T14508] device veth1_macvtap entered promiscuous mode [ 1192.953427][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1192.963315][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1192.988123][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1192.997827][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1193.006733][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1193.015078][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1193.023493][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1193.032433][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1193.040839][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1193.050351][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1193.060998][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1193.070546][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1193.082083][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1193.092381][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1193.146436][ T28] audit: type=1400 audit(1759549485.894:311): avc: denied { setattr } for pid=14510 comm="syz.1.4090" name="NETLINK" dev="sockfs" ino=59267 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1193.148894][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1193.179415][T14513] loop1: detected capacity change from 0 to 256 [ 1193.612119][ T339] usb 5-1: USB disconnect, device number 61 [ 1193.794445][ T28] audit: type=1400 audit(1759549486.584:312): avc: denied { write } for pid=14518 comm="syz.0.4093" name="ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1193.813975][T14525] loop2: detected capacity change from 0 to 128 [ 1193.877272][ T28] audit: type=1400 audit(1759549486.614:313): avc: denied { ioctl } for pid=14518 comm="syz.0.4093" path="/dev/ppp" dev="devtmpfs" ino=158 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1193.908029][T14527] loop1: detected capacity change from 0 to 128 [ 1193.937664][ T28] audit: type=1400 audit(1759549486.614:314): avc: denied { write } for pid=14518 comm="syz.0.4093" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1194.021521][T14525] FAULT_INJECTION: forcing a failure. [ 1194.021521][T14525] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1194.051607][T14525] CPU: 1 PID: 14525 Comm: syz.2.4094 Tainted: G W syzkaller #0 [ 1194.060603][T14525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1194.070682][T14525] Call Trace: [ 1194.073978][T14525] [ 1194.076923][T14525] __dump_stack+0x21/0x24 [ 1194.081275][T14525] dump_stack_lvl+0xee/0x150 [ 1194.085887][T14525] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1194.090948][T14525] dump_stack+0x15/0x24 [ 1194.095121][T14525] should_fail_ex+0x3d4/0x520 [ 1194.099831][T14525] should_fail_alloc_page+0x61/0x90 [ 1194.105065][T14525] prepare_alloc_pages+0x148/0x5f0 [ 1194.110212][T14525] ? __alloc_pages_bulk+0x9c0/0x9c0 [ 1194.115437][T14525] ? proc_pident_lookup+0x1c7/0x270 [ 1194.120753][T14525] ? proc_tid_base_lookup+0x2b/0x30 [ 1194.125986][T14525] ? path_openat+0xff3/0x2f50 [ 1194.130760][T14525] ? do_filp_open+0x1c1/0x3c0 [ 1194.135469][T14525] ? do_sys_openat2+0x185/0x7e0 [ 1194.140350][T14525] ? x64_sys_call+0x783/0x9a0 [ 1194.145057][T14525] __alloc_pages+0x124/0x450 [ 1194.149673][T14525] ? __cfi___alloc_pages+0x10/0x10 [ 1194.154816][T14525] __folio_alloc+0x12/0x40 [ 1194.159277][T14525] __filemap_get_folio+0x6ec/0x980 [ 1194.164487][T14525] ? __cfi___filemap_get_folio+0x10/0x10 [ 1194.170145][T14525] pagecache_get_page+0x2b/0x110 [ 1194.175206][T14525] grab_cache_page_write_begin+0x43/0x60 [ 1194.180872][T14525] cont_write_begin+0x5d6/0x8c0 [ 1194.185853][T14525] ? __kasan_check_read+0x11/0x20 [ 1194.190985][T14525] ? __cfi_cont_write_begin+0x10/0x10 [ 1194.196382][T14525] ? _raw_spin_unlock+0x4c/0x70 [ 1194.201254][T14525] ? __mark_inode_dirty+0x616/0x9d0 [ 1194.206565][T14525] fat_write_begin+0x9e/0x170 [ 1194.211323][T14525] ? __cfi_fat_get_block+0x10/0x10 [ 1194.216462][T14525] generic_perform_write+0x2f6/0x6d0 [ 1194.221789][T14525] ? file_update_time+0x2d3/0x340 [ 1194.226847][T14525] ? __cfi_generic_perform_write+0x10/0x10 [ 1194.232677][T14525] ? __cfi_file_update_time+0x10/0x10 [ 1194.238078][T14525] __generic_file_write_iter+0x227/0x580 [ 1194.243740][T14525] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 1194.249621][T14525] ? __cfi___generic_file_write_iter+0x10/0x10 [ 1194.255802][T14525] ? rwsem_write_trylock+0x130/0x300 [ 1194.261122][T14525] ? generic_write_checks_count+0x3c6/0x4a0 [ 1194.267046][T14525] ? generic_write_checks+0xca/0x100 [ 1194.272357][T14525] generic_file_write_iter+0xae/0x310 [ 1194.277753][T14525] vfs_write+0x5db/0xca0 [ 1194.282030][T14525] ? slab_free_freelist_hook+0xc2/0x190 [ 1194.287629][T14525] ? __cfi_vfs_write+0x10/0x10 [ 1194.292521][T14525] ? __cfi_mutex_lock+0x10/0x10 [ 1194.297404][T14525] ? __fdget_pos+0x2cd/0x380 [ 1194.302016][T14525] ? ksys_write+0x71/0x240 [ 1194.306449][T14525] ksys_write+0x140/0x240 [ 1194.310795][T14525] ? __cfi_ksys_write+0x10/0x10 [ 1194.315681][T14525] ? debug_smp_processor_id+0x17/0x20 [ 1194.321091][T14525] __x64_sys_write+0x7b/0x90 [ 1194.325709][T14525] x64_sys_call+0x27b/0x9a0 [ 1194.330242][T14525] do_syscall_64+0x4c/0xa0 [ 1194.334703][T14525] ? clear_bhb_loop+0x30/0x80 [ 1194.339674][T14525] ? clear_bhb_loop+0x30/0x80 [ 1194.344399][T14525] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1194.350345][T14525] RIP: 0033:0x7f0bc4b8eec9 [ 1194.354781][T14525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1194.374411][T14525] RSP: 002b:00007f0bc596a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1194.382852][T14525] RAX: ffffffffffffffda RBX: 00007f0bc4de5fa0 RCX: 00007f0bc4b8eec9 [ 1194.390841][T14525] RDX: 0000000000000069 RSI: 0000200000000040 RDI: 0000000000000004 [ 1194.398837][T14525] RBP: 00007f0bc596a090 R08: 0000000000000000 R09: 0000000000000000 [ 1194.406845][T14525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1194.414930][T14525] R13: 00007f0bc4de6038 R14: 00007f0bc4de5fa0 R15: 00007ffd6ef5e9e8 [ 1194.422932][T14525] [ 1194.527628][ T28] audit: type=1400 audit(1759549487.324:315): avc: denied { read } for pid=14532 comm="syz.1.4096" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1194.628113][T14543] FAULT_INJECTION: forcing a failure. [ 1194.628113][T14543] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1194.641439][T14543] CPU: 0 PID: 14543 Comm: syz.0.4099 Tainted: G W syzkaller #0 [ 1194.650502][T14543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1194.660578][T14543] Call Trace: [ 1194.663879][T14543] [ 1194.666828][T14543] __dump_stack+0x21/0x24 [ 1194.671184][T14543] dump_stack_lvl+0xee/0x150 [ 1194.675832][T14543] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1194.680966][T14543] dump_stack+0x15/0x24 [ 1194.685143][T14543] should_fail_ex+0x3d4/0x520 [ 1194.689851][T14543] should_fail+0xb/0x10 [ 1194.694029][T14543] should_fail_usercopy+0x1a/0x20 [ 1194.699085][T14543] _copy_from_user+0x1e/0xc0 [ 1194.703710][T14543] iovec_from_user+0x1aa/0x2e0 [ 1194.708510][T14543] ? __kasan_check_write+0x14/0x20 [ 1194.713644][T14543] __import_iovec+0x71/0x470 [ 1194.718265][T14543] import_iovec+0x7c/0xb0 [ 1194.722622][T14543] do_preadv+0x1bd/0x330 [ 1194.726886][T14543] ? vfs_writev+0x590/0x590 [ 1194.731420][T14543] ? __kasan_check_write+0x14/0x20 [ 1194.736549][T14543] ? fput+0x154/0x1a0 [ 1194.740559][T14543] __x64_sys_preadv+0x9e/0xb0 [ 1194.745265][T14543] x64_sys_call+0x370/0x9a0 [ 1194.749883][T14543] do_syscall_64+0x4c/0xa0 [ 1194.754324][T14543] ? clear_bhb_loop+0x30/0x80 [ 1194.759028][T14543] ? clear_bhb_loop+0x30/0x80 [ 1194.763730][T14543] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1194.769653][T14543] RIP: 0033:0x7f58c4b8eec9 [ 1194.774086][T14543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1194.793699][T14543] RSP: 002b:00007f58c598e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1194.802124][T14543] RAX: ffffffffffffffda RBX: 00007f58c4de5fa0 RCX: 00007f58c4b8eec9 [ 1194.810105][T14543] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 1194.818164][T14543] RBP: 00007f58c598e090 R08: 0000000000000000 R09: 0000000000000000 [ 1194.826141][T14543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1194.834157][T14543] R13: 00007f58c4de6038 R14: 00007f58c4de5fa0 R15: 00007ffe5987fc08 [ 1194.842186][T14543] [ 1194.851915][T14547] loop0: detected capacity change from 0 to 1024 [ 1194.867103][T14547] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 1194.875787][T14547] ext4 filesystem being mounted at /200/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1194.973575][T10358] EXT4-fs (loop0): unmounting filesystem. [ 1194.997166][ T2569] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 1195.025661][ T39] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 1195.185688][ T8744] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 1195.194674][ T2569] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1195.205055][ T2569] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1195.206865][ T39] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1195.214128][ T2569] usb 3-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1195.224649][ T39] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1195.233308][ T2569] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1195.242773][ T39] usb 4-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1195.256213][ T2569] usb 3-1: config 0 descriptor?? [ 1195.260240][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1195.273710][ T39] usb 4-1: config 0 descriptor?? [ 1195.366694][ T8744] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1195.376892][ T8744] usb 2-1: config 0 has no interfaces? [ 1195.382415][ T8744] usb 2-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1195.391524][ T8744] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1195.400429][ T8744] usb 2-1: config 0 descriptor?? [ 1195.584267][T14559] loop4: detected capacity change from 0 to 512 [ 1195.598875][T14559] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1195.646447][T14559] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1195.656537][T14559] Quota error (device loop4): do_check_range: Getting block 196613 out of range 1-5 [ 1195.679769][T14559] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 1195.689401][T14559] EXT4-fs error (device loop4): ext4_acquire_dquot:6803: comm syz.4.4103: Failed to acquire dquot type 1 [ 1195.702585][T14559] EXT4-fs (loop4): 1 truncate cleaned up [ 1195.708844][T14559] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1195.883256][T14565] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4097'. [ 1196.193383][T14566] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8296 sclass=netlink_route_socket pid=14566 comm=syz.3.4100 [ 1196.784155][ T9933] EXT4-fs (loop4): unmounting filesystem. [ 1197.586925][ T8743] usb 3-1: USB disconnect, device number 63 [ 1197.701288][T14576] netlink: 'syz.4.4106': attribute type 27 has an invalid length. [ 1197.716355][ T28] audit: type=1400 audit(1759549490.514:316): avc: denied { ioctl } for pid=14573 comm="syz.2.4105" path="/dev/rtc0" dev="devtmpfs" ino=263 ioctlcmd=0x7003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1197.744287][T14576] bridge0: port 2(bridge_slave_1) entered disabled state [ 1197.751529][T14576] bridge0: port 1(bridge_slave_0) entered disabled state [ 1197.791048][T14578] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1197.804155][T14578] bridge0: port 1(bridge_slave_0) entered blocking state [ 1197.811271][T14578] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1197.823062][T14578] bridge0: port 2(bridge_slave_1) entered blocking state [ 1197.830205][T14578] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1197.845042][T14578] device veth0_vlan left promiscuous mode [ 1197.851472][T14578] device veth0_vlan entered promiscuous mode [ 1197.858779][T14578] device veth1_macvtap left promiscuous mode [ 1197.867290][T14578] device veth1_macvtap entered promiscuous mode [ 1197.876626][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1197.884404][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1197.892334][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1197.901630][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1197.916918][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1197.928302][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1197.936857][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1197.945171][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1197.954025][ T306] usb 2-1: USB disconnect, device number 52 [ 1197.966705][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1197.975387][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1197.983759][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1197.992469][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1198.001067][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1198.009750][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1198.535603][ T8744] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 1198.600923][ T306] usb 4-1: USB disconnect, device number 66 [ 1198.726768][ T8744] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1198.737289][ T8744] usb 1-1: config 0 has no interfaces? [ 1198.745530][ T8744] usb 1-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1198.755906][T10076] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 1199.105953][ T8744] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1199.114693][ T8744] usb 1-1: config 0 descriptor?? [ 1199.126778][T10076] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1199.137071][T10076] usb 3-1: config 0 has no interfaces? [ 1199.142608][T10076] usb 3-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1199.160517][T10076] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1199.229916][T10076] usb 3-1: config 0 descriptor?? [ 1201.418082][T14599] loop4: detected capacity change from 0 to 40427 [ 1201.465114][T14599] F2FS-fs (loop4): fault_injection options not supported [ 1201.562603][T14599] F2FS-fs (loop4): invalid crc value [ 1201.609966][T14599] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1201.743352][T14599] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1201.786111][ T9933] syz-executor: attempt to access beyond end of device [ 1201.786111][ T9933] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 1201.855633][ T8744] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 1202.037292][ T8744] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1202.047570][ T8744] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1202.056621][ T8744] usb 2-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1202.065873][ T8744] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1202.078114][ T8744] usb 2-1: config 0 descriptor?? [ 1202.155966][T10076] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1202.271430][ T39] usb 3-1: USB disconnect, device number 64 [ 1202.334365][ T8744] usb 1-1: USB disconnect, device number 61 [ 1202.576805][T10076] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1202.587434][T10076] usb 5-1: config 0 has no interfaces? [ 1202.593200][T10076] usb 5-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1202.714504][T10076] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1202.750261][T14634] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4115'. [ 1202.810068][T10076] usb 5-1: config 0 descriptor?? [ 1203.015597][ T39] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 1203.197408][ T39] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1203.207962][ T39] usb 3-1: config 0 has no interfaces? [ 1203.213631][ T39] usb 3-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1203.387612][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1203.402074][ T39] usb 3-1: config 0 descriptor?? [ 1203.566235][T14644] netlink: 'syz.0.4125': attribute type 27 has an invalid length. [ 1203.586451][T14644] bridge0: port 2(bridge_slave_1) entered disabled state [ 1203.593667][T14644] bridge0: port 1(bridge_slave_0) entered disabled state [ 1203.690100][T14644] device gretap0 left promiscuous mode [ 1203.708446][T14644] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1203.766597][T14644] device veth0_vlan left promiscuous mode [ 1203.774368][T14644] device veth0_vlan entered promiscuous mode [ 1203.802731][T14644] device veth1_macvtap left promiscuous mode [ 1203.814027][T14644] device veth1_macvtap entered promiscuous mode [ 1203.836479][T14644] device gretap0 entered promiscuous mode [ 1203.844220][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec1: link becomes ready [ 1203.862694][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1203.922708][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1203.996952][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1204.016188][ T28] audit: type=1400 audit(1759549496.814:317): avc: denied { create } for pid=14648 comm="syz.0.4126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 1204.018694][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 1204.043477][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1204.051440][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1204.060011][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1204.068552][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 1204.075665][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1204.083154][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1204.091670][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 1204.099991][T14650] netlink: 148 bytes leftover after parsing attributes in process `syz.0.4126'. [ 1204.109289][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1204.117584][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 1204.125714][T14650] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4126'. [ 1204.135049][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1204.143344][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1204.151536][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1204.159524][ T28] audit: type=1400 audit(1759549496.944:318): avc: denied { ioctl } for pid=14648 comm="syz.0.4126" path="socket:[60557]" dev="sockfs" ino=60557 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1204.185410][T14650] netlink: 'syz.0.4126': attribute type 1 has an invalid length. [ 1204.193600][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1204.202037][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1204.210396][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1204.218795][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1204.227727][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1204.236683][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1204.245098][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1204.253385][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1204.261688][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1204.269941][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1204.278394][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1204.288663][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1204.297391][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1204.305752][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1204.315210][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1204.322983][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1204.330754][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1204.339174][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1204.354277][ T2569] usb 2-1: USB disconnect, device number 53 [ 1204.363368][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1204.371482][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1204.606927][T10076] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 1204.775593][ T2569] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 1204.805745][T10076] usb 4-1: Using ep0 maxpacket: 32 [ 1204.813460][T10076] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1204.827764][T10076] usb 4-1: config 0 has no interface number 0 [ 1204.840066][T10076] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1204.856913][T10076] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1204.873200][T10076] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1204.931472][T10076] usb 4-1: Product: syz [ 1204.935765][T10076] usb 4-1: Manufacturer: syz [ 1204.940404][T10076] usb 4-1: SerialNumber: syz [ 1204.952418][T10076] usb 4-1: config 0 descriptor?? [ 1204.967322][ T8743] usb 5-1: USB disconnect, device number 62 [ 1204.989327][T10076] smsc75xx v1.0.0 [ 1204.997185][T10076] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1205.020018][T10076] smsc75xx: probe of 4-1:0.184 failed with error -22 [ 1205.039923][T14659] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 1205.861412][ T39] usb 4-1: USB disconnect, device number 67 [ 1205.886755][ T2569] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1206.537372][T10076] usb 3-1: USB disconnect, device number 65 [ 1206.868813][ T2569] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1206.885595][ T2569] usb 2-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1207.873139][ T2569] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1207.912643][ T2569] usb 2-1: config 0 descriptor?? [ 1207.941081][ T2569] usb 2-1: can't set config #0, error -71 [ 1207.955202][ T2569] usb 2-1: USB disconnect, device number 54 [ 1207.970716][T14673] device bridge0 entered promiscuous mode [ 1207.976658][T14673] device macsec1 entered promiscuous mode [ 1207.982899][T14673] bridge0: port 3(macsec1) entered blocking state [ 1207.989689][T14673] bridge0: port 3(macsec1) entered disabled state [ 1207.998030][T14673] device bridge0 left promiscuous mode [ 1208.285751][T10076] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 1208.479177][ T28] audit: type=1400 audit(1759549501.274:319): avc: denied { create } for pid=14675 comm="syz.4.4136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 1208.506741][T10076] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1208.523436][T10076] usb 3-1: config 0 has no interfaces? [ 1208.535216][T10076] usb 3-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1208.554394][T10076] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1208.578447][T10076] usb 3-1: config 0 descriptor?? [ 1208.597513][T14673] loop1: detected capacity change from 0 to 40427 [ 1208.607577][T14673] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1208.616526][T14673] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1208.636115][T14673] F2FS-fs (loop1): invalid crc value [ 1208.643177][T14691] netlink: 'syz.4.4138': attribute type 27 has an invalid length. [ 1208.670189][T14691] bridge0: port 2(bridge_slave_1) entered disabled state [ 1208.677455][T14691] bridge0: port 1(bridge_slave_0) entered disabled state [ 1208.685944][T14673] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1208.738940][T14673] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1208.741189][T14695] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1208.746699][T14673] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1208.773438][T14695] bridge0: port 1(bridge_slave_0) entered blocking state [ 1208.780552][T14695] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1208.856603][T14695] bridge0: port 2(bridge_slave_1) entered blocking state [ 1208.863688][T14695] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1208.868839][T14700] loop3: detected capacity change from 0 to 16 [ 1208.912675][T14700] erofs: (device loop3): mounted with root inode @ nid 36. [ 1209.191345][T14695] device veth0_vlan left promiscuous mode [ 1209.224042][T14695] device veth0_vlan entered promiscuous mode [ 1209.249228][T14695] device veth1_macvtap left promiscuous mode [ 1209.256818][T14695] device veth1_macvtap entered promiscuous mode [ 1209.267112][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1209.281164][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1209.309301][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1209.337836][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1209.361962][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1209.378780][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1209.396196][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1209.470391][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1209.478974][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1209.487735][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1209.496041][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1209.504341][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1209.513449][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1209.521977][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1209.955678][ T339] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1210.146931][ T339] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1210.157267][ T339] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1211.008545][ T339] usb 5-1: New USB device found, idVendor=044f, idProduct=b323, bcdDevice= 0.00 [ 1211.018657][T14124] usb 3-1: USB disconnect, device number 66 [ 1211.038372][ T339] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1211.056105][T14720] netlink: 'syz.2.4145': attribute type 27 has an invalid length. [ 1211.067542][ T339] usb 5-1: config 0 descriptor?? [ 1211.470614][T14723] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4144'. [ 1212.858628][T14723] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4144'. [ 1212.865037][ T8743] usb 5-1: USB disconnect, device number 63 [ 1212.868539][T14723] netlink: 'syz.1.4144': attribute type 1 has an invalid length. [ 1214.701122][T14720] bridge0: port 2(bridge_slave_1) entered disabled state [ 1214.708380][T14720] bridge0: port 1(bridge_slave_0) entered disabled state [ 1216.950742][T14722] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1216.966030][T14722] bridge0: port 1(bridge_slave_0) entered blocking state [ 1216.973116][T14722] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1216.982050][T14722] bridge0: port 2(bridge_slave_1) entered blocking state [ 1216.989140][T14722] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1217.004337][T14722] device veth0_vlan left promiscuous mode [ 1217.019107][T14722] device veth0_vlan entered promiscuous mode [ 1217.026896][T14722] device veth1_macvtap left promiscuous mode [ 1217.035002][T14722] device veth1_macvtap entered promiscuous mode [ 1217.044692][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1217.055863][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1217.082933][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1217.099104][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1217.108117][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1217.116816][T14743] FAULT_INJECTION: forcing a failure. [ 1217.116816][T14743] name failslab, interval 1, probability 0, space 0, times 0 [ 1217.129470][T14743] CPU: 0 PID: 14743 Comm: syz.3.4149 Tainted: G W syzkaller #0 [ 1217.138527][T14743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1217.148599][T14743] Call Trace: [ 1217.151899][T14743] [ 1217.154846][T14743] __dump_stack+0x21/0x24 [ 1217.159197][T14743] dump_stack_lvl+0xee/0x150 [ 1217.163799][T14743] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1217.168839][T14743] ? __kasan_check_write+0x14/0x20 [ 1217.174056][T14743] dump_stack+0x15/0x24 [ 1217.178222][T14743] should_fail_ex+0x3d4/0x520 [ 1217.182922][T14743] ? getname_flags+0xb9/0x500 [ 1217.187626][T14743] __should_failslab+0xac/0xf0 [ 1217.192418][T14743] should_failslab+0x9/0x20 [ 1217.196937][T14743] kmem_cache_alloc+0x3b/0x330 [ 1217.201720][T14743] getname_flags+0xb9/0x500 [ 1217.206248][T14743] getname+0x19/0x20 [ 1217.210157][T14743] do_sys_openat2+0xcb/0x7e0 [ 1217.214767][T14743] ? __kasan_check_write+0x14/0x20 [ 1217.219896][T14743] ? do_sys_open+0xe0/0xe0 [ 1217.224336][T14743] ? ksys_write+0x1eb/0x240 [ 1217.228849][T14743] ? __cfi_ksys_write+0x10/0x10 [ 1217.233729][T14743] __x64_sys_openat+0x136/0x160 [ 1217.238606][T14743] x64_sys_call+0x783/0x9a0 [ 1217.243130][T14743] do_syscall_64+0x4c/0xa0 [ 1217.247562][T14743] ? clear_bhb_loop+0x30/0x80 [ 1217.252260][T14743] ? clear_bhb_loop+0x30/0x80 [ 1217.256959][T14743] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1217.262871][T14743] RIP: 0033:0x7f622818eec9 [ 1217.267384][T14743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1217.287006][T14743] RSP: 002b:00007f6226bd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1217.295442][T14743] RAX: ffffffffffffffda RBX: 00007f62283e6180 RCX: 00007f622818eec9 [ 1217.303527][T14743] RDX: 0000000000101040 RSI: 0000200000000380 RDI: ffffffffffffff9c [ 1217.311518][T14743] RBP: 00007f6226bd6090 R08: 0000000000000000 R09: 0000000000000000 [ 1217.319591][T14743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1217.327576][T14743] R13: 00007f62283e6218 R14: 00007f62283e6180 R15: 00007ffe1d0248f8 [ 1217.335660][T14743] [ 1217.342540][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1217.351385][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1217.360047][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1217.368934][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1217.377638][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1217.386131][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1217.397476][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1217.406243][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1217.414655][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1218.445597][ T39] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 1218.523139][T14772] loop1: detected capacity change from 0 to 512 [ 1218.549343][T14772] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.4158: iget: bad extended attribute block 1 [ 1218.562270][T14772] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.4158: couldn't read orphan inode 15 (err -117) [ 1218.576244][T14772] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 1218.649779][T14124] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1218.686694][ T39] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1218.700532][ T39] usb 4-1: config 0 has no interfaces? [ 1218.709368][ T39] usb 4-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 1218.725595][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1218.734317][ T39] usb 4-1: config 0 descriptor?? [ 1222.423842][ T8744] usb 4-1: USB disconnect, device number 68 [ 1222.457448][T10192] EXT4-fs (loop1): unmounting filesystem. [ 1222.486477][T14124] usb 3-1: device descriptor read/all, error -71 [ 1222.510526][T14783] loop3: detected capacity change from 0 to 512 [ 1222.590928][T14783] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 1222.605043][T14787] loop1: detected capacity change from 0 to 1024 [ 1222.612243][T14783] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1222.677563][T14783] EXT4-fs warning (device loop3): ext4_enable_quotas:7055: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1222.716368][T14783] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 1222.723230][T14783] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #16: comm syz.3.4159: iget: immutable or append flags not allowed on symlinks [ 1222.738637][T14783] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.4159: couldn't read orphan inode 16 (err -117) [ 1222.751332][T14783] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1222.795221][T14787] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 1222.806715][T14783] xt_hashlimit: size too large, truncated to 1048576 [ 1222.846398][T14787] ext4 filesystem being mounted at /219/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1223.621444][T14794] EXT4-fs error (device loop3): ext4_lookup:1858: inode #16: comm syz.3.4159: iget: immutable or append flags not allowed on symlinks [ 1223.725599][ T28] audit: type=1400 audit(1759549516.504:320): avc: denied { create } for pid=14805 comm="syz.2.4165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 1223.974376][T10192] EXT4-fs (loop1): unmounting filesystem. [ 1224.022151][T14819] loop1: detected capacity change from 0 to 128 [ 1224.055028][T14819] EXT4-fs: Ignoring removed nobh option [ 1224.056971][T14820] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1224.078420][T14819] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 1224.088983][T14819] ext4 filesystem being mounted at /220/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1224.130917][ T28] audit: type=1400 audit(1759549516.924:321): avc: denied { append } for pid=14818 comm="syz.1.4169" name="loop1" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1224.135234][T14819] EXT4-fs error (device loop1): ext4_empty_dir:3139: inode #2: comm syz.1.4169: Directory block failed checksum [ 1224.179538][ T28] audit: type=1400 audit(1759549516.924:322): avc: denied { map } for pid=14818 comm="syz.1.4169" path="/dev/loop1" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1224.283659][ T9743] EXT4-fs (loop3): unmounting filesystem. [ 1224.451328][T10192] EXT4-fs (loop1): unmounting filesystem. [ 1224.579363][T14827] loop2: detected capacity change from 0 to 512 [ 1224.607987][T14827] ext3: Unknown parameter 'smackfsroot' [ 1224.652524][ T28] audit: type=1400 audit(1759549517.444:323): avc: denied { write } for pid=14832 comm="syz.1.4174" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 1224.676515][T14833] random: crng reseeded on system resumption [ 1224.842438][T14837] tipc: Started in network mode [ 1224.850298][T14837] tipc: Node identity 8ac3b2ba6e32, cluster identity 4711 [ 1224.858084][T14837] tipc: Enabled bearer , priority 0 [ 1224.877435][T14837] tipc: Resetting bearer [ 1224.904847][T14842] loop4: detected capacity change from 0 to 128 [ 1224.916619][T14834] tipc: Disabling bearer [ 1224.924117][T14842] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1225.013855][T14842] ext4 filesystem being mounted at /245/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1225.120599][ T28] audit: type=1400 audit(1759549517.914:324): avc: denied { setattr } for pid=14841 comm="syz.4.4178" path="/245/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 1225.662345][T14857] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1227.191151][ T28] audit: type=1400 audit(1759549518.504:325): avc: denied { setopt } for pid=14847 comm="syz.1.4180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1227.232293][T14864] loop2: detected capacity change from 0 to 256 [ 1227.256002][T14864] exfat: Deprecated parameter 'namecase' [ 1227.269469][ T9933] EXT4-fs (loop4): unmounting filesystem. [ 1227.285101][T14864] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 1227.302222][ T28] audit: type=1400 audit(1759549519.014:326): avc: denied { listen } for pid=14853 comm="syz.2.4182" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1228.000776][T14879] loop0: detected capacity change from 0 to 512 [ 1228.047900][T14879] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1228.057134][T14879] ext4 filesystem being mounted at /220/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1228.138126][T10358] EXT4-fs (loop0): unmounting filesystem. [ 1228.205644][ T8744] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1228.389796][ T8744] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1228.397924][ T8744] usb 5-1: config 0 has no interface number 0 [ 1228.405428][ T8744] usb 5-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=85.a7 [ 1228.414568][ T8744] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1228.422628][ T8744] usb 5-1: Product: syz [ 1228.426874][ T8744] usb 5-1: Manufacturer: syz [ 1228.431508][ T8744] usb 5-1: SerialNumber: syz [ 1228.437257][ T8744] usb 5-1: config 0 descriptor?? [ 1228.687187][ T8744] usb 5-1: USB disconnect, device number 64 [ 1228.970022][T14905] loop1: detected capacity change from 0 to 128 [ 1229.016235][T14905] syz.1.4197: attempt to access beyond end of device [ 1229.016235][T14905] loop1: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 1229.139481][T14918] loop1: detected capacity change from 0 to 1024 [ 1229.146939][T14919] loop3: detected capacity change from 0 to 1024 [ 1229.153780][T14918] EXT4-fs: Ignoring removed bh option [ 1229.160284][T14919] EXT4-fs: Ignoring removed oldalloc option [ 1229.166294][T14919] EXT4-fs: Ignoring removed bh option [ 1229.172191][T14919] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1229.191578][T14918] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 1229.284572][ T28] audit: type=1400 audit(1759549522.074:327): avc: denied { connect } for pid=14908 comm="syz.0.4200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1229.330131][ T28] audit: type=1400 audit(1759549522.084:328): avc: denied { remove_name } for pid=14917 comm="syz.1.4204" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1229.347459][T14919] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1229.374566][T10192] EXT4-fs (loop1): unmounting filesystem. [ 1229.394940][ T28] audit: type=1400 audit(1759549522.084:329): avc: denied { unlink } for pid=14917 comm="syz.1.4204" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1229.420206][T14928] tipc: Started in network mode [ 1229.425228][T14928] tipc: Node identity 82a6752d1f3f, cluster identity 4711 [ 1229.447380][T14928] tipc: Enabled bearer , priority 0 [ 1229.477628][T14919] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1229.519831][T14931] device syzkaller0 entered promiscuous mode [ 1229.563190][T14928] tipc: Resetting bearer [ 1229.588625][ T28] audit: type=1400 audit(1759549522.384:330): avc: denied { shutdown } for pid=14933 comm="syz.2.4207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1229.734963][ T9743] EXT4-fs (loop3): unmounting filesystem. [ 1229.746413][T14927] tipc: Resetting bearer [ 1229.766750][T14927] tipc: Disabling bearer [ 1229.814577][ T28] audit: type=1400 audit(1759549522.604:331): avc: denied { map } for pid=14939 comm="syz.3.4209" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 1230.211823][T14952] loop4: detected capacity change from 0 to 2048 [ 1230.226919][T14952] EXT4-fs: Ignoring removed bh option [ 1230.237862][T14952] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1230.262948][T14952] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1230.279505][T14952] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 12 with max blocks 22 with error 28 [ 1230.293281][T14952] EXT4-fs (loop4): This should not happen!! Data will be lost [ 1230.293281][T14952] [ 1230.303082][T14952] EXT4-fs (loop4): Total free blocks count 0 [ 1230.309285][T14952] EXT4-fs (loop4): Free/Dirty block details [ 1230.315457][T14952] EXT4-fs (loop4): free_blocks=2415919104 [ 1230.321545][T14952] EXT4-fs (loop4): dirty_blocks=208 [ 1230.327578][T14952] EXT4-fs (loop4): Block reservation details [ 1230.334368][T14952] EXT4-fs (loop4): i_reserved_data_blocks=13 [ 1230.343590][T14957] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 12 with error 28 [ 1231.013772][T14979] loop0: detected capacity change from 0 to 256 [ 1231.037476][T14979] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d) [ 1231.071624][ T28] audit: type=1400 audit(1759549523.864:332): avc: denied { write } for pid=14978 comm="syz.0.4223" name="file0" dev="loop0" ino=1048657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1231.094951][ T28] audit: type=1400 audit(1759549523.884:333): avc: denied { add_name } for pid=14978 comm="syz.0.4223" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1231.115188][T14981] loop3: detected capacity change from 0 to 1024 [ 1231.118255][ T28] audit: type=1400 audit(1759549523.884:334): avc: denied { associate } for pid=14978 comm="syz.0.4223" name="file1" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 1231.129877][T14981] EXT4-fs: Ignoring removed bh option [ 1231.157032][ T28] audit: type=1400 audit(1759549523.884:335): avc: denied { read write open } for pid=14978 comm="syz.0.4223" path="/225/file0/file0/file1" dev="loop0" ino=1048658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1231.163916][T14983] loop0: detected capacity change from 0 to 256 [ 1231.182737][ T28] audit: type=1400 audit(1759549523.884:336): avc: denied { remove_name } for pid=14978 comm="syz.0.4223" name="file1" dev="loop0" ino=1048658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1231.213387][T14981] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1231.266710][T13554] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1231.276428][ T391] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 1231.277047][ T2569] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 1231.515665][ T391] usb 2-1: Using ep0 maxpacket: 32 [ 1231.537462][ T391] usb 2-1: config 4 has an invalid descriptor of length 49, skipping remainder of the config [ 1231.585771][ T391] usb 2-1: config 4 has 0 interfaces, different from the descriptor's value: 9 [ 1231.633734][ T391] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1231.678485][ T391] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1231.695436][ T391] usb 2-1: Product: syz [ 1231.700150][ T391] usb 2-1: Manufacturer: syz [ 1231.704843][ T391] usb 2-1: SerialNumber: syz [ 1231.713582][ T2569] usb 5-1: Using ep0 maxpacket: 16 [ 1231.730123][ T2569] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1231.758427][ T2569] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1231.767631][ T2569] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1231.775918][ T2569] usb 5-1: Product: syz [ 1231.780161][ T2569] usb 5-1: Manufacturer: syz [ 1231.784916][ T2569] usb 5-1: SerialNumber: syz [ 1231.790665][ T2569] usb 5-1: config 0 descriptor?? [ 1231.921667][ T391] usb 2-1: USB disconnect, device number 55 [ 1231.971135][ T9743] EXT4-fs (loop3): unmounting filesystem. [ 1232.409045][T15005] loop0: detected capacity change from 0 to 512 [ 1232.418669][T15005] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 1232.431885][T15005] EXT4-fs (loop0): 1 truncate cleaned up [ 1232.437913][T15005] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1232.583382][T10358] EXT4-fs (loop0): unmounting filesystem. [ 1232.605677][T15017] loop1: detected capacity change from 0 to 16 [ 1232.622650][T15017] erofs: (device loop1): mounted with root inode @ nid 36. [ 1232.935969][T15033] input: syz1 as /devices/virtual/input/input18 [ 1234.130853][T15040] bridge0: port 3(syz_tun) entered blocking state [ 1234.137357][T15040] bridge0: port 3(syz_tun) entered disabled state [ 1234.144369][T15040] device syz_tun entered promiscuous mode [ 1234.150254][T15040] bridge0: port 3(syz_tun) entered blocking state [ 1234.156718][T15040] bridge0: port 3(syz_tun) entered forwarding state [ 1234.262684][ T2569] usb 5-1: USB disconnect, device number 65 [ 1234.322913][T15048] loop2: detected capacity change from 0 to 256 [ 1234.356763][T15046] loop1: detected capacity change from 0 to 40427 [ 1234.367342][T15046] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1234.375114][T15046] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1234.384123][T15048] exFAT-fs (loop2): invalid boot record signature [ 1234.388223][T15052] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4245'. [ 1234.394309][T15048] exFAT-fs (loop2): failed to read boot sector [ 1234.405874][T15046] F2FS-fs (loop1): invalid crc value [ 1234.412074][T15048] exFAT-fs (loop2): failed to recognize exfat type [ 1234.458710][T15059] bridge6: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1234.483843][T15046] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1234.601273][T15046] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1234.608461][T15046] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1235.382503][T15074] loop2: detected capacity change from 0 to 512 [ 1235.566430][T15074] EXT4-fs warning (device loop2): dx_probe:893: inode #2: comm syz.2.4251: dx entry: limit 1024 != root limit 124 [ 1235.605640][T15074] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.4251: Corrupt directory, running e2fsck is recommended [ 1235.671006][T15085] loop0: detected capacity change from 0 to 1024 [ 1235.679255][T15085] EXT4-fs: Ignoring removed orlov option [ 1235.686231][T15074] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 1235.728223][T15074] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2195: inode #15: comm syz.2.4251: corrupted in-inode xattr [ 1235.756667][T15074] EXT4-fs (loop2): Remounting filesystem read-only [ 1235.768982][T15085] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 1235.769135][T15074] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.4251: couldn't read orphan inode 15 (err -117) [ 1235.812031][T15074] EXT4-fs (loop2): Remounting filesystem read-only [ 1235.913132][T15074] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1236.269786][T15092] loop4: detected capacity change from 0 to 40427 [ 1236.285760][T15092] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 1236.300992][ T9378] EXT4-fs (loop2): unmounting filesystem. [ 1236.310443][T15095] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3836: comm syz.0.4254: Allocating blocks 497-513 which overlap fs metadata [ 1236.313076][T15092] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1236.329991][T15095] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3836: comm syz.0.4254: Allocating blocks 497-513 which overlap fs metadata [ 1236.368429][T15099] loop2: detected capacity change from 0 to 128 [ 1236.376041][T15092] F2FS-fs (loop4): invalid crc value [ 1236.383302][T15095] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3836: comm syz.0.4254: Allocating blocks 497-513 which overlap fs metadata [ 1236.404986][T15095] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3836: comm syz.0.4254: Allocating blocks 497-513 which overlap fs metadata [ 1236.424515][T15092] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1236.431321][T13672] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1236.517593][T15085] EXT4-fs (loop0): pa ffff88813339cbd0: logic 48, phys. 177, len 21 [ 1236.519944][T15092] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1236.525669][T15085] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1 [ 1236.532872][T15092] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 1236.583322][T15092] syz.4.4257: attempt to access beyond end of device [ 1236.583322][T15092] loop4: rw=2051, sector=36912, nr_sectors = 8152 limit=40427 [ 1236.597779][T15092] syz.4.4257: attempt to access beyond end of device [ 1236.597779][T15092] loop4: rw=2051, sector=45096, nr_sectors = 85976 limit=40427 [ 1236.626981][T10358] EXT4-fs (loop0): unmounting filesystem. [ 1236.633019][T15092] F2FS-fs (loop4): Issue discard(4614, 4614, 1019) failed, ret: -5 [ 1236.633052][T15092] F2FS-fs (loop4): Issue discard(5637, 5637, 10747) failed, ret: -5 [ 1236.728274][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 1236.728290][ T28] audit: type=1326 audit(1759549529.524:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15109 comm="syz.0.4260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58c4b8eec9 code=0x7ffc0000 [ 1236.736823][T15110] serio: Serial port ptm0 [ 1236.744165][ T28] audit: type=1326 audit(1759549529.524:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15109 comm="syz.0.4260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58c4b8eec9 code=0x7ffc0000 [ 1236.920061][ T28] audit: type=1326 audit(1759549529.524:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15109 comm="syz.0.4260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f58c4b8eec9 code=0x7ffc0000 [ 1236.943897][ T28] audit: type=1326 audit(1759549529.524:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15109 comm="syz.0.4260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58c4b8eec9 code=0x7ffc0000 [ 1237.107296][ T28] audit: type=1326 audit(1759549529.524:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15109 comm="syz.0.4260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58c4b8eec9 code=0x7ffc0000 [ 1237.138542][ T28] audit: type=1326 audit(1759549529.524:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15109 comm="syz.0.4260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f58c4b8eec9 code=0x7ffc0000 [ 1237.162198][ T28] audit: type=1326 audit(1759549529.524:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15109 comm="syz.0.4260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58c4b8eec9 code=0x7ffc0000 [ 1237.185824][ T28] audit: type=1326 audit(1759549529.524:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15109 comm="syz.0.4260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58c4b8eec9 code=0x7ffc0000 [ 1237.281264][T15140] device bridge0 entered promiscuous mode [ 1237.287230][T15140] device macsec2 entered promiscuous mode [ 1237.298331][T15140] bridge0: port 3(macsec2) entered blocking state [ 1237.304819][T15140] bridge0: port 3(macsec2) entered disabled state [ 1237.467449][T15140] device bridge0 left promiscuous mode [ 1237.478805][ T28] audit: type=1326 audit(1759549529.524:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15109 comm="syz.0.4260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f58c4b8eec9 code=0x7ffc0000 [ 1237.512651][T15142] loop2: detected capacity change from 0 to 128 [ 1237.517116][ T28] audit: type=1326 audit(1759549529.524:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15109 comm="syz.0.4260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58c4b8eec9 code=0x7ffc0000 [ 1237.588551][T15142] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 1237.599344][T15142] ext4 filesystem being mounted at /266/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1237.629446][T15142] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 1237.657866][T15142] fscrypt: loop2: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12 [ 1237.684697][T15144] loop1: detected capacity change from 0 to 40427 [ 1237.696692][T15144] F2FS-fs (loop1): Invalid log blocks per segment (83886089) [ 1237.698308][ T9378] EXT4-fs (loop2): unmounting filesystem. [ 1237.709982][T15144] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 1237.736755][T15144] F2FS-fs (loop1): invalid crc value [ 1237.756265][T15144] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1237.797546][T15144] F2FS-fs (loop1): Start checkpoint disabled! [ 1237.873010][T15144] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 1237.880562][T15144] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 1239.506260][T15171] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4281'. [ 1240.453714][T15189] loop0: detected capacity change from 0 to 128 [ 1240.479679][T15189] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 1240.531252][T15189] ext4 filesystem being mounted at /242/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1240.555361][T15193] loop3: detected capacity change from 0 to 512 [ 1240.811299][T15193] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1240.818032][T15193] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.4287: invalid indirect mapped block 4294967295 (level 1) [ 1240.832535][T15193] EXT4-fs (loop3): Remounting filesystem read-only [ 1240.844579][T15193] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.4287: invalid indirect mapped block 4294967295 (level 1) [ 1240.858972][T15193] EXT4-fs (loop3): Remounting filesystem read-only [ 1240.865787][T15193] EXT4-fs (loop3): 2 truncates cleaned up [ 1240.871595][T15193] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1240.889635][ T9743] EXT4-fs (loop3): unmounting filesystem. [ 1241.394890][T15224] device syzkaller0 entered promiscuous mode [ 1241.399909][T10358] EXT4-fs (loop0): unmounting filesystem. [ 1243.495561][T15258] loop4: detected capacity change from 0 to 512 [ 1243.577165][T13554] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1243.994098][T15275] loop0: detected capacity change from 0 to 128 [ 1244.040665][T15275] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 1244.050557][T15275] ext4 filesystem being mounted at /247/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1244.892323][ T28] kauditd_printk_skb: 44 callbacks suppressed [ 1244.892339][ T28] audit: type=1326 audit(1759549537.684:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15280 comm="syz.3.4315" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f622818eec9 code=0x0 [ 1244.964841][T10358] EXT4-fs (loop0): unmounting filesystem. [ 1245.008895][T15288] loop1: detected capacity change from 0 to 512 [ 1245.045632][ T28] audit: type=1400 audit(1759549537.824:396): avc: denied { name_bind } for pid=15278 comm="syz.4.4313" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 1245.254264][T15288] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #16: comm syz.1.4317: corrupted inode contents [ 1245.541097][ T28] audit: type=1400 audit(1759549538.014:397): avc: denied { mount } for pid=15289 comm="syz.0.4316" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1245.852728][T15288] EXT4-fs error (device loop1): ext4_dirty_inode:6121: inode #16: comm syz.1.4317: mark_inode_dirty error [ 1245.917812][ T28] audit: type=1400 audit(1759549538.024:398): avc: denied { remount } for pid=15289 comm="syz.0.4316" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1245.940220][T15288] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #16: comm syz.1.4317: corrupted inode contents [ 1245.958326][ T28] audit: type=1400 audit(1759549538.504:399): avc: denied { read } for pid=15289 comm="syz.0.4316" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 1245.983076][T15288] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.4317: mark_inode_dirty error [ 1245.996584][T15288] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #16: comm syz.1.4317: corrupted inode contents [ 1246.010031][T15288] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 1246.021279][T15288] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #16: comm syz.1.4317: corrupted inode contents [ 1246.165890][T15288] EXT4-fs error (device loop1): ext4_truncate:4314: inode #16: comm syz.1.4317: mark_inode_dirty error [ 1246.190274][T15288] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 1246.209834][T15288] EXT4-fs (loop1): 1 truncate cleaned up [ 1246.225776][ T7363] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1246.237879][T15288] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1246.250169][ T7363] EXT4-fs error (device loop1): ext4_release_dquot:6839: comm kworker/u4:8: Failed to release dquot type 1 [ 1246.263875][T15310] binder_alloc: 15309: binder_alloc_buf size -488 failed, no address space [ 1246.272586][T15310] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1246.283253][T15288] ext4 filesystem being mounted at /254/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 1246.433684][T10192] EXT4-fs (loop1): unmounting filesystem. [ 1346.795482][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1346.802509][ C1] (detected by 1, t=10002 jiffies, g=102637, q=566 ncpus=2) [ 1346.809913][ C1] rcu: All QSes seen, last rcu_preempt kthread activity 10003 (4295071885-4295061882), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 1346.823317][ C1] rcu: rcu_preempt kthread starved for 10004 jiffies! g102637 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 1346.834626][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1346.844615][ C1] rcu: RCU grace-period kthread stack dump: [ 1346.850524][ C1] task:rcu_preempt state:R running task stack:28064 pid:14 ppid:2 flags:0x00004000 [ 1346.861328][ C1] Call Trace: [ 1346.864631][ C1] [ 1346.867590][ C1] __schedule+0xb87/0x14e0 [ 1346.872046][ C1] ? release_firmware_map_entry+0x194/0x194 [ 1346.877977][ C1] ? __mod_timer+0x7ae/0xb30 [ 1346.882717][ C1] schedule+0xbd/0x170 [ 1346.886820][ C1] schedule_timeout+0x12c/0x2e0 [ 1346.891713][ C1] ? __cfi_schedule_timeout+0x10/0x10 [ 1346.897126][ C1] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 1346.902615][ C1] ? __cfi_process_timeout+0x10/0x10 [ 1346.907934][ C1] ? prepare_to_swait_event+0x308/0x320 [ 1346.913515][ C1] rcu_gp_fqs_loop+0x2d8/0x10a0 [ 1346.918555][ C1] ? rcu_gp_init+0xf10/0xf10 [ 1346.923171][ C1] rcu_gp_kthread+0x95/0x370 [ 1346.927787][ C1] ? __cfi_rcu_gp_kthread+0x10/0x10 [ 1346.933029][ C1] ? set_cpus_allowed_ptr+0x82/0xc0 [ 1346.938257][ C1] ? __kasan_check_read+0x11/0x20 [ 1346.943307][ C1] ? __kthread_parkme+0x142/0x180 [ 1346.948360][ C1] kthread+0x281/0x320 [ 1346.952550][ C1] ? __cfi_rcu_gp_kthread+0x10/0x10 [ 1346.957791][ C1] ? __cfi_kthread+0x10/0x10 [ 1346.962419][ C1] ret_from_fork+0x1f/0x30 [ 1346.966873][ C1] [ 1346.969920][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 1346.976284][ C1] CPU: 1 PID: 15325 Comm: syz.1.4328 Tainted: G W syzkaller #0 [ 1346.985331][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1346.995493][ C1] RIP: 0010:_raw_spin_unlock_irq+0x48/0x70 [ 1347.001336][ C1] Code: 74 12 48 89 fb 48 c7 c7 00 d1 ed 86 e8 c1 6d c0 fc 48 89 df 48 83 3d c6 b2 f9 01 00 74 26 e8 93 0c 00 00 90 fb bf 01 00 00 00 93 95 57 fc 65 8b 05 74 4f 0e 7b 85 c0 74 03 5b 5d c3 e8 34 5c [ 1347.021056][ C1] RSP: 0018:ffffc90003edfb90 EFLAGS: 00000246 [ 1347.027154][ C1] RAX: 0000000000000001 RBX: 0000000000000021 RCX: dffffc0000000000 [ 1347.035148][ C1] RDX: ffffc90004686000 RSI: 000000000007ffff RDI: 0000000000000001 [ 1347.043143][ C1] RBP: ffffc90003edfb98 R08: dffffc0000000000 R09: fffff520007dbfc0 [ 1347.051154][ C1] R10: fffff520007dbfc0 R11: 1ffff920007dbfbc R12: dffffc0000000000 [ 1347.059157][ C1] R13: 1ffff11021ddd19c R14: 000000001c000004 R15: ffff88810eee8ce0 [ 1347.067242][ C1] FS: 00007fd825a846c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 1347.076205][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1347.082826][ C1] CR2: 0000200000000058 CR3: 000000012f83e000 CR4: 00000000003506a0 [ 1347.090835][ C1] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 1347.098842][ C1] DR3: ffffffffefffff15 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1347.106848][ C1] Call Trace: [ 1347.110148][ C1] [ 1347.113104][ C1] get_signal+0x12a4/0x1520 [ 1347.117652][ C1] arch_do_signal_or_restart+0xb0/0x1030 [ 1347.123402][ C1] ? __ia32_sys_rt_sigreturn+0x5e7/0x6c0 [ 1347.129155][ C1] ? __cfi___x64_sys_rt_sigreturn+0x10/0x10 [ 1347.135179][ C1] ? __cfi_arch_do_signal_or_restart+0x10/0x10 [ 1347.141384][ C1] exit_to_user_mode_loop+0x7a/0xb0 [ 1347.146709][ C1] exit_to_user_mode_prepare+0x5a/0xa0 [ 1347.152214][ C1] syscall_exit_to_user_mode+0x1a/0x30 [ 1347.157720][ C1] do_syscall_64+0x58/0xa0 [ 1347.162183][ C1] ? clear_bhb_loop+0x30/0x80 [ 1347.166896][ C1] ? clear_bhb_loop+0x30/0x80 [ 1347.171614][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1347.177545][ C1] RIP: 0033:0x7fd824b8eec7 [ 1347.181992][ C1] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 1347.201640][ C1] RSP: 002b:00007fd825a84038 EFLAGS: 00000246 [ 1347.207990][ C1] RAX: 0000000000000049 RBX: 00007fd824de5fa0 RCX: 00007fd824b8eec9 [ 1347.215998][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 [ 1347.223997][ C1] RBP: 00007fd824c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1347.232034][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1347.240051][ C1] R13: 00007fd824de6038 R14: 00007fd824de5fa0 R15: 00007ffc30dcf448 [ 1347.248059][ C1] [ 1432.435826][ C0] BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=0 stuck for 185s! [ 1432.444847][ C0] Showing busy workqueues and worker pools: [ 1432.450783][ C0] workqueue events: flags=0x0 [ 1432.455491][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=3/256 refcnt=4 [ 1432.455541][ C0] pending: psi_avgs_work, kfree_rcu_monitor, key_garbage_collector [ 1432.455703][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=2/256 refcnt=3 [ 1432.455744][ C0] pending: vmstat_shepherd, kfree_rcu_monitor [ 1432.455827][ C0] workqueue events_long: flags=0x0 [ 1432.491027][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.491082][ C0] pending: br_fdb_cleanup [ 1432.491201][ C0] workqueue events_unbound: flags=0x2 [ 1432.508993][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=3/512 refcnt=5 [ 1432.509035][ C0] pending: fsnotify_mark_destroy_workfn, toggle_allocation_gate, flush_memcg_stats_dwork [ 1432.509171][ C0] workqueue events_power_efficient: flags=0x80 [ 1432.532770][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=4/256 refcnt=5 [ 1432.532817][ C0] pending: wg_ratelimiter_gc_entries, reg_check_chans_work, gc_worker, check_lifetime [ 1432.533085][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=4/256 refcnt=5 [ 1432.533125][ C0] pending: neigh_managed_work, neigh_managed_work, neigh_periodic_work, neigh_periodic_work [ 1432.533242][ C0] workqueue rcu_gp: flags=0x8 [ 1432.573688][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.573738][ C0] pending: srcu_invoke_callbacks [ 1432.573777][ C0] workqueue mm_percpu_wq: flags=0x8 [ 1432.591977][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.592027][ C0] pending: vmstat_update [ 1432.592076][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.592116][ C0] pending: vmstat_update [ 1432.592149][ C0] workqueue writeback: flags=0x4a [ 1432.621731][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=3/256 refcnt=5 [ 1432.621776][ C0] pending: wb_workfn, wb_workfn, wb_workfn [ 1432.621833][ C0] workqueue kblockd: flags=0x18 [ 1432.640094][ C0] pwq 3: cpus=1 node=0 flags=0x0 nice=-20 active=3/256 refcnt=4 [ 1432.640145][ C0] pending: blk_mq_timeout_work, blk_mq_timeout_work, blk_mq_timeout_work [ 1432.640326][ C0] pwq 1: cpus=0 node=0 flags=0x0 nice=-20 active=1/256 refcnt=2 [ 1432.640367][ C0] in-flight: 41:blk_mq_timeout_work [ 1432.640480][ C0] workqueue dm_bufio_cache: flags=0x8 [ 1432.675967][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.676021][ C0] pending: work_fn [ 1432.676151][ C0] workqueue ipv6_addrconf: flags=0x40008 [ 1432.693570][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/1 refcnt=2 [ 1432.693620][ C0] pending: addrconf_verify_work [ 1432.693722][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=6 [ 1432.693764][ C0] pending: addrconf_verify_work [ 1432.693787][ C0] inactive: addrconf_verify_work, addrconf_verify_work, addrconf_verify_work, addrconf_verify_work [ 1432.693872][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 1432.735692][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.735741][ C0] pending: wg_packet_encrypt_worker [ 1432.735775][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.735813][ C0] pending: wg_packet_encrypt_worker [ 1432.735844][ C0] workqueue wg-crypt-wg1: flags=0x28 [ 1432.767625][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.767674][ C0] pending: wg_packet_encrypt_worker [ 1432.767718][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.767761][ C0] pending: wg_packet_encrypt_worker [ 1432.767804][ C0] workqueue wg-crypt-wg2: flags=0x28 [ 1432.800042][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.800092][ C0] pending: wg_packet_encrypt_worker [ 1432.800127][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.800169][ C0] pending: wg_packet_encrypt_worker [ 1432.800201][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 1432.831996][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.832044][ C0] pending: wg_packet_encrypt_worker [ 1432.832091][ C0] workqueue wg-kex-wg1: flags=0x6 [ 1432.850403][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3 [ 1432.850445][ C0] pending: wg_packet_handshake_send_worker [ 1432.850480][ C0] workqueue wg-crypt-wg1: flags=0x28 [ 1432.869165][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.869212][ C0] pending: wg_packet_encrypt_worker [ 1432.869248][ C0] workqueue wg-kex-wg2: flags=0x6 [ 1432.887529][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3 [ 1432.887571][ C0] pending: wg_packet_handshake_send_worker [ 1432.887616][ C0] workqueue wg-crypt-wg2: flags=0x28 [ 1432.906476][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.906523][ C0] pending: wg_packet_encrypt_worker [ 1432.906561][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 1432.925121][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.925168][ C0] pending: wg_packet_encrypt_worker [ 1432.925215][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.925256][ C0] pending: wg_packet_encrypt_worker [ 1432.925294][ C0] workqueue wg-crypt-wg1: flags=0x28 [ 1432.957059][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.957109][ C0] pending: wg_packet_encrypt_worker [ 1432.957144][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.957185][ C0] pending: wg_packet_encrypt_worker [ 1432.957216][ C0] workqueue wg-crypt-wg2: flags=0x28 [ 1432.989120][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.989176][ C0] pending: wg_packet_encrypt_worker [ 1432.989210][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1432.989253][ C0] pending: wg_packet_encrypt_worker [ 1432.989285][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 1433.021062][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1433.021113][ C0] pending: wg_packet_encrypt_worker [ 1433.021176][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1433.021218][ C0] pending: wg_packet_encrypt_worker [ 1433.021250][ C0] workqueue wg-crypt-wg1: flags=0x28 [ 1433.052978][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1433.053029][ C0] pending: wg_packet_encrypt_worker [ 1433.053062][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1433.053103][ C0] pending: wg_packet_encrypt_worker [ 1433.053133][ C0] workqueue wg-crypt-wg2: flags=0x28 [ 1433.084895][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1433.084947][ C0] pending: wg_packet_encrypt_worker [ 1433.084994][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1433.085037][ C0] pending: wg_packet_encrypt_worker [ 1433.085068][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 1433.116895][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1433.116944][ C0] pending: wg_packet_encrypt_worker [ 1433.116979][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1433.117018][ C0] pending: wg_packet_encrypt_worker [ 1433.117047][ C0] workqueue wg-crypt-wg1: flags=0x28 [ 1433.148840][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1433.148892][ C0] pending: wg_packet_encrypt_worker [ 1433.148924][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1433.148965][ C0] pending: wg_packet_encrypt_worker [ 1433.148996][ C0] workqueue wg-crypt-wg2: flags=0x28 [ 1433.180788][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1433.180840][ C0] pending: wg_packet_encrypt_worker [ 1433.180887][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1433.180929][ C0] pending: wg_packet_encrypt_worker [ 1433.180959][ C0] pool 1: cpus=0 node=0 flags=0x0 nice=-20 hung=0s workers=2 idle: 7