last executing test programs: 2m39.577188095s ago: executing program 2 (id=477): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000540)=0x1) 2m39.403682233s ago: executing program 2 (id=479): syz_open_dev$vim2m(0x0, 0x47b, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2716, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002) 2m39.009927604s ago: executing program 2 (id=483): mkdirat(0xffffffffffffff9c, 0x0, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r1, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f00000000c0)=0x1) 2m36.403365857s ago: executing program 2 (id=487): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000080)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x500, 0x40420f00}}}, 0x90) 2m35.460806395s ago: executing program 2 (id=489): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000540)=0x1) 2m35.343222011s ago: executing program 2 (id=491): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_IOCTL(r2, &(0x7f0000000140)={0x20, 0x0, 0x0, {0x80, 0x4, 0x20800, 0xf3}}, 0x20) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x1f68}], 0x2) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x5, 0x1ff, 0x0, {0x0, 0x0, 0x1, 0xfffffffffffffffd, 0x80000000000, 0x0, 0x9, 0x3, 0x2a6c, 0x8000, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) write$FUSE_INIT(r4, 0x0, 0x0) chmod(&(0x7f0000000100)='./file0\x00', 0x180) socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$inet6(0xa, 0x4, 0x4) close_range(r5, r5, 0x2) shutdown(0xffffffffffffffff, 0x0) r6 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) r7 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_TUNER(r7, 0x4054561e, &(0x7f0000000040)={0x0, "6ef91a52c970e336087667a32dd20d9df15ebee56a78282c99fb66ecbef846f3", 0x2, 0x2, 0x4, 0x80000001, 0x4, 0x2, 0x7, 0x7f}) ioctl$EVIOCRMFF(r6, 0x550c, 0x0) 2m19.820342176s ago: executing program 32 (id=491): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_IOCTL(r2, &(0x7f0000000140)={0x20, 0x0, 0x0, {0x80, 0x4, 0x20800, 0xf3}}, 0x20) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x1f68}], 0x2) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x5, 0x1ff, 0x0, {0x0, 0x0, 0x1, 0xfffffffffffffffd, 0x80000000000, 0x0, 0x9, 0x3, 0x2a6c, 0x8000, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) write$FUSE_INIT(r4, 0x0, 0x0) chmod(&(0x7f0000000100)='./file0\x00', 0x180) socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$inet6(0xa, 0x4, 0x4) close_range(r5, r5, 0x2) shutdown(0xffffffffffffffff, 0x0) r6 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) r7 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_TUNER(r7, 0x4054561e, &(0x7f0000000040)={0x0, "6ef91a52c970e336087667a32dd20d9df15ebee56a78282c99fb66ecbef846f3", 0x2, 0x2, 0x4, 0x80000001, 0x4, 0x2, 0x7, 0x7f}) ioctl$EVIOCRMFF(r6, 0x550c, 0x0) 13.851547533s ago: executing program 5 (id=996): r0 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r3, &(0x7f0000000240)={0x10, 0x0, 0xa03, 0x2}, 0xc) r4 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r4, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x810000}, 0xc) r5 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc) r6 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r6, &(0x7f0000000280)={0x10, 0x0, 0x0, 0x4140045e}, 0xc) r7 = socket$netlink(0x10, 0x3, 0x14) bind$netlink(r7, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x22ffffffff}, 0xc) bind$netlink(0xffffffffffffffff, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc) r8 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r8, &(0x7f0000000200)={0x10, 0x0, 0x25dfdbff, 0x10}, 0xc) r9 = socket$netlink(0x10, 0x3, 0x14) bind$netlink(r9, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x22ffffffff}, 0xc) r10 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r10, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x200}, 0xc) r11 = socket$netlink(0x10, 0x3, 0xb) bind$netlink(r11, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc) r12 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r12, &(0x7f0000000280)={0x10, 0x0, 0x25dfdbfc, 0x100000}, 0xc) bind$netlink(r1, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc) r13 = socket$netlink(0x10, 0x3, 0x4) writev(r13, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1) 13.708150963s ago: executing program 5 (id=998): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) sendmsg$alg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000600), 0xfec8) recvmmsg(0xffffffffffffffff, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140), 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0xfffffffffffffe63, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680}) 13.5456139s ago: executing program 5 (id=1000): openat$sysfs(0xffffff9c, &(0x7f0000000180)='/sys/kernel/vmcoreinfo', 0x309080, 0x1) syz_io_uring_setup(0x7870, &(0x7f00000003c0)={0x0, 0xd7c6, 0x40, 0x10, 0x333}, 0x0, &(0x7f0000000200)) r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x143082, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000080)=0x1) read$dsp(r0, &(0x7f00000000c0)=""/75, 0x4b) r1 = socket$inet6(0xa, 0x2, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) syz_emit_ethernet(0x2e4, &(0x7f0000001e00)=ANY=[], 0x0) sendmmsg$inet6(r1, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, &(0x7f0000000040), 0x0) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) r2 = gettid() mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b0000000000000000000000008000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYBLOB], 0x50) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) tkill(r2, 0xb) syz_io_uring_setup(0x1ff, &(0x7f0000000280)={0x0, 0x800000, 0x2, 0x2}, &(0x7f0000000000), &(0x7f0000000140)) ioctl$VIDIOC_G_CROP(0xffffffffffffffff, 0xc014563b, &(0x7f0000000cc0)={0xa, {0x20000000, 0x7b, 0x1000, 0x4}}) bind$x25(0xffffffffffffffff, 0x0, 0x0) 11.60413551s ago: executing program 5 (id=1009): socket$nl_route(0x10, 0x3, 0x0) creat(&(0x7f0000000200)='./file1\x00', 0x12e) syz_usb_connect(0x2, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000b4106cd40cd060f011bd50000000109022400010000800009040bfd0233776100090507020004814006090587030800"], 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) recvmsg$unix(0xffffffffffffffff, 0x0, 0x566e105bf7b091e4) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_ethernet(0xae, &(0x7f0000000280)=ANY=[@ANYBLOB="0180c20000000180c200000086dd6001012000783afffe8000000000000000000000000000bbff03030000000000000000000000000186009078000000070000000000000000000aa78ce54006598080a8030037004023493b07aafaffffffffffffff23732472eefa45ad964892497465bb4c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbafe5af180200010000000004002600040000000101fe906d17efe30000000690efafb1dc37fd06a2bc60b57186f814d9"], 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) execve(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x48) r1 = gettid() r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0) write$rfkill(r2, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8) timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) 9.709197714s ago: executing program 4 (id=1032): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000ac0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, 0x0) sendmsg$NL802154_CMD_DEL_SEC_DEV(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="234026bd7000fcdbdf121b00000008000300", @ANYRES32, @ANYBLOB="08000300", @ANYRES32, @ANYBLOB="10002e800c00"], 0x40}, 0x1, 0x0, 0x0, 0x8010}, 0x8000) 9.368947492s ago: executing program 4 (id=1035): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) timer_create(0x1, 0x0, &(0x7f0000bbdffc)) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x4, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)='%-5lx \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r2}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x10, &(0x7f00000003c0)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x54}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 8.571175778s ago: executing program 4 (id=1039): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, 0x0) ioctl$IOMMU_GET_HW_INFO(r0, 0x3b8a, &(0x7f0000000040)={0x28, 0x0, 0x0, 0xff89, &(0x7f0000000000)=""/44}) 8.144660851s ago: executing program 1 (id=1042): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write(r0, &(0x7f0000000180)="2cd889f0253e14", 0x7) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 7.45582744s ago: executing program 4 (id=1044): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmmsg(r3, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000000600)=""/108, 0x6c}, {&(0x7f0000000180)=""/256, 0x100}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000000440)=""/19, 0x13}, {&(0x7f0000000340)=""/120, 0x78}, {&(0x7f0000000040)=""/22, 0x16}, {&(0x7f0000000280)=""/183, 0xb7}], 0x7}, 0x60}], 0x1, 0x62, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000001080)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001040)=ANY=[@ANYRES16=r2], 0xfffffe2b}, 0x1, 0x0, 0x0, 0x9010}, 0x6004840) 7.186041217s ago: executing program 3 (id=1046): r0 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r3, &(0x7f0000000240)={0x10, 0x0, 0xa03, 0x2}, 0xc) r4 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r4, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x810000}, 0xc) r5 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc) r6 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r6, &(0x7f0000000280)={0x10, 0x0, 0x0, 0x4140045e}, 0xc) socket$netlink(0x10, 0x3, 0x14) r7 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r7, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc) r8 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r8, &(0x7f0000000200)={0x10, 0x0, 0x25dfdbff, 0x10}, 0xc) r9 = socket$netlink(0x10, 0x3, 0x14) bind$netlink(r9, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x22ffffffff}, 0xc) r10 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r10, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x200}, 0xc) r11 = socket$netlink(0x10, 0x3, 0xb) bind$netlink(r11, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc) r12 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r12, &(0x7f0000000280)={0x10, 0x0, 0x25dfdbfc, 0x100000}, 0xc) bind$netlink(r1, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc) r13 = socket$netlink(0x10, 0x3, 0x4) writev(r13, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1) 7.108990057s ago: executing program 5 (id=1048): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b040000000000000000020000003800048034000180090001007866726d0000000024000280070003dd010000000500030001000000080002400000000108000140000000160900010073797a30000000000900020073797a32000040"], 0x94}}, 0xc000) 6.816740559s ago: executing program 1 (id=1049): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGREPORT(r1, 0x400c4807, 0x0) 6.808722515s ago: executing program 3 (id=1050): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0) write$binfmt_script(r1, &(0x7f0000000600), 0xfec8) recvmmsg(r1, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140), 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0xfffffffffffffe63, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680}) 6.644170995s ago: executing program 5 (id=1052): r0 = socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) sched_getattr(0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) r4 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) execveat(r4, 0x0, 0x0, 0x0, 0x1000) r5 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r5, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) bind$alg(r0, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) 6.181203669s ago: executing program 3 (id=1054): syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) fcntl$lock(r5, 0x7, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) fcntl$lock(r6, 0x6, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x1fd}) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0xffffffffffffffff, 0x3, &(0x7f0000000240)=0x8) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 3.669217016s ago: executing program 0 (id=1058): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xa5}]}, 0x2c}}, 0x0) 3.577035235s ago: executing program 1 (id=1059): ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x6) ioctl$KVM_SET_CPUID2(r5, 0x4048aecb, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000001"]) 3.395522444s ago: executing program 0 (id=1060): r0 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r3, &(0x7f0000000240)={0x10, 0x0, 0xa03, 0x2}, 0xc) r4 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r4, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x810000}, 0xc) r5 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc) r6 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r6, &(0x7f0000000280)={0x10, 0x0, 0x0, 0x4140045e}, 0xc) socket$netlink(0x10, 0x3, 0x14) r7 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r7, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc) r8 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r8, &(0x7f0000000200)={0x10, 0x0, 0x25dfdbff, 0x10}, 0xc) r9 = socket$netlink(0x10, 0x3, 0x14) bind$netlink(r9, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x22ffffffff}, 0xc) r10 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r10, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x200}, 0xc) r11 = socket$netlink(0x10, 0x3, 0xb) bind$netlink(r11, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc) r12 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r12, &(0x7f0000000280)={0x10, 0x0, 0x25dfdbfc, 0x100000}, 0xc) bind$netlink(r1, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc) r13 = socket$netlink(0x10, 0x3, 0x4) writev(r13, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1) 3.128205346s ago: executing program 4 (id=1061): socket$netlink(0x10, 0x3, 0x4) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0000000", @ANYRES16, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r4, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000101000038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003000000080004000180000040"], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) 2.945784088s ago: executing program 3 (id=1062): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b040000000000000000020000003800048034000180090001007866726d0000000024000280070003dd010000000500030001000000080002400000000108000140000000160900010073797a30000000000900020073797a32000040"], 0x94}}, 0xc000) 2.848464272s ago: executing program 0 (id=1063): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0x707b, 0x0, 0xc, 0x288}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x2000, 0x1}) io_uring_enter(r4, 0x3516, 0x0, 0x4, 0x0, 0x0) 1.767507984s ago: executing program 1 (id=1064): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0) write$binfmt_script(r1, &(0x7f0000000600), 0xfec8) recvmmsg(r1, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140), 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0xfffffffffffffe63, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680}) 1.70084477s ago: executing program 0 (id=1065): openat$kvm(0xffffffffffffff9c, 0x0, 0x20042, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xb, 0x0, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40fff, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$FUSE_INIT(r2, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}}, 0x50) vmsplice(r2, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) fcntl$setpipe(r2, 0x407, 0x2000000) ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, 0x0) 1.48741423s ago: executing program 3 (id=1066): mount(0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open$dir(0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x1, @val=@uprobe_multi={0x0, &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x10}}, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000040), r7) recvmmsg(r7, 0x0, 0x0, 0x10163, 0x0) 1.441089064s ago: executing program 1 (id=1067): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x1000, 0x3f2f0fde) syz_open_dev$sndctrl(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_init_net_socket$ax25(0x3, 0x3, 0xcf) socket(0x1d, 0x2, 0x6) keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0xfffffffffffffffc) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xe}}) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(0x0, &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') 1.437581357s ago: executing program 0 (id=1068): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) sendmsg$inet(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000380)="75c1cc54649640bea1cd6a6a000070ab59578db363f48925ffffffff36138406b699de69db13fd737428808940bcd0840dc930c81a8b279eff00703a38867b276dd8b665cd232c39319796d63ce2c88d43b17760a6e0df533940a702485bb198e47be60c4fe6987e", 0x68}, {&(0x7f0000000f00)="1b3b351333f3a3b13679144b7cd8a483d6dbc75ded5829aceff163e19496f9ba6875841285b877fac97b183e950017761d4433127df4ffeab47d3545970ac2571b8775e05a2ec30dbc2154f17ddb", 0x4e}], 0x2}, 0x10000804) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/233, 0xe9}], 0x1, &(0x7f0000001d00)=""/4080, 0xff0}, 0x0) close(r0) 1.373074406s ago: executing program 4 (id=1069): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000100)={0x20, r2, 0x1, 0x70bd2a, 0x0, {0x1a}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40880}, 0xd0) 61.047647ms ago: executing program 3 (id=1070): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_int(r3, 0x0, 0xf, 0x0, &(0x7f0000000240)) 25.618602ms ago: executing program 1 (id=1071): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmmsg(r3, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000000600)=""/108, 0x6c}, {&(0x7f0000000180)=""/256, 0x100}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000000440)=""/19, 0x13}, {&(0x7f0000000340)=""/120, 0x78}, {&(0x7f0000000040)=""/22, 0x16}, {&(0x7f0000000280)=""/183, 0xb7}], 0x7}, 0x60}], 0x1, 0x62, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000001080)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001040)=ANY=[@ANYRES16=r2], 0xfffffe2b}, 0x1, 0x0, 0x0, 0x9010}, 0x6004840) 0s ago: executing program 0 (id=1072): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000100)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x80000, 0x100) kernel console output (not intermixed with test programs): [ 116.155387][ T6150] FAT-fs (loop4): Directory bread(block 64) failed [ 116.162155][ T6150] FAT-fs (loop4): Directory bread(block 65) failed [ 116.372931][ T6150] FAT-fs (loop4): Directory bread(block 66) failed [ 116.433869][ T6150] FAT-fs (loop4): Directory bread(block 67) failed [ 116.456996][ T6150] FAT-fs (loop4): Directory bread(block 68) failed [ 116.465366][ T6150] FAT-fs (loop4): Directory bread(block 69) failed [ 117.126704][ T6150] FAT-fs (loop4): Directory bread(block 70) failed [ 117.153839][ T6150] FAT-fs (loop4): Directory bread(block 71) failed [ 117.170905][ T6150] FAT-fs (loop4): Directory bread(block 72) failed [ 117.180957][ T6150] FAT-fs (loop4): Directory bread(block 73) failed [ 117.328017][ T6165] loop0: detected capacity change from 0 to 128 [ 117.403961][ T5898] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 117.428784][ T6165] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 117.861092][ T6150] FAT-fs (loop4): Filesystem has been set read-only [ 117.978543][ T30] audit: type=1800 audit(1748706288.790:3): pid=6150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.55" name="cpu.stat" dev="loop4" ino=1048600 res=0 errno=0 [ 118.013544][ T6150] FAT-fs (loop4): error, invalid access to FAT (entry 0x00006c61) [ 118.023748][ T5835] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 118.050085][ T5898] usb 4-1: New USB device found, idVendor=05ac, idProduct=0253, bcdDevice=65.5a [ 118.123947][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.162859][ T5898] usb 4-1: config 0 descriptor?? [ 118.192293][ T5898] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input5 [ 118.223784][ T5835] usb 3-1: Using ep0 maxpacket: 32 [ 118.252707][ T5835] usb 3-1: config 0 has no interfaces? [ 118.269199][ T6171] loop0: detected capacity change from 0 to 512 [ 118.286749][ T5835] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 118.334073][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.389495][ T6174] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.444683][ T6171] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.60: bad orphan inode 13 [ 118.470991][ T6174] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.480687][ T5835] usb 3-1: config 0 descriptor?? [ 118.517323][ T6171] ext4_test_bit(bit=12, block=4) = 1 [ 118.522721][ T6171] is_bad_inode(inode)=0 [ 118.564210][ T6171] NEXT_ORPHAN(inode)=0 [ 118.568357][ T6171] max_ino=32 [ 118.571623][ T6171] i_nlink=1 [ 118.588693][ T6171] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.589720][ T5193] bcm5974 4-1:0.0: could not read from device [ 118.731174][ T5898] usb 4-1: USB disconnect, device number 3 [ 118.750137][ T5193] bcm5974 4-1:0.0: could not read from device [ 118.790855][ T5193] bcm5974 4-1:0.0: could not read from device [ 118.863387][ T6182] EXT4-fs warning (device loop0): dx_probe:801: inode #2: comm syz.0.60: Unrecognised inode hash code 20 [ 119.053981][ T6182] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.60: Corrupt directory, running e2fsck is recommended [ 119.851130][ T9] usb 3-1: USB disconnect, device number 3 [ 119.865659][ T6167] udevd[6167]: Error opening device "/dev/input/event4": No such file or directory [ 119.884223][ T6167] udevd[6167]: Unable to EVIOCGABS device "/dev/input/event4" [ 119.902550][ T6167] udevd[6167]: Unable to EVIOCGABS device "/dev/input/event4" [ 119.935390][ T6167] udevd[6167]: Unable to EVIOCGABS device "/dev/input/event4" [ 120.047885][ T6167] udevd[6167]: Unable to EVIOCGABS device "/dev/input/event4" [ 120.219719][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.412513][ T6188] loop3: detected capacity change from 0 to 32768 [ 120.420885][ T6188] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.65 (6188) [ 120.448538][ T6188] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 120.458860][ T6188] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 120.675705][ T6188] BTRFS info (device loop3): rebuilding free space tree [ 120.707531][ T6188] BTRFS info (device loop3): disabling free space tree [ 120.714771][ T6188] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 120.724526][ T6188] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 120.798092][ T6211] loop2: detected capacity change from 0 to 2048 [ 120.879729][ T6211] EXT4-fs: Ignoring removed nomblk_io_submit option [ 120.935773][ T6215] loop4: detected capacity change from 0 to 8 [ 121.959259][ T6223] loop0: detected capacity change from 0 to 128 [ 122.135971][ T6211] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.158513][ T6223] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 122.641023][ T6221] BTRFS info (device loop3): balance: start -sprofiles=raid1c4,limit=10376293524281753602,limit=2..2415919100 [ 122.652968][ T6221] BTRFS info (device loop3): balance: ended with status: 0 [ 122.899060][ T5838] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 124.391274][ T6235] loop4: detected capacity change from 0 to 131072 [ 125.317462][ T6178] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 2: invalid block bitmap [ 125.373728][ T6178] EXT4-fs (loop2): Remounting filesystem read-only [ 125.397601][ T5836] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.517813][ T6235] fscrypt: Error allocating hmac(sha512): -2 [ 126.524567][ T6235] F2FS-fs (loop4): Error processing option "test_dummy_encryption" [-2] [ 126.803946][ T5835] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 128.047537][ T6264] loop3: detected capacity change from 0 to 256 [ 128.187025][ T6264] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 128.239128][ T6266] loop8: detected capacity change from 0 to 7 [ 128.276558][ T6266] Dev loop8: unable to read RDB block 7 [ 128.315692][ T6266] loop8: unable to read partition table [ 128.322716][ T6266] loop8: partition table beyond EOD, truncated [ 128.354756][ T6269] loop6: detected capacity change from 0 to 7 [ 128.409279][ T6266] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 128.469900][ T6269] Dev loop6: unable to read RDB block 7 [ 128.498084][ T6269] loop6: AHDI p1 p2 p3 [ 128.573830][ T6269] loop6: partition table partially beyond EOD, truncated [ 128.627449][ T6269] loop6: p1 start 926365495 is beyond EOD, truncated [ 128.709855][ T6269] loop6: p2 size 116 extends beyond EOD, truncated [ 129.069024][ T6167] udevd[6167]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 129.339387][ T6276] netlink: 16 bytes leftover after parsing attributes in process `syz.4.85'. [ 129.370754][ T6276] netlink: 4 bytes leftover after parsing attributes in process `syz.4.85'. [ 129.457138][ T6279] loop1: detected capacity change from 0 to 128 [ 129.487964][ T6279] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 130.444826][ T6288] loop8: detected capacity change from 0 to 7 [ 130.846875][ T6287] loop2: detected capacity change from 0 to 32768 [ 130.947641][ T6288] Dev loop8: unable to read RDB block 7 [ 130.971078][ T6287] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 130.979640][ T6287] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 131.010756][ T6287] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 131.031412][ T5896] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 131.039230][ T5896] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 131.068026][ T6288] loop8: unable to read partition table [ 131.129431][ T6288] loop8: partition table beyond EOD, truncated [ 131.163832][ T6288] loop_reread_partitions: partition scan of loop8 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¬âÐû [ 131.163832][ T6288] ) failed (rc=-5) [ 131.221067][ T5896] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 181ms [ 131.282843][ T5896] gfs2: fsid=syz:syz.0: jid=0: Done [ 131.311448][ T6287] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 131.361401][ T6287] gfs2: fsid=syz:syz.0: gfs2_check_dirent: gfs2_dirent too small (not first in block) [ 131.371618][ T6287] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 12 2341, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 589 [ 131.386149][ T6287] gfs2: fsid=syz:syz.0: G: s:SH n:2/925 f:aqob t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 131.395423][ T6287] gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:6287 [syz.2.89] __gfs2_lookup+0x8f/0x270 [ 131.405183][ T6287] gfs2: fsid=syz:syz.0: I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0 [ 131.413729][ T6287] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 131.421227][ T6287] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 131.433779][ T6287] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 131.440301][ T6287] FAULT_INJECTION: forcing a failure. [ 131.440301][ T6287] name failslab, interval 1, probability 0, space 0, times 1 [ 131.455504][ T6287] CPU: 1 UID: 0 PID: 6287 Comm: syz.2.89 Not tainted 6.15.0-next-20250530-syzkaller #0 PREEMPT(full) [ 131.455531][ T6287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.455544][ T6287] Call Trace: [ 131.455553][ T6287] [ 131.455561][ T6287] dump_stack_lvl+0x189/0x250 [ 131.455586][ T6287] ? __pfx____ratelimit+0x10/0x10 [ 131.455618][ T6287] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.455639][ T6287] ? __pfx__printk+0x10/0x10 [ 131.455665][ T6287] ? __pfx___might_resched+0x10/0x10 [ 131.455686][ T6287] ? fs_reclaim_acquire+0x7d/0x100 [ 131.455719][ T6287] should_fail_ex+0x414/0x560 [ 131.455752][ T6287] should_failslab+0xa8/0x100 [ 131.455778][ T6287] __kmalloc_noprof+0xcb/0x4f0 [ 131.455800][ T6287] ? kobject_get_path+0xc5/0x2d0 [ 131.455838][ T6287] kobject_get_path+0xc5/0x2d0 [ 131.455877][ T6287] kobject_uevent_env+0x292/0x8c0 [ 131.455904][ T6287] ? do_raw_spin_unlock+0x122/0x240 [ 131.455936][ T6287] gfs2_withdraw+0x1026/0x14f0 [ 131.455982][ T6287] ? __pfx_gfs2_withdraw+0x10/0x10 [ 131.456012][ T6287] ? __pfx__printk+0x10/0x10 [ 131.456049][ T6287] ? gfs2_consist_inode_i+0xf5/0x110 [ 131.456079][ T6287] gfs2_dirent_scan+0x545/0x690 [ 131.456108][ T6287] ? __pfx_gfs2_dirent_find+0x10/0x10 [ 131.456136][ T6287] ? __pfx_gfs2_dirent_find+0x10/0x10 [ 131.456162][ T6287] gfs2_dirent_search+0x2e0/0x7e0 [ 131.456192][ T6287] ? gfs2_permission+0x370/0x440 [ 131.456220][ T6287] ? __pfx___might_resched+0x10/0x10 [ 131.456241][ T6287] ? __pfx_gfs2_dirent_search+0x10/0x10 [ 131.456268][ T6287] ? __pfx_gfs2_permission+0x10/0x10 [ 131.456306][ T6287] gfs2_dir_search+0x4c/0x220 [ 131.456337][ T6287] gfs2_lookupi+0x3d9/0x5a0 [ 131.456372][ T6287] ? __pfx_gfs2_lookupi+0x10/0x10 [ 131.456409][ T6287] ? d_alloc_parallel+0x13d0/0x14e0 [ 131.456443][ T6287] ? __gfs2_lookup+0x8f/0x270 [ 131.456470][ T6287] ? d_alloc_parallel+0x2e0/0x14e0 [ 131.456499][ T6287] ? lockdep_unlock+0x89/0x120 [ 131.456533][ T6287] __gfs2_lookup+0x8f/0x270 [ 131.456565][ T6287] ? __pfx___gfs2_lookup+0x10/0x10 [ 131.456600][ T6287] ? __raw_spin_lock_init+0x45/0x100 [ 131.456625][ T6287] ? __init_waitqueue_head+0xa9/0x150 [ 131.456655][ T6287] __lookup_slow+0x297/0x3d0 [ 131.456689][ T6287] ? __pfx___lookup_slow+0x10/0x10 [ 131.456724][ T6287] ? gfs2_dhash+0x59/0xb0 [ 131.456750][ T6287] ? down_read+0x1ad/0x2e0 [ 131.456774][ T6287] lookup_slow+0x53/0x70 [ 131.456805][ T6287] walk_component+0x2d2/0x400 [ 131.456830][ T6287] ? path_lookupat+0x156/0x430 [ 131.456861][ T6287] path_lookupat+0x163/0x430 [ 131.456898][ T6287] filename_lookup+0x212/0x570 [ 131.456930][ T6287] ? __pfx_filename_lookup+0x10/0x10 [ 131.456983][ T6287] ? strncpy_from_user+0x150/0x290 [ 131.457010][ T6287] ? getname_flags+0x1e5/0x540 [ 131.457053][ T6287] user_path_at+0x3a/0x60 [ 131.457083][ T6287] __se_sys_mount+0x2d3/0x410 [ 131.457114][ T6287] ? __pfx___se_sys_mount+0x10/0x10 [ 131.457136][ T6287] ? rcu_is_watching+0x15/0xb0 [ 131.457161][ T6287] ? do_syscall_64+0xbe/0x3b0 [ 131.457178][ T6287] ? __x64_sys_mount+0x20/0xc0 [ 131.457204][ T6287] do_syscall_64+0xfa/0x3b0 [ 131.457220][ T6287] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.457248][ T6287] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.457268][ T6287] ? clear_bhb_loop+0x60/0xb0 [ 131.457292][ T6287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.457312][ T6287] RIP: 0033:0x7fd389b8e969 [ 131.457330][ T6287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.457346][ T6287] RSP: 002b:00007fd38a91a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 131.457367][ T6287] RAX: ffffffffffffffda RBX: 00007fd389db5fa0 RCX: 00007fd389b8e969 [ 131.457382][ T6287] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000000 [ 131.457394][ T6287] RBP: 00007fd38a91a090 R08: 0000000000000000 R09: 0000000000000000 [ 131.457406][ T6287] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001 [ 131.457417][ T6287] R13: 0000000000000000 R14: 00007fd389db5fa0 R15: 00007fff7d368d38 [ 131.457448][ T6287] [ 131.457503][ T6287] gfs2: fsid=syz:syz.0: File system withdrawn [ 131.743095][ T6305] loop0: detected capacity change from 0 to 64 [ 131.746409][ T6287] CPU: 1 UID: 0 PID: 6287 Comm: syz.2.89 Not tainted 6.15.0-next-20250530-syzkaller #0 PREEMPT(full) [ 131.746438][ T6287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.746452][ T6287] Call Trace: [ 131.746460][ T6287] [ 131.746469][ T6287] dump_stack_lvl+0x189/0x250 [ 131.746501][ T6287] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.746522][ T6287] ? __pfx__printk+0x10/0x10 [ 131.746547][ T6287] ? kobject_uevent_env+0x36b/0x8c0 [ 131.746576][ T6287] ? do_raw_spin_unlock+0x122/0x240 [ 131.746608][ T6287] gfs2_withdraw+0x111e/0x14f0 [ 131.746655][ T6287] ? __pfx_gfs2_withdraw+0x10/0x10 [ 131.746687][ T6287] ? __pfx__printk+0x10/0x10 [ 131.746718][ T6287] ? gfs2_consist_inode_i+0xf5/0x110 [ 131.746750][ T6287] gfs2_dirent_scan+0x545/0x690 [ 131.746782][ T6287] ? __pfx_gfs2_dirent_find+0x10/0x10 [ 131.746811][ T6287] ? __pfx_gfs2_dirent_find+0x10/0x10 [ 131.746839][ T6287] gfs2_dirent_search+0x2e0/0x7e0 [ 131.746872][ T6287] ? gfs2_permission+0x370/0x440 [ 131.746902][ T6287] ? __pfx___might_resched+0x10/0x10 [ 131.746924][ T6287] ? __pfx_gfs2_dirent_search+0x10/0x10 [ 131.746952][ T6287] ? __pfx_gfs2_permission+0x10/0x10 [ 131.746994][ T6287] gfs2_dir_search+0x4c/0x220 [ 131.747027][ T6287] gfs2_lookupi+0x3d9/0x5a0 [ 131.747072][ T6287] ? __pfx_gfs2_lookupi+0x10/0x10 [ 131.747100][ T6287] ? d_alloc_parallel+0x13d0/0x14e0 [ 131.747138][ T6287] ? __gfs2_lookup+0x8f/0x270 [ 131.747168][ T6287] ? d_alloc_parallel+0x2e0/0x14e0 [ 131.747201][ T6287] ? lockdep_unlock+0x89/0x120 [ 131.747239][ T6287] __gfs2_lookup+0x8f/0x270 [ 131.747276][ T6287] ? __pfx___gfs2_lookup+0x10/0x10 [ 131.747316][ T6287] ? __raw_spin_lock_init+0x45/0x100 [ 131.747345][ T6287] ? __init_waitqueue_head+0xa9/0x150 [ 131.747378][ T6287] __lookup_slow+0x297/0x3d0 [ 131.747413][ T6287] ? __pfx___lookup_slow+0x10/0x10 [ 131.747455][ T6287] ? gfs2_dhash+0x59/0xb0 [ 131.747484][ T6287] ? down_read+0x1ad/0x2e0 [ 131.747508][ T6287] lookup_slow+0x53/0x70 [ 131.747541][ T6287] walk_component+0x2d2/0x400 [ 131.747568][ T6287] ? path_lookupat+0x156/0x430 [ 131.747602][ T6287] path_lookupat+0x163/0x430 [ 131.747659][ T6287] filename_lookup+0x212/0x570 [ 131.747699][ T6287] ? __pfx_filename_lookup+0x10/0x10 [ 131.747759][ T6287] ? strncpy_from_user+0x150/0x290 [ 131.747790][ T6287] ? getname_flags+0x1e5/0x540 [ 131.747824][ T6287] user_path_at+0x3a/0x60 [ 131.747860][ T6287] __se_sys_mount+0x2d3/0x410 [ 131.747896][ T6287] ? __pfx___se_sys_mount+0x10/0x10 [ 131.747922][ T6287] ? rcu_is_watching+0x15/0xb0 [ 131.747951][ T6287] ? do_syscall_64+0xbe/0x3b0 [ 131.747969][ T6287] ? __x64_sys_mount+0x20/0xc0 [ 131.748011][ T6287] do_syscall_64+0xfa/0x3b0 [ 131.748029][ T6287] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.748066][ T6287] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.748089][ T6287] ? clear_bhb_loop+0x60/0xb0 [ 131.748116][ T6287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.748137][ T6287] RIP: 0033:0x7fd389b8e969 [ 131.748157][ T6287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.748175][ T6287] RSP: 002b:00007fd38a91a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 131.748198][ T6287] RAX: ffffffffffffffda RBX: 00007fd389db5fa0 RCX: 00007fd389b8e969 [ 131.748214][ T6287] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000000 [ 131.748228][ T6287] RBP: 00007fd38a91a090 R08: 0000000000000000 R09: 0000000000000000 [ 131.748241][ T6287] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001 [ 131.748255][ T6287] R13: 0000000000000000 R14: 00007fd389db5fa0 R15: 00007fff7d368d38 [ 131.748288][ T6287] [ 131.882372][ T6304] loop1: detected capacity change from 0 to 2048 [ 132.195741][ T6283] loop3: detected capacity change from 0 to 32768 [ 132.274807][ T880] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 132.353354][ T6308] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 132.411104][ T30] audit: type=1800 audit(1748706303.230:4): pid=6304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.92" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 132.484091][ T880] usb 1-1: device descriptor read/64, error -71 [ 132.722615][ T6283] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,promote_target=invalid device 15,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 132.722615][ T6283] allowing incompatible features above 0.0: (unknown version) [ 132.722615][ T6283] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 132.778194][ T880] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 132.788177][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.795620][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.903766][ T6283] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 132.933713][ T880] usb 1-1: device descriptor read/64, error -71 [ 132.977710][ T6313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.95'. [ 132.993205][ T6283] bcachefs (loop3): recovering from clean shutdown, journal seq 10 [ 132.998747][ T6313] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.009935][ T6313] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.027288][ T6283] bcachefs (loop3): Version upgrade required: [ 133.027288][ T6283] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 133.027288][ T6283] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 133.027288][ T6283] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 133.138453][ T880] usb usb1-port1: attempt power cycle [ 133.195082][ T6283] bcachefs (loop3): dropping and reconstructing all alloc info [ 133.209844][ T6283] syz.3.87: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 133.231719][ T6283] CPU: 1 UID: 0 PID: 6283 Comm: syz.3.87 Not tainted 6.15.0-next-20250530-syzkaller #0 PREEMPT(full) [ 133.231750][ T6283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 133.231763][ T6283] Call Trace: [ 133.231772][ T6283] [ 133.231781][ T6283] dump_stack_lvl+0x189/0x250 [ 133.231811][ T6283] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.231832][ T6283] ? __pfx__printk+0x10/0x10 [ 133.231857][ T6283] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 133.231883][ T6283] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 133.231910][ T6283] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 133.231946][ T6283] warn_alloc+0x214/0x310 [ 133.231980][ T6283] ? __pfx_warn_alloc+0x10/0x10 [ 133.232018][ T6283] ? __get_vm_area_node+0x28f/0x300 [ 133.232044][ T6283] ? bch2_fs_journal_start+0x480/0x1500 [ 133.232076][ T6283] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 133.232134][ T6283] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 133.232167][ T6283] ? rcu_is_watching+0x15/0xb0 [ 133.232190][ T6283] ? bch2_fs_journal_start+0x480/0x1500 [ 133.232216][ T6283] ? bch2_fs_journal_start+0x480/0x1500 [ 133.232242][ T6283] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 133.232268][ T6283] ? bch2_fs_journal_start+0x480/0x1500 [ 133.232304][ T6283] bch2_fs_journal_start+0x480/0x1500 [ 133.232350][ T6283] ? bch2_journal_log_msg+0xd9/0x120 [ 133.232387][ T6283] ? __pfx_bch2_fs_journal_start+0x10/0x10 [ 133.232416][ T6283] ? __pfx_bch2_journal_log_msg+0x10/0x10 [ 133.232450][ T6283] ? bch2_reconstruct_alloc+0x32b/0x360 [ 133.232493][ T6283] bch2_fs_recovery+0x2323/0x3a80 [ 133.232523][ T6283] ? check_noncircular+0xe0/0x160 [ 133.232561][ T6283] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 133.232612][ T6283] ? __lock_acquire+0xab9/0xd20 [ 133.232657][ T6283] ? __lock_acquire+0xab9/0xd20 [ 133.232707][ T6283] ? __lock_acquire+0xab9/0xd20 [ 133.232766][ T6283] ? bch2_fs_start+0x9ea/0xd80 [ 133.232803][ T6283] ? up_write+0x1c4/0x420 [ 133.232832][ T6283] bch2_fs_start+0xa85/0xd80 [ 133.232866][ T6283] ? bch2_fs_start+0x5aa/0xd80 [ 133.232904][ T6283] ? __pfx_bch2_fs_start+0x10/0x10 [ 133.232966][ T6283] ? sget+0x267/0x620 [ 133.233006][ T6283] bch2_fs_get_tree+0xbfc/0x15f0 [ 133.233069][ T6283] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 133.233104][ T6283] ? __pfx_bch2_fs_parse_param+0x10/0x10 [ 133.233157][ T6283] ? aa_get_newest_label+0xf7/0x5d0 [ 133.233183][ T6283] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 133.233224][ T6283] ? apparmor_capable+0x137/0x1b0 [ 133.233263][ T6283] vfs_get_tree+0x8f/0x2b0 [ 133.233290][ T6283] do_new_mount+0x24a/0xa40 [ 133.233325][ T6283] __se_sys_mount+0x317/0x410 [ 133.233359][ T6283] ? __pfx___se_sys_mount+0x10/0x10 [ 133.233393][ T6283] ? do_syscall_64+0xbe/0x3b0 [ 133.233411][ T6283] ? __x64_sys_mount+0x20/0xc0 [ 133.233441][ T6283] do_syscall_64+0xfa/0x3b0 [ 133.233459][ T6283] ? lockdep_hardirqs_on+0x9c/0x150 [ 133.233489][ T6283] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.233512][ T6283] ? clear_bhb_loop+0x60/0xb0 [ 133.233538][ T6283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.233559][ T6283] RIP: 0033:0x7f03e099010a [ 133.233580][ T6283] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.233597][ T6283] RSP: 002b:00007f03e17cde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 133.233624][ T6283] RAX: ffffffffffffffda RBX: 00007f03e17cdef0 RCX: 00007f03e099010a [ 133.233640][ T6283] RDX: 00002000000000c0 RSI: 0000200000000180 RDI: 00007f03e17cdeb0 [ 133.233655][ T6283] RBP: 00002000000000c0 R08: 00007f03e17cdef0 R09: 0000000000800000 [ 133.233670][ T6283] R10: 0000000000800000 R11: 0000000000000246 R12: 0000200000000180 [ 133.233684][ T6283] R13: 00007f03e17cdeb0 R14: 000000000000593d R15: 0000200000000480 [ 133.233717][ T6283] [ 133.615054][ T6283] Mem-Info: [ 133.618239][ T6283] active_anon:12846 inactive_anon:0 isolated_anon:0 [ 133.618239][ T6283] active_file:10331 inactive_file:39947 isolated_file:0 [ 133.618239][ T6283] unevictable:768 dirty:158 writeback:0 [ 133.618239][ T6283] slab_reclaimable:10392 slab_unreclaimable:99521 [ 133.618239][ T6283] mapped:34137 shmem:8354 pagetables:1207 [ 133.618239][ T6283] sec_pagetables:0 bounce:0 [ 133.618239][ T6283] kernel_misc_reclaimable:0 [ 133.618239][ T6283] free:1291823 free_pcp:36631 free_cma:0 [ 133.673743][ T880] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 133.716149][ T880] usb 1-1: device descriptor read/8, error -71 [ 133.733313][ T6283] Node 0 active_anon:51484kB inactive_anon:0kB active_file:41324kB inactive_file:159584kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:136548kB dirty:628kB writeback:0kB shmem:31880kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11100kB pagetables:4700kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 133.851900][ T6283] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 133.954985][ T880] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 133.991372][ T6283] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 134.052095][ T880] usb 1-1: device descriptor read/8, error -71 [ 134.063272][ T6283] lowmem_reserve[]: 0 2501 2502 2502 2502 [ 134.094121][ T6283] Node 0 DMA32 free:1279684kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:40136kB inactive_anon:0kB active_file:41324kB inactive_file:157724kB unevictable:1536kB writepending:640kB present:3129332kB managed:2561044kB mlocked:0kB bounce:0kB free_pcp:110348kB local_pcp:48552kB free_cma:0kB [ 134.197104][ T6283] lowmem_reserve[]: 0 0 1 1 1 [ 134.208969][ T880] usb usb1-port1: unable to enumerate USB device [ 134.210977][ T6283] Node 0 [ 134.235168][ T6321] loop6: detected capacity change from 0 to 7 [ 134.332804][ T6283] Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1840kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:4kB free_cma:0kB [ 134.398497][ T6321] Dev loop6: unable to read RDB block 7 [ 134.452780][ T6283] lowmem_reserve[]: 0 0 0 0 0 [ 134.454922][ T6321] loop6: AHDI p1 p2 p3 [ 134.458559][ T6283] Node 1 Normal free:3900768kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:20448kB local_pcp:7168kB free_cma:0kB [ 134.477217][ T6321] loop6: partition table partially beyond EOD, [ 134.493230][ T6283] lowmem_reserve[]: 0 0 0 0 0 [ 134.493290][ T6283] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 134.533702][ T6283] Node 0 DMA32: 929*4kB (UM) 1073*8kB (UME) 497*16kB (UM) 471*32kB (UME) 303*64kB (UME) 141*128kB (ME) 75*256kB (M) 39*512kB (UME) 21*1024kB (M) 12*2048kB (UME) 274*4096kB (M) = 1280316kB [ 134.557483][ T6321] truncated [ 134.563094][ T6321] loop6: p1 start 926365495 is beyond EOD, truncated [ 134.622374][ T6325] loop2: detected capacity change from 0 to 128 [ 134.658940][ T6321] loop6: p2 size 116 extends beyond EOD, truncated [ 134.717321][ T6283] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 135.043006][ T6283] Node 1 Normal: 196*4kB (UME) 44*8kB (UME) 35*16kB (UME) 78*32kB (UME) 26*64kB (UME) 7*128kB (UME) 5*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (M) = 3900768kB [ 135.187231][ T6325] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 135.247977][ T6283] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 135.257817][ T6283] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 135.268992][ T6283] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 135.279575][ T6283] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 135.289138][ T6283] 58601 total pagecache pages [ 135.313228][ T6327] loop1: detected capacity change from 0 to 64 [ 135.320366][ T6283] 0 pages in swap cache [ 135.365689][ T6283] Free swap = 124996kB [ 135.381880][ T6283] Total swap = 124996kB [ 135.406832][ T6327] warning: `syz.1.101' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 135.450496][ T6038] udevd[6038]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 135.473868][ T6283] 2097051 pages RAM [ 135.477831][ T6283] 0 pages HighMem/MovableOnly [ 135.482524][ T6283] 424684 pages reserved [ 135.518031][ T6328] netlink: 'syz.1.101': attribute type 10 has an invalid length. [ 135.539481][ T6283] 0 pages cma reserved [ 135.635122][ T6283] bcachefs (loop3): error reallocating journal fifo (32768 open entries) [ 135.685422][ T6283] bcachefs (loop3): error in recovery: ENOMEM_journal_pin_fifoemergency read only at seq 0 [ 135.748557][ T6283] bcachefs (loop3): bch2_fs_start(): error starting filesystem ENOMEM_journal_pin_fifo [ 135.797982][ T6283] bcachefs (loop3): shutting down [ 135.803443][ T6328] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 135.829642][ T6334] netlink: 248 bytes leftover after parsing attributes in process `syz.2.104'. [ 135.864657][ T6334] netlink: 52 bytes leftover after parsing attributes in process `syz.2.104'. [ 135.920151][ T6283] bcachefs (loop3): shutdown complete [ 136.254395][ T6336] loop4: detected capacity change from 0 to 32768 [ 136.343986][ T6336] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.105 (6336) [ 136.424769][ T6338] loop1: detected capacity change from 0 to 32768 [ 136.434122][ T6336] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 136.444808][ T6336] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 136.475056][ T6338] BTRFS: device /dev/loop1 (7:1) using temp-fsid 4042454f-41b7-4cbc-965c-c6c1c28c5df2 [ 136.485091][ T6338] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.106 (6338) [ 136.510735][ T6338] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 136.521266][ T6338] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 136.814509][ T6340] loop2: detected capacity change from 0 to 40427 [ 136.838449][ T6340] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 136.846401][ T6340] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 136.955093][ T6340] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 136.963366][ T6340] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 137.050606][ T6336] BTRFS info (device loop4): rebuilding free space tree [ 137.082080][ T6336] BTRFS info (device loop4): disabling free space tree [ 137.089522][ T6336] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 137.099363][ T6336] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 137.180695][ T6338] BTRFS info (device loop1): rebuilding free space tree [ 137.400559][ T6338] BTRFS info (device loop1): disabling free space tree [ 137.407807][ T6338] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 137.417724][ T6338] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 138.847072][ T6381] BTRFS info (device loop4): balance: start -sprofiles=raid1c4,limit=10376293524281753602,limit=2..2415919100 [ 138.861159][ T6381] BTRFS info (device loop4): balance: ended with status: 0 [ 139.156192][ T5855] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 139.382100][ T6387] BTRFS info (device loop1): balance: start -sprofiles=raid1c4,limit=10376293524281753602,limit=2..2415919100 [ 139.394621][ T6387] BTRFS info (device loop1): balance: ended with status: 0 [ 140.050144][ T5840] BTRFS info (device loop1): last unmount of filesystem 4042454f-41b7-4cbc-965c-c6c1c28c5df2 [ 140.818966][ T6393] loop4: detected capacity change from 0 to 65536 [ 141.012405][ T6393] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 141.181429][ T6393] XFS (loop4): Internal error head_block >= tail_block || head_cycle != tail_cycle + 1 at line 1645 of file fs/xfs/xfs_log_recover.c. Caller xlog_clear_stale_blocks+0x272/0x3c0 [ 141.199203][ T6393] CPU: 0 UID: 0 PID: 6393 Comm: syz.4.109 Not tainted 6.15.0-next-20250530-syzkaller #0 PREEMPT(full) [ 141.199223][ T6393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 141.199232][ T6393] Call Trace: [ 141.199240][ T6393] [ 141.199247][ T6393] dump_stack_lvl+0x189/0x250 [ 141.199268][ T6393] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.199283][ T6393] ? xfs_rw_bdev+0x277/0x2a0 [ 141.199298][ T6393] ? is_vmalloc_addr+0x52/0xb0 [ 141.199313][ T6393] ? xfs_rw_bdev+0x277/0x2a0 [ 141.199333][ T6393] xfs_corruption_error+0x122/0x170 [ 141.199356][ T6393] ? xlog_clear_stale_blocks+0x272/0x3c0 [ 141.199383][ T6393] xlog_clear_stale_blocks+0x31b/0x3c0 [ 141.199407][ T6393] ? xlog_clear_stale_blocks+0x272/0x3c0 [ 141.199435][ T6393] xlog_find_tail+0x655/0x840 [ 141.199472][ T6393] xlog_recover+0x4b/0x3e0 [ 141.199509][ T6393] xfs_log_mount+0x253/0x3e0 [ 141.199538][ T6393] xfs_mountfs+0xe5e/0x2330 [ 141.199572][ T6393] ? __pfx_xfs_mountfs+0x10/0x10 [ 141.199600][ T6393] ? trace_xfs_inode_timestamp_range+0x84/0x200 [ 141.199623][ T6393] xfs_fs_fill_super+0x11b3/0x1600 [ 141.199648][ T6393] get_tree_bdev_flags+0x40b/0x4d0 [ 141.199665][ T6393] ? __pfx_xfs_fs_fill_super+0x10/0x10 [ 141.199692][ T6393] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 141.199717][ T6393] vfs_get_tree+0x8f/0x2b0 [ 141.199735][ T6393] do_new_mount+0x24a/0xa40 [ 141.199761][ T6393] __se_sys_mount+0x317/0x410 [ 141.199785][ T6393] ? __pfx___se_sys_mount+0x10/0x10 [ 141.199808][ T6393] ? do_syscall_64+0xbe/0x3b0 [ 141.199821][ T6393] ? __x64_sys_mount+0x20/0xc0 [ 141.199841][ T6393] do_syscall_64+0xfa/0x3b0 [ 141.199854][ T6393] ? lockdep_hardirqs_on+0x9c/0x150 [ 141.199876][ T6393] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.199891][ T6393] ? clear_bhb_loop+0x60/0xb0 [ 141.199910][ T6393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.199925][ T6393] RIP: 0033:0x7f3a4479010a [ 141.199939][ T6393] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.199951][ T6393] RSP: 002b:00007f3a455b1e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 141.199968][ T6393] RAX: ffffffffffffffda RBX: 00007f3a455b1ef0 RCX: 00007f3a4479010a [ 141.199979][ T6393] RDX: 0000200000000800 RSI: 00002000000000c0 RDI: 00007f3a455b1eb0 [ 141.199989][ T6393] RBP: 0000200000000800 R08: 00007f3a455b1ef0 R09: 0000000000000000 [ 141.199999][ T6393] R10: 0000000000000000 R11: 0000000000000246 R12: 00002000000000c0 [ 141.200008][ T6393] R13: 00007f3a455b1eb0 R14: 000000000000b959 R15: 0000200000000080 [ 141.200030][ T6393] [ 141.200037][ T6393] XFS (loop4): Corruption detected. Unmount and run xfs_repair [ 141.464020][ T6393] XFS (loop4): failed to locate log tail [ 141.470453][ T6393] XFS (loop4): log mount/recovery failed: error -117 [ 141.501428][ T6393] XFS (loop4): log mount failed [ 142.176631][ T6409] loop1: detected capacity change from 0 to 512 [ 142.220444][ T6409] EXT4-fs: Ignoring removed nomblk_io_submit option [ 142.343427][ T6412] netlink: 16 bytes leftover after parsing attributes in process `syz.0.113'. [ 142.384928][ T5896] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 142.420718][ T6283] bcachefs: bch2_fs_get_tree() error: ENOMEM_journal_pin_fifo [ 142.595549][ T5896] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 142.611108][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.630007][ T5896] usb 5-1: Product: syz [ 142.641862][ T6409] EXT4-fs: Mount option(s) incompatible with ext2 [ 142.659264][ T5896] usb 5-1: Manufacturer: syz [ 142.872298][ T5896] usb 5-1: SerialNumber: syz [ 142.883131][ T5896] usb 5-1: config 0 descriptor?? [ 143.027473][ T6421] input: syz1 as /devices/virtual/input/input6 [ 143.784703][ T6408] xt_bpf: check failed: parse error [ 143.873301][ T6421] loop0: detected capacity change from 0 to 32768 [ 143.880955][ T6421] XFS: attr2 mount option is deprecated. [ 143.886807][ T6421] xfs: Unknown parameter 'appraise' [ 143.927484][ T5896] usb 5-1: USB disconnect, device number 2 [ 144.142317][ T5208] udevd[5208]: worker [6038] terminated by signal 33 (Unknown signal 33) [ 144.173235][ T5208] udevd[5208]: worker [6038] failed while handling '/devices/virtual/block/loop0' [ 144.402082][ T6423] loop1: detected capacity change from 0 to 32768 [ 144.409618][ T6423] XFS: ikeep mount option is deprecated. [ 144.479694][ T6423] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 144.585092][ T6415] loop2: detected capacity change from 0 to 40427 [ 144.608373][ T6423] XFS (loop1): Ending clean mount [ 144.624484][ T6423] XFS (loop1): Quotacheck needed: Please wait. [ 144.628948][ T5208] udevd[5208]: worker [6167] terminated by signal 33 (Unknown signal 33) [ 144.674278][ T6423] XFS (loop1): Quotacheck: Done. [ 144.676151][ T5208] udevd[5208]: worker [6167] failed while handling '/devices/virtual/block/loop1' [ 145.013119][ T6004] udevd[6004]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 145.551623][ T5840] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 146.172531][ T6450] loop3: detected capacity change from 0 to 16 [ 146.217195][ T6450] erofs: Unknown parameter '384) [ 146.217195][ T6450] driver : x962(ecdsa-nist-p384-generic) [ 146.217195][ T6450] module :./file3' [ 146.613806][ T6452] loop0: detected capacity change from 0 to 4096 [ 146.639927][ T6456] loop4: detected capacity change from 0 to 512 [ 146.761428][ T6458] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 147.336121][ T30] audit: type=1800 audit(1748706318.150:5): pid=6461 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.122" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 147.383515][ T6456] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.123: bad orphan inode 13 [ 147.448029][ T6456] ext4_test_bit(bit=12, block=4) = 1 [ 147.453382][ T6456] is_bad_inode(inode)=0 [ 147.523880][ T6456] NEXT_ORPHAN(inode)=0 [ 147.543105][ T6456] max_ino=32 [ 147.557481][ T6456] i_nlink=1 [ 147.601816][ T6456] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.817102][ T6456] EXT4-fs warning (device loop4): dx_probe:801: inode #2: comm syz.4.123: Unrecognised inode hash code 20 [ 147.828512][ T6456] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.123: Corrupt directory, running e2fsck is recommended [ 147.899344][ T5855] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.940710][ T6467] kvm: user requested TSC rate below hardware speed [ 148.420221][ T6478] netlink: 'syz.0.128': attribute type 12 has an invalid length. [ 151.367236][ T6509] sctp: [Deprecated]: syz.2.137 (pid 6509) Use of int in maxseg socket option. [ 151.367236][ T6509] Use struct sctp_assoc_value instead [ 151.627043][ T6514] loop2: detected capacity change from 0 to 64 [ 151.667689][ T6514] netlink: 'syz.2.139': attribute type 32 has an invalid length. [ 151.691270][ T6514] netlink: 36 bytes leftover after parsing attributes in process `syz.2.139'. [ 151.819065][ T6516] loop0: detected capacity change from 0 to 4096 [ 151.992736][ T6504] loop4: detected capacity change from 0 to 131072 [ 152.002398][ T6504] F2FS-fs (loop4): Invalid segment/section count (31, 24 x 150994945) [ 152.010737][ T6504] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 152.027906][ T6504] F2FS-fs (loop4): invalid crc value [ 152.081777][ T6521] loop2: detected capacity change from 0 to 64 [ 152.190862][ T6504] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 152.198850][ T6504] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 152.282795][ T6521] hfs: unable to load codepage "Ðso8879-13" [ 152.475346][ T6528] Zero length message leads to an empty skb [ 153.396994][ T6536] loop2: detected capacity change from 0 to 512 [ 153.552016][ T6536] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 153.565509][ T6538] loop0: detected capacity change from 0 to 2048 [ 153.577025][ T6538] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 153.709520][ T6536] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 153.802084][ T6545] loop3: detected capacity change from 0 to 2048 [ 153.824814][ T6547] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 153.863368][ T6548] netlink: 'syz.4.143': attribute type 10 has an invalid length. [ 153.890446][ T6545] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 153.910935][ T6548] netlink: 28 bytes leftover after parsing attributes in process `syz.4.143'. [ 153.923452][ T6538] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 153.923549][ T6543] loop1: detected capacity change from 0 to 32768 [ 153.948385][ T6543] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.148 (6543) [ 153.974355][ T6548] netlink: 20 bytes leftover after parsing attributes in process `syz.4.143'. [ 153.985740][ T6538] NILFS error (device loop0): nilfs_bmap_last_key: broken bmap (inode number=16) [ 154.005488][ T6543] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 154.015781][ T6543] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 154.107081][ T6538] Remounting filesystem read-only [ 154.112307][ T6538] NILFS (loop0): error -5 truncating bmap (ino=16) [ 154.122908][ T6538] syz.0.147: attempt to access beyond end of device [ 154.122908][ T6538] loop0: rw=0, sector=262216, nr_sectors = 2 limit=2048 [ 154.139637][ T6557] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 154.157226][ T6538] NILFS (loop0): I/O error reading meta-data file (ino=6, block-offset=1) [ 154.279824][ T6543] BTRFS info (device loop1): rebuilding free space tree [ 154.309358][ T6543] BTRFS info (device loop1): disabling free space tree [ 154.319701][ T6543] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 154.331166][ T6543] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 154.387141][ T6568] NILFS (loop3): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 154.419027][ T5837] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 154.433840][ T6568] NILFS error (device loop3): nilfs_bmap_last_key: broken bmap (inode number=16) [ 154.750546][ T6568] Remounting filesystem read-only [ 155.510932][ T6568] NILFS (loop3): error -5 truncating bmap (ino=16) [ 155.548583][ T6573] BTRFS info (device loop1): balance: start -sprofiles=raid1c4,limit=10376293524281753602,limit=2..2415919100 [ 155.562928][ T6573] BTRFS info (device loop1): balance: ended with status: 0 [ 156.127915][ T6568] syz.3.149: attempt to access beyond end of device [ 156.127915][ T6568] loop3: rw=0, sector=262216, nr_sectors = 2 limit=2048 [ 156.146236][ T5840] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 156.219813][ T6568] NILFS (loop3): I/O error reading meta-data file (ino=6, block-offset=1) [ 156.358597][ T5838] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 156.724193][ T5836] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.541114][ T6606] loop3: detected capacity change from 0 to 2048 [ 158.613812][ T6606] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 158.798063][ T6614] loop1: detected capacity change from 0 to 128 [ 158.909025][ T6614] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 158.995405][ T6613] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 159.343832][ T6606] NILFS (loop3): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 159.437115][ T6617] loop8: detected capacity change from 0 to 7 [ 159.443811][ T6606] NILFS error (device loop3): nilfs_bmap_last_key: broken bmap (inode number=16) [ 159.496774][ T6617] Dev loop8: unable to read RDB block 7 [ 159.502489][ T6617] loop8: unable to read partition table [ 159.518826][ T6617] loop8: partition table beyond EOD, truncated [ 159.560116][ T6606] Remounting filesystem read-only [ 159.572562][ T6617] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 159.618736][ T6606] NILFS (loop3): error -5 truncating bmap (ino=16) [ 159.629084][ T6620] loop6: detected capacity change from 0 to 7 [ 159.651334][ T6620] Dev loop6: unable to read RDB block 7 [ 159.673116][ T6606] syz.3.161: attempt to access beyond end of device [ 159.673116][ T6606] loop3: rw=0, sector=262216, nr_sectors = 2 limit=2048 [ 159.757631][ T6620] loop6: AHDI p1 p2 p3 [ 159.761870][ T6620] loop6: partition table partially beyond EOD, truncated [ 159.892335][ T6606] NILFS (loop3): I/O error reading meta-data file (ino=6, block-offset=1) [ 159.921565][ T6620] loop6: p1 start 926365495 is beyond EOD, truncated [ 160.903977][ T6620] loop6: p2 size 116 extends beyond EOD, truncated [ 160.962276][ T6622] loop0: detected capacity change from 0 to 4096 [ 161.106669][ T5838] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 161.139894][ T6633] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 161.161253][ T6442] udevd[6442]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 161.183292][ T6622] syz.0.166: attempt to access beyond end of device [ 161.183292][ T6622] loop0: rw=524288, sector=2097320, nr_sectors = 8 limit=4096 [ 161.234091][ T6635] loop4: detected capacity change from 0 to 256 [ 161.306673][ T6622] syz.0.166: attempt to access beyond end of device [ 161.306673][ T6622] loop0: rw=0, sector=2097320, nr_sectors = 8 limit=4096 [ 161.388856][ T30] audit: type=1800 audit(1748706332.210:6): pid=6622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.166" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 161.414978][ T6637] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001) [ 161.422990][ T6637] FAT-fs (loop4): Filesystem has been set read-only [ 162.018035][ T6648] loop2: detected capacity change from 0 to 32768 [ 162.035812][ T6648] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.175 (6648) [ 162.067715][ T6648] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 162.078355][ T6648] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 162.317135][ T6648] BTRFS info (device loop2): rebuilding free space tree [ 162.356256][ T6648] BTRFS info (device loop2): disabling free space tree [ 162.364943][ T6648] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 162.374749][ T6648] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 163.317792][ T5836] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 163.850047][ T6642] loop3: detected capacity change from 0 to 32768 [ 163.864889][ T6685] loop8: detected capacity change from 0 to 7 [ 163.897161][ T6642] XFS: noikeep mount option is deprecated. [ 164.003911][ T6685] Dev loop8: unable to read RDB block 7 [ 164.009570][ T6685] loop8: unable to read partition table [ 164.103948][ T6685] loop8: partition table beyond EOD, truncated [ 164.165555][ T6642] XFS (loop3): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 164.173718][ T6685] loop_reread_partitions: partition scan of loop8 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¬âÐû [ 164.173718][ T6685] ) failed (rc=-5) [ 164.410125][ T6642] XFS (loop3): AIL initialisation failed: error -12 [ 164.560847][ T6673] loop0: detected capacity change from 0 to 128 [ 164.698535][ T6642] XFS (loop3): log mount failed [ 164.823479][ T6673] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 165.426293][ T6680] loop4: detected capacity change from 0 to 32768 [ 165.445117][ T6699] loop1: detected capacity change from 0 to 2048 [ 165.497797][ T6680] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.178 (6680) [ 165.545058][ T6699] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 165.579048][ T6680] BTRFS info (device loop4 state S): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 165.642951][ T6680] BTRFS info (device loop4 state S): using blake2b (blake2b-256-generic) checksum algorithm [ 165.643695][ T6707] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 165.753923][ T6680] BTRFS info (device loop4 state S): using free-space-tree [ 165.809654][ T6699] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 165.888795][ T6699] NILFS error (device loop1): nilfs_bmap_last_key: broken bmap (inode number=16) [ 166.040711][ T6699] Remounting filesystem read-only [ 166.126196][ T6699] NILFS (loop1): error -5 truncating bmap (ino=16) [ 166.171495][ T6699] syz.1.180: attempt to access beyond end of device [ 166.171495][ T6699] loop1: rw=0, sector=262216, nr_sectors = 2 limit=2048 [ 166.207268][ T6699] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=1) [ 166.442987][ T6733] loop2: detected capacity change from 0 to 32768 [ 166.480837][ T6733] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.187 (6733) [ 166.523580][ T6734] loop0: detected capacity change from 0 to 2048 [ 166.535747][ T6733] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 166.548504][ T6733] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 166.580287][ T5840] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 166.621386][ T5855] BTRFS info (device loop4 state S): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 166.675640][ T6744] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 166.741095][ T30] audit: type=1800 audit(1748706337.560:7): pid=6734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.186" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 167.151292][ T6752] bridge1: entered promiscuous mode [ 167.188257][ T6733] BTRFS info (device loop2): rebuilding free space tree [ 167.278029][ T6733] BTRFS info (device loop2): disabling free space tree [ 167.285089][ T6733] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 167.288263][ T6752] bridge1: entered allmulticast mode [ 167.294962][ T6733] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 167.300493][ T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 167.490995][ T6752] team0: Port device bridge1 added [ 167.602733][ T9] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 5 [ 167.807140][ T6759] bridge2: entered promiscuous mode [ 167.812390][ T6759] bridge2: entered allmulticast mode [ 168.392136][ T9] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 168.406882][ T5836] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 168.421851][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.448886][ T6759] team0: Port device bridge2 added [ 168.514599][ T9] usb 1-1: Product: syz [ 168.518853][ T9] usb 1-1: Manufacturer: syz [ 168.543846][ T9] usb 1-1: SerialNumber: syz [ 168.551673][ T9] usb 1-1: config 0 descriptor?? [ 168.590896][ T6769] loop6: detected capacity change from 0 to 7 [ 168.607749][ T6769] Dev loop6: unable to read RDB block 7 [ 168.637389][ T6769] loop6: AHDI p1 p2 p3 [ 168.641664][ T6769] loop6: partition table partially beyond EOD, truncated [ 168.651996][ T6769] loop6: p1 start 926365495 is beyond EOD, truncated [ 168.670616][ T6769] loop6: p2 size 116 extends beyond EOD, truncated [ 168.898292][ T5975] udevd[5975]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 169.096738][ T2155] usb 1-1: USB disconnect, device number 7 [ 169.335825][ T6781] netlink: 'syz.1.196': attribute type 1 has an invalid length. [ 169.377912][ T6779] loop8: detected capacity change from 0 to 7 [ 169.421723][ T6779] Dev loop8: unable to read RDB block 7 [ 169.438765][ T6779] loop8: unable to read partition table [ 169.450266][ T6779] loop8: partition table beyond EOD, truncated [ 169.470283][ T6779] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 169.745327][ T6789] loop3: detected capacity change from 0 to 128 [ 169.830822][ T6789] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 170.393319][ T6791] netlink: 248 bytes leftover after parsing attributes in process `syz.2.198'. [ 170.431296][ T6791] netlink: 52 bytes leftover after parsing attributes in process `syz.2.198'. [ 170.500311][ T6781] 8021q: adding VLAN 0 to HW filter on device bond1 [ 170.588781][ T6784] bond1: (slave geneve2): making interface the new active one [ 170.600372][ T6784] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 170.862591][ T6793] loop2: detected capacity change from 0 to 32768 [ 170.896575][ T6793] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.201 (6793) [ 170.936365][ T6785] bond1: entered promiscuous mode [ 170.970669][ T6785] geneve2: entered promiscuous mode [ 171.036543][ T6793] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 171.046801][ T6793] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 171.682330][ T6797] loop0: detected capacity change from 0 to 2048 [ 171.867176][ T6797] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 171.899719][ T6793] BTRFS info (device loop2): rebuilding free space tree [ 171.934568][ T6793] BTRFS info (device loop2): disabling free space tree [ 171.941558][ T6793] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 171.953145][ T6793] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 171.973792][ T6817] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 172.026854][ T6797] NILFS (loop0): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 172.286468][ T6797] NILFS error (device loop0): nilfs_bmap_last_key: broken bmap (inode number=16) [ 174.124261][ T6829] BTRFS info (device loop2): balance: start -sprofiles=raid1c4,limit=10376293524281753602,limit=2..2415919100 [ 174.137725][ T6829] BTRFS info (device loop2): balance: ended with status: 0 [ 174.155177][ T6797] Remounting filesystem read-only [ 174.273144][ T6797] NILFS (loop0): error -5 truncating bmap (ino=16) [ 174.287426][ T6797] syz.0.199: attempt to access beyond end of device [ 174.287426][ T6797] loop0: rw=0, sector=262216, nr_sectors = 2 limit=2048 [ 174.295734][ T5836] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 174.340029][ T6797] NILFS (loop0): I/O error reading meta-data file (ino=6, block-offset=1) [ 174.496362][ T6840] loop3: detected capacity change from 0 to 64 [ 174.580532][ T5837] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 174.657028][ T6843] netlink: 104 bytes leftover after parsing attributes in process `syz.2.207'. [ 174.671070][ T6840] hfs: request for non-existent node -129 in B*Tree [ 174.713492][ T6840] hfs: request for non-existent node -129 in B*Tree [ 174.787730][ T6847] binder_alloc: 6844: binder_alloc_buf size 64832 failed, no address space [ 174.841380][ T6847] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 12280 (num: 1 largest: 12280) [ 174.965252][ T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 175.840211][ T6857] loop2: detected capacity change from 0 to 128 [ 175.873189][ T24] usb 4-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 175.948709][ T6857] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 176.149590][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 176.194173][ T24] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 176.333742][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 176.341798][ T24] usb 4-1: SerialNumber: syz [ 176.540239][ T6863] loop4: detected capacity change from 0 to 512 [ 176.607859][ T6863] ext3: Unknown parameter 'smackfsdef' [ 176.692449][ T2155] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 176.745741][ T6867] loop2: detected capacity change from 0 to 1024 [ 176.807295][ T6867] EXT4-fs: inline encryption not supported [ 176.850994][ T24] usb 4-1: 0:2 : does not exist [ 176.872265][ T6867] EXT4-fs: Ignoring removed nomblk_io_submit option [ 176.908342][ T2155] usb 1-1: config 0 has no interfaces? [ 176.954113][ T2155] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 177.002748][ T2155] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.032982][ T6867] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.055871][ T2155] usb 1-1: Product: syz [ 177.060103][ T2155] usb 1-1: Manufacturer: syz [ 177.084024][ T24] usb 4-1: USB disconnect, device number 4 [ 177.095609][ T2155] usb 1-1: SerialNumber: syz [ 177.133495][ T2155] usb 1-1: config 0 descriptor?? [ 177.165174][ T6867] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.215: Allocating blocks 497-513 which overlap fs metadata [ 177.247478][ T6442] udevd[6442]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 177.280206][ T6867] EXT4-fs (loop2): pa ffff888022f363a0: logic 16, phys. 145, len 23 [ 177.288853][ T6867] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 177.464283][ T6867] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28 [ 177.487006][ T6860] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.522717][ T6867] EXT4-fs (loop2): This should not happen!! Data will be lost [ 177.522717][ T6867] [ 177.573795][ T6867] EXT4-fs (loop2): Total free blocks count 0 [ 177.599039][ T24] usb 1-1: USB disconnect, device number 8 [ 177.623689][ T6867] EXT4-fs (loop2): Free/Dirty block details [ 177.629658][ T6867] EXT4-fs (loop2): free_blocks=16 [ 177.661456][ T6867] EXT4-fs (loop2): dirty_blocks=0 [ 177.696723][ T6867] EXT4-fs (loop2): Block reservation details [ 177.705051][ T6867] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 177.745447][ T6877] netlink: 16 bytes leftover after parsing attributes in process `syz.3.216'. [ 178.185450][ T6881] loop2: detected capacity change from 0 to 32768 [ 178.362456][ T6881] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.217 (6881) [ 178.472758][ T6881] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 178.483039][ T6881] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 178.960152][ T6881] BTRFS info (device loop2): rebuilding free space tree [ 178.972300][ T6881] BTRFS info (device loop2): disabling free space tree [ 178.979391][ T6881] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 178.989121][ T6881] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 179.193797][ T2155] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 179.415277][ T6906] BTRFS info (device loop2): balance: start -sprofiles=raid1c4,limit=10376293524281753602,limit=2..2415919100 [ 179.427728][ T6906] BTRFS info (device loop2): balance: ended with status: 0 [ 179.960557][ T5836] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 180.080538][ T2155] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 180.098133][ T2155] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.113319][ T2155] usb 2-1: Product: syz [ 180.118501][ T2155] usb 2-1: Manufacturer: syz [ 180.123142][ T2155] usb 2-1: SerialNumber: syz [ 180.137389][ T2155] usb 2-1: config 0 descriptor?? [ 180.679231][ T9] usb 2-1: USB disconnect, device number 3 [ 180.791945][ T6895] loop0: detected capacity change from 0 to 32768 [ 180.943843][ T880] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 180.966101][ T6895] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 181.136994][ T880] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 24, changing to 7 [ 181.157224][ T880] usb 4-1: config 1 interface 1 has no altsetting 0 [ 181.222113][ T880] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 181.523726][ T880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.531810][ T880] usb 4-1: Product: 宮䌖⸄夞顯è±éã–¦í‰ã€¿á˜¦ä–­ç¸ŽãˆŒè’·ëª…î—¼å§ë¦¸éŒ’눡ê—똿㮳㚵둸è´æ’§è»‡å¦µæ¬·ã¯´ìŸ¼â‚³ç•Žê¢ˆê¼ á‚ªáˆ’ᱰꑤ㋪䋵콌⃃â™ê¼ªî„µé¬±ë‚½çƒ‰ìŠ¼Â©ì°ˆâ¿‘哯闽肅継혋贈艥ᣙ췰æ†îŽ‡á©¾ë¥¼å·é¥ˆé–¯ã©’짜놖á­ëª‡î•ìµ£ã•ï­ä˜¥ç­™æ¿ç„姖缹鵙é¿ï¥¯â¸œäŒ¯ëº‰á·á‘“Բ摵⺅汽僳嘼庮孊ã î­¥î¢­êžç»Šïµ‰ê«€ï„…ᓊ䑶烔쓌 [ 181.760958][ T880] usb 4-1: Manufacturer: 䑘嵸呑眽駠糜旔î±æ®šï‘…î”â‹îº•í„žî£¾î¡à¨›á…£ì¬ á€¿ç™ªìµ‘痖樈櫲⣦êŒç¦¸á®ží‰¡í›‰æ®“é•åµ¨á·œé­‰î¯–䙫ᯫ뻱貗⤣ヅㇷ쟻橸罿柲蕅剑̎ê¥ê¹¾à³·á«‹å’»à¤›ì¦›ä¨†ï¶ì‰å‘‘ [ 181.845777][ T6895] XFS (loop0): Ending clean mount [ 181.951969][ T6895] XFS (loop0): Quotacheck needed: Please wait. [ 181.963172][ T880] usb 4-1: SerialNumber: ÑŠ [ 182.152716][ T6895] XFS (loop0): Quotacheck: Done. [ 182.166174][ T6943] loop1: detected capacity change from 0 to 4096 [ 182.283495][ T6947] loop4: detected capacity change from 0 to 4096 [ 182.317531][ T5837] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 182.332623][ T6951] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 182.402954][ T30] audit: type=1800 audit(1748706353.190:8): pid=6943 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.228" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 182.521015][ T6947] loop4: detected capacity change from 0 to 2048 [ 182.601317][ T880] usb 4-1: 2:1 : unknown format tag 0x4 is detected. processed as MPEG. [ 182.622551][ T880] usb 4-1: found format II with max.bitrate = 0, frame size=65531 [ 182.636396][ T880] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 182.767065][ T880] usb 4-1: USB disconnect, device number 5 [ 183.004544][ T6004] udevd[6004]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 183.487951][ T6961] loop4: detected capacity change from 0 to 32768 [ 183.497154][ T6961] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.232 (6961) [ 183.520864][ T6961] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 183.531175][ T6961] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 183.572924][ T6965] 9pnet: p9_errstr2errno: server reported unknown error @þLì²¼ O€!ÝëL›+ [ 183.681019][ T6961] BTRFS info (device loop4): rebuilding free space tree [ 183.699906][ T6961] BTRFS info (device loop4): disabling free space tree [ 183.707151][ T6961] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 183.717006][ T6961] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 183.983847][ T880] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 184.198572][ T6990] BTRFS info (device loop4): balance: start -sprofiles=raid1c4,limit=10376293524281753602,limit=2..2415919100 [ 184.211272][ T6990] BTRFS info (device loop4): balance: ended with status: 0 [ 184.733119][ T5855] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 184.754948][ T880] usb 4-1: Using ep0 maxpacket: 8 [ 184.956399][ T880] usb 4-1: config 13 has no interfaces? [ 184.978810][ T880] usb 4-1: New USB device found, idVendor=1bc7, idProduct=9200, bcdDevice=be.d6 [ 185.015496][ T880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.191776][ T880] usb 4-1: Product: syz [ 185.199915][ T880] usb 4-1: Manufacturer: syz [ 185.208624][ T880] usb 4-1: SerialNumber: syz [ 186.264997][ T880] usb 4-1: USB disconnect, device number 6 [ 186.271528][ T7000] loop1: detected capacity change from 0 to 2048 [ 186.321764][ T7000] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 186.430632][ T7005] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 186.470018][ T7000] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 186.549519][ T7000] NILFS error (device loop1): nilfs_bmap_last_key: broken bmap (inode number=16) [ 186.585800][ T7000] Remounting filesystem read-only [ 186.590936][ T7000] NILFS (loop1): error -5 truncating bmap (ino=16) [ 186.604192][ T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 186.640415][ T7000] syz.1.238: attempt to access beyond end of device [ 186.640415][ T7000] loop1: rw=0, sector=262216, nr_sectors = 2 limit=2048 [ 186.666568][ T7000] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=1) [ 186.792965][ T5840] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 186.845018][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 186.885183][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 186.944243][ T9] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 186.953341][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 186.980036][ T7021] loop4: detected capacity change from 0 to 64 [ 187.009915][ T9] usb 1-1: SerialNumber: syz [ 187.036063][ T7025] loop3: detected capacity change from 0 to 64 [ 187.048504][ T7021] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 187.069990][ T7028] loop1: detected capacity change from 0 to 64 [ 187.088912][ T7025] hfs: invalid btree extent records [ 187.128689][ T7020] minix: Unknown parameter 'H' [ 187.142799][ T7025] hfs: unable to open extent tree [ 187.147999][ T7028] netlink: 'syz.1.242': attribute type 32 has an invalid length. [ 187.148038][ T7028] netlink: 36 bytes leftover after parsing attributes in process `syz.1.242'. [ 187.183930][ T7025] hfs: can't find a HFS filesystem on dev loop3 [ 187.309173][ T9] usb 1-1: skipping empty audio interface (v1) [ 187.528472][ T9] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 187.618502][ T9] usb 1-1: USB disconnect, device number 9 [ 187.806630][ T7039] loop4: detected capacity change from 0 to 2048 [ 188.042585][ T7046] loop1: detected capacity change from 0 to 128 [ 188.073955][ T7039] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 188.992779][ T7046] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 189.367779][ T6442] udevd[6442]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 189.516306][ T7050] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 189.625286][ T7039] NILFS (loop4): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 189.668598][ T7039] NILFS error (device loop4): nilfs_bmap_last_key: broken bmap (inode number=16) [ 189.683577][ T7055] binder: BINDER_SET_CONTEXT_MGR already set [ 189.693333][ T7055] binder: 7054:7055 ioctl 4018620d 200000000040 returned -16 [ 189.733841][ T7039] Remounting filesystem read-only [ 189.804969][ T7039] NILFS (loop4): error -5 truncating bmap (ino=16) [ 189.871338][ T7039] syz.4.247: attempt to access beyond end of device [ 189.871338][ T7039] loop4: rw=0, sector=262216, nr_sectors = 2 limit=2048 [ 190.093735][ T880] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 190.145813][ T7039] NILFS (loop4): I/O error reading meta-data file (ino=6, block-offset=1) [ 190.218772][ T7063] loop8: detected capacity change from 0 to 7 [ 190.268525][ T7063] Dev loop8: unable to read RDB block 7 [ 190.293900][ T880] usb 2-1: device descriptor read/64, error -71 [ 190.343805][ T7063] loop8: unable to read partition table [ 190.426035][ T7063] loop8: partition table beyond EOD, truncated [ 190.476927][ T7063] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 190.564176][ T880] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 190.791915][ T880] usb 2-1: device descriptor read/64, error -71 [ 190.818752][ T7074] loop0: detected capacity change from 0 to 512 [ 190.891123][ T7074] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 190.914411][ T5855] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 190.943894][ T880] usb usb2-port1: attempt power cycle [ 190.966281][ T7077] loop3: detected capacity change from 0 to 2048 [ 191.005905][ T7074] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 191.031690][ T7077] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 191.069029][ T7074] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 191.145701][ T7074] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 191.146553][ T7082] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 191.184286][ T7074] EXT4-fs (loop0): 1 truncate cleaned up [ 191.191752][ T7074] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.223121][ T7077] NILFS (loop3): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 191.251175][ T7077] NILFS error (device loop3): nilfs_bmap_last_key: broken bmap (inode number=16) [ 191.329654][ T7077] Remounting filesystem read-only [ 191.336378][ T7077] NILFS (loop3): error -5 truncating bmap (ino=16) [ 191.355655][ T880] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 191.375472][ T7077] syz.3.253: attempt to access beyond end of device [ 191.375472][ T7077] loop3: rw=0, sector=262216, nr_sectors = 2 limit=2048 [ 191.399564][ T880] usb 2-1: device descriptor read/8, error -71 [ 191.408750][ T7077] NILFS (loop3): I/O error reading meta-data file (ino=6, block-offset=1) [ 191.938093][ T880] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 191.994662][ T880] usb 2-1: device descriptor read/8, error -71 [ 192.034903][ T5838] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 192.086473][ T5837] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.110236][ T880] usb usb2-port1: unable to enumerate USB device [ 192.679095][ T7109] netlink: 'syz.3.264': attribute type 3 has an invalid length. [ 192.687492][ T7109] netlink: 132 bytes leftover after parsing attributes in process `syz.3.264'. [ 193.275992][ T7087] loop4: detected capacity change from 0 to 32768 [ 193.356132][ T30] audit: type=1800 audit(1748706364.180:9): pid=7103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.0.263" name="/" dev="sockfs" ino=10025 res=0 errno=0 [ 193.540631][ T7114] tipc: Failed to remove unknown binding: 66,1,1/0:2007083354/2007083356 [ 193.646034][ T7119] process 'syz.1.266' launched './file1' with NULL argv: empty string added [ 193.921002][ T1343] Bluetooth: hci5: Frame reassembly failed (-84) [ 194.222253][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.228671][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.410052][ T7087] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,promote_target=invalid device 15,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 194.410052][ T7087] allowing incompatible features above 0.0: (unknown version) [ 194.410052][ T7087] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 194.550156][ T7087] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 194.560628][ T7087] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 194.569721][ T7087] bcachefs (loop4): Version upgrade required: [ 194.569721][ T7087] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 194.569721][ T7087] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 194.569721][ T7087] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 194.682865][ T7124] netlink: 'syz.3.268': attribute type 10 has an invalid length. [ 194.695567][ T7124] team0: Device hsr_slave_0 failed to register rx_handler [ 194.736944][ T7087] bcachefs (loop4): dropping and reconstructing all alloc info [ 194.758515][ T7124] syz.3.268 (7124) used greatest stack depth: 19960 bytes left [ 194.778137][ T7087] warn_alloc: 1 callbacks suppressed [ 194.778155][ T7087] syz.4.257: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 194.848593][ T7125] netlink: 'syz.0.267': attribute type 2 has an invalid length. [ 194.856567][ T7125] netlink: 723 bytes leftover after parsing attributes in process `syz.0.267'. [ 195.160151][ T7087] CPU: 1 UID: 0 PID: 7087 Comm: syz.4.257 Not tainted 6.15.0-next-20250530-syzkaller #0 PREEMPT(full) [ 195.160182][ T7087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 195.160195][ T7087] Call Trace: [ 195.160204][ T7087] [ 195.160214][ T7087] dump_stack_lvl+0x189/0x250 [ 195.160258][ T7087] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.160279][ T7087] ? __pfx__printk+0x10/0x10 [ 195.160304][ T7087] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 195.160330][ T7087] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 195.160358][ T7087] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 195.160387][ T7087] warn_alloc+0x214/0x310 [ 195.160421][ T7087] ? __pfx_warn_alloc+0x10/0x10 [ 195.160458][ T7087] ? __get_vm_area_node+0x28f/0x300 [ 195.160497][ T7087] ? bch2_fs_journal_start+0x480/0x1500 [ 195.160533][ T7087] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 195.160589][ T7087] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 195.160620][ T7087] ? rcu_is_watching+0x15/0xb0 [ 195.160649][ T7087] ? bch2_fs_journal_start+0x480/0x1500 [ 195.160675][ T7087] ? bch2_fs_journal_start+0x480/0x1500 [ 195.160699][ T7087] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 195.160725][ T7087] ? bch2_fs_journal_start+0x480/0x1500 [ 195.160760][ T7087] bch2_fs_journal_start+0x480/0x1500 [ 195.160805][ T7087] ? bch2_journal_log_msg+0xd9/0x120 [ 195.160841][ T7087] ? __pfx_bch2_fs_journal_start+0x10/0x10 [ 195.160869][ T7087] ? __pfx_bch2_journal_log_msg+0x10/0x10 [ 195.160903][ T7087] ? bch2_reconstruct_alloc+0x32b/0x360 [ 195.160944][ T7087] bch2_fs_recovery+0x2323/0x3a80 [ 195.160991][ T7087] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 195.161022][ T7087] ? __pfx___console_unlock+0x10/0x10 [ 195.161062][ T7087] ? __lock_acquire+0xab9/0xd20 [ 195.161105][ T7087] ? __lock_acquire+0xab9/0xd20 [ 195.161144][ T7087] ? __lock_acquire+0xab9/0xd20 [ 195.161201][ T7087] ? bch2_fs_start+0x9ea/0xd80 [ 195.161236][ T7087] ? up_write+0x1c4/0x420 [ 195.161263][ T7087] bch2_fs_start+0xa85/0xd80 [ 195.161295][ T7087] ? bch2_fs_start+0x5aa/0xd80 [ 195.161349][ T7087] ? __pfx_bch2_fs_start+0x10/0x10 [ 195.161403][ T7087] ? sget+0x267/0x620 [ 195.161439][ T7087] bch2_fs_get_tree+0xbfc/0x15f0 [ 195.161501][ T7087] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 195.161557][ T7087] ? aa_get_newest_label+0xf7/0x5d0 [ 195.161582][ T7087] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 195.161623][ T7087] ? apparmor_capable+0x137/0x1b0 [ 195.161672][ T7087] vfs_get_tree+0x8f/0x2b0 [ 195.161699][ T7087] do_new_mount+0x24a/0xa40 [ 195.161736][ T7087] __se_sys_mount+0x317/0x410 [ 195.161770][ T7087] ? __pfx___se_sys_mount+0x10/0x10 [ 195.161803][ T7087] ? do_syscall_64+0xbe/0x3b0 [ 195.161822][ T7087] ? __x64_sys_mount+0x20/0xc0 [ 195.161852][ T7087] do_syscall_64+0xfa/0x3b0 [ 195.161870][ T7087] ? lockdep_hardirqs_on+0x9c/0x150 [ 195.161900][ T7087] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.161922][ T7087] ? clear_bhb_loop+0x60/0xb0 [ 195.161948][ T7087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.161969][ T7087] RIP: 0033:0x7f3a4479010a [ 195.161996][ T7087] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.162014][ T7087] RSP: 002b:00007f3a455b1e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 195.162037][ T7087] RAX: ffffffffffffffda RBX: 00007f3a455b1ef0 RCX: 00007f3a4479010a [ 195.162053][ T7087] RDX: 00002000000000c0 RSI: 0000200000000180 RDI: 00007f3a455b1eb0 [ 195.162069][ T7087] RBP: 00002000000000c0 R08: 00007f3a455b1ef0 R09: 0000000000800000 [ 195.162083][ T7087] R10: 0000000000800000 R11: 0000000000000246 R12: 0000200000000180 [ 195.162098][ T7087] R13: 00007f3a455b1eb0 R14: 000000000000593d R15: 0000200000000480 [ 195.162131][ T7087] [ 195.733806][ T7087] Mem-Info: [ 195.773825][ T7087] active_anon:13193 inactive_anon:0 isolated_anon:0 [ 195.773825][ T7087] active_file:10448 inactive_file:39988 isolated_file:0 [ 195.773825][ T7087] unevictable:768 dirty:55 writeback:0 [ 195.773825][ T7087] slab_reclaimable:10365 slab_unreclaimable:100329 [ 195.773825][ T7087] mapped:35208 shmem:8331 pagetables:1218 [ 195.773825][ T7087] sec_pagetables:0 bounce:0 [ 195.773825][ T7087] kernel_misc_reclaimable:0 [ 195.773825][ T7087] free:1313115 free_pcp:13563 free_cma:0 [ 195.854693][ T7087] Node 0 active_anon:51140kB inactive_anon:0kB active_file:41792kB inactive_file:159752kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:136624kB dirty:228kB writeback:0kB shmem:31788kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11248kB pagetables:4756kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 195.888426][ T7087] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 195.931174][ T7087] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 195.933433][ T5158] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 195.962954][ T5848] Bluetooth: hci5: command 0x1003 tx timeout [ 196.105781][ T7087] lowmem_reserve[]: 0 2501 2502 2502 2502 [ 196.138703][ T7087] Node 0 DMA32 free:1349212kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39496kB inactive_anon:0kB active_file:41792kB inactive_file:157912kB unevictable:1536kB writepending:228kB present:3129332kB managed:2561044kB mlocked:0kB bounce:0kB free_pcp:37728kB local_pcp:18672kB free_cma:0kB [ 196.268338][ T7087] lowmem_reserve[]: 0 0 1 1 1 [ 196.297872][ T7087] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1840kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:4kB free_cma:0kB [ 196.467476][ T7087] lowmem_reserve[]: 0 0 0 0 0 [ 196.586492][ T7087] Node 1 Normal free:3902380kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18924kB local_pcp:12456kB free_cma:0kB [ 196.994426][ T7087] lowmem_reserve[]: 0 0 0 0 0 [ 196.999258][ T7087] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 197.012148][ T7087] Node 0 DMA32: 175*4kB (UME) 1206*8kB (UME) 500*16kB (UM) 308*32kB (UM) 477*64kB (UME) 230*128kB (UM) 118*256kB (ME) 52*512kB (M) 30*1024kB (M) 15*2048kB (ME) 279*4096kB (UM) = 1349228kB [ 197.073012][ T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 197.105252][ T7087] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 197.195604][ T7087] Node 1 Normal: 191*4kB (UME) 44*8kB (UME) 35*16kB (UME) 109*32kB (UME) 36*64kB (UME) 7*128kB (UME) 5*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (M) = 3902380kB [ 197.374778][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 197.454299][ T7087] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 197.624050][ T7087] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 197.633845][ T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89 [ 197.657957][ T7087] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 197.679999][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 29706, setting to 64 [ 197.843113][ T7087] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 197.914275][ T7087] 55857 total pagecache pages [ 197.926131][ T9] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 197.936726][ T7087] 0 pages in swap cache [ 197.940921][ T7087] Free swap = 124996kB [ 197.953089][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.993660][ T7087] Total swap = 124996kB [ 197.997964][ T7087] 2097051 pages RAM [ 198.001793][ T7087] 0 pages HighMem/MovableOnly [ 198.001906][ T9] usb 1-1: Product: syz [ 198.030903][ T9] usb 1-1: Manufacturer: syz [ 198.040985][ T9] usb 1-1: SerialNumber: syz [ 198.045874][ T7087] 424684 pages reserved [ 198.076590][ T7087] 0 pages cma reserved [ 198.095027][ T9] usb 1-1: config 0 descriptor?? [ 198.133186][ T7087] bcachefs (loop4): error reallocating journal fifo (32768 open entries) [ 198.337387][ T9] streamzap 1-1:0.0: streamzap_probe: endpoint attributes don't match xfer 0250 [ 198.652130][ T5896] usb 1-1: USB disconnect, device number 10 [ 198.661450][ T7087] bcachefs (loop4): error in recovery: ENOMEM_journal_pin_fifoemergency read only at seq 0 [ 198.717944][ T7087] bcachefs (loop4): bch2_fs_start(): error starting filesystem ENOMEM_journal_pin_fifo [ 198.790554][ T7087] bcachefs (loop4): shutting down [ 198.846791][ T7087] bcachefs (loop4): shutdown complete [ 199.218081][ T7159] netlink: 16 bytes leftover after parsing attributes in process `syz.2.278'. [ 200.917148][ T7177] kernel profiling enabled (shift: 16) [ 201.395352][ T7087] bcachefs: bch2_fs_get_tree() error: ENOMEM_journal_pin_fifo [ 203.329853][ T13] Bluetooth: (null): Invalid header checksum [ 203.403923][ T13] Bluetooth: (null): Invalid header checksum [ 204.476690][ T7220] netlink: 32 bytes leftover after parsing attributes in process `syz.4.293'. [ 205.038418][ T7239] netlink: 76 bytes leftover after parsing attributes in process `syz.0.303'. [ 205.057714][ T7238] usb usb8: usbfs: process 7238 (syz.4.302) did not claim interface 0 before use [ 205.369635][ T7248] lo speed is unknown, defaulting to 1000 [ 205.433679][ T7248] lo speed is unknown, defaulting to 1000 [ 205.461345][ T7248] lo speed is unknown, defaulting to 1000 [ 205.635446][ T7248] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 205.683786][ T7248] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 205.761133][ T7237] syz.3.301 (7237): drop_caches: 2 [ 205.849515][ T7248] lo speed is unknown, defaulting to 1000 [ 205.939152][ T7248] lo speed is unknown, defaulting to 1000 [ 205.981224][ T7248] lo speed is unknown, defaulting to 1000 [ 206.019653][ T7248] lo speed is unknown, defaulting to 1000 [ 206.059019][ T7248] lo speed is unknown, defaulting to 1000 [ 207.188068][ T7278] dummy0: mtu less than device minimum [ 208.968399][ T30] audit: type=1800 audit(1748706379.790:10): pid=7288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.315" name=A0F29C1437B3CFF8C3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=11538 res=0 errno=0 [ 209.413867][ T5848] Bluetooth: hci4: command 0x0405 tx timeout [ 209.484049][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 209.653948][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 209.666319][ T9] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 209.707980][ T9] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.743712][ T9] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 209.769507][ T7308] netlink: 12 bytes leftover after parsing attributes in process `syz.3.325'. [ 209.787546][ T9] usb 2-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 209.828068][ T9] usb 2-1: config 7 interface 0 has no altsetting 0 [ 209.855864][ T9] usb 2-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 209.891564][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.044016][ T7308] veth3: entered promiscuous mode [ 210.063056][ T7308] bridge3: port 1(veth3) entered blocking state [ 210.074735][ T7308] bridge3: port 1(veth3) entered disabled state [ 210.100486][ T7308] veth3: entered allmulticast mode [ 210.697389][ T9] input: HID 0458:5010 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:7.0/0003:0458:5010.0001/input/input7 [ 211.708155][ T5850] Bluetooth: hci4: command 0x0405 tx timeout [ 211.708207][ T5850] Bluetooth: hci2: command 0x0406 tx timeout [ 211.708244][ T5850] Bluetooth: hci0: command 0x0406 tx timeout [ 211.708278][ T5850] Bluetooth: hci3: command 0x0406 tx timeout [ 211.708392][ T5847] Bluetooth: hci1: command 0x0406 tx timeout [ 211.890753][ T7313] delete_channel: no stack [ 212.577115][ T7319] capability: warning: `syz.2.326' uses deprecated v2 capabilities in a way that may be insecure [ 213.242955][ T7325] trusted_key: syz.0.329 sent an empty control message without MSG_MORE. [ 213.805608][ T9] kye 0003:0458:5010.0001: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.1-1/input0 [ 213.939897][ T9] usb 2-1: USB disconnect, device number 8 [ 215.192596][ T7333] fido_id[7333]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 216.808758][ T7365] syzkaller1: entered promiscuous mode [ 216.829434][ T7365] syzkaller1: entered allmulticast mode [ 218.655850][ T7391] netlink: 8 bytes leftover after parsing attributes in process `syz.1.348'. [ 218.665022][ T7391] netlink: 12 bytes leftover after parsing attributes in process `syz.1.348'. [ 220.434936][ T7403] netlink: 136 bytes leftover after parsing attributes in process `syz.3.353'. [ 220.500732][ T7403] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 221.216398][ T5842] Bluetooth: hci1: unexpected event for opcode 0x0062 [ 221.599304][ T7418] netlink: 12 bytes leftover after parsing attributes in process `syz.1.358'. [ 222.272880][ T7422] netlink: 12 bytes leftover after parsing attributes in process `syz.4.359'. [ 222.558041][ T7422] 8021q: adding VLAN 0 to HW filter on device bond1 [ 222.701988][ T7427] 8021q: adding VLAN 0 to HW filter on device bond1 [ 222.731385][ T7427] bond1: (slave vti0): The slave device specified does not support setting the MAC address [ 222.783158][ T7427] bond1: (slave vti0): Error -95 calling set_mac_address [ 222.898948][ T7428] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 222.911153][ T7428] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1) [ 222.923893][ T7428] bridge_slave_0: default FDB implementation only supports local addresses [ 223.792224][ T7443] syz_tun: entered allmulticast mode [ 223.813914][ T5848] Bluetooth: hci4: command 0x0405 tx timeout [ 223.863252][ T7441] syz_tun: left allmulticast mode [ 223.876550][ T7446] uprobe: syz.0.367:7446 failed to unregister, leaking uprobe [ 227.057217][ T7466] veth0_vlan: entered allmulticast mode [ 229.057331][ T7505] netlink: 12 bytes leftover after parsing attributes in process `syz.3.379'. [ 229.728212][ C1] sd 0:0:1:0: [sda] tag#4296 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 229.738751][ C1] sd 0:0:1:0: [sda] tag#4296 CDB: Read(6) 08 00 9f d1 fe de [ 230.788483][ T7532] xt_hashlimit: overflow, rate too high: 0 [ 232.189621][ T30] audit: type=1800 audit(1748706403.000:11): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.391" name=A0F29C1437B3CFF8C3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=12823 res=0 errno=0 [ 234.464971][ T7588] netlink: 40 bytes leftover after parsing attributes in process `syz.1.404'. [ 236.301646][ T5898] IPVS: starting estimator thread 0... [ 236.317069][ T7613] input: syz1 as /devices/virtual/input/input8 [ 236.533982][ T7614] IPVS: using max 25 ests per chain, 60000 per kthread [ 237.042576][ T7628] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 240.254343][ T7669] netlink: 24 bytes leftover after parsing attributes in process `syz.0.435'. [ 240.337488][ T5835] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 240.748245][ T5898] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 243.503312][ T5898] usb 1-1: config 0 has an invalid interface number: 237 but max is 0 [ 243.554639][ T5898] usb 1-1: config 0 has no interface number 0 [ 243.571596][ T5898] usb 1-1: config 0 interface 237 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 243.593676][ T5898] usb 1-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 243.608884][ T5898] usb 1-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 243.620062][ T5898] usb 1-1: config 0 interface 237 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 243.670592][ T5898] usb 1-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.b6 [ 243.779083][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.863342][ T5898] usb 1-1: Product: syz [ 243.914062][ T5898] usb 1-1: Manufacturer: syz [ 243.957355][ T5898] usb 1-1: SerialNumber: syz [ 244.241401][ T5898] usb 1-1: config 0 descriptor?? [ 244.293754][ T5835] usb 2-1: device not accepting address 9, error -71 [ 245.516687][ T5898] xpad 1-1:0.237: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 245.587395][ T5898] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.237/input/input9 [ 245.715605][ T5898] usb 1-1: USB disconnect, device number 11 [ 245.778771][ T5898] xpad 1-1:0.237: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 245.937200][ T7699] netlink: 256 bytes leftover after parsing attributes in process `syz.4.447'. [ 246.231202][ T7706] capability: warning: `syz.4.450' uses 32-bit capabilities (legacy support in use) [ 246.283778][ T5898] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 246.465754][ T5898] usb 1-1: config 0 has no interfaces? [ 246.484342][ T5898] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 246.508310][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.550060][ T5898] usb 1-1: Product: syz [ 246.580389][ T5898] usb 1-1: Manufacturer: syz [ 246.598956][ T5898] usb 1-1: SerialNumber: syz [ 246.642572][ T5898] usb 1-1: config 0 descriptor?? [ 248.160814][ T7732] netlink: 256 bytes leftover after parsing attributes in process `syz.2.459'. [ 248.617051][ T30] audit: type=1326 audit(1748706419.430:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7746 comm="syz.4.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4478e969 code=0x7ffc0000 [ 248.847001][ T30] audit: type=1326 audit(1748706419.670:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7746 comm="syz.4.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f3a4478e969 code=0x7ffc0000 [ 248.954482][ T7754] xt_CT: You must specify a L4 protocol and not use inversions on it [ 249.570906][ T30] audit: type=1326 audit(1748706419.690:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7746 comm="syz.4.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4478e969 code=0x7ffc0000 [ 249.643774][ T30] audit: type=1326 audit(1748706419.690:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7746 comm="syz.4.467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4478e969 code=0x7ffc0000 [ 249.916807][ T7753] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 250.129981][ T5835] usb 1-1: USB disconnect, device number 12 [ 250.130027][ T7763] netlink: 'syz.2.473': attribute type 15 has an invalid length. [ 251.248753][ T7775] netlink: 256 bytes leftover after parsing attributes in process `syz.1.476'. [ 251.684686][ T7782] binder: 7781:7782 ioctl 4018620d 0 returned -22 [ 252.143232][ T7789] binder: 7781:7789 ioctl c0306201 200000000640 returned -22 [ 253.944506][ T7800] Bluetooth: MGMT ver 1.23 [ 254.425220][ T7804] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 255.364661][ T7804] team0: Port device team_slave_1 removed [ 255.634639][ T7832] netlink: 256 bytes leftover after parsing attributes in process `syz.0.492'. [ 255.670902][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.680188][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.533749][ T5898] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 256.731576][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 256.776731][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 256.822627][ T5898] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 256.876195][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.958507][ T5898] usb 2-1: config 0 descriptor?? [ 257.095361][ T5848] Bluetooth: hci5: command 0x1003 tx timeout [ 257.101915][ T5842] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 257.195980][ T7865] netlink: 256 bytes leftover after parsing attributes in process `syz.4.506'. [ 257.246539][ T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 257.348540][ T7869] syz.4.507 uses obsolete (PF_INET,SOCK_PACKET) [ 257.413694][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 257.420860][ T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 257.433257][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 257.457818][ T10] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 257.472563][ T5898] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 257.503693][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.512999][ T10] usb 1-1: Product: syz [ 257.517312][ T5898] cp2112 0003:10C4:EA90.0002: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0 [ 257.544639][ T10] usb 1-1: Manufacturer: syz [ 257.549458][ T10] usb 1-1: SerialNumber: syz [ 257.685409][ T5898] cp2112 0003:10C4:EA90.0002: Part Number: 0x82 Device Version: 0xFE [ 257.766980][ T10] usb 1-1: config 0 descriptor?? [ 258.232649][ T10] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 258.254790][ T10] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 258.311869][ T7855] cp2112 0003:10C4:EA90.0002: Error starting transaction: -38 [ 258.493784][ T5898] cp2112 0003:10C4:EA90.0002: error reading lock byte: -71 [ 258.506644][ T5898] usb 2-1: USB disconnect, device number 11 [ 258.759918][ T10] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 258.767348][ T10] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 259.053124][ T7883] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 260.153184][ T10] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 260.174384][ T10] em28xx 1-1:0.0: No AC97 audio processor [ 260.215042][ T10] usb 1-1: USB disconnect, device number 13 [ 260.222637][ T10] em28xx 1-1:0.0: Disconnecting em28xx [ 260.293339][ T10] em28xx 1-1:0.0: Freeing device [ 260.876426][ T7894] use of bytesused == 0 is deprecated and will be removed in the future, [ 260.885628][ T7894] use the actual size instead. [ 261.426767][ T7894] vivid-000: kernel_thread() failed [ 262.181570][ T7905] netlink: 256 bytes leftover after parsing attributes in process `syz.3.517'. [ 265.595632][ T7931] siw: device registration error -23 [ 266.479844][ T7938] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 266.486747][ T7938] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 266.538354][ T7938] vhci_hcd vhci_hcd.0: Device attached [ 266.979830][ T2155] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 267.267629][ T7940] vhci_hcd: connection reset by peer [ 267.409693][ T1114] vhci_hcd: stop threads [ 267.482449][ T1114] vhci_hcd: release socket [ 267.561017][ T1114] vhci_hcd: disconnect device [ 269.631401][ T7968] netlink: 284 bytes leftover after parsing attributes in process `syz.3.538'. [ 269.774449][ T5898] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 269.980365][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 270.077209][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.189465][ T5898] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 270.329896][ T5898] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 270.410710][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.681624][ T5898] usb 5-1: config 0 descriptor?? [ 271.182358][ T5898] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 271.209493][ T5898] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 271.449631][ T43] usb 5-1: USB disconnect, device number 3 [ 271.516129][ T7987] fido_id[7987]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 272.853160][ T2155] vhci_hcd: vhci_device speed not set [ 273.881020][ T8003] mmap: syz.1.550 (8003) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 274.468371][ T5848] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 274.478974][ T5848] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 274.491372][ T5848] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 274.504187][ T5848] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 274.511956][ T8000] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 274.645296][ T5848] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 274.818535][ T8004] lo speed is unknown, defaulting to 1000 [ 275.109521][ T8016] netlink: 164 bytes leftover after parsing attributes in process `syz.1.555'. [ 275.470984][ T8014] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 276.703880][ T5848] Bluetooth: hci5: command tx timeout [ 276.900050][ T8038] syz.1.561: attempt to access beyond end of device [ 276.900050][ T8038] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 276.914305][ T8038] FAT-fs (loop1): unable to read boot sector [ 276.941157][ T8038] netlink: 20 bytes leftover after parsing attributes in process `syz.1.561'. [ 277.902482][ T8042] input: syz1 as /devices/virtual/input/input10 [ 278.381248][ T8004] chnl_net:caif_netlink_parms(): no params data found [ 278.774816][ T5848] Bluetooth: hci5: command tx timeout [ 279.182991][ T8068] overlay: Unknown parameter 'smackfstransmute' [ 280.648557][ T8004] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.744813][ T8004] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.752197][ T8004] bridge_slave_0: entered allmulticast mode [ 280.863680][ T5848] Bluetooth: hci5: command tx timeout [ 280.966503][ T8004] bridge_slave_0: entered promiscuous mode [ 280.976936][ T8004] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.984228][ T8004] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.991521][ T8004] bridge_slave_1: entered allmulticast mode [ 280.999638][ T8004] bridge_slave_1: entered promiscuous mode [ 281.729443][ T8085] block device autoloading is deprecated and will be removed. [ 281.899358][ T8004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 281.922525][ T8004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 282.111240][ T8004] team0: Port device team_slave_0 added [ 282.207486][ T8004] team0: Port device team_slave_1 added [ 282.283962][ T8105] netlink: 256 bytes leftover after parsing attributes in process `syz.1.582'. [ 282.323884][ T2155] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 282.364423][ T8004] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 282.389879][ T8004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.497877][ T8004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 282.531781][ T2155] usb 4-1: config 0 has no interfaces? [ 282.574736][ T2155] usb 4-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 282.616729][ T2155] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.656757][ T8004] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 282.740695][ T2155] usb 4-1: Product: syz [ 282.768823][ T8004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.814451][ T2155] usb 4-1: Manufacturer: syz [ 282.819237][ T2155] usb 4-1: SerialNumber: syz [ 282.972942][ T2155] usb 4-1: config 0 descriptor?? [ 282.973670][ T5848] Bluetooth: hci5: command tx timeout [ 282.979301][ T8004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 283.255875][ T2155] usb 4-1: USB disconnect, device number 7 [ 283.366591][ T8004] hsr_slave_0: entered promiscuous mode [ 283.377853][ T8004] hsr_slave_1: entered promiscuous mode [ 283.395805][ T8004] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 283.433984][ T8004] Cannot create hsr debugfs directory [ 284.957100][ T8129] kAFS: No cell specified [ 286.547966][ T8142] netlink: 256 bytes leftover after parsing attributes in process `syz.0.594'. [ 289.131597][ T8004] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 289.275553][ T8004] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 289.306762][ T8004] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 289.354634][ T8162] loop6: detected capacity change from 0 to 7 [ 289.362713][ T8004] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 289.394039][ T8162] Dev loop6: unable to read RDB block 7 [ 289.415557][ T8162] loop6: unable to read partition table [ 289.440735][ T8162] loop6: partition table beyond EOD, truncated [ 289.450901][ T30] audit: type=1326 audit(1748706460.270:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8163 comm="syz.4.602" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3a4478e969 code=0x0 [ 289.480143][ T8162] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 290.296847][ T8004] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.322695][ T8178] netlink: 256 bytes leftover after parsing attributes in process `syz.0.607'. [ 290.379517][ T8167] netlink: 256 bytes leftover after parsing attributes in process `syz.4.602'. [ 290.390479][ T8167] netlink: 'syz.4.602': attribute type 4 has an invalid length. [ 290.422884][ T8167] netlink: 16 bytes leftover after parsing attributes in process `syz.4.602'. [ 290.446840][ T8004] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.518117][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.525445][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 290.620842][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.628879][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.278647][ T8205] netlink: 256 bytes leftover after parsing attributes in process `syz.0.618'. [ 292.052348][ T8004] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 293.618648][ T8237] netlink: 256 bytes leftover after parsing attributes in process `syz.3.628'. [ 295.331968][ T8004] veth0_vlan: entered promiscuous mode [ 295.347008][ T8004] veth1_vlan: entered promiscuous mode [ 295.383892][ T8004] veth0_macvtap: entered promiscuous mode [ 295.400812][ T8004] veth1_macvtap: entered promiscuous mode [ 295.431413][ T8004] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 295.505787][ T8004] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 295.517730][ T8004] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.562581][ T8004] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.687791][ T8004] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.833899][ T8004] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.332428][ T6087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 297.477573][ T6087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.065091][ T5842] Bluetooth: hci5: command 0x0405 tx timeout [ 298.451894][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.491819][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.697741][ T8276] netlink: 256 bytes leftover after parsing attributes in process `syz.0.641'. [ 300.151589][ T8272] syz.3.639 (8272) used greatest stack depth: 18520 bytes left [ 302.874307][ T8313] netlink: 256 bytes leftover after parsing attributes in process `syz.0.654'. [ 303.005791][ T8319] netlink: 356 bytes leftover after parsing attributes in process `syz.4.652'. [ 303.015175][ T8319] openvswitch: netlink: Flow actions attr not present in new flow. [ 303.993709][ T30] audit: type=1326 audit(1748706474.810:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8325 comm="syz.5.658" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f77bf98e969 code=0x0 [ 305.609559][ T8354] netlink: 256 bytes leftover after parsing attributes in process `syz.1.670'. [ 308.198745][ T8375] binder: 8374:8375 ioctl c0306201 200000000680 returned -22 [ 309.890354][ T8392] netlink: 256 bytes leftover after parsing attributes in process `syz.5.684'. [ 315.010853][ T8437] netlink: 256 bytes leftover after parsing attributes in process `syz.3.701'. [ 315.279827][ T8450] xt_hashlimit: overflow, rate too high: 0 [ 317.101895][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.335593][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.745006][ T8476] netlink: 256 bytes leftover after parsing attributes in process `syz.1.716'. [ 318.810631][ T5842] Bluetooth: hci0: unexpected event for opcode 0x0062 [ 319.757069][ T8498] kAFS: No cell specified [ 320.768639][ T8507] batadv0: entered promiscuous mode [ 320.774826][ T8507] batadv0: entered allmulticast mode [ 321.191224][ T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 321.474582][ T24] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 321.507785][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.575299][ T24] usb 6-1: config 0 descriptor?? [ 321.750105][ T8515] netlink: 16 bytes leftover after parsing attributes in process `syz.4.726'. [ 321.826048][ T8515] netlink: 120 bytes leftover after parsing attributes in process `syz.4.726'. [ 321.926660][ T8515] netlink: 16 bytes leftover after parsing attributes in process `syz.4.726'. [ 322.867179][ T880] usb 6-1: USB disconnect, device number 2 [ 322.874088][ T8527] netlink: 256 bytes leftover after parsing attributes in process `syz.4.733'. [ 324.242887][ T8538] netlink: 24 bytes leftover after parsing attributes in process `syz.1.736'. [ 325.954138][ T8547] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 327.578510][ T5842] Bluetooth: hci5: unexpected event for opcode 0x0c46 [ 329.745965][ T8584] netlink: 256 bytes leftover after parsing attributes in process `syz.3.747'. [ 330.508868][ T8590] netlink: 'syz.5.753': attribute type 10 has an invalid length. [ 330.601361][ T8590] netlink: 40 bytes leftover after parsing attributes in process `syz.5.753'. [ 331.222257][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 331.257889][ T8590] team0: Port device geneve0 added [ 331.384083][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 332.104360][ T10] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 332.143713][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.206224][ T10] usb 5-1: config 0 descriptor?? [ 335.681365][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 335.702558][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 335.780993][ T8638] netlink: 24 bytes leftover after parsing attributes in process `syz.0.769'. [ 335.798882][ T10] usb 5-1: USB disconnect, device number 4 [ 338.828452][ T8664] lo speed is unknown, defaulting to 1000 [ 338.897334][ T8660] netlink: 248 bytes leftover after parsing attributes in process `syz.3.774'. [ 339.137488][ T8673] netlink: 8 bytes leftover after parsing attributes in process `syz.3.777'. [ 340.347369][ T8680] netlink: 'syz.3.778': attribute type 10 has an invalid length. [ 340.359420][ T8680] netlink: 40 bytes leftover after parsing attributes in process `syz.3.778'. [ 340.561881][ T8680] team0: Port device geneve0 added [ 340.884026][ T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 341.345765][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 341.369930][ T8692] netlink: 24 bytes leftover after parsing attributes in process `syz.3.782'. [ 341.414927][ T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 341.453273][ T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 341.486159][ T9] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 341.503160][ T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 341.553865][ T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 341.581085][ T9] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 341.590709][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.770538][ T9] hub 6-1:1.0: bad descriptor, ignoring hub [ 341.865832][ T8701] overlayfs: missing 'lowerdir' [ 342.473880][ T9] hub 6-1:1.0: probe with driver hub failed with error -5 [ 343.051888][ T9] cdc_wdm 6-1:1.0: skipping garbage [ 343.101703][ T9] cdc_wdm 6-1:1.0: skipping garbage [ 343.115094][ T8705] batadv0: entered promiscuous mode [ 343.120352][ T8705] batadv0: entered allmulticast mode [ 343.144498][ T9] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 343.233703][ T8707] netlink: 8 bytes leftover after parsing attributes in process `syz.1.788'. [ 343.261833][ T9] usb 6-1: USB disconnect, device number 3 [ 343.843762][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 344.202763][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 344.968781][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 344.979174][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 344.992566][ T9] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 345.002058][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.013451][ T9] usb 6-1: config 0 descriptor?? [ 346.514849][ T9] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 346.620158][ T8742] netlink: 8 bytes leftover after parsing attributes in process `syz.0.796'. [ 346.633858][ T8742] netlink: 8 bytes leftover after parsing attributes in process `syz.0.796'. [ 347.727850][ T9] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 348.125229][ T8747] netlink: 24 bytes leftover after parsing attributes in process `syz.1.799'. [ 348.492713][ T9] usb 6-1: USB disconnect, device number 4 [ 348.902905][ T8750] fido_id[8750]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 349.007209][ T8756] netlink: 8 bytes leftover after parsing attributes in process `syz.5.802'. [ 349.142487][ T8752] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.357918][ T8752] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.236332][ T8752] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.614347][ T880] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 351.066633][ T880] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 351.233358][ T880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.251491][ T5848] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 351.255563][ T880] usb 4-1: Product: syz [ 351.983614][ T880] usb 4-1: Manufacturer: syz [ 351.988354][ T880] usb 4-1: SerialNumber: syz [ 351.997515][ T880] usb 4-1: config 0 descriptor?? [ 352.012443][ T880] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 352.305997][ T8788] netlink: 64 bytes leftover after parsing attributes in process `syz.5.813'. [ 352.490139][ T8752] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.589206][ T8752] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.735473][ T8752] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.851638][ T8801] netlink: 8 bytes leftover after parsing attributes in process `syz.5.817'. [ 352.965750][ T8752] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.174938][ T8791] delete_channel: no stack [ 354.337204][ T2155] usb 4-1: USB disconnect, device number 8 [ 358.643450][ T8847] delete_channel: no stack [ 368.592365][ T8981] nbd: must specify at least one socket [ 368.893921][ T8981] block nbd4: not configured, cannot reconfigure [ 369.696734][ T8992] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 372.730349][ T9033] netlink: 252 bytes leftover after parsing attributes in process `syz.3.880'. [ 375.253151][ T9061] batadv0: entered promiscuous mode [ 375.258516][ T9061] batadv0: entered allmulticast mode [ 377.624010][ T5835] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 377.833366][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 378.510877][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 378.522455][ T5835] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 378.544939][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.551380][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.561134][ T5835] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 378.570694][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.582985][ T5835] usb 4-1: config 0 descriptor?? [ 378.875865][ T9107] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 379.067595][ T5835] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 379.106468][ T5835] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 379.326764][ T5835] usb 4-1: USB disconnect, device number 9 [ 379.433744][ T24] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 380.264728][ T24] usb 6-1: unable to get BOS descriptor or descriptor too short [ 380.316557][ T24] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 380.343588][ T24] usb 6-1: can't read configurations, error -71 [ 380.554199][ T9136] netlink: 8 bytes leftover after parsing attributes in process `syz.3.911'. [ 381.155358][ T9135] netlink: 8 bytes leftover after parsing attributes in process `syz.3.911'. [ 381.164361][ T9135] netlink: 8 bytes leftover after parsing attributes in process `syz.3.911'. [ 383.699316][ T9165] lo speed is unknown, defaulting to 1000 [ 383.929786][ T9171] netlink: 24 bytes leftover after parsing attributes in process `syz.4.921'. [ 384.302816][ T9177] netlink: 8 bytes leftover after parsing attributes in process `syz.4.924'. [ 385.850573][ T880] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 386.125556][ T880] usb 5-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 386.182065][ T880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.271198][ T880] usb 5-1: Product: syz [ 386.336049][ T880] usb 5-1: Manufacturer: syz [ 386.340915][ T880] usb 5-1: SerialNumber: syz [ 386.424409][ T880] usb 5-1: config 0 descriptor?? [ 386.472828][ T880] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 387.065482][ T880] gspca_sq905c: sq905c_command: usb_control_msg failed (-71) [ 387.103380][ T880] sq905c 5-1:0.0: probe with driver sq905c failed with error -71 [ 387.170190][ T880] usb 5-1: USB disconnect, device number 5 [ 387.597986][ T9226] netlink: 8 bytes leftover after parsing attributes in process `syz.5.941'. [ 388.314891][ T9230] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 389.401988][ T9252] netlink: 8 bytes leftover after parsing attributes in process `syz.5.954'. [ 389.413485][ T9255] netlink: 24 bytes leftover after parsing attributes in process `syz.3.953'. [ 391.411192][ T9272] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 392.372964][ T9283] bridge0: port 3(vlan2) entered blocking state [ 392.380255][ T9283] bridge0: port 3(vlan2) entered disabled state [ 392.387974][ T9283] vlan2: entered allmulticast mode [ 392.393162][ T9283] bridge0: entered allmulticast mode [ 392.446226][ T9283] vlan2: left allmulticast mode [ 392.452631][ T9283] bridge0: left allmulticast mode [ 393.169933][ T9293] netlink: 24 bytes leftover after parsing attributes in process `syz.0.968'. [ 393.193675][ T9295] netlink: 8 bytes leftover after parsing attributes in process `syz.5.967'. [ 394.923295][ T9326] netlink: 8 bytes leftover after parsing attributes in process `syz.0.982'. [ 395.818354][ T9337] netlink: 24 bytes leftover after parsing attributes in process `syz.0.984'. [ 396.650954][ T9356] netlink: 8 bytes leftover after parsing attributes in process `syz.5.994'. [ 397.025084][ T9367] netlink: 24 bytes leftover after parsing attributes in process `syz.1.999'. [ 397.926092][ T9377] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1003'. [ 398.639092][ T9388] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1006'. [ 399.408299][ T9403] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1014'. [ 399.433695][ T5835] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 399.773263][ T9410] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1017'. [ 400.045163][ T9420] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1020'. [ 400.252548][ T9426] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1024'. [ 401.031491][ T9444] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1032'. [ 401.095857][ T5842] Bluetooth: hci5: command 0x0405 tx timeout [ 401.214950][ T9449] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1034'. [ 401.973955][ T9396] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 401.974351][ T5848] Bluetooth: hci1: command 0x0406 tx timeout [ 401.988158][ T9396] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 402.144260][ T9396] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 402.150363][ T9396] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 402.169830][ T9396] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 402.177169][ T9396] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 402.281081][ T9396] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 402.287445][ T9396] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 402.355501][ T9396] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 402.361546][ T9396] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 402.583808][ T9396] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 402.593386][ T9396] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 403.426797][ T5835] usb 6-1: unable to get BOS descriptor or descriptor too short [ 403.456740][ T5835] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 403.471344][ T5835] usb 6-1: can't read configurations, error -71 [ 403.792304][ T9483] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1048'. [ 404.353871][ T880] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 404.535396][ T880] usb 2-1: device descriptor read/64, error -71 [ 405.783861][ T880] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 406.353611][ T880] usb 2-1: device descriptor read/64, error -71 [ 406.475151][ T880] usb usb2-port1: attempt power cycle [ 406.833663][ T880] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 406.906785][ T880] usb 2-1: device descriptor read/8, error -71 [ 407.787936][ T9529] netlink: 'syz.4.1061': attribute type 10 has an invalid length. [ 407.841090][ T9529] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1061'. [ 409.016662][ T9529] team0: Port device geneve0 added [ 410.533827][ T31] INFO: task syz.2.491:7824 blocked for more than 143 seconds. [ 410.541544][ T31] Not tainted 6.15.0-next-20250530-syzkaller #0 [ 410.571700][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 410.592973][ T31] task:syz.2.491 state:D stack:25160 pid:7824 tgid:7823 ppid:5836 task_flags:0x400140 flags:0x00004006 [ 410.605584][ T31] Call Trace: [ 410.608945][ T31] [ 410.611946][ T31] __schedule+0x16f5/0x4d00 [ 410.616802][ T31] ? schedule+0x165/0x360 [ 410.621263][ T31] ? __pfx___schedule+0x10/0x10 [ 410.626517][ T31] ? schedule+0x91/0x360 [ 410.630872][ T31] schedule+0x165/0x360 [ 410.635194][ T31] netfs_wait_for_request+0x1f0/0x600 [ 410.640699][ T31] ? __pfx_netfs_write_collection+0x10/0x10 [ 410.647072][ T31] ? __pfx_netfs_wait_for_request+0x10/0x10 [ 410.674251][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 410.682242][ T31] netfs_unbuffered_write_iter_locked+0x52a/0x910 [ 410.698880][ T31] netfs_unbuffered_write_iter+0x4c4/0x660 [ 410.726961][ T31] do_iter_readv_writev+0x56e/0x7f0 [ 410.781146][ T31] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 410.793725][ T31] ? rcu_read_lock_any_held+0xb3/0x120 [ 410.801109][ T31] vfs_writev+0x31a/0x960 [ 410.810903][ T31] ? __lock_acquire+0xab9/0xd20 [ 410.818566][ T31] ? __pfx_vfs_writev+0x10/0x10 [ 410.828524][ T31] ? __fget_files+0x2a/0x420 [ 410.833258][ T31] ? __fget_files+0x3a0/0x420 [ 410.840923][ T31] ? __fget_files+0x2a/0x420 [ 410.850977][ T31] do_writev+0x14d/0x2d0 [ 410.857335][ T31] ? __pfx_do_writev+0x10/0x10 [ 410.862308][ T31] ? rcu_is_watching+0x15/0xb0 [ 410.875736][ T31] ? do_syscall_64+0xbe/0x3b0 [ 410.900639][ T31] do_syscall_64+0xfa/0x3b0 [ 410.917733][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 410.939870][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.962522][ T31] ? clear_bhb_loop+0x60/0xb0 [ 410.968551][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.987423][ T31] RIP: 0033:0x7fd389b8e969 [ 410.992240][ T31] RSP: 002b:00007fd38a91a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 411.043697][ T31] RAX: ffffffffffffffda RBX: 00007fd389db5fa0 RCX: 00007fd389b8e969 [ 411.102730][ T31] RDX: 0000000000000002 RSI: 0000200000000000 RDI: 0000000000000006 [ 411.149276][ T31] RBP: 00007fd389c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 411.240456][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 411.350342][ T31] R13: 0000000000000000 R14: 00007fd389db5fa0 R15: 00007fff7d368d38 [ 411.445978][ T31] [ 411.479074][ T31] [ 411.479074][ T31] Showing all locks held in the system: [ 411.622151][ T31] 1 lock held by khungtaskd/31: [ 411.650682][ T31] #0: ffffffff8e13f140 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 411.703310][ T31] 2 locks held by kworker/u8:5/1100: [ 411.708845][ T31] 3 locks held by kworker/u8:6/1114: [ 411.714277][ T31] 1 lock held by klogd/5197: [ 411.718955][ T31] #0: ffff8880b863b918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 [ 411.729111][ T31] 2 locks held by getty/5598: [ 411.733928][ T31] #0: ffff88814c8d30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 411.744390][ T31] #1: ffffc9000362b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 411.754770][ T31] 1 lock held by syz-executor/5838: [ 411.760083][ T31] #0: ffff8880b863b918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 [ 411.781776][ T31] 3 locks held by syz.2.491/7824: [ 411.793814][ T31] #0: ffff88802ef31b38 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320 [ 411.816045][ T31] #1: ffff88807b1e4428 (sb_writers#28){.+.+}-{0:0}, at: vfs_writev+0x288/0x960 [ 411.980352][ T31] #2: ffff888049c48e28 (&sb->s_type->i_mutex_key#34){++++}-{4:4}, at: netfs_start_io_direct+0x1ef/0x230 [ 411.997167][ T31] [ 411.999601][ T31] ============================================= [ 411.999601][ T31] [ 412.010069][ T31] NMI backtrace for cpu 0 [ 412.010094][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-next-20250530-syzkaller #0 PREEMPT(full) [ 412.010118][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 412.010131][ T31] Call Trace: [ 412.010140][ T31] [ 412.010149][ T31] dump_stack_lvl+0x189/0x250 [ 412.010173][ T31] ? __wake_up_klogd+0xd9/0x110 [ 412.010206][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 412.010226][ T31] ? __pfx__printk+0x10/0x10 [ 412.010264][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 412.010294][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 412.010318][ T31] ? _printk+0xcf/0x120 [ 412.010346][ T31] ? __pfx__printk+0x10/0x10 [ 412.010371][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 412.010404][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 412.010433][ T31] watchdog+0xfee/0x1030 [ 412.010465][ T31] ? watchdog+0x1de/0x1030 [ 412.010511][ T31] kthread+0x70e/0x8a0 [ 412.010540][ T31] ? __pfx_watchdog+0x10/0x10 [ 412.010568][ T31] ? __pfx_kthread+0x10/0x10 [ 412.010594][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 412.010623][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 412.010651][ T31] ? __pfx_kthread+0x10/0x10 [ 412.010677][ T31] ret_from_fork+0x3fc/0x770 [ 412.010710][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 412.010748][ T31] ? __switch_to_asm+0x39/0x70 [ 412.010770][ T31] ? __switch_to_asm+0x33/0x70 [ 412.010790][ T31] ? __pfx_kthread+0x10/0x10 [ 412.010816][ T31] ret_from_fork_asm+0x1a/0x30 [ 412.010857][ T31] [ 412.010890][ T31] Sending NMI from CPU 0 to CPUs 1: [ 412.177034][ C1] NMI backtrace for cpu 1 [ 412.177051][ C1] CPU: 1 UID: 0 PID: 1114 Comm: kworker/u8:6 Not tainted 6.15.0-next-20250530-syzkaller #0 PREEMPT(full) [ 412.177073][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 412.177085][ C1] Workqueue: bat_events batadv_nc_worker [ 412.177113][ C1] RIP: 0010:__lock_acquire+0xaa6/0xd20 [ 412.177146][ C1] Code: 03 0e 00 75 19 90 48 c7 c7 90 e7 b6 8d 48 c7 c6 53 5e a6 8d e8 fb c6 e5 ff 90 0f 0b 90 90 90 31 c0 48 8b 3c 24 48 83 78 40 00 <0f> 84 6a 01 00 00 4c 89 f6 89 ea 4c 89 f9 e8 17 38 00 00 85 c0 0f [ 412.177162][ C1] RSP: 0018:ffffc90003b4f8f0 EFLAGS: 00000086 [ 412.177177][ C1] RAX: ffffffff934598a8 RBX: 0000000000000002 RCX: 00000000de3888e4 [ 412.177189][ C1] RDX: 000000008b290864 RSI: 000000006cb20e34 RDI: ffff888026bcbc00 [ 412.177202][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8b33b452 [ 412.177216][ C1] R10: dffffc0000000000 R11: ffffffff8b33b380 R12: 0000000047626a79 [ 412.177237][ C1] R13: ffff888026bcc6f0 R14: ffff888026bcc740 R15: 29adf459de3888e4 [ 412.177250][ C1] FS: 0000000000000000(0000) GS:ffff888125d53000(0000) knlGS:0000000000000000 [ 412.177265][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 412.177277][ C1] CR2: 00007f65b06a1f98 CR3: 000000007716c000 CR4: 00000000003526f0 [ 412.177292][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 412.177302][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 412.177313][ C1] Call Trace: [ 412.177322][ C1] [ 412.177335][ C1] ? batadv_nc_worker+0xd2/0x610 [ 412.177357][ C1] lock_acquire+0x120/0x360 [ 412.177382][ C1] ? batadv_nc_worker+0xd2/0x610 [ 412.177409][ C1] ? batadv_nc_worker+0xd2/0x610 [ 412.177431][ C1] ? batadv_nc_worker+0xd2/0x610 [ 412.177454][ C1] batadv_nc_worker+0xef/0x610 [ 412.177477][ C1] ? batadv_nc_worker+0xd2/0x610 [ 412.177501][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 412.177530][ C1] process_scheduled_works+0xae1/0x17b0 [ 412.177572][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 412.177608][ C1] worker_thread+0x8a0/0xda0 [ 412.177626][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 412.177655][ C1] ? __kthread_parkme+0x7b/0x200 [ 412.177677][ C1] kthread+0x70e/0x8a0 [ 412.177699][ C1] ? __pfx_worker_thread+0x10/0x10 [ 412.177715][ C1] ? __pfx_kthread+0x10/0x10 [ 412.177736][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 412.177758][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 412.177783][ C1] ? __pfx_kthread+0x10/0x10 [ 412.177803][ C1] ret_from_fork+0x3fc/0x770 [ 412.177830][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 412.177858][ C1] ? __switch_to_asm+0x39/0x70 [ 412.177876][ C1] ? __switch_to_asm+0x33/0x70 [ 412.177894][ C1] ? __pfx_kthread+0x10/0x10 [ 412.177914][ C1] ret_from_fork_asm+0x1a/0x30 [ 412.177941][ C1] [ 412.178986][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 412.460749][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-next-20250530-syzkaller #0 PREEMPT(full) [ 412.471722][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 412.481800][ T31] Call Trace: [ 412.485101][ T31] [ 412.488045][ T31] dump_stack_lvl+0x99/0x250 [ 412.492671][ T31] ? __asan_memcpy+0x40/0x70 [ 412.497325][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 412.502548][ T31] ? __pfx__printk+0x10/0x10 [ 412.507174][ T31] panic+0x2db/0x790 [ 412.511099][ T31] ? __pfx_panic+0x10/0x10 [ 412.515554][ T31] ? __pfx_delay_tsc+0x10/0x10 [ 412.520338][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 412.526166][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 412.531563][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 412.537743][ T31] watchdog+0x102d/0x1030 [ 412.542097][ T31] ? watchdog+0x1de/0x1030 [ 412.546541][ T31] kthread+0x70e/0x8a0 [ 412.550625][ T31] ? __pfx_watchdog+0x10/0x10 [ 412.555317][ T31] ? __pfx_kthread+0x10/0x10 [ 412.559922][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 412.565135][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 412.570376][ T31] ? __pfx_kthread+0x10/0x10 [ 412.575085][ T31] ret_from_fork+0x3fc/0x770 [ 412.579697][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 412.584827][ T31] ? __switch_to_asm+0x39/0x70 [ 412.589597][ T31] ? __switch_to_asm+0x33/0x70 [ 412.594370][ T31] ? __pfx_kthread+0x10/0x10 [ 412.598994][ T31] ret_from_fork_asm+0x1a/0x30 [ 412.603807][ T31] [ 412.607245][ T31] Kernel Offset: disabled [ 412.611580][ T31] Rebooting in 86400 seconds..