last executing test programs: 10.046875162s ago: executing program 4 (id=398): r0 = fsopen(&(0x7f0000000040)='tracefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0xa) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) statfs(&(0x7f0000000200)='.\x00', &(0x7f0000000440)=""/137) fchdir(r1) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) socket$kcm(0x10, 0x2, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x2) socket$inet_udp(0x2, 0x2, 0x0) syz_usb_connect(0x5, 0x3b9, &(0x7f00000009c0)=ANY=[], 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001c00357428bd7000fed3df", @ANYRES32=r4, @ANYBLOB="4000b00408000100e00000020a0002"], 0x30}, 0x1, 0x0, 0x0, 0x20004001}, 0x80c0) syz_genetlink_get_family_id$mptcp(0x0, r1) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x240, 0x0) r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000ac0000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000004000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r8}, 0x18) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6) 9.553385286s ago: executing program 3 (id=400): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c40)=ANY=[@ANYBLOB="80000000190001002abd7000fbdbdf251d010900500012800c00bf000d0000000008000008009200", @ANYRES32=0x0, @ANYBLOB="38003b803412687c7d3f511500db802d00388098f87cf6f5bcb28e9ae3943c02809d73310fd263c5c091dd8a487d68aa13944a72aa"], 0x80}, 0x1, 0x0, 0x0, 0x5}, 0x0) 9.096504968s ago: executing program 2 (id=401): r0 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000000)=0x200, 0x4) sendmmsg$inet(r0, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000580)="080000b25600da00", 0x8}], 0x1}}], 0x1, 0x4000) 8.985480917s ago: executing program 3 (id=402): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ae0210000060a0b040000000000000000020000000900010073797a30000000000900020073797a3200000000b42104802800018008000100666962001c000280080001400000001508000240000000030800034000000032882101800a0001006d6174636800000078210280090001006473637000000000041003009153a04709dd3ce609dff7ed79a6b495475de7fb1ab757cefa6702b550641f1bc0f33a205505b2569471224ab9523b742af6a2a799407d48bec685a43c9fa1d84b2263623a39fa7d2373a858b35457216ee91bd3e98f97181b6f0abca47a3e5db91f5a0059d45a24730bddc5915ad5fcd19265f5dfeea8638bc7f3fe0fbefe12776b861bc591b7543536ebd3cf666a7a6366a7bb51f1011cfc40d26ccb7d27cba7e3ba76c82ccf6cf21f62bdb5c1dc9ffb5512c0c7f263fc19577efd96e3f8ea7ac0ac6058e344d8b2260c3f70badd0035a121a24d3926c18cdbc7b4e397d2b9925b54f549aac05575be911f1b0bc0b09114366933dd498a989085f3021f1dd0541a533516d85ac8a617621fa0ad728e5e77147cdcd4b310860e522a3780c8a92fc2e58a97d1bb432ecefbb0c85518da22a1071df27d204aabf65b3fc1aa04a6903a07548b4a2ee8b033821e727959b52528ae4bb4b8a7b9626b898bf1265b92540c67c05b476d1b9d83b7e43343748755e11081fe2394c817fc4e1d5962e929a9a85b66da20a7a100a0fe3ace658286342838271e7ce0765240260d67a0ab7cf8c601743c68f0ab0406e1a3bafa7561bdb08bc2002ad33e1bc80c1cb0dd72b6ac3f7c93bbea95be309848ff5194e98ac171c7495623e773062affd7a1de1a86bc8827c5ea24d4dbe3cfc37eaddf1ffaeabf7cdcbd4795004f18d4caea50c2da08b71c9c5df1f8f15a9abb7a822ba57348d14a6d022c66d9e60bdc2809913e5a0408d0a6c80a29ee8968d0160a54d5374680f0326ff3a2f38eb16288a92680f4be3f78f999a65b12347903a7c2860b80d72bf27fee3d3cf7728fecccf6c737ea08c570b829f19fb19959580332a5bca3f03b088178b2166783a0390748525e347a8f016687b179293a3a47087094d714204c50f5a65868656786453bd9703dcea9978b736118fa03e9fb98da62bfc21965149aeb03d4800c1b0fc3861ef8582e8017b0e5965b4f474af98e9d7785d9434811345b82644e2086239657bd4fa760f5478d8dda0e781da9f1fece3d0b587ded634479b6eb41d01cb63b8ffcd4aac7dea43645098cb48820b2d68a8bc7f0bd301a77e38ec0ee1148d897515e7b152034f532a350470419fff34b4ce2e69173fc26aa1edfeeccb5ca501cb3aedc0d68929a763add304818b220d17e936ad71109f5a8acd6e330f4a3ba6d05c7e0565f9a2b6009574906e30fd5af8d7a685696621c424d8cdc0126bfeb849084fb4feb66d5c6a05333f644367f51025d612d81d581adf3e4a7fc251f967908b2753b674e28a1dc3fd5401999eaa4b8b4322563f758e3402c09d25c6e73868a00be511726cdd5f53271f01e90d2f4f6c9927fae109198af082b2466449916e80060af83eca3780f7b29054fc1845d65bd40d5db892e6fab09bb84ca5ed0ff656fe8885144eed780e1a79645d6fd5af589713567786967376fdccbcf512ccf8667fd7d9cfcacae33ce247e1eaa90d7e9e64705d792fb3e89c638bb0a43fecaec2bfd6d4dfc24eb9442b3cab0858dceca92cdd6f7270f7733817230983187eabbce5544e0c92591069dcfd48a8e5e35f0316d549f31e4986335be22edefecfdb91eb8c35a9e32c20a58b6ca8a8e8f028ee45932956c56083694f62785f69807fa29dd56ebc04d7a47993fb9319f233d3c8ebef5139240a78f1a7bcdb3a985b79b7feb1d2d2868100c31cbba6bb6c776b92fbc6142532e4f4da848d974bec9d93c4927c6f93d11f7206082555ea18ba1867dd774d0d03c981f67e48f6dd507bf36d5fb0f7f7314a2d1c404bf6ec5f7aa61253102ee66dfd9db5562b3b155998378eee2a0b67f284ffd92be2416c9dfca460c4140c6ae310830971d44044140e895388da8fb1e1f8819973f5565fc42cd08f8847b5ab1409da27f8383e666c01cca9e3c95b49c5e5480c036fb504b07127583be1375fb400920c68ce11c6326b0936b468d88956387e8ab3ad821e03a39e0a0af2cc0814850a1f9246b94daaa43b06af1c1c530e390e566dd0fd9a5c7179b6500ef5fe169f9512aca335deb0c28051ce51e903ef34affd8205edc8858123104d6817f4a6ab59de833f27a573a57fab47ea8c71819cfa2809f8d0ff310cc369e76a89c7beb05dbc75da875f41b9454fcb83fc3f87119d8f4a7fe28587abf7469fb5e06d75754ceda96612ee14c81ab1f774928bb3bd50c4c4580448449904c0a6d90b04718d85829b72568b0dfc8caa7bbc52d6a2740845a9c6d06899ea6a5d60e68312a8dcb92d51c09b335fca73df180d5c04988c17e4915c95ae3c1b6a63cd4a40d1e0395c35d8c054c7d1a8d7a73015b0f21a974d84445aa8bad3a0f96db711e2083d4ec4e2166451c20ab2664de0dfc28e46cdc9355c3d4f122a975d67e40e9e9d4a7171258977540619083e5f1a9e0b884726f9721fe54c2bc20fc597370854f74d65780bdfb0e4ec8861131eac73120b20c750d53b3bd800a59c83b53e714151e20506399a82484a8fb0af514f46269eaf6329f1b818e479832572212f1ccd204a0013353c15ba7ae0f163f5f8728876ee763859a950217f55805b16781b99c570a897d5526b93f0e5d86d974d067cec23f3839db7e15c6f3516645a21b8c956a0346a769e90a430d49d57ba0e58ddc45cc5e8f97948bceaae05ecc6ff36e3ca0236416e0fdc71ef46739a588dc8a23366d01288282a2ce2c47609abbb4c80a412ada0bf6894aebcb95d04824836d3c3f0ced848d76cc415eeeb31fe85a68ad68810e5b16d8a93ab23e73131314f585472828d74854e8c147730607a4041fdbf98e933524021bb7e86cb468a001f91ab3fcbf02ba951def880167b1e01688b26802ae6e31bf48982b4e0a332d15ac45f8af06b740a882c94cbf976ff5035343d2e4485c694ede7954c038740830820ac54e9fda53b29ee3ffc1401a15e10772f224844cb88c1059524c52b9301049d1b626ad0a1de235ad4fda9424501d6de2b9c71bff9683f30ae187a662fee2df850783db3a4f671262bdcdbe3e76feec6533999b3926f8c26d1b2b8b7e44b81c2a77752fb15c61414b6884b44412188dd23b0fc52bdfa7ea52aef412075581e1323181ae34a86390d38a713aa6568db497ca0a9fc2a09729023e052ba59fbe1bb13629005871e0338dfb69e5afe8b7211389ddec86644ea065dbd5ed7908001440856d67d77ace8dc9f2f8028fd9be217ceea04be069ffb13d9aaf6645bedd3e6c1e4596033206b06a41a024897416fe81ec10c15f4eb6e9e35acfa48819d6bbd8b6427b695bbe119a9a5019abe58d80f7e11dce5cd56201676a10f22be24601b97f6732d800760d1ab31a87a6a1442667f2068946b24167dda85acfa818b28757d9eb67368124ca8c3d39aab854cab4e32508b62ffcaa0ec071d30c1dc69f855a4c971f35ce290fb8c520ddf2fffd54733401f385d715a04fa9ee5e291579e64f117448a0a9f56edea41539b423e2164b367728171eb2a79e1d5feddb8ce469fa63299a36572c66d4e29cd29b980efabbd49a40e15539fe27f4350e6d8c72db58818a056f08061dcdac3c6fa92ed00a556a5f785d61c5ba585ec240261246fb6089dc25d95736410f2c4ece4e9f268ba7ee2da0acdcdb4062a9b5b4389d699b46a915e80ab33777305760d6498d38b1b46649789f6b7776fa074eb9baaddea834f3a02088f2f2518969d1c2d2416af86abc2ed66397480f3869bd4eb4bc4d8a1f17f8bdc9ee340bb39c3fcac5ac6bf65a3b2148d185609e1f4c76adb3e9d6d47a31c4e20ae29a8e0e81b2ee22ffcd12777fd1e3d8c2de83610418da0d0349cf0a99e20b10680cc3ef2a3e13ae46825c9f172c73df249dff50664a78389603671ece11b2777e3015646bdb9e64da78499c94fe63c12e1a9981006d1a1653b5387231044b9c42978567aca87920851944166747b5e416f259ccc1be44c52a0f033cd6199421c1f19844ca996997b4c7dec56b289fc6708138801557f36e0cbad8c2d1ef86128d10683ccb8e659cefbe7d2523969c4c58539c520644dadf4aa1793622cd21f36ef84069f20add9278ce5b97d43f818a88a430ec39cf1681b080d617af5232086948b351d88d47c2cbbace772fd8580c7fd817658341c8e39b6843ac9cb78aa48f96fb39706622924169ceb6970021b86ce302f81f74ded068018791dfb1a9e44fcff9367c8cbf7b5229b1c1112328bd52cfea6b49f9e72b61ced9358b7e63f404ef2a3d891002cd024be68d268541af228df1873878f964035fd39634b33431ea3dd25ea1dd601a14a8286d73248922b2e3e72e550ad18e9a6c68568bafe85fd985d1fde1fb7368a8415b39b4ff30b2d4688fb6a4b775f57b1dc141ef065ff7f2d6551a1ce8f38c7d0676ad5d11d0dc4c8b375c72d9fcf20fca17ffaf2805a4527620498f76ee08af54f7e4969b2b82b828519f2c3231f0d9732fe574f918d8c0cab45c3b081db6a83c28c54550ff0fe3aaaa5d068cc5e42c6700788c17e30b43f6096ec55a8b551c4c1daaf61557f61c069102872920cf71e99dc256b78913aabe6d6bc9e1471f3a616b43bfb515412c5e0862f4ca417bc9dc48c8bacfec17f25d8286ab13be939757281457d44fe855a20e76b337c3eba4d7c51851088f234ab09b733a279af93215d75268178cf7106d9fd7777cea6363e3b3c24f7f35f22f75d2116d68b91810f70c7f82fe8f0cfdd9d5374759330a6b105f2a4a6777aee3e9cdfb92421c4f6ec5ba554052c78d118b58568736ff4641b679a7b1a9ad1374d1f3e305ebfa810b54e17e46650c1c97ab42e208d33c1817b390cefd2abcec74516d1b3995c9e5b7b7399a0e14bf895af84ac9b42f772a7180fef9b4cc628c1f4ce776eb6c29b5a3a98c230f28633c5fe0490fb39f39d5f796833f781708c5ee5d6f830c64bc999dcc817201d84211b8dbaba63ae062f7a011791a96f2bd7e89e0afe0f03b8d0c35985378a112db6cef0ac205c873f759fcdb04c5cce279df7f50db7eddd6ca0555728d5d1873c0fb064ca8bbe718f703fab9a7b60312fcdbc70aa41b6336f83d8d14a5c4e5783d87c119e11c0b54941be6ea2d97fee5f393fc27165f474a273655529d86af8b16993cd47006738ca71fae415cee097584b2cbe3e9f933e85114ef6a24eccc3bcc60f65b0048eed67a95ee74aa6c2e2fc5e6a168a923de7b3be45a73ec44cd2edd9154030811d3ae8b450278f929a06d0bb160af1366b2a7bbf431e82d5b0b84a8ae1856a95950e75f3880baa83c4c14cdb6b28029d886a1a7e92aee7b19dba39ac0ee40fc9bb53d55950cccb1f56b1ab102dc6c37e6af58970a34c9d6be6a9501a129343db66db61fb9733610e08f841d1f63f879885f53c814a61986fbda23d895e5105263a7fea53beff234e415a2876bba73b7719d2e38326465fc676c1853293acf6c99e6a5b1c119d6dc5f94d28f2fe444a08c30c9e82c730fff846c4dce48360a9eca970b36cb0e1b6aef8f3eaf6049d848ab2d0e85d9348693c406956c94206bba61761e4cb4f7a22d736b012efbd5c86d6db1a8ee8b8cfaf42d6bbd3cc3bf779ff17d1286a7f4ba9d37ac44dcc07a22ff9a54effdf90bbdce3a7b68fb1c3db8059b9db2eefdabaa8fdf04b9981c800b3aae454b696a8c6238efa159316462f56231abc2babf9cbbbc7844978f0e115c5c35317f220c4d4667bf092ba40bfb2636eb152682098b32c38b8bcc2220ee11aa2923976bc262ff5a1f08f2c17cffac082c289929c0aa2958fe080001006f736600080002"], 0x2208}, 0x1, 0x0, 0x0, 0x20000884}, 0x8800) 8.716299393s ago: executing program 0 (id=404): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = socket(0x10, 0x80003, 0x0) write(r2, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85) 8.581509618s ago: executing program 2 (id=405): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) writev(r4, &(0x7f0000000280)=[{&(0x7f0000000100)="2e9b3d0007e03dd65193df163e75963f86dd", 0x12}, {0x0}], 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18) mknod$loop(&(0x7f00000003c0)='./file1\x00', 0x200, 0x1) link(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000780)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r5 = epoll_create1(0x80000) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x10) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f00000000c0)={0xe000001a}) finit_module(r6, 0x0, 0x3) epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r6, &(0x7f0000000000)) recvmsg$can_bcm(r6, &(0x7f0000000540)={&(0x7f00000004c0)=@qipcrtr, 0x80, &(0x7f0000000740)=[{&(0x7f0000000a40)=""/195, 0xc3}, {&(0x7f0000000700)=""/62, 0x3e}], 0x2}, 0x40010000) socket(0x2, 0x5, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000002c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}]}, 0x1, 0x59c, &(0x7f0000001840)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=") r7 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r7}, &(0x7f0000000340), &(0x7f0000000300)=r8}, 0x20) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10) r10 = syz_io_uring_setup(0x440b, &(0x7f0000000180)={0x0, 0x6615, 0x10000, 0x2, 0xb7}, &(0x7f0000000280)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r11, r12, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x10000000000002a8, 0x8, 0x1, {0x2}}) io_uring_enter(r10, 0x29ab, 0xd480, 0x0, 0x0, 0x0) 8.33380675s ago: executing program 3 (id=406): mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) renameat2(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f00000004c0), &(0x7f0000001c40)=r1}, 0x20) openat(0xffffffffffffff9c, 0x0, 0x105042, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x200, {0x0, 0x0, 0x0, r3, {0xfff2, 0x9}, {0x10}, {0x9, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000a40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) mount$bind(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0) umount2(0x0, 0x800000000000000) 8.188458639s ago: executing program 0 (id=407): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x6, &(0x7f0000003d80)=0x6, 0x4) getsockopt$inet_tcp_int(r0, 0x6, 0x6, 0x0, 0x0) socket$rds(0x15, 0x5, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10) unshare(0x6a040000) 7.090094124s ago: executing program 1 (id=409): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010328bd7000fedbdf251c0000000c00018008000100", @ANYRES32=r4], 0x20}}, 0x10) 6.937180915s ago: executing program 3 (id=410): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x3, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x9}, 0x1c) sendmmsg(r0, &(0x7f0000007640)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002f40)=[{0x10, 0x29, 0x4}], 0x10}}], 0x2, 0x4000000) 6.187631877s ago: executing program 4 (id=411): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x6, 0x6, @remote}, 0x14) socket$packet(0x11, 0x3, 0x300) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r2, &(0x7f0000000240)=[{&(0x7f0000000380)=""/47, 0x2f}], 0x1, 0x38, 0xfffffffe) 6.096448677s ago: executing program 1 (id=412): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001380)={0xd8, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0xb0, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_FLAGS={0x8, 0x3, 0x7}]}, {0x7c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_ALLOWEDIPS={0x54, 0x9, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5}}]}]}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0xd8}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) 5.93466347s ago: executing program 3 (id=413): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9ba}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kfree\x00', r0, 0x0, 0x4009}, 0x18) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0x80045505, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x52, 0x0, 0x0) bind$inet6(r1, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x44000, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x4000, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x3200890, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x262) 5.149156589s ago: executing program 2 (id=414): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c0000000306010100000000000000000100000005000100070000007d62bc52bad634a82d1e"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x10000000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 4.641948035s ago: executing program 0 (id=415): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000) connect$can_bcm(0xffffffffffffffff, &(0x7f0000000140), 0x10) ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="050000000300000000000000", @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0) read(0xffffffffffffffff, &(0x7f0000001480)=""/4096, 0x38) 4.641397306s ago: executing program 4 (id=416): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x63, 0xfffffffb, 0x5}}}}]}, 0x44}}, 0x20040084) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xf3f, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xfff1, 0x3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20041010}, 0x4044000) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@newtfilter={0x34, 0x2c, 0xd3f, 0x30bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x1, 0x8}, {}, {0x0, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000010}, 0x24040004) r10 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r10, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) 4.554609004s ago: executing program 1 (id=417): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x18) r1 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000d00)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a8da494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c841d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99ad4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a000000007dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d455bae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a950000000000000000000000003e64c8a48ae215673b928d238ac07b631e793d2bda33a80dfaaf53e6c2dea09fc29a42d2495c4192860e2866615008f74ea070c55f68", 0x427}], 0x2, 0x0, 0x0, 0x10040000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) recvmmsg(r1, &(0x7f0000003ec0)=[{{0x0, 0x0, 0x0}, 0x8000}], 0x1, 0x100, 0x0) 4.470755043s ago: executing program 2 (id=418): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) sendto$inet6(r0, &(0x7f0000000100)="15", 0x1, 0x1, &(0x7f0000000140)={0xa, 0x4e23, 0x7ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000380)={&(0x7f0000000180)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f0000000340)}, 0x0) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0x0, 0x0, 0x4}, &(0x7f0000000080)=0x9c) r1 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000000206010700000000000000000000000014000300686173683a69702c706f72742c6970000900020073797a31000000000500010007000000050005000a0000000500040001000000c1590c9fe92c70409533a7acaf3d7072b144c5f5c963697b3ff9bea20eba159d251d57a146ac718289d253f3be698fed96dc6035adef29a07823dc76dea18307c0b1366c07f0145dcd4b556e3129ca"], 0x4c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0) r5 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) modify_ldt$write2(0x11, &(0x7f0000000000)={0xffff, 0x0, 0x1000, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fbd3df2502000000050004000100000005000400010000001400020076657468315f746f5f7465616d0000000900030073797a32000000000900010073797a"], 0x68}, 0x1, 0x0, 0x0, 0x4000145}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000ac0)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd30, 0x2000000, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x0, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee11, 0x0, 0x0, 0x3], [0x0, 0x8, 0x3]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4c845}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000600)={'wlan0\x00'}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, 0x0, 0x810) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000080)={[{@noblock_validity}, {}, {@sysvgroups}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nolazytime}, {@quota}, {@nomblk_io_submit}], [{@subj_role={'subj_role', 0x3d, '^#{]#@&&'}}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") close_range(r1, 0xffffffffffffffff, 0x0) 4.25018298s ago: executing program 3 (id=419): mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) setxattr$incfs_size(0x0, 0x0, 0x0, 0x0, 0x1) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000540)={'\x00', 0x7e, 0x7527, 0x5c8, 0x7fff, 0x9}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 3.976029696s ago: executing program 0 (id=420): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000580)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x8}, 0x18) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00') writev(r2, &(0x7f0000000240)=[{&(0x7f0000000140)="c7", 0x1}], 0x1) 2.904042602s ago: executing program 1 (id=421): r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) fcntl$notify(r0, 0x402, 0x2b) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents64(r1, &(0x7f0000002f40)=""/4098, 0x1002) 2.903402094s ago: executing program 4 (id=422): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) unshare(0x22020400) r2 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) 2.500970584s ago: executing program 0 (id=423): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x89, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xd6) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r1}, 0x10) syz_open_dev$usbfs(&(0x7f0000000040), 0xf, 0xc340) 1.388115702s ago: executing program 4 (id=424): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x4f, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="2c0000003f00070dfeffffff00000000017c0000040077000c000380", @ANYRESHEX], 0x2c}, 0x1, 0xa00, 0x0, 0x404c001}, 0x8010) 1.02791068s ago: executing program 1 (id=425): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18) statfs(&(0x7f0000000200)='.\x00', &(0x7f0000000440)=""/137) 918.604055ms ago: executing program 0 (id=426): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r2, 0x401, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="6103020703cc80b3c4f576ebcb3a35628aa4ebf7e5161987ceebeb7c"], 0x1c) pwrite64(0xffffffffffffffff, &(0x7f0000000280)="033c850c566dad9ebc75e55ab5cb13068095bb888796d64a", 0x18, 0x8) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000190001002cbd700000c8c3532d"], 0x24}}, 0x0) 650.917128ms ago: executing program 2 (id=427): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000280)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000000200)=[{&(0x7f00000005c0)="27050200590214000600002fb96da7f706e10500000086ddffff1144ee1611d4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184bbfdb9dd6f635406c4a67c5ff905a80e8404bb39fa4647893c17de955e6c8e765fa111bab1b33a1571772290d038d6cdfe81208da10a97337ccacb53d20e2311bbcc6f8e4d2a5f8256cb8584db15a24067e11e1462505442d912f40e409000000f8dd2eb87781e0802b62ce525aaa91b19a8296d13e2f0b6ef45c8e76a8e12bb7b77f5b882f41a1abc6839ba447dee5704f6c7e", 0xc8}, {&(0x7f0000000300)="1c393502dda1a67d93b1ceccbe972c4fef9c33ecf2d824ea2515623af6e989b9ef796ef3a33513f45f472bbdc8e3a2275f2587f0ca0b3ae419bed996116448f90d113ce98aa985f379d729430858f5cb9a668a1800bf2354b33cdff83033de518580a3080d7f4cc2406e071138439e1566dd17983ee153ab672f362d3292e24a9952f18ec3d8b3391096c1d4442a754899299321c03cbcfb98a26994b2a072c2b9d9c70d619545e5f61b050e40166d2feb604ac488f219f57dcc008f24fd5339e7bc21e25863f80d2487c30b6bf781608a31d68e9319ab1712d8f5bfde849c040417c864cbfd3923dcb9fc6bdc2ea53334184b03efcb631dc68f0a7b6e13eea4b80d4237120e32932ca4e2b50bad0a35496d36a191d91f03b477b9587bc0ba489932e34f819fa1524ebad53a3d94b46c6aeff4f42fa067729fbb2862c09d337a75e0c8429d4bfe0dee2e1e23e8c22787178600ecca135623731e4701f35bd4e7c936a8ee274120e7662328a5aba1161b05889b045696721c79bff0547efe051f3c5de77fdd3c77afd41a1a7747a982b7efb013c9d6bac7d3ad1f9b7c3a5a1448b35696f03bca1c875e346edc55b7a271c3e5f3c0df72c8e4d7cccfa28200007897e8ac4e5ee2d4ba3efd957ed5280398312f7e7bfcd76bc248e9", 0x1da}], 0x2}, 0x9cdc2384056b48b8) 528.125783ms ago: executing program 4 (id=428): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010329bd7000fcdbdf252400000018000180140002006c6f"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 176.379067ms ago: executing program 2 (id=429): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9ba}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kfree\x00', r0, 0x0, 0x4009}, 0x18) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0x80045505, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x52, 0x0, 0x0) bind$inet6(r1, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x44000, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x4000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x262) 0s ago: executing program 1 (id=430): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000140), 0x10) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) sendmsg$can_bcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="050000000300000000000000", @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0) read(r0, &(0x7f0000001480)=""/4096, 0x38) kernel console output (not intermixed with test programs): 804] veth1_vlan: entered promiscuous mode [ 198.121798][ T3520] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.177822][ T5808] veth0_macvtap: entered promiscuous mode [ 198.188151][ T3520] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.232714][ T5808] veth1_macvtap: entered promiscuous mode [ 198.280019][ T4022] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.352061][ T4022] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.422509][ T4022] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.460942][ T5804] veth0_macvtap: entered promiscuous mode [ 198.507435][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.561490][ T5804] veth1_macvtap: entered promiscuous mode [ 198.605374][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.687396][ T4022] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.772172][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.788311][ T4022] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.833961][ T4022] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.871601][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.902369][ T4022] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.001862][ T4022] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.019219][ T4022] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.069856][ T4022] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.106378][ T4022] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.518408][ T5814] veth0_vlan: entered promiscuous mode [ 199.639012][ T5814] veth1_vlan: entered promiscuous mode [ 200.046179][ T5814] veth0_macvtap: entered promiscuous mode [ 200.121427][ T5814] veth1_macvtap: entered promiscuous mode [ 200.314856][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 200.430350][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.520438][ T3520] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.596135][ T3520] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.626753][ T4283] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.677928][ T4283] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.316406][ T3520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.324610][ T3520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.493685][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.502861][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.593101][ T4283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.602538][ T4283] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.823148][ T1306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.835070][ T1306] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.083853][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.092352][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.104187][ T5815] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 205.485874][ T1306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.495214][ T1306] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.584382][ T3856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.592523][ T3856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.854249][ T4283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.862498][ T4283] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.647083][ T5994] loop2: detected capacity change from 0 to 32768 [ 206.790737][ T5994] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3 (5994) [ 206.898868][ T5994] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 206.913992][ T5994] BTRFS info (device loop2): using blake2b (blake2b-256-lib) checksum algorithm [ 207.116325][ T5995] loop3: detected capacity change from 0 to 32768 [ 207.155291][ T5995] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 207.172041][ T5995] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 207.244826][ T5995] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 207.259140][ T792] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 207.271762][ T792] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 207.480005][ T5994] BTRFS info (device loop2): enabling ssd optimizations [ 207.487507][ T5994] BTRFS info (device loop2): turning on async discard [ 207.494827][ T5994] BTRFS info (device loop2): enabling free space tree [ 207.501902][ T5994] BTRFS info (device loop2): use zstd compression, level 3 [ 207.761415][ T30] audit: type=1800 audit(1767171289.418:2): pid=5994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3" name="file2" dev="loop2" ino=261 res=0 errno=0 [ 207.934153][ T792] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 662ms [ 207.942956][ T792] gfs2: fsid=syz:syz.0: jid=0: Done [ 207.948437][ T5995] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 208.031233][ T3988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.039236][ T3988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.212081][ T2925] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.220261][ T2925] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.303377][ T6021] loop1: detected capacity change from 0 to 512 [ 208.530024][ T6021] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 208.542825][ T6021] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 208.553741][ T6021] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.2: Corrupt directory, running e2fsck is recommended [ 208.694968][ T6021] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 208.706439][ T6021] EXT4-fs error (device loop1): ext4_iget_extra_inode:5073: inode #15: comm syz.1.2: corrupted in-inode xattr: e_name out of bounds [ 208.762117][ T5995] gfs2: fsid=syz:syz.0: found 1 quota changes [ 208.992708][ T6021] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2: couldn't read orphan inode 15 (err -117) [ 209.016871][ T5815] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 11 2339, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 402 [ 209.033732][ T5815] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:aqonN t:EX d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 209.044162][ T5815] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5815 [syz-executor] gfs2_quota_sync+0x6b7/0xb30 [ 209.054866][ T5815] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 209.061259][ T5806] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 209.063561][ T5815] CPU: 1 UID: 0 PID: 5815 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 209.063698][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 209.063791][ T5815] Call Trace: [ 209.063841][ T5815] [ 209.063891][ T5815] __dump_stack+0x26/0x30 [ 209.064062][ T5815] dump_stack_lvl+0x14c/0x1c0 [ 209.064224][ T5815] dump_stack+0x1e/0x25 [ 209.064369][ T5815] gfs2_withdraw+0xd5/0x270 [ 209.064544][ T5815] gfs2_consist_inode_i+0x1a9/0x240 [ 209.064741][ T5815] inode_go_instantiate+0x13bf/0x1ed0 [ 209.064973][ T5815] ? __pfx_inode_go_instantiate+0x10/0x10 [ 209.065148][ T5815] gfs2_instantiate+0x24f/0x4b0 [ 209.065347][ T5815] gfs2_glock_wait+0x26a/0x3b0 [ 209.065489][ T5815] gfs2_glock_nq+0x1263/0x2c90 [ 209.065614][ T5815] ? kmsan_get_metadata+0xfb/0x160 [ 209.065848][ T5815] do_sync+0x6c4/0x1610 [ 209.065999][ T5815] ? gfs2_quota_sync+0x6b7/0xb30 [ 209.066182][ T5815] ? kmsan_get_metadata+0xfb/0x160 [ 209.066356][ T5815] ? gfs2_quota_sync+0x6b7/0xb30 [ 209.066522][ T5815] gfs2_quota_sync+0x6b7/0xb30 [ 209.066679][ T5815] ? writeback_inodes_sb+0x3a6/0x410 [ 209.066865][ T5815] gfs2_sync_fs+0x57/0x100 [ 209.066999][ T5815] ? __pfx_gfs2_sync_fs+0x10/0x10 [ 209.067133][ T5815] sync_filesystem+0x131/0x3c0 [ 209.067310][ T5815] ? shrink_dcache_for_umount+0xf9/0x210 [ 209.067462][ T5815] generic_shutdown_super+0x8d/0x4b0 [ 209.067629][ T5815] kill_block_super+0x42/0xd0 [ 209.067797][ T5815] gfs2_kill_sb+0x4aa/0x580 [ 209.067992][ T5815] ? __pfx_gfs2_kill_sb+0x10/0x10 [ 209.068162][ T5815] deactivate_locked_super+0xcb/0x3c0 [ 209.068329][ T5815] deactivate_super+0x12f/0x140 [ 209.068482][ T5815] cleanup_mnt+0x7a2/0x820 [ 209.068625][ T5815] ? __pfx___cleanup_mnt+0x10/0x10 [ 209.068756][ T5815] __cleanup_mnt+0x22/0x30 [ 209.068880][ T5815] task_work_run+0x209/0x2b0 [ 209.069057][ T5815] exit_to_user_mode_loop+0x301/0x1b70 [ 209.069243][ T5815] ? user_path_at+0x241/0x3e0 [ 209.069404][ T5815] ? __x64_sys_umount+0x1dc/0x250 [ 209.069586][ T5815] do_syscall_64+0x1e5/0xf80 [ 209.069756][ T5815] ? clear_bhb_loop+0x40/0x90 [ 209.069914][ T5815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.070070][ T5815] RIP: 0033:0x7f5111790a77 [ 209.070183][ T5815] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 209.070299][ T5815] RSP: 002b:00007ffde75016d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 209.070435][ T5815] RAX: 0000000000000000 RBX: 00007f5111813d7d RCX: 00007f5111790a77 [ 209.070544][ T5815] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde7501790 [ 209.070629][ T5815] RBP: 00007ffde7501790 R08: 0000000000000000 R09: 0000000000000000 [ 209.070713][ T5815] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffde7502820 [ 209.070801][ T5815] R13: 00007f5111813d7d R14: 000000000003273b R15: 00007ffde7502860 [ 209.070937][ T5815] [ 209.071466][ T5815] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 209.435965][ T6021] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.470696][ T6021] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 209.485311][ T6021] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 209.496867][ T6021] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.2: Corrupt directory, running e2fsck is recommended [ 209.638333][ T6021] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 209.652505][ T6021] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 209.663194][ T6021] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.2: Corrupt directory, running e2fsck is recommended [ 209.810072][ T6030] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 209.824722][ T6030] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 209.838621][ T6030] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.2: Corrupt directory, running e2fsck is recommended [ 209.931525][ T6025] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 210.053020][ T6033] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 210.638274][ T5804] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.876374][ T6034] loop4: detected capacity change from 0 to 32768 [ 210.886231][ T6034] btrfs: Deprecated parameter 'usebackuproot' [ 210.892741][ T6034] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 210.904459][ T6034] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.5 (6034) [ 210.934078][ T6034] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 210.944715][ T6034] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 211.138755][ T4115] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 211.152886][ T6034] BTRFS error (device loop4): failed to load root extent [ 211.160309][ T6034] BTRFS warning (device loop4): try to load backup roots slot 1 [ 211.231633][ T1900] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 211.245425][ T6034] BTRFS warning (device loop4): couldn't read tree root [ 211.254188][ T6034] BTRFS warning (device loop4): try to load backup roots slot 2 [ 211.269227][ T4192] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 211.280308][ T6034] BTRFS warning (device loop4): couldn't read tree root [ 211.289660][ T6034] BTRFS warning (device loop4): try to load backup roots slot 3 [ 211.438269][ T6034] BTRFS info (device loop4): rebuilding free space tree [ 211.522060][ T6034] BTRFS info (device loop4): checking UUID tree [ 211.532604][ T6034] BTRFS info (device loop4): enabling ssd optimizations [ 211.539767][ T6034] BTRFS info (device loop4): turning off barriers [ 211.547091][ T6034] BTRFS info (device loop4): turning on sync discard [ 211.554131][ T6034] BTRFS info (device loop4): enabling free space tree [ 211.561176][ T6034] BTRFS info (device loop4): force clearing of disk cache [ 211.568471][ T6034] BTRFS info (device loop4): enabling auto defrag [ 211.581550][ T6034] BTRFS info (device loop4): trying to use backup root at mount time [ 211.589846][ T6034] BTRFS info (device loop4): use zlib compression, level 3 [ 212.488339][ T30] audit: type=1800 audit(1767171293.518:3): pid=6034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5" name="file1" dev="loop4" ino=257 res=0 errno=0 [ 212.552373][ T6052] loop1: detected capacity change from 0 to 40427 [ 212.664433][ T6052] F2FS-fs (loop1): Invalid log_blocksize (262156), supports only 12 [ 212.673165][ T6052] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 212.738463][ T6052] F2FS-fs (loop1): invalid crc value [ 213.058808][ T6057] loop2: detected capacity change from 0 to 32768 [ 213.245366][ T6057] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 213.253911][ T6057] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 213.331379][ T6057] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 213.367765][ T792] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 213.369812][ T6052] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 213.375011][ T792] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 213.587134][ T6052] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 213.594526][ T6052] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 213.759149][ T5804] syz-executor: attempt to access beyond end of device [ 213.759149][ T5804] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 213.774741][ T5804] CPU: 1 UID: 0 PID: 5804 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 213.774881][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 213.774959][ T5804] Call Trace: [ 213.775006][ T5804] [ 213.775053][ T5804] __dump_stack+0x26/0x30 [ 213.775213][ T5804] dump_stack_lvl+0x14c/0x1c0 [ 213.775376][ T5804] dump_stack+0x1e/0x25 [ 213.775527][ T5804] f2fs_handle_critical_error+0xa6f/0xc20 [ 213.775736][ T5804] f2fs_stop_checkpoint+0x65/0x80 [ 213.775914][ T5804] f2fs_write_end_io+0x101c/0x1bc0 [ 213.776139][ T5804] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 213.776316][ T5804] bio_endio+0xf96/0x10f0 [ 213.776524][ T5804] submit_bio_noacct+0x2009/0x2930 [ 213.776723][ T5804] submit_bio+0x57c/0x630 [ 213.776871][ T5804] f2fs_submit_write_bio+0x92/0x250 [ 213.777040][ T5804] __submit_merged_bio+0x16f/0x6a0 [ 213.777201][ T5804] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 213.777399][ T5804] __submit_merged_write_cond+0x44a/0x990 [ 213.777592][ T5804] f2fs_write_data_pages+0x4cf3/0x57a0 [ 213.777923][ T5804] ? update_misfit_status+0x32/0xaa0 [ 213.778090][ T5804] ? kmsan_get_metadata+0xfb/0x160 [ 213.778272][ T5804] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 213.778476][ T5804] ? __set_next_task_fair+0x29f/0x6e0 [ 213.778680][ T5804] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 213.778861][ T5804] ? kmsan_get_metadata+0xfb/0x160 [ 213.779041][ T5804] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 213.779226][ T5804] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 213.779408][ T5804] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 213.779582][ T5804] do_writepages+0x3f2/0x860 [ 213.779722][ T5804] ? _raw_spin_unlock+0x30/0x50 [ 213.779866][ T5804] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 213.780094][ T5804] filemap_fdatawrite+0x207/0x260 [ 213.780329][ T5804] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 213.780559][ T5804] f2fs_write_checkpoint+0x10a4/0x3730 [ 213.780783][ T5804] ? stack_depot_save_flags+0x610/0x790 [ 213.780981][ T5804] kill_f2fs_super+0x321/0x9a0 [ 213.781140][ T5804] ? __pfx_kill_f2fs_super+0x10/0x10 [ 213.781264][ T5804] deactivate_locked_super+0xcb/0x3c0 [ 213.781435][ T5804] deactivate_super+0x12f/0x140 [ 213.781580][ T5804] cleanup_mnt+0x7a2/0x820 [ 213.781718][ T5804] ? __pfx___cleanup_mnt+0x10/0x10 [ 213.781847][ T5804] __cleanup_mnt+0x22/0x30 [ 213.781969][ T5804] task_work_run+0x209/0x2b0 [ 213.782139][ T5804] exit_to_user_mode_loop+0x301/0x1b70 [ 213.782321][ T5804] ? user_path_at+0x241/0x3e0 [ 213.782486][ T5804] ? __x64_sys_umount+0x1dc/0x250 [ 213.782663][ T5804] do_syscall_64+0x1e5/0xf80 [ 213.782830][ T5804] ? clear_bhb_loop+0x40/0x90 [ 213.782970][ T5804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.783114][ T5804] RIP: 0033:0x7f9f9f590a77 [ 213.783216][ T5804] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 213.783330][ T5804] RSP: 002b:00007ffec58c9838 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 213.783462][ T5804] RAX: 0000000000000000 RBX: 00007f9f9f613d7d RCX: 00007f9f9f590a77 [ 213.783551][ T5804] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec58c98f0 [ 213.783634][ T5804] RBP: 00007ffec58c98f0 R08: 0000000000000000 R09: 0000000000000000 [ 213.783717][ T5804] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffec58ca980 [ 213.783805][ T5804] R13: 00007f9f9f613d7d R14: 00000000000342aa R15: 00007ffec58ca9c0 [ 213.783933][ T5804] [ 214.131720][ T5804] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 214.157481][ T5804] CPU: 1 UID: 0 PID: 5804 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 214.157624][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 214.157701][ T5804] Call Trace: [ 214.157749][ T5804] [ 214.157797][ T5804] __dump_stack+0x26/0x30 [ 214.157961][ T5804] dump_stack_lvl+0x14c/0x1c0 [ 214.158124][ T5804] dump_stack+0x1e/0x25 [ 214.158270][ T5804] f2fs_handle_critical_error+0xa6f/0xc20 [ 214.158493][ T5804] f2fs_stop_checkpoint+0x65/0x80 [ 214.158672][ T5804] f2fs_write_end_io+0x101c/0x1bc0 [ 214.158901][ T5804] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 214.159079][ T5804] bio_endio+0xf96/0x10f0 [ 214.159284][ T5804] submit_bio_noacct+0x2009/0x2930 [ 214.159488][ T5804] submit_bio+0x57c/0x630 [ 214.159637][ T5804] f2fs_submit_write_bio+0x92/0x250 [ 214.159806][ T5804] __submit_merged_bio+0x16f/0x6a0 [ 214.159969][ T5804] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 214.160169][ T5804] __submit_merged_write_cond+0x44a/0x990 [ 214.160358][ T5804] f2fs_write_data_pages+0x4cf3/0x57a0 [ 214.160694][ T5804] ? update_misfit_status+0x32/0xaa0 [ 214.160863][ T5804] ? kmsan_get_metadata+0xfb/0x160 [ 214.161042][ T5804] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 214.161235][ T5804] ? __set_next_task_fair+0x29f/0x6e0 [ 214.161433][ T5804] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 214.161605][ T5804] ? kmsan_get_metadata+0xfb/0x160 [ 214.161775][ T5804] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 214.161959][ T5804] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 214.162131][ T5804] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 214.162307][ T5804] do_writepages+0x3f2/0x860 [ 214.162456][ T5804] ? _raw_spin_unlock+0x30/0x50 [ 214.162602][ T5804] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 214.162830][ T5804] filemap_fdatawrite+0x207/0x260 [ 214.163066][ T5804] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 214.163293][ T5804] f2fs_write_checkpoint+0x10a4/0x3730 [ 214.163524][ T5804] ? stack_depot_save_flags+0x610/0x790 [ 214.163724][ T5804] kill_f2fs_super+0x321/0x9a0 [ 214.163894][ T5804] ? __pfx_kill_f2fs_super+0x10/0x10 [ 214.164026][ T5804] deactivate_locked_super+0xcb/0x3c0 [ 214.164196][ T5804] deactivate_super+0x12f/0x140 [ 214.164348][ T5804] cleanup_mnt+0x7a2/0x820 [ 214.164498][ T5804] ? __pfx___cleanup_mnt+0x10/0x10 [ 214.164630][ T5804] __cleanup_mnt+0x22/0x30 [ 214.164754][ T5804] task_work_run+0x209/0x2b0 [ 214.164925][ T5804] exit_to_user_mode_loop+0x301/0x1b70 [ 214.165112][ T5804] ? user_path_at+0x241/0x3e0 [ 214.165270][ T5804] ? __x64_sys_umount+0x1dc/0x250 [ 214.165453][ T5804] do_syscall_64+0x1e5/0xf80 [ 214.165620][ T5804] ? clear_bhb_loop+0x40/0x90 [ 214.165768][ T5804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.165913][ T5804] RIP: 0033:0x7f9f9f590a77 [ 214.166013][ T5804] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 214.166125][ T5804] RSP: 002b:00007ffec58c9838 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 214.166253][ T5804] RAX: 0000000000000000 RBX: 00007f9f9f613d7d RCX: 00007f9f9f590a77 [ 214.166342][ T5804] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec58c98f0 [ 214.166430][ T5804] RBP: 00007ffec58c98f0 R08: 0000000000000000 R09: 0000000000000000 [ 214.166514][ T5804] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffec58ca980 [ 214.166601][ T5804] R13: 00007f9f9f613d7d R14: 00000000000342aa R15: 00007ffec58ca9c0 [ 214.166729][ T5804] [ 214.517846][ T5804] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 214.558739][ T792] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 1183ms [ 214.567563][ T792] gfs2: fsid=syz:syz.0: jid=0: Done [ 214.574058][ T6057] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 214.626112][ T6057] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 216.163537][ T5814] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 216.753369][ T6070] loop3: detected capacity change from 0 to 40427 [ 216.766617][ T6070] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 216.776720][ T6070] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 216.790306][ T6070] F2FS-fs (loop3): invalid crc value [ 217.200808][ T6070] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 217.230286][ T6070] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 217.237857][ T6070] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 217.289449][ T6082] netlink: 12 bytes leftover after parsing attributes in process `syz.0.18'. [ 217.323214][ T6079] loop1: detected capacity change from 0 to 64 [ 217.403920][ T6082] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18'. [ 217.416764][ T6082] team0: entered promiscuous mode [ 217.422266][ T6082] team_slave_0: entered promiscuous mode [ 217.429153][ T6082] team_slave_1: entered promiscuous mode [ 217.436108][ T6082] team0: entered allmulticast mode [ 217.441567][ T6082] team_slave_0: entered allmulticast mode [ 217.447539][ T6082] team_slave_1: entered allmulticast mode [ 217.673228][ T6082] dummy0: entered promiscuous mode [ 217.679474][ T6082] dummy0: entered allmulticast mode [ 217.689346][ T6082] team0: Port device dummy0 added [ 217.748838][ T6083] netlink: 'syz.1.17': attribute type 2 has an invalid length. [ 218.548777][ T6087] random: crng reseeded on system resumption [ 218.862983][ T6093] ======================================================= [ 218.862983][ T6093] WARNING: The mand mount option has been deprecated and [ 218.862983][ T6093] and is ignored by this kernel. Remove the mand [ 218.862983][ T6093] option from the mount to silence this warning. [ 218.862983][ T6093] ======================================================= [ 218.899462][ T6093] 9p: Bad value for 'wfdno' [ 219.003170][ T6095] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21'. [ 219.012549][ T6095] netlink: 'syz.1.21': attribute type 30 has an invalid length. [ 219.015656][ T6096] syz.0.20 uses obsolete (PF_INET,SOCK_PACKET) [ 219.205982][ T3988] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 219.247671][ T6095] Zero length message leads to an empty skb [ 219.282676][ T3988] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 219.337180][ T3520] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 219.389637][ T3520] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 219.713790][ T6101] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24'. [ 219.803244][ T6102] binder: 6099:6102 ioctl c018620c 200000000040 returned -22 [ 219.957592][ T6104] loop2: detected capacity change from 0 to 512 [ 220.256872][ T6104] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.270062][ T6104] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 220.411668][ T6104] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 220.460257][ T6105] loop1: detected capacity change from 0 to 4096 [ 220.554870][ T6104] EXT4-fs (loop2): Remounting filesystem read-only [ 220.631175][ T6105] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 220.640039][ T6105] UDF-fs: Scanning with blocksize 512 failed [ 220.702140][ T6116] loop5: detected capacity change from 0 to 7 [ 220.715845][ T6116] loop5: [ 220.719016][ T6116] loop5: partition table partially beyond EOD, truncated [ 220.882808][ T6105] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 220.947165][ T6118] netlink: 8 bytes leftover after parsing attributes in process `syz.0.28'. [ 220.956305][ T6118] netlink: 8 bytes leftover after parsing attributes in process `syz.0.28'. [ 221.120242][ T6118] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 221.128117][ T6118] macvlan2: entered allmulticast mode [ 221.134034][ T6118] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 221.136732][ T6119] (syz.0.28,6119,0):dlmfs_mkdir:421 ERROR: invalid domain name for directory. [ 221.908322][ T5888] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 222.111652][ T5888] usb 3-1: device descriptor read/64, error -71 [ 222.164258][ T6129] netlink: 32 bytes leftover after parsing attributes in process `syz.1.31'. [ 222.297418][ T6127] loop3: detected capacity change from 0 to 2048 [ 222.346441][ T6127] nilfs2: Unknown parameter 'ÿÿÿÿÿÿÿÿ00000000000000000000' [ 222.391623][ T5888] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 222.581445][ T5888] usb 3-1: device descriptor read/64, error -71 [ 222.703050][ T5888] usb usb3-port1: attempt power cycle [ 222.929440][ T5806] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.959213][ T3520] Quota error (device loop2): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync! [ 222.972093][ T3520] Quota error (device loop2): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync! [ 223.852123][ T6132] loop0: detected capacity change from 0 to 32768 [ 223.886413][ T6144] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 223.903355][ T6132] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 223.913482][ T6132] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 223.940533][ T6132] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 223.958422][ T5865] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 223.970730][ T5865] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 224.368269][ T5865] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 397ms [ 224.384304][ T5865] gfs2: fsid=syz:syz.0: jid=0: Done [ 224.389816][ T6132] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 224.397567][ T6152] loop2: detected capacity change from 0 to 1024 [ 224.561328][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 224.567965][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 224.894494][ T6132] gfs2: fsid=syz:syz.0: found 1 quota changes [ 224.999834][ T6152] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.072184][ T6131] sp0: Synchronizing with TNC [ 225.514511][ T5806] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.941433][ T5808] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 11 2339, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 402 [ 225.956442][ T5808] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:aqonN t:EX d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 225.966115][ T5808] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5808 [syz-executor] gfs2_quota_sync+0x6b7/0xb30 [ 225.976678][ T5808] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 225.985214][ T5808] CPU: 0 UID: 0 PID: 5808 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(none) [ 225.985388][ T5808] Tainted: [L]=SOFTLOCKUP [ 225.985437][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 225.985511][ T5808] Call Trace: [ 225.985565][ T5808] [ 225.985613][ T5808] __dump_stack+0x26/0x30 [ 225.985771][ T5808] dump_stack_lvl+0x14c/0x1c0 [ 225.985933][ T5808] dump_stack+0x1e/0x25 [ 225.986077][ T5808] gfs2_withdraw+0xd5/0x270 [ 225.986250][ T5808] gfs2_consist_inode_i+0x1a9/0x240 [ 225.986440][ T5808] inode_go_instantiate+0x13bf/0x1ed0 [ 225.986672][ T5808] ? __pfx_inode_go_instantiate+0x10/0x10 [ 225.986843][ T5808] gfs2_instantiate+0x24f/0x4b0 [ 225.987042][ T5808] gfs2_glock_wait+0x26a/0x3b0 [ 225.987186][ T5808] gfs2_glock_nq+0x1263/0x2c90 [ 225.987310][ T5808] ? kmsan_get_metadata+0xfb/0x160 [ 225.987546][ T5808] do_sync+0x6c4/0x1610 [ 225.987698][ T5808] ? gfs2_quota_sync+0x6b7/0xb30 [ 225.987887][ T5808] ? kmsan_get_metadata+0xfb/0x160 [ 225.988062][ T5808] ? gfs2_quota_sync+0x6b7/0xb30 [ 225.988226][ T5808] gfs2_quota_sync+0x6b7/0xb30 [ 225.988381][ T5808] ? writeback_inodes_sb+0x3a6/0x410 [ 225.988546][ T5808] gfs2_sync_fs+0x57/0x100 [ 225.988675][ T5808] ? __pfx_gfs2_sync_fs+0x10/0x10 [ 225.988807][ T5808] sync_filesystem+0x131/0x3c0 [ 225.988983][ T5808] ? shrink_dcache_for_umount+0xf9/0x210 [ 225.989132][ T5808] generic_shutdown_super+0x8d/0x4b0 [ 225.989298][ T5808] kill_block_super+0x42/0xd0 [ 225.989485][ T5808] gfs2_kill_sb+0x4aa/0x580 [ 225.989679][ T5808] ? __pfx_gfs2_kill_sb+0x10/0x10 [ 225.989844][ T5808] deactivate_locked_super+0xcb/0x3c0 [ 225.990012][ T5808] deactivate_super+0x12f/0x140 [ 225.990164][ T5808] cleanup_mnt+0x7a2/0x820 [ 225.990307][ T5808] ? __pfx___cleanup_mnt+0x10/0x10 [ 225.990440][ T5808] __cleanup_mnt+0x22/0x30 [ 225.990570][ T5808] task_work_run+0x209/0x2b0 [ 225.990740][ T5808] exit_to_user_mode_loop+0x301/0x1b70 [ 225.990925][ T5808] ? user_path_at+0x241/0x3e0 [ 225.991084][ T5808] ? __x64_sys_umount+0x1dc/0x250 [ 225.991254][ T5808] do_syscall_64+0x1e5/0xf80 [ 225.991419][ T5808] ? clear_bhb_loop+0x40/0x90 [ 225.991568][ T5808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.991712][ T5808] RIP: 0033:0x7f7bd1790a77 [ 225.991812][ T5808] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 225.991925][ T5808] RSP: 002b:00007ffec2e15b68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 225.992051][ T5808] RAX: 0000000000000000 RBX: 00007f7bd1813d7d RCX: 00007f7bd1790a77 [ 225.992140][ T5808] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec2e15c20 [ 225.992222][ T5808] RBP: 00007ffec2e15c20 R08: 0000000000000000 R09: 0000000000000000 [ 225.992305][ T5808] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffec2e16cb0 [ 225.992392][ T5808] R13: 00007f7bd1813d7d R14: 0000000000037012 R15: 00007ffec2e16cf0 [ 225.992516][ T5808] [ 226.292237][ T5808] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 226.341235][ T6170] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 226.620811][ T6173] program syz.1.46 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 226.637798][ T6172] program syz.1.46 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 226.705851][ T6173] PKCS7: Unknown OID: [4] 0.38.35.36.951720.33.17 [ 226.712728][ T6173] PKCS7: Only support pkcs7_signedData type [ 226.740113][ T6172] PKCS7: Unknown OID: [4] 0.38.35.36.951720.33.17 [ 226.747008][ T6172] PKCS7: Only support pkcs7_signedData type [ 226.774583][ T6173] overlay: ./file0 is not a directory [ 226.852987][ T6163] loop3: detected capacity change from 0 to 8192 [ 226.889728][ T6163] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 226.919564][ T6176] 9pnet_fd: Insufficient options for proto=fd [ 228.319590][ T6182] loop4: detected capacity change from 0 to 4096 [ 228.537732][ T6180] loop1: detected capacity change from 0 to 32768 [ 228.537778][ T6185] loop2: detected capacity change from 0 to 128 [ 228.607734][ T6180] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 228.609382][ T6182] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.615422][ T6180] CPU: 0 UID: 0 PID: 6180 Comm: syz.1.49 Tainted: G L syzkaller #0 PREEMPT(none) [ 228.615585][ T6180] Tainted: [L]=SOFTLOCKUP [ 228.615641][ T6180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 228.615719][ T6180] Call Trace: [ 228.615768][ T6180] [ 228.615816][ T6180] __dump_stack+0x26/0x30 [ 228.615979][ T6180] dump_stack_lvl+0x14c/0x1c0 [ 228.616138][ T6180] dump_stack+0x1e/0x25 [ 228.616283][ T6180] sysfs_create_dir_ns+0x46c/0x540 [ 228.616466][ T6180] kobject_add_internal+0xf0f/0x1870 [ 228.616649][ T6180] kobject_init_and_add+0x371/0x4e0 [ 228.616831][ T6180] ? kmsan_get_metadata+0xfb/0x160 [ 228.617018][ T6180] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 228.617219][ T6180] gfs2_sys_fs_add+0x23d/0x620 [ 228.617381][ T6180] ? kmsan_get_shadow_origin_ptr+0x20/0xb0 [ 228.617584][ T6180] gfs2_fill_super+0x2859/0x3ff0 [ 228.617768][ T6180] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 228.618017][ T6180] get_tree_bdev_flags+0x6e6/0x920 [ 228.618188][ T6180] ? __pfx_gfs2_fill_super+0x10/0x10 [ 228.618367][ T6180] ? __pfx_gfs2_fill_super+0x10/0x10 [ 228.618538][ T6180] ? __pfx_gfs2_get_tree+0x10/0x10 [ 228.618717][ T6180] get_tree_bdev+0x38/0x50 [ 228.618877][ T6180] gfs2_get_tree+0x57/0x350 [ 228.619056][ T6180] ? __pfx_gfs2_get_tree+0x10/0x10 [ 228.619229][ T6180] vfs_get_tree+0xb3/0x5c0 [ 228.619402][ T6180] do_new_mount+0x879/0x1700 [ 228.619572][ T6180] ? kmsan_get_metadata+0xfb/0x160 [ 228.619792][ T6180] path_mount+0x749/0x1fb0 [ 228.619970][ T6180] ? user_path_at+0x241/0x3e0 [ 228.620131][ T6180] __se_sys_mount+0x6f7/0x7e0 [ 228.620307][ T6180] ? kmsan_get_metadata+0xfb/0x160 [ 228.620516][ T6180] __x64_sys_mount+0xe4/0x150 [ 228.620711][ T6180] x64_sys_call+0x38cb/0x3e70 [ 228.620885][ T6180] do_syscall_64+0xd3/0xf80 [ 228.621058][ T6180] ? clear_bhb_loop+0x40/0x90 [ 228.621206][ T6180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.621350][ T6180] RIP: 0033:0x7f9f9f590eea [ 228.621452][ T6180] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.621568][ T6180] RSP: 002b:00007f9fa03a1e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 228.621715][ T6180] RAX: ffffffffffffffda RBX: 00007f9fa03a1ef0 RCX: 00007f9f9f590eea [ 228.621813][ T6180] RDX: 0000200000000080 RSI: 0000200000000380 RDI: 00007f9fa03a1eb0 [ 228.621909][ T6180] RBP: 0000200000000080 R08: 00007f9fa03a1ef0 R09: 0000000001018010 [ 228.622002][ T6180] R10: 0000000001018010 R11: 0000000000000246 R12: 0000200000000380 [ 228.622090][ T6180] R13: 00007f9fa03a1eb0 R14: 0000000000012616 R15: 0000200000000280 [ 228.622219][ T6180] [ 228.622567][ T6180] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 228.765742][ T6185] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 228.770283][ T6180] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 228.918380][ T6185] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 229.072392][ T6182] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.50: bg 0: block 400: padding at end of block bitmap is not set [ 229.137011][ T6182] fs-verity (loop4, inode 16): Error -117 writing Merkle tree block 0 [ 229.145994][ T6182] fs-verity (loop4, inode 16): Error -117 building Merkle tree [ 229.162435][ T6192] netlink: 8 bytes leftover after parsing attributes in process `syz.1.49'. [ 229.202012][ T6192] fuse: Bad value for 'fd' [ 229.862343][ T5814] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.526926][ T6198] netlink: 28 bytes leftover after parsing attributes in process `syz.1.54'. [ 230.536460][ T6198] netlink: 28 bytes leftover after parsing attributes in process `syz.1.54'. [ 230.561648][ T6198] ip6gretap0: entered promiscuous mode [ 230.572692][ T6198] syz_tun: entered promiscuous mode [ 231.005469][ T6193] loop3: detected capacity change from 0 to 65536 [ 231.073954][ T6193] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 231.396495][ T6193] XFS (loop3): Ending clean mount [ 231.450313][ T5808] gfs2: fsid=syz:syz.0: warning: assertion "gfs2_log_is_empty(sdp)" failed - function = gfs2_make_fs_ro, file = fs/gfs2/super.c, line = 564 [ 231.465965][ T5808] CPU: 0 UID: 0 PID: 5808 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(none) [ 231.466136][ T5808] Tainted: [L]=SOFTLOCKUP [ 231.466186][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 231.466264][ T5808] Call Trace: [ 231.466313][ T5808] [ 231.466361][ T5808] __dump_stack+0x26/0x30 [ 231.466530][ T5808] dump_stack_lvl+0x14c/0x1c0 [ 231.466710][ T5808] dump_stack+0x1e/0x25 [ 231.466857][ T5808] gfs2_assert_warn_i+0x2d8/0x470 [ 231.467065][ T5808] gfs2_make_fs_ro+0x4fd/0x500 [ 231.467194][ T5808] ? __pfx_autoremove_wake_function+0x10/0x10 [ 231.467413][ T5808] gfs2_put_super+0x3bc/0x10b0 [ 231.467564][ T5808] ? kmsan_get_metadata+0xfb/0x160 [ 231.467752][ T5808] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 231.467946][ T5808] ? __pfx_gfs2_put_super+0x10/0x10 [ 231.468079][ T5808] generic_shutdown_super+0x1b0/0x4b0 [ 231.468244][ T5808] kill_block_super+0x42/0xd0 [ 231.468413][ T5808] gfs2_kill_sb+0x4aa/0x580 [ 231.468623][ T5808] ? __pfx_gfs2_kill_sb+0x10/0x10 [ 231.468793][ T5808] deactivate_locked_super+0xcb/0x3c0 [ 231.468978][ T5808] deactivate_super+0x12f/0x140 [ 231.469131][ T5808] cleanup_mnt+0x7a2/0x820 [ 231.469276][ T5808] ? __pfx___cleanup_mnt+0x10/0x10 [ 231.469409][ T5808] __cleanup_mnt+0x22/0x30 [ 231.469539][ T5808] task_work_run+0x209/0x2b0 [ 231.469713][ T5808] exit_to_user_mode_loop+0x301/0x1b70 [ 231.469899][ T5808] ? user_path_at+0x241/0x3e0 [ 231.470061][ T5808] ? __x64_sys_umount+0x1dc/0x250 [ 231.470240][ T5808] do_syscall_64+0x1e5/0xf80 [ 231.470411][ T5808] ? clear_bhb_loop+0x40/0x90 [ 231.470565][ T5808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.470711][ T5808] RIP: 0033:0x7f7bd1790a77 [ 231.470814][ T5808] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 231.470929][ T5808] RSP: 002b:00007ffec2e15b68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 231.471051][ T5808] RAX: 0000000000000000 RBX: 00007f7bd1813d7d RCX: 00007f7bd1790a77 [ 231.471137][ T5808] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec2e15c20 [ 231.471220][ T5808] RBP: 00007ffec2e15c20 R08: 0000000000000000 R09: 0000000000000000 [ 231.471304][ T5808] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffec2e16cb0 [ 231.471393][ T5808] R13: 00007f7bd1813d7d R14: 0000000000037012 R15: 00007ffec2e16cf0 [ 231.471528][ T5808] [ 232.115219][ T5806] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 232.189515][ T6208] loop4: detected capacity change from 0 to 32768 [ 232.198706][ T6208] ocfs2: Bad value for 'commit' [ 232.595376][ T5815] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 233.467547][ T6214] netlink: 'syz.4.58': attribute type 6 has an invalid length. [ 233.494688][ T6217] syz.2.56 (6217): /proc/6211/oom_adj is deprecated, please use /proc/6211/oom_score_adj instead. [ 234.137572][ T6225] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 234.178585][ T6224] loop3: detected capacity change from 0 to 512 [ 234.255996][ T6224] EXT4-fs: Ignoring removed nomblk_io_submit option [ 234.288659][ T6224] EXT4-fs (loop3): inodes count not valid: 32 vs 23 [ 234.683862][ T6230] netlink: 64 bytes leftover after parsing attributes in process `syz.0.45'. [ 234.709576][ T6230] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 234.769246][ T6231] netlink: 8 bytes leftover after parsing attributes in process `syz.1.62'. [ 234.875409][ T6231] syz_tun: refused to change device tx_queue_len [ 235.875879][ T6233] loop4: detected capacity change from 0 to 32768 [ 235.885817][ T6233] btrfs: Deprecated parameter 'usebackuproot' [ 235.892335][ T6233] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 235.975412][ T6233] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.63 (6233) [ 236.191608][ T6237] loop0: detected capacity change from 0 to 32768 [ 236.213579][ T6233] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 236.224287][ T6233] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm [ 236.449234][ T1306] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 236.465897][ T6233] BTRFS error (device loop4): failed to load root extent [ 236.474117][ T6233] BTRFS warning (device loop4): try to load backup roots slot 1 [ 236.559558][ T1306] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 236.573711][ T6233] BTRFS warning (device loop4): couldn't read tree root [ 236.580847][ T6233] BTRFS warning (device loop4): try to load backup roots slot 2 [ 236.629843][ T1306] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 236.640841][ T6233] BTRFS warning (device loop4): couldn't read tree root [ 236.651727][ T6233] BTRFS warning (device loop4): try to load backup roots slot 3 [ 236.720538][ T6233] BTRFS info (device loop4): rebuilding free space tree [ 236.757427][ T6233] BTRFS info (device loop4): checking UUID tree [ 236.770806][ T6233] BTRFS info (device loop4): enabling ssd optimizations [ 236.778118][ T6233] BTRFS info (device loop4): turning off barriers [ 236.784904][ T6233] BTRFS info (device loop4): turning on sync discard [ 236.792100][ T6233] BTRFS info (device loop4): enabling free space tree [ 236.799064][ T6233] BTRFS info (device loop4): force clearing of disk cache [ 236.806473][ T6233] BTRFS info (device loop4): enabling auto defrag [ 236.813169][ T6233] BTRFS info (device loop4): trying to use backup root at mount time [ 236.821648][ T6233] BTRFS info (device loop4): use zlib compression, level 3 [ 237.092013][ T6261] syz_tun: entered promiscuous mode [ 237.097613][ T6261] vlan2: entered promiscuous mode [ 237.196133][ T5814] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 237.988131][ T6262] loop1: detected capacity change from 0 to 2048 [ 239.602285][ T6274] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 240.035329][ T5859] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 240.272609][ T5859] usb 4-1: Using ep0 maxpacket: 32 [ 240.343563][ T5859] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 240.354470][ T5859] usb 4-1: config 0 has no interface number 0 [ 240.476601][ T5859] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 240.487862][ T5859] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.497107][ T5859] usb 4-1: Product: syz [ 240.501663][ T5859] usb 4-1: Manufacturer: syz [ 240.506437][ T5859] usb 4-1: SerialNumber: syz [ 240.594084][ T5888] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 240.635665][ T5859] usb 4-1: config 0 descriptor?? [ 240.705246][ T5859] smsc95xx v2.0.0 [ 240.709207][ T5859] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 240.720509][ T5859] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -22 [ 240.818995][ T5888] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 240.829450][ T5888] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 240.841880][ T5888] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 240.916603][ T5859] usb 4-1: USB disconnect, device number 2 [ 241.088668][ T5888] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 241.098232][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.106732][ T5888] usb 1-1: Product: syz [ 241.111372][ T5888] usb 1-1: Manufacturer: syz [ 241.116184][ T5888] usb 1-1: SerialNumber: syz [ 241.198499][ T5888] usb 1-1: config 0 descriptor?? [ 241.206893][ T6276] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 241.229046][ T6276] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 241.298358][ T5888] usb 1-1: ucan: probing device on interface #0 [ 241.460931][ T6285] loop1: detected capacity change from 0 to 164 [ 241.484026][ T6289] loop2: detected capacity change from 0 to 164 [ 241.521731][ T5888] usb 1-1: ucan: device protocol version 0 is not supported [ 241.529391][ T5888] usb 1-1: ucan: probe failed; try to update the device firmware [ 241.721928][ T6289] Unable to read rock-ridge attributes [ 241.749927][ T6285] rock: corrupted directory entry. extent=32, offset=131072, size=237 [ 242.102003][ T5888] usb 1-1: USB disconnect, device number 2 [ 243.428884][ T6297] loop3: detected capacity change from 0 to 32768 [ 243.705513][ T6299] loop0: detected capacity change from 0 to 1024 [ 243.751958][ T6299] EXT4-fs (loop0): stripe (32769) is not aligned with cluster size (16), stripe is disabled [ 243.897282][ T6302] netlink: 'syz.4.83': attribute type 12 has an invalid length. [ 243.973637][ T6299] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 244.054532][ T6305] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 244.530916][ T5888] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 244.779951][ T5888] usb 1-1: device descriptor read/all, error -61 [ 244.952081][ T5888] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 245.163733][ T5888] usb 1-1: device descriptor read/64, error -71 [ 245.276982][ T5888] usb usb1-port1: attempt power cycle [ 245.701310][ T5888] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 245.735132][ T6319] loop2: detected capacity change from 0 to 4096 [ 245.780057][ T5888] usb 1-1: device descriptor read/8, error -71 [ 245.814199][ T6319] nilfs2: Unexpected value for 'barrier' [ 246.046957][ T5888] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 246.114238][ T5888] usb 1-1: device descriptor read/8, error -71 [ 246.236941][ T5888] usb usb1-port1: unable to enumerate USB device [ 246.503157][ T6326] netlink: 4 bytes leftover after parsing attributes in process `syz.3.84'. [ 246.709358][ T6329] loop1: detected capacity change from 0 to 256 [ 246.833341][ T6329] loop9: detected capacity change from 0 to 7 [ 246.879397][ T6329] Dev loop9: unable to read RDB block 7 [ 246.886012][ T6329] loop9: AHDI p3 p4 [ 246.890244][ T6329] loop9: partition table partially beyond EOD, truncated [ 246.906140][ T6329] loop9: p3 start 1697644645 is beyond EOD, truncated [ 248.717824][ T6348] loop2: detected capacity change from 0 to 128 [ 248.727909][ T6343] loop3: detected capacity change from 0 to 32768 [ 248.737953][ T6343] btrfs: Deprecated parameter 'usebackuproot' [ 248.747751][ T6343] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 248.789478][ T6343] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.93 (6343) [ 248.816674][ T6343] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 248.827198][ T6343] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm [ 248.864576][ T6348] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 248.997063][ T1900] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 249.011591][ T6343] BTRFS error (device loop3): failed to load root extent [ 249.018982][ T6343] BTRFS warning (device loop3): try to load backup roots slot 1 [ 249.084081][ T6348] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 249.119362][ T1900] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 249.134835][ T6343] BTRFS warning (device loop3): couldn't read tree root [ 249.142790][ T6343] BTRFS warning (device loop3): try to load backup roots slot 2 [ 249.191662][ T6362] netlink: 'syz.1.95': attribute type 12 has an invalid length. [ 249.199672][ T6362] netlink: 'syz.1.95': attribute type 29 has an invalid length. [ 249.207491][ T1900] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 249.207851][ T6343] BTRFS warning (device loop3): couldn't read tree root [ 249.218419][ T6362] netlink: 148 bytes leftover after parsing attributes in process `syz.1.95'. [ 249.218548][ T6362] netlink: 59 bytes leftover after parsing attributes in process `syz.1.95'. [ 249.243911][ T6343] BTRFS warning (device loop3): try to load backup roots slot 3 [ 249.333209][ T6343] BTRFS info (device loop3): rebuilding free space tree [ 249.371230][ T6343] BTRFS info (device loop3): checking UUID tree [ 249.417650][ T6343] BTRFS info (device loop3): enabling ssd optimizations [ 249.425334][ T6343] BTRFS info (device loop3): turning off barriers [ 249.432161][ T6343] BTRFS info (device loop3): turning on sync discard [ 249.439023][ T6343] BTRFS info (device loop3): enabling free space tree [ 249.447198][ T6343] BTRFS info (device loop3): force clearing of disk cache [ 249.454744][ T6343] BTRFS info (device loop3): enabling auto defrag [ 249.464820][ T6343] BTRFS info (device loop3): trying to use backup root at mount time [ 249.473309][ T6343] BTRFS info (device loop3): use zlib compression, level 3 [ 249.532181][ T30] audit: type=1800 audit(1767171331.208:4): pid=6343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.93" name="file1" dev="loop3" ino=257 res=0 errno=0 [ 249.733869][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.847132][ T5815] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 250.082714][ T5805] Bluetooth: hci0: command tx timeout [ 250.412643][ T6371] netlink: 27 bytes leftover after parsing attributes in process `syz.2.99'. [ 250.852767][ T6372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.97'. [ 250.862332][ T6372] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 251.000308][ T6372] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 251.109751][ T6378] loop0: detected capacity change from 0 to 512 [ 251.699676][ T6384] loop1: detected capacity change from 0 to 1024 [ 251.804430][ T6383] loop2: detected capacity change from 0 to 512 [ 251.846328][ T6378] ------------[ cut here ]------------ [ 251.852266][ T6378] EA inode 11 i_nlink=2 [ 251.852363][ T6378] WARNING: fs/ext4/xattr.c:1058 at ext4_xattr_inode_update_ref+0x73c/0x800, CPU#1: syz.0.97/6378 [ 251.868171][ T6378] Modules linked in: [ 251.872541][ T6378] CPU: 1 UID: 0 PID: 6378 Comm: syz.0.97 Tainted: G L syzkaller #0 PREEMPT(none) [ 251.883847][ T6378] Tainted: [L]=SOFTLOCKUP [ 251.888485][ T6378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 251.899022][ T6378] RIP: 0010:ext4_xattr_inode_update_ref+0x7b6/0x800 [ 251.906279][ T6378] Code: 06 00 00 44 89 b3 70 09 00 00 48 c7 83 80 0c 00 00 00 00 00 00 4d 85 e4 75 38 45 85 ff 75 40 48 8b 7d c0 48 8b 75 d0 8b 55 b0 <67> 48 0f b9 3a e9 b9 fd ff ff 44 89 ef e8 08 42 57 ff 45 85 ff 0f [ 251.935612][ T6378] RSP: 0018:ffff888064036d98 EFLAGS: 00010246 [ 251.944614][ T6378] RAX: 0000000000000000 RBX: ffff888055340b90 RCX: 00000000005b6e4a [ 251.953101][ T6378] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff9273d080 [ 251.961540][ T6378] RBP: ffff888064036e20 R08: ffffea000000000f R09: 0000000000000000 [ 251.969717][ T6378] R10: ffff888063836ce0 R11: 00000000abcd0100 R12: 0000000000000000 [ 251.978169][ T6378] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 251.986626][ T6378] FS: 00007f7bd25596c0(0000) GS:ffff8881aadfb000(0000) knlGS:0000000000000000 [ 251.996025][ T6378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 252.003156][ T6378] CR2: 00007f6ca1772a60 CR3: 00000000553ce000 CR4: 00000000003526f0 [ 252.011563][ T6378] Call Trace: [ 252.014991][ T6378] [ 252.018080][ T6378] ext4_xattr_set_entry+0x1169/0x3440 [ 252.034863][ T6378] ext4_xattr_ibody_set+0x437/0xa40 [ 252.040376][ T6378] ext4_expand_extra_isize_ea+0x2ea9/0x3bb0 [ 252.047109][ T6378] __ext4_expand_extra_isize+0x571/0x6f0 [ 252.053340][ T6378] __ext4_mark_inode_dirty+0x654/0x970 [ 252.059086][ T6378] ext4_evict_inode+0x167b/0x23d0 [ 252.064662][ T6378] ? __pfx_ext4_evict_inode+0x10/0x10 [ 252.070282][ T6378] evict+0x6a9/0xca0 [ 252.074711][ T6378] ? kmsan_get_metadata+0xfb/0x160 [ 252.080099][ T6378] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 252.087098][ T6378] iput+0xc6f/0x1070 [ 252.091506][ T6378] ext4_process_orphan+0x49a/0x520 [ 252.096880][ T6378] ext4_orphan_cleanup+0x10a6/0x1e30 [ 252.102685][ T6378] ext4_fill_super+0xa5d3/0xae50 [ 252.107943][ T6378] ? kmsan_get_metadata+0xfb/0x160 [ 252.113626][ T6378] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 252.119741][ T6378] ? sb_set_blocksize+0x24e/0x390 [ 252.134113][ T6378] get_tree_bdev_flags+0x6e6/0x920 [ 252.139517][ T6378] ? __pfx_ext4_fill_super+0x10/0x10 [ 252.147771][ T6378] ? __pfx_ext4_fill_super+0x10/0x10 [ 252.153666][ T6378] ? __pfx_ext4_get_tree+0x10/0x10 [ 252.159051][ T6378] get_tree_bdev+0x38/0x50 [ 252.164076][ T6378] ext4_get_tree+0x35/0x40 [ 252.168797][ T6378] vfs_get_tree+0xb3/0x5c0 [ 252.173765][ T6378] do_new_mount+0x879/0x1700 [ 252.178637][ T6378] ? kmsan_get_metadata+0xfb/0x160 [ 252.184356][ T6378] path_mount+0x749/0x1fb0 [ 252.189059][ T6378] ? user_path_at+0x241/0x3e0 [ 252.194263][ T6378] __se_sys_mount+0x6f7/0x7e0 [ 252.199215][ T6378] ? kmsan_get_metadata+0xfb/0x160 [ 252.204935][ T6378] __x64_sys_mount+0xe4/0x150 [ 252.209899][ T6378] x64_sys_call+0x38cb/0x3e70 [ 252.215192][ T6378] do_syscall_64+0xd3/0xf80 [ 252.219976][ T6378] ? clear_bhb_loop+0x40/0x90 [ 252.234204][ T6378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.245126][ T6378] RIP: 0033:0x7f7bd1790eea [ 252.251844][ T6378] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.273499][ T6378] RSP: 002b:00007f7bd2558e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 252.282811][ T6378] RAX: ffffffffffffffda RBX: 00007f7bd2558ef0 RCX: 00007f7bd1790eea [ 252.291286][ T6378] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f7bd2558eb0 [ 252.299447][ T6378] RBP: 0000200000000180 R08: 00007f7bd2558ef0 R09: 0000000001800700 [ 252.307857][ T6378] R10: 0000000001800700 R11: 0000000000000246 R12: 00002000000001c0 [ 252.317040][ T6378] R13: 00007f7bd2558eb0 R14: 000000000000047c R15: 0000200000000000 [ 252.334519][ T6378] [ 252.337701][ T6378] ---[ end trace 0000000000000000 ]--- [ 252.568525][ T6383] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 252.630613][ T6378] EXT4-fs (loop0): 1 orphan inode deleted [ 252.643096][ T6378] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 252.663218][ T792] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 252.822820][ T6378] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.895701][ T6383] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 252.949090][ T792] usb 5-1: Using ep0 maxpacket: 8 [ 252.964871][ T6383] System zones: 0-2, 18-18, 34-34 [ 252.999411][ T6383] EXT4-fs error (device loop2): ext4_quota_enable:7173: comm syz.2.103: Bad quota inum: 28, type: 1 [ 253.003873][ T792] usb 5-1: config index 0 descriptor too short (expected 30482, got 18) [ 253.019434][ T792] usb 5-1: config 0 has too many interfaces: 101, using maximum allowed: 32 [ 253.028777][ T792] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 101 [ 253.091717][ T6383] EXT4-fs (loop2): Remounting filesystem read-only [ 253.098439][ T6383] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=28). Please run e2fsck to fix. [ 253.217406][ T6383] EXT4-fs (loop2): mount failed [ 253.225040][ T792] usb 5-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= 5.00 [ 253.234935][ T792] usb 5-1: New USB device strings: Mfr=253, Product=255, SerialNumber=0 [ 253.244457][ T792] usb 5-1: Product: syz [ 253.254658][ T792] usb 5-1: Manufacturer: syz [ 253.378505][ T792] usb 5-1: config 0 descriptor?? [ 253.524567][ T792] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 253.535485][ T792] usb 5-1: Detected FT2232C/D [ 254.955137][ T6387] loop4: detected capacity change from 0 to 32768 [ 255.050059][ T6387] read_mapping_page failed! [ 255.055027][ T6387] jfs_mount: Failed to read AGGREGATE_I [ 255.060837][ T6387] Mount JFS Failure: -5 [ 255.065366][ T6387] jfs_mount failed w/return code = -5 [ 255.103995][ T6397] loop1: detected capacity change from 0 to 32768 [ 255.116533][ T6397] btrfs: Deprecated parameter 'usebackuproot' [ 255.122963][ T6397] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 255.138302][ T6397] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.106 (6397) [ 255.157882][ T6397] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 255.168402][ T6397] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 255.211373][ T792] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 255.219585][ T792] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 255.253645][ T792] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 255.292266][ T792] usb 5-1: USB disconnect, device number 2 [ 255.314640][ T792] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 255.327424][ T792] ftdi_sio 5-1:0.0: device disconnected [ 255.387855][ T3988] BTRFS warning (device loop1): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 255.404470][ T6397] BTRFS error (device loop1): failed to load root extent [ 255.412820][ T6397] BTRFS warning (device loop1): try to load backup roots slot 1 [ 255.426885][ T6401] loop9: detected capacity change from 0 to 7 [ 255.442989][ T6401] Dev loop9: unable to read RDB block 7 [ 255.449058][ T6401] loop9: unable to read partition table [ 255.522248][ T3988] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 255.536574][ T6397] BTRFS warning (device loop1): couldn't read tree root [ 255.544124][ T6397] BTRFS warning (device loop1): try to load backup roots slot 2 [ 255.562837][ T4192] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 255.574270][ T6397] BTRFS warning (device loop1): couldn't read tree root [ 255.581936][ T6397] BTRFS warning (device loop1): try to load backup roots slot 3 [ 255.583224][ T6401] loop9: partition table beyond EOD, truncated [ 255.597059][ T6401] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 255.856940][ T6397] BTRFS info (device loop1): rebuilding free space tree [ 255.909070][ T6397] BTRFS info (device loop1): checking UUID tree [ 255.920574][ T6397] BTRFS info (device loop1): enabling ssd optimizations [ 255.932014][ T6397] BTRFS info (device loop1): turning off barriers [ 255.938633][ T6397] BTRFS info (device loop1): turning on sync discard [ 255.946335][ T6397] BTRFS info (device loop1): enabling free space tree [ 255.953622][ T6397] BTRFS info (device loop1): force clearing of disk cache [ 255.960914][ T6397] BTRFS info (device loop1): enabling auto defrag [ 255.964188][ T6418] binder: 6417:6418 unknown command 0 [ 255.967622][ T6397] BTRFS info (device loop1): trying to use backup root at mount time [ 255.974913][ T6418] binder: 6417:6418 ioctl c0306201 2000000001c0 returned -22 [ 255.983340][ T6397] BTRFS info (device loop1): use zlib compression, level 3 [ 256.130174][ T30] audit: type=1800 audit(1767171337.778:5): pid=6397 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.106" name="file1" dev="loop1" ino=257 res=0 errno=0 [ 256.389430][ T5804] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 256.487293][ T6425] netlink: 284 bytes leftover after parsing attributes in process `syz.2.112'. [ 256.813840][ T6427] netlink: 48 bytes leftover after parsing attributes in process `syz.3.114'. [ 257.371775][ T5805] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 257.380345][ T5805] Bluetooth: hci4: Injecting HCI hardware error event [ 257.388391][ T5816] Bluetooth: hci4: hardware error 0x00 [ 258.753584][ T6437] loop3: detected capacity change from 0 to 40427 [ 258.795081][ T6437] F2FS-fs (loop3): build fault injection rate: 14 [ 258.802123][ T6437] F2FS-fs (loop3): build fault injection type: 0x724 [ 258.826916][ T6437] F2FS-fs (loop3): invalid crc value [ 258.904865][ T6437] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0xd0b/0x1e80 [ 259.199862][ T6437] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 259.225160][ T6437] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 259.241305][ T6437] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0xe78/0x2fc0 [ 259.409498][ T5815] syz-executor: attempt to access beyond end of device [ 259.409498][ T5815] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 259.429418][ T5815] CPU: 0 UID: 0 PID: 5815 Comm: syz-executor Tainted: G W L syzkaller #0 PREEMPT(none) [ 259.429603][ T5815] Tainted: [W]=WARN, [L]=SOFTLOCKUP [ 259.429655][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 259.429732][ T5815] Call Trace: [ 259.429780][ T5815] [ 259.429827][ T5815] __dump_stack+0x26/0x30 [ 259.429995][ T5815] dump_stack_lvl+0x14c/0x1c0 [ 259.430167][ T5815] dump_stack+0x1e/0x25 [ 259.430313][ T5815] f2fs_handle_critical_error+0xa6f/0xc20 [ 259.430525][ T5815] f2fs_stop_checkpoint+0x65/0x80 [ 259.430703][ T5815] f2fs_write_end_io+0x101c/0x1bc0 [ 259.430927][ T5815] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 259.431095][ T5815] bio_endio+0xf96/0x10f0 [ 259.431303][ T5815] submit_bio_noacct+0x2009/0x2930 [ 259.431490][ T5815] submit_bio+0x57c/0x630 [ 259.431637][ T5815] f2fs_submit_write_bio+0x92/0x250 [ 259.431808][ T5815] __submit_merged_bio+0x16f/0x6a0 [ 259.431967][ T5815] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 259.432166][ T5815] __submit_merged_write_cond+0x44a/0x990 [ 259.432351][ T5815] f2fs_write_data_pages+0x4cf3/0x57a0 [ 259.432668][ T5815] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 259.432839][ T5815] ? kmsan_get_metadata+0xfb/0x160 [ 259.433022][ T5815] ? folio_batch_move_lru+0x6a6/0x6e0 [ 259.433212][ T5815] ? __msan_warning+0x1b/0x30 [ 259.433371][ T5815] ? filter_irq_stacks+0x13f/0x190 [ 259.433546][ T5815] ? stack_depot_save_flags+0x35/0x790 [ 259.433718][ T5815] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 259.433896][ T5815] ? kmsan_get_metadata+0xfb/0x160 [ 259.434077][ T5815] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 259.434267][ T5815] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 259.434444][ T5815] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 259.434618][ T5815] do_writepages+0x3f2/0x860 [ 259.434757][ T5815] ? _raw_spin_unlock+0x30/0x50 [ 259.434901][ T5815] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 259.435130][ T5815] filemap_fdatawrite+0x207/0x260 [ 259.435368][ T5815] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 259.435593][ T5815] f2fs_write_checkpoint+0x10a4/0x3730 [ 259.435815][ T5815] ? stack_depot_save_flags+0x35/0x790 [ 259.436003][ T5815] kill_f2fs_super+0x321/0x9a0 [ 259.436219][ T5815] ? __pfx_kill_f2fs_super+0x10/0x10 [ 259.436342][ T5815] deactivate_locked_super+0xcb/0x3c0 [ 259.436502][ T5815] deactivate_super+0x12f/0x140 [ 259.436646][ T5815] cleanup_mnt+0x7a2/0x820 [ 259.436782][ T5815] ? __pfx___cleanup_mnt+0x10/0x10 [ 259.436909][ T5815] __cleanup_mnt+0x22/0x30 [ 259.437031][ T5815] task_work_run+0x209/0x2b0 [ 259.437209][ T5815] exit_to_user_mode_loop+0x301/0x1b70 [ 259.437389][ T5815] ? user_path_at+0x241/0x3e0 [ 259.437549][ T5815] ? __x64_sys_umount+0x1dc/0x250 [ 259.437724][ T5815] do_syscall_64+0x1e5/0xf80 [ 259.437890][ T5815] ? clear_bhb_loop+0x40/0x90 [ 259.438037][ T5815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.438190][ T5815] RIP: 0033:0x7f5111790a77 [ 259.438287][ T5815] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 259.438399][ T5815] RSP: 002b:00007ffde75016d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 259.438525][ T5815] RAX: 0000000000000000 RBX: 00007f5111813d7d RCX: 00007f5111790a77 [ 259.438613][ T5815] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde7501790 [ 259.438695][ T5815] RBP: 00007ffde7501790 R08: 0000000000000000 R09: 0000000000000000 [ 259.438779][ T5815] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffde7502820 [ 259.438865][ T5815] R13: 00007f5111813d7d R14: 000000000003f4df R15: 00007ffde7502860 [ 259.438992][ T5815] [ 259.806144][ T5815] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 260.162358][ T5816] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 260.912216][ T6447] loop0: detected capacity change from 0 to 256 [ 261.524462][ T6450] netlink: 8 bytes leftover after parsing attributes in process `syz.1.123'. [ 261.534012][ T6450] netlink: 'syz.1.123': attribute type 30 has an invalid length. [ 261.861477][ T6457] loop5: detected capacity change from 0 to 7 [ 261.893108][ T6457] loop5: [ 261.896267][ T6457] loop5: partition table partially beyond EOD, truncated [ 262.356094][ T6463] loop2: detected capacity change from 0 to 128 [ 262.394496][ T6463] vfat: Unknown parameter 'shorKname' [ 262.853705][ T6470] syz_tun: entered allmulticast mode [ 262.901721][ T5859] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 263.022821][ T6473] fuse: Unknown parameter 'hyrootmode' [ 263.111306][ T30] audit: type=1326 audit(1767171344.798:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6469 comm="syz.0.130" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7bd178f749 code=0x0 [ 263.161997][ T5859] usb 5-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 263.171488][ T5859] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.232867][ T5859] usb 5-1: config 0 descriptor?? [ 263.301232][ T5859] pwc: Samsung MPC-C10 USB webcam detected. [ 263.585070][ T6467] loop4: detected capacity change from 0 to 128 [ 263.665624][ T5888] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 263.706347][ T6467] gfs2: gfs2 mount does not exist [ 263.755025][ T6467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.766072][ T6467] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.861268][ T5888] usb 2-1: Using ep0 maxpacket: 32 [ 263.872603][ T6467] sctp: [Deprecated]: syz.4.129 (pid 6467) Use of int in max_burst socket option. [ 263.872603][ T6467] Use struct sctp_assoc_value instead [ 263.876479][ T5888] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 263.899415][ T5888] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.994006][ T5888] usb 2-1: config 0 descriptor?? [ 264.105024][ T5888] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 264.238900][ T5888] gspca_nw80x: reg_w err -71 [ 264.250917][ T5888] nw80x 2-1:0.0: probe with driver nw80x failed with error -71 [ 264.318436][ T5888] usb 2-1: USB disconnect, device number 2 [ 264.572162][ T6484] netlink: 8 bytes leftover after parsing attributes in process `syz.0.131'. [ 265.351976][ T5888] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 265.542002][ T5888] usb 4-1: device descriptor read/64, error -71 [ 265.811608][ T5888] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 266.071895][ T5888] usb 4-1: device descriptor read/64, error -71 [ 266.194051][ T5888] usb usb4-port1: attempt power cycle [ 266.553386][ T5859] pwc: send_video_command error -71 [ 266.558777][ T5859] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 266.572071][ T5859] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 266.587924][ T6494] loop1: detected capacity change from 0 to 32768 [ 266.664875][ T5888] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 266.692356][ T6494] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 266.700809][ T6494] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 266.733311][ T5888] usb 4-1: device descriptor read/8, error -71 [ 266.768820][ T5859] usb 5-1: USB disconnect, device number 3 [ 266.790661][ T6494] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 266.815070][ T792] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 266.822139][ T792] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 267.021291][ T5888] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 267.101819][ T5888] usb 4-1: device descriptor read/8, error -71 [ 267.198494][ T792] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 376ms [ 267.207168][ T792] gfs2: fsid=syz:syz.0: jid=0: Done [ 267.212917][ T6494] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 267.217747][ T5888] usb usb4-port1: unable to enumerate USB device [ 267.595165][ T6494] gfs2: fsid=syz:syz.0: found 1 quota changes [ 269.414448][ T5804] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 11 2339, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 402 [ 269.432632][ T5804] gfs2: fsid=syz:syz.0: G: s:EX n:2/923 f:aqonN t:EX d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 269.443402][ T5804] gfs2: fsid=syz:syz.0: H: s:EX f:H e:0 p:5804 [syz-executor] gfs2_quota_sync+0x6b7/0xb30 [ 269.454520][ T5804] gfs2: fsid=syz:syz.0: I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0 [ 269.463106][ T5804] CPU: 0 UID: 0 PID: 5804 Comm: syz-executor Tainted: G W L syzkaller #0 PREEMPT(none) [ 269.463290][ T5804] Tainted: [W]=WARN, [L]=SOFTLOCKUP [ 269.463352][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 269.463428][ T5804] Call Trace: [ 269.463482][ T5804] [ 269.463530][ T5804] __dump_stack+0x26/0x30 [ 269.463690][ T5804] dump_stack_lvl+0x14c/0x1c0 [ 269.463849][ T5804] dump_stack+0x1e/0x25 [ 269.463988][ T5804] gfs2_withdraw+0xd5/0x270 [ 269.464156][ T5804] gfs2_consist_inode_i+0x1a9/0x240 [ 269.464349][ T5804] inode_go_instantiate+0x13bf/0x1ed0 [ 269.464581][ T5804] ? __pfx_inode_go_instantiate+0x10/0x10 [ 269.464753][ T5804] gfs2_instantiate+0x24f/0x4b0 [ 269.464951][ T5804] gfs2_glock_wait+0x26a/0x3b0 [ 269.465091][ T5804] gfs2_glock_nq+0x1263/0x2c90 [ 269.465211][ T5804] ? kmsan_get_metadata+0xfb/0x160 [ 269.465439][ T5804] do_sync+0x6c4/0x1610 [ 269.465591][ T5804] ? gfs2_quota_sync+0x6b7/0xb30 [ 269.465765][ T5804] ? kmsan_get_metadata+0xfb/0x160 [ 269.465935][ T5804] ? gfs2_quota_sync+0x6b7/0xb30 [ 269.466091][ T5804] gfs2_quota_sync+0x6b7/0xb30 [ 269.466245][ T5804] ? writeback_inodes_sb+0x3a6/0x410 [ 269.466429][ T5804] gfs2_sync_fs+0x57/0x100 [ 269.466558][ T5804] ? __pfx_gfs2_sync_fs+0x10/0x10 [ 269.466694][ T5804] sync_filesystem+0x131/0x3c0 [ 269.466868][ T5804] ? shrink_dcache_for_umount+0xf9/0x210 [ 269.467021][ T5804] generic_shutdown_super+0x8d/0x4b0 [ 269.467198][ T5804] kill_block_super+0x42/0xd0 [ 269.467365][ T5804] gfs2_kill_sb+0x4aa/0x580 [ 269.467563][ T5804] ? __pfx_gfs2_kill_sb+0x10/0x10 [ 269.467730][ T5804] deactivate_locked_super+0xcb/0x3c0 [ 269.467903][ T5804] deactivate_super+0x12f/0x140 [ 269.468053][ T5804] cleanup_mnt+0x7a2/0x820 [ 269.468200][ T5804] ? __pfx___cleanup_mnt+0x10/0x10 [ 269.468332][ T5804] __cleanup_mnt+0x22/0x30 [ 269.468462][ T5804] task_work_run+0x209/0x2b0 [ 269.468641][ T5804] exit_to_user_mode_loop+0x301/0x1b70 [ 269.468825][ T5804] ? user_path_at+0x241/0x3e0 [ 269.468985][ T5804] ? __x64_sys_umount+0x1dc/0x250 [ 269.469162][ T5804] do_syscall_64+0x1e5/0xf80 [ 269.469340][ T5804] ? clear_bhb_loop+0x40/0x90 [ 269.469498][ T5804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.469641][ T5804] RIP: 0033:0x7f9f9f590a77 [ 269.469742][ T5804] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 269.469855][ T5804] RSP: 002b:00007ffec58c9838 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 269.469982][ T5804] RAX: 0000000000000000 RBX: 00007f9f9f613d7d RCX: 00007f9f9f590a77 [ 269.470071][ T5804] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec58c98f0 [ 269.470154][ T5804] RBP: 00007ffec58c98f0 R08: 0000000000000000 R09: 0000000000000000 [ 269.470237][ T5804] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffec58ca980 [ 269.470332][ T5804] R13: 00007f9f9f613d7d R14: 000000000004155b R15: 00007ffec58ca9c0 [ 269.470466][ T5804] [ 269.470514][ T5804] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 269.754201][ T792] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 270.132853][ T792] usb 5-1: device descriptor read/64, error -71 [ 270.340557][ T30] audit: type=1326 audit(1767171351.998:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.3.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f511178f749 code=0x7ffc0000 [ 270.383539][ T792] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 270.441185][ T30] audit: type=1326 audit(1767171352.078:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.3.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7f511178f749 code=0x7ffc0000 [ 270.467020][ T30] audit: type=1326 audit(1767171352.078:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.3.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f511178f749 code=0x7ffc0000 [ 270.574800][ T792] usb 5-1: device descriptor read/64, error -71 [ 270.696281][ T792] usb usb5-port1: attempt power cycle [ 271.028248][ T6525] loop2: detected capacity change from 0 to 512 [ 271.121841][ T792] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 271.162232][ T6525] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 271.185714][ T792] usb 5-1: device descriptor read/8, error -71 [ 271.290212][ T6525] EXT4-fs error (device loop2): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 271.305735][ T6525] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #12: comm syz.2.145: corrupted inode contents [ 271.442368][ T6525] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #12: comm syz.2.145: mark_inode_dirty error [ 271.472742][ T792] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 271.554987][ T6525] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #12: comm syz.2.145: corrupted inode contents [ 271.585862][ T6525] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #12: comm syz.2.145: mark_inode_dirty error [ 271.598112][ T792] usb 5-1: device descriptor read/8, error -71 [ 271.622671][ T6525] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #12: comm syz.2.145: corrupted inode contents [ 271.675782][ T6525] EXT4-fs error (device loop2) in ext4_orphan_del:303: Corrupt filesystem [ 271.719392][ T792] usb usb5-port1: unable to enumerate USB device [ 271.721799][ T6525] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #12: comm syz.2.145: corrupted inode contents [ 271.747171][ T6525] EXT4-fs error (device loop2): ext4_truncate:4635: inode #12: comm syz.2.145: mark_inode_dirty error [ 271.809466][ T6525] EXT4-fs error (device loop2) in ext4_process_orphan:345: Corrupt filesystem [ 271.856991][ T6525] EXT4-fs (loop2): 1 truncate cleaned up [ 271.865434][ T6525] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 272.374191][ T6525] EXT4-fs error (device loop2): __ext4_remount:6789: comm syz.2.145: Abort forced by user [ 272.484356][ T6525] EXT4-fs (loop2): Remounting filesystem read-only [ 272.491315][ T6525] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 272.573390][ T6542] netlink: 7 bytes leftover after parsing attributes in process `syz.0.150'. [ 272.583000][ T6542] netlink: 60 bytes leftover after parsing attributes in process `syz.0.150'. [ 272.592406][ T6542] netlink: 60 bytes leftover after parsing attributes in process `syz.0.150'. [ 273.529889][ T5806] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 274.358243][ T6558] IPv6: NLM_F_CREATE should be specified when creating new route [ 275.057861][ T6556] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.067773][ T6556] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.403254][ T6556] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 275.406676][ T30] audit: type=1326 audit(1767171357.098:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6566 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 275.428056][ T6556] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 275.635053][ T30] audit: type=1326 audit(1767171357.318:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6566 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 275.658073][ T30] audit: type=1326 audit(1767171357.318:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6566 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 275.683142][ T30] audit: type=1326 audit(1767171357.318:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6566 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 275.920389][ T30] audit: type=1326 audit(1767171357.428:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6566 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 275.943507][ T30] audit: type=1326 audit(1767171357.428:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6566 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 275.966241][ T30] audit: type=1326 audit(1767171357.428:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6566 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 275.991314][ T30] audit: type=1326 audit(1767171357.498:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6566 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 276.014706][ T30] audit: type=1326 audit(1767171357.498:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6566 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 276.037473][ T30] audit: type=1326 audit(1767171357.498:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6566 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 276.507772][ T14] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.550761][ T14] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.591585][ T14] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.625829][ T14] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.937746][ T6596] loop0: detected capacity change from 0 to 128 [ 278.015532][ T6596] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 278.043327][ T6596] ext4 filesystem being mounted at /31/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 278.160124][ T6600] loop7: detected capacity change from 0 to 7 [ 278.191973][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 278.201957][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 278.214343][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 278.224384][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 278.235598][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 278.245521][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 278.293073][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 278.303094][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 278.319703][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 278.329642][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 278.345693][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 278.355654][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 278.369015][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 278.379111][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 278.387585][ T6600] ldm_validate_partition_table(): Disk read failed. [ 278.414733][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 278.424750][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 278.449545][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 278.459585][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 278.490243][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 278.500323][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 278.510186][ T6600] Dev loop7: unable to read RDB block 0 [ 278.513144][ T5808] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 278.550329][ T6600] loop7: unable to read partition table [ 278.616072][ T6600] loop7: partition table beyond EOD, truncated [ 278.622982][ T6600] loop_reread_partitions: partition scan of loop7 (VÅå=ì³pÿ7ª·¤ ËŠ6ΘhÄ ¶–)·rìjó‡ÅêzNâ5î& ‘ôÑŠqMqÏ-+ƒ-¶@ß+) failed (rc=-5) [ 278.813986][ T6608] netlink: 12 bytes leftover after parsing attributes in process `syz.2.173'. [ 279.090060][ T6614] netlink: 24 bytes leftover after parsing attributes in process `syz.0.175'. [ 281.077710][ T6627] netlink: 40 bytes leftover after parsing attributes in process `syz.3.180'. [ 281.601708][ T6629] loop1: detected capacity change from 0 to 1024 [ 281.906555][ T6629] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 281.925499][ T6629] ext4 filesystem being mounted at /38/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 282.469520][ T6629] EXT4-fs error (device loop1): ext4_map_blocks:825: inode #15: comm syz.1.181: lblock 0 mapped to illegal pblock 0 (length 4) [ 282.551201][ T6629] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 117 [ 282.564051][ T6629] EXT4-fs (loop1): This should not happen!! Data will be lost [ 282.564051][ T6629] [ 282.668211][ T6629] EXT4-fs error (device loop1): ext4_free_blocks:6728: comm syz.1.181: Freeing blocks not in datazone - block = 1, count = 3 [ 282.934699][ T6641] loop3: detected capacity change from 0 to 128 [ 283.085969][ T5804] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 284.291907][ T6651] netlink: 'syz.3.189': attribute type 21 has an invalid length. [ 284.300142][ T6651] netlink: 'syz.3.189': attribute type 1 has an invalid length. [ 284.308290][ T6651] netlink: 144 bytes leftover after parsing attributes in process `syz.3.189'. [ 284.496083][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 284.496163][ T30] audit: type=1326 audit(1767171366.178:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6653 comm="syz.0.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bd178f749 code=0x7ffc0000 [ 284.611276][ T30] audit: type=1326 audit(1767171366.248:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6653 comm="syz.0.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7f7bd178f749 code=0x7ffc0000 [ 284.634152][ T30] audit: type=1326 audit(1767171366.248:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6653 comm="syz.0.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bd178f749 code=0x7ffc0000 [ 284.657291][ T30] audit: type=1326 audit(1767171366.248:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6653 comm="syz.0.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bd178f749 code=0x7ffc0000 [ 284.883305][ T6659] loop3: detected capacity change from 0 to 128 [ 285.092874][ T30] audit: type=1107 audit(1767171366.778:71): pid=6658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 285.965743][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 285.976711][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 286.316548][ T6670] loop4: detected capacity change from 0 to 512 [ 286.427212][ T6670] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 286.599628][ T6670] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 286.618564][ T6670] ext4 filesystem being mounted at /37/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 289.082368][ T6687] netlink: 8 bytes leftover after parsing attributes in process `syz.2.204'. [ 290.094108][ T6692] netlink: 'syz.2.206': attribute type 12 has an invalid length. [ 290.351420][ T6695] tipc: Started in network mode [ 290.356655][ T6695] tipc: Node identity 7f000001, cluster identity 4711 [ 290.366306][ T6695] tipc: Enabled bearer , priority 10 [ 290.535296][ T6695] netlink: 40 bytes leftover after parsing attributes in process `syz.3.207'. [ 291.892080][ T5888] tipc: Node number set to 2130706433 [ 293.094870][ T30] audit: type=1326 audit(1767171374.768:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f511178f749 code=0x7ffc0000 [ 293.334958][ T30] audit: type=1326 audit(1767171374.838:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f511178f749 code=0x7ffc0000 [ 293.357927][ T30] audit: type=1326 audit(1767171374.838:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f511178f749 code=0x7ffc0000 [ 293.384152][ T30] audit: type=1326 audit(1767171374.848:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6711 comm="syz.3.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f511178f749 code=0x7ffc0000 [ 293.408515][ T30] audit: type=1326 audit(1767171374.888:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6713 comm="syz.1.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 293.431767][ T30] audit: type=1326 audit(1767171374.888:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6713 comm="syz.1.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 293.454446][ T30] audit: type=1326 audit(1767171374.898:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6713 comm="syz.1.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 293.476989][ T30] audit: type=1326 audit(1767171374.898:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6713 comm="syz.1.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 293.501248][ T30] audit: type=1326 audit(1767171374.918:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6713 comm="syz.1.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 293.524388][ T30] audit: type=1326 audit(1767171374.918:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6713 comm="syz.1.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9f58f749 code=0x7ffc0000 [ 294.073651][ T6717] capability: warning: `syz.0.213' uses deprecated v2 capabilities in a way that may be insecure [ 294.613169][ T6719] loop3: detected capacity change from 0 to 1024 [ 294.634729][ T6719] EXT4-fs: Ignoring removed nobh option [ 294.640531][ T6719] EXT4-fs: Ignoring removed bh option [ 294.674860][ T5814] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.762143][ T6719] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 295.319639][ T5815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.186317][ T6745] loop0: detected capacity change from 0 to 512 [ 296.324816][ T6745] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 296.361532][ T5888] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 296.454675][ T6745] __find_get_block_slow() failed. block=144115188075855872, b_blocknr=0, b_state=0x00000010, b_size=1024, device loop0 blocksize: 1024 [ 296.474322][ T6745] grow_buffers: requested out-of-range block 144115188075855872 for device loop0 [ 296.485706][ T6745] EXT4-fs warning (device loop0): ext4_resize_fs:2019: can't read last block, resize aborted [ 296.522893][ T5888] usb 2-1: device descriptor read/64, error -71 [ 296.790779][ T5888] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 296.868367][ T6754] netlink: 'syz.2.227': attribute type 12 has an invalid length. [ 296.882291][ T6754] netlink: 'syz.2.227': attribute type 29 has an invalid length. [ 296.890193][ T6754] netlink: 148 bytes leftover after parsing attributes in process `syz.2.227'. [ 296.908799][ T6754] netlink: 'syz.2.227': attribute type 1 has an invalid length. [ 296.916887][ T6754] netlink: 'syz.2.227': attribute type 2 has an invalid length. [ 296.924897][ T6754] netlink: 31 bytes leftover after parsing attributes in process `syz.2.227'. [ 296.947747][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.993202][ T5888] usb 2-1: device descriptor read/64, error -71 [ 297.105125][ T5888] usb usb2-port1: attempt power cycle [ 297.264400][ T5859] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 297.313169][ T5859] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 297.481980][ T5888] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 297.528293][ T6761] loop0: detected capacity change from 0 to 512 [ 297.555478][ T5888] usb 2-1: device descriptor read/8, error -71 [ 297.633698][ T6761] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 297.728118][ T6761] EXT4-fs (loop0): orphan cleanup on readonly fs [ 297.815909][ T6761] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.229: corrupted inode contents [ 297.850796][ T5888] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 297.888155][ T6761] EXT4-fs (loop0): Remounting filesystem read-only [ 297.934014][ T6761] EXT4-fs (loop0): 1 truncate cleaned up [ 297.939629][ T5888] usb 2-1: device descriptor read/8, error -71 [ 297.947374][ T4074] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 297.958214][ T4074] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 297.969964][ T4074] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 298.063277][ T5888] usb usb2-port1: unable to enumerate USB device [ 298.070087][ T6761] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 298.302731][ T6770] 9p: Bad value for 'rfdno' [ 298.566168][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.575857][ T6776] hub 9-0:1.0: USB hub found [ 298.576970][ T6776] hub 9-0:1.0: 1 port detected [ 298.629101][ T6768] fido_id[6768]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 298.977306][ T6780] hub 9-0:1.0: USB hub found [ 298.996038][ T6780] hub 9-0:1.0: 1 port detected [ 299.149395][ T6774] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 299.156172][ T6774] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 299.197663][ T6774] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 299.249193][ T6774] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 299.257207][ T6774] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 299.348829][ T6774] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 299.416072][ T6774] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 299.422699][ T6774] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 299.473837][ T6774] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 299.557195][ T6786] loop2: detected capacity change from 0 to 512 [ 299.574109][ T6774] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 299.580646][ T6774] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 299.652823][ T6786] EXT4-fs: Ignoring removed nobh option [ 299.665960][ T6774] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 299.669568][ T6786] EXT4-fs (loop2): orphan cleanup on readonly fs [ 299.778350][ T6786] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 299.792556][ T6786] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #15: comm syz.2.240: corrupted inode contents [ 299.912169][ T6786] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #15: comm syz.2.240: mark_inode_dirty error [ 300.000728][ T6786] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #15: comm syz.2.240: corrupted inode contents [ 300.072104][ T6786] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3000: inode #15: comm syz.2.240: mark_inode_dirty error [ 300.132002][ T6786] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3003: inode #15: comm syz.2.240: mark inode dirty (error -117) [ 300.198050][ T6786] EXT4-fs warning (device loop2): ext4_evict_inode:273: xattr delete (err -117) [ 300.208179][ T6786] EXT4-fs (loop2): 1 orphan inode deleted [ 300.216771][ T6786] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 300.301961][ T6796] netlink: 4 bytes leftover after parsing attributes in process `syz.0.244'. [ 300.481267][ T5816] Bluetooth: hci0: command 0x0c1a tx timeout [ 300.832390][ T5806] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 301.322712][ T5805] Bluetooth: hci1: command 0x0c1a tx timeout [ 301.451678][ T5816] Bluetooth: hci2: command 0x0c1a tx timeout [ 301.602244][ T5816] Bluetooth: hci3: command 0x0c1a tx timeout [ 302.068396][ T6819] loop2: detected capacity change from 0 to 1024 [ 302.125145][ T6819] EXT4-fs: Ignoring removed bh option [ 302.180440][ T6819] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 302.199336][ T6821] netlink: 8 bytes leftover after parsing attributes in process `syz.3.252'. [ 302.212817][ T6821] openvswitch: netlink: Flow key attr not present in new flow. [ 302.283159][ T6819] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 302.516316][ T6829] loop0: detected capacity change from 0 to 1024 [ 302.562004][ T5805] Bluetooth: hci0: command 0x0c1a tx timeout [ 302.592160][ T6829] EXT4-fs: inline encryption not supported [ 302.598650][ T6829] EXT4-fs: Ignoring removed nobh option [ 302.712499][ T5806] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 302.820078][ T6829] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84fc018, mo2=0002] [ 302.872751][ T6829] System zones: 1-12 [ 302.879625][ T6829] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 303.300250][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.361766][ T5805] Bluetooth: hci1: command 0x0c1a tx timeout [ 303.521573][ T5805] Bluetooth: hci2: command 0x0c1a tx timeout [ 303.681314][ T5805] Bluetooth: hci3: command 0x0c1a tx timeout [ 303.973174][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 303.973247][ T30] audit: type=1326 audit(1767171385.678:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6857 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 303.986242][ T6846] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.011842][ T6846] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.135115][ T30] audit: type=1326 audit(1767171385.718:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6857 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 304.163340][ T30] audit: type=1326 audit(1767171385.768:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6857 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 304.187856][ T30] audit: type=1326 audit(1767171385.778:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6857 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 304.218384][ T30] audit: type=1326 audit(1767171385.788:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6857 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 304.241610][ T30] audit: type=1326 audit(1767171385.788:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6857 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 304.268208][ T30] audit: type=1326 audit(1767171385.828:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6857 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 304.292460][ T30] audit: type=1326 audit(1767171385.828:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6857 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 304.316116][ T30] audit: type=1326 audit(1767171385.828:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6857 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 304.333185][ T6846] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 304.338875][ T30] audit: type=1326 audit(1767171385.838:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6857 comm="syz.2.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 304.368279][ T6846] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 304.659550][ T5816] Bluetooth: hci0: command 0x0c1a tx timeout [ 304.695547][ T3547] Bluetooth: hci5: Frame reassembly failed (-84) [ 304.998696][ T6863] loop1: detected capacity change from 0 to 512 [ 305.033843][ T6863] ext4: Unknown parameter 'obj_user' [ 305.055354][ T6849] netlink: 8 bytes leftover after parsing attributes in process `syz.3.260'. [ 305.055644][ T4115] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.115001][ T4115] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.141726][ T4022] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.191762][ T4022] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.441489][ T5816] Bluetooth: hci1: command 0x0c1a tx timeout [ 305.608039][ T5816] Bluetooth: hci2: command 0x0c1a tx timeout [ 305.762186][ T5816] Bluetooth: hci3: command 0x0c1a tx timeout [ 305.920446][ T6874] veth0: entered promiscuous mode [ 305.937551][ T6874] netlink: 4 bytes leftover after parsing attributes in process `syz.1.268'. [ 306.227860][ T6881] unsupported nla_type 52263 [ 306.654937][ T6885] loop1: detected capacity change from 0 to 512 [ 306.722055][ T5816] Bluetooth: hci5: command 0x1003 tx timeout [ 306.722189][ T5805] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 306.773267][ T6888] netlink: 24 bytes leftover after parsing attributes in process `syz.4.275'. [ 306.794989][ T6885] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #18: comm syz.1.274: iget: bad extra_isize 90 (inode size 256) [ 306.901280][ T6885] EXT4-fs (loop1): Remounting filesystem read-only [ 306.912775][ T6885] EXT4-fs warning (device loop1): ext4_evict_inode:273: xattr delete (err -30) [ 306.924779][ T6885] EXT4-fs (loop1): 1 orphan inode deleted [ 306.932966][ T6885] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 307.461926][ T5804] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 307.908801][ T6904] loop1: detected capacity change from 0 to 128 [ 309.068234][ T5863] IPVS: starting estimator thread 0... [ 309.161821][ T6925] IPVS: using max 192 ests per chain, 9600 per kthread [ 309.737842][ T6933] netlink: 12 bytes leftover after parsing attributes in process `syz.2.293'. [ 309.747427][ T6933] netlink: 12 bytes leftover after parsing attributes in process `syz.2.293'. [ 310.120401][ T6936] loop4: detected capacity change from 0 to 164 [ 310.223237][ T6934] netlink: 24 bytes leftover after parsing attributes in process `syz.2.293'. [ 311.645095][ T6956] loop1: detected capacity change from 0 to 512 [ 311.769070][ T6956] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 311.782969][ T6956] ext4 filesystem being mounted at /64/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 312.011965][ T6963] netlink: 8 bytes leftover after parsing attributes in process `syz.4.303'. [ 312.021219][ T6963] openvswitch: netlink: Flow key attr not present in new flow. [ 312.290614][ T5804] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 312.899544][ T6975] lo speed is unknown, defaulting to 1000 [ 312.905891][ T6975] lo speed is unknown, defaulting to 1000 [ 312.960090][ T6975] lo speed is unknown, defaulting to 1000 [ 312.978254][ T6975] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 313.016876][ T6975] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 313.192608][ T6975] lo speed is unknown, defaulting to 1000 [ 313.259294][ T6975] lo speed is unknown, defaulting to 1000 [ 313.321733][ T6975] lo speed is unknown, defaulting to 1000 [ 313.330450][ T6975] lo speed is unknown, defaulting to 1000 [ 313.339310][ T6975] lo speed is unknown, defaulting to 1000 [ 313.974538][ T6992] netlink: 240 bytes leftover after parsing attributes in process `syz.3.314'. [ 314.982000][ T793] usb 3-1: new low-speed USB device number 5 using dummy_hcd [ 315.191664][ T793] usb 3-1: Invalid ep0 maxpacket: 32 [ 315.369212][ T793] usb 3-1: new low-speed USB device number 6 using dummy_hcd [ 315.601867][ T793] usb 3-1: Invalid ep0 maxpacket: 32 [ 315.608466][ T793] usb usb3-port1: attempt power cycle [ 315.971989][ T793] usb 3-1: new low-speed USB device number 7 using dummy_hcd [ 315.997070][ T7022] loop3: detected capacity change from 0 to 1024 [ 316.041404][ T7024] capability: warning: `syz.4.327' uses 32-bit capabilities (legacy support in use) [ 316.064200][ T793] usb 3-1: Invalid ep0 maxpacket: 32 [ 316.133100][ T7022] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 316.211531][ T793] usb 3-1: new low-speed USB device number 8 using dummy_hcd [ 316.232174][ T7022] netlink: 20 bytes leftover after parsing attributes in process `syz.3.326'. [ 316.237701][ T793] usb 3-1: Invalid ep0 maxpacket: 32 [ 316.261727][ T793] usb usb3-port1: unable to enumerate USB device [ 316.534078][ T7031] cgroup2: Unknown parameter 'cpu' [ 317.273491][ T5815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 318.301388][ T30] kauditd_printk_skb: 77 callbacks suppressed [ 318.301461][ T30] audit: type=1326 audit(1767171399.998:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7044 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 318.331264][ T30] audit: type=1326 audit(1767171399.998:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7044 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 318.354368][ T30] audit: type=1326 audit(1767171400.038:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7044 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 318.629986][ T30] audit: type=1326 audit(1767171400.088:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7044 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 318.652736][ T30] audit: type=1326 audit(1767171400.088:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7044 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 318.676157][ T30] audit: type=1326 audit(1767171400.088:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7044 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 318.703719][ T30] audit: type=1326 audit(1767171400.088:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7044 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 318.733369][ T30] audit: type=1326 audit(1767171400.088:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7044 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 318.756140][ T30] audit: type=1326 audit(1767171400.088:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7044 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 318.778876][ T30] audit: type=1326 audit(1767171400.118:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7044 comm="syz.2.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 319.511971][ T7057] netlink: 'syz.0.340': attribute type 7 has an invalid length. [ 319.826820][ T7063] loop2: detected capacity change from 0 to 512 [ 320.025893][ T7063] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000600 r/w without journal. Quota mode: writeback. [ 320.039251][ T7063] ext4 filesystem being mounted at /60/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 320.090361][ T7063] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #2: comm syz.2.343: corrupted inode contents [ 320.142253][ T7063] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #2: comm syz.2.343: mark_inode_dirty error [ 320.209627][ T7063] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #2: comm syz.2.343: corrupted inode contents [ 320.265273][ T7063] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.343: mark_inode_dirty error [ 320.566258][ T5806] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000600. [ 321.947554][ T7091] netlink: 'syz.2.354': attribute type 7 has an invalid length. [ 323.248849][ T7104] loop0: detected capacity change from 0 to 128 [ 324.837610][ T7115] loop2: detected capacity change from 0 to 1024 [ 324.904527][ T7115] EXT4-fs: Ignoring removed bh option [ 325.087205][ T7119] lo speed is unknown, defaulting to 1000 [ 325.321477][ T7115] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 325.619171][ T7122] netlink: 'syz.3.366': attribute type 7 has an invalid length. [ 326.038697][ T7115] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 326.839112][ T7128] loop1: detected capacity change from 0 to 164 [ 326.859491][ T5806] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2857: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 327.040383][ T5806] EXT4-fs error (device loop2): ext4_read_inline_dir:1486: inode #12: block 7: comm syz-executor: path /66/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 327.137762][ T7128] xt_hashlimit: max too large, truncated to 1048576 [ 327.248543][ T5806] EXT4-fs (loop2): Remounting filesystem read-only [ 327.615035][ T5806] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 328.226241][ T7140] syzkaller0: entered promiscuous mode [ 328.232072][ T7140] syzkaller0: entered allmulticast mode [ 328.498672][ T7143] netlink: 64 bytes leftover after parsing attributes in process `syz.4.373'. [ 328.825833][ T7145] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 329.011496][ T7149] tipc: Enabled bearer , priority 0 [ 329.026979][ T7149] syzkaller0: entered promiscuous mode [ 329.032868][ T7149] syzkaller0: entered allmulticast mode [ 329.117644][ T7149] tipc: Resetting bearer [ 329.166458][ T7152] loop4: detected capacity change from 0 to 512 [ 329.170566][ T7149] tipc: Disabling bearer [ 329.207321][ T7152] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 329.218913][ T7155] netlink: 'syz.2.378': attribute type 7 has an invalid length. [ 329.275057][ T7152] EXT4-fs (loop4): orphan cleanup on readonly fs [ 329.322669][ T7152] EXT4-fs error (device loop4): mb_free_blocks:2037: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 329.358376][ T7152] EXT4-fs (loop4): Remounting filesystem read-only [ 329.425510][ T7152] EXT4-fs (loop4): 1 truncate cleaned up [ 329.436040][ T7152] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 329.630012][ T7160] loop1: detected capacity change from 0 to 1024 [ 329.694378][ T7160] EXT4-fs: Ignoring removed bh option [ 329.750626][ T7160] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 329.966829][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 329.966907][ T30] audit: type=1326 audit(1767171411.658:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.2.381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 329.996389][ T30] audit: type=1326 audit(1767171411.658:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.2.381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 330.102607][ T30] audit: type=1326 audit(1767171411.738:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.2.381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 330.159072][ T30] audit: type=1326 audit(1767171411.848:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.2.381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 330.184190][ T30] audit: type=1326 audit(1767171411.848:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.2.381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 330.206989][ T30] audit: type=1326 audit(1767171411.848:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.2.381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 330.230185][ T30] audit: type=1326 audit(1767171411.848:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.2.381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 330.258916][ T7160] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 330.322256][ T5814] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 330.414755][ T30] audit: type=1326 audit(1767171411.988:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.2.381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 330.439182][ T30] audit: type=1326 audit(1767171412.008:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.2.381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 330.462052][ T30] audit: type=1326 audit(1767171412.008:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.2.381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 330.977027][ T5804] EXT4-fs error (device loop1): ext4_read_inline_dir:1486: inode #12: block 7: comm syz-executor: path /72/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 331.076866][ T5804] EXT4-fs (loop1): Remounting filesystem read-only [ 331.146827][ T5804] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 331.529357][ T7180] loop3: detected capacity change from 0 to 2048 [ 331.560298][ T7180] EXT4-fs: Ignoring removed nobh option [ 331.632351][ T7180] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 331.645121][ T7180] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 331.734430][ T7188] loop1: detected capacity change from 0 to 512 [ 331.859969][ T6804] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 331.927623][ T6804] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 331.992061][ T7188] EXT4-fs (loop1): 1 orphan inode deleted [ 332.014687][ T7188] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 332.176139][ T7188] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 332.187994][ T7200] loop0: detected capacity change from 0 to 512 [ 332.210484][ T7202] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1) [ 332.284851][ T7200] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 332.312465][ T7200] EXT4-fs (loop0): orphan cleanup on readonly fs [ 332.338481][ T7200] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 332.392763][ T7200] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 332.443887][ T7200] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #13: comm syz.0.393: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 332.464481][ T5815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.503751][ T7200] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.393: couldn't read orphan inode 13 (err -117) [ 332.564955][ T7200] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 332.697894][ T7200] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 332.781585][ T7200] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 332.845182][ T5804] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.892667][ T7200] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 333.167710][ T7210] 9p: Bad value for 'rfdno' [ 333.250344][ T7212] loop2: detected capacity change from 0 to 512 [ 333.269053][ T7207] fido_id[7207]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 333.449708][ T7212] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 2178, start 8e210000) [ 333.465483][ T7212] FAT-fs (loop2): Filesystem has been set read-only [ 333.472774][ T7212] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 2178, start 8e210000) [ 333.483315][ T7212] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 2178, start 8e210000) [ 333.540332][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 333.748312][ T7214] loop1: detected capacity change from 0 to 1024 [ 333.801945][ T7214] EXT4-fs: Ignoring removed bh option [ 333.851577][ T7214] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 333.911933][ T7214] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 334.022654][ T7223] netlink: 28 bytes leftover after parsing attributes in process `syz.3.400'. [ 334.072279][ T6804] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 334.266397][ T6804] usb 5-1: device descriptor read/64, error -71 [ 334.432407][ T5804] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 334.551266][ T6804] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 334.582228][ T7227] netlink: 4436 bytes leftover after parsing attributes in process `syz.3.402'. [ 334.591774][ T7227] x_tables: ip_tables: osf.0 match: invalid size 48 (kernel) != (user) 4096 [ 334.745974][ T6804] usb 5-1: device descriptor read/64, error -71 [ 334.865334][ T6804] usb usb5-port1: attempt power cycle [ 334.995567][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 334.995642][ T30] audit: type=1326 audit(1767171416.698:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7232 comm="syz.2.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 335.025050][ T30] audit: type=1326 audit(1767171416.698:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7232 comm="syz.2.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 335.047846][ T30] audit: type=1326 audit(1767171416.698:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7232 comm="syz.2.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 335.240351][ T7235] netlink: 4 bytes leftover after parsing attributes in process `syz.3.406'. [ 335.251416][ T6804] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 335.296016][ T30] audit: type=1326 audit(1767171416.778:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7232 comm="syz.2.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 335.319533][ T30] audit: type=1326 audit(1767171416.778:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7232 comm="syz.2.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 335.323339][ T6804] usb 5-1: device descriptor read/8, error -71 [ 335.342565][ T30] audit: type=1326 audit(1767171416.778:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7232 comm="syz.2.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 335.373413][ T30] audit: type=1326 audit(1767171416.858:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7232 comm="syz.2.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 335.396798][ T30] audit: type=1326 audit(1767171416.858:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7232 comm="syz.2.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 335.420043][ T30] audit: type=1326 audit(1767171416.868:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7232 comm="syz.2.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 335.443107][ T30] audit: type=1326 audit(1767171416.868:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7232 comm="syz.2.405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e6c38f749 code=0x7ffc0000 [ 335.525014][ T7233] loop2: detected capacity change from 0 to 1024 [ 335.780260][ T7233] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 335.795315][ T7233] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 335.955338][ T7233] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 336.316687][ T6804] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 336.346724][ T6804] usb 5-1: device descriptor read/8, error -71 [ 336.424031][ T7248] lo speed is unknown, defaulting to 1000 [ 336.741435][ T6804] usb usb5-port1: unable to enumerate USB device [ 338.365969][ T7260] loop3: detected capacity change from 0 to 1024 [ 338.476718][ T7260] EXT4-fs: Ignoring removed bh option [ 338.584787][ T7260] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 338.647557][ T7260] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 339.023808][ T5815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 341.092216][ T7283] loop2: detected capacity change from 0 to 1024 [ 341.510037][ T7283] EXT4-fs: Ignoring removed orlov option [ 341.520022][ T7283] EXT4-fs: Ignoring removed nomblk_io_submit option [ 341.528292][ T7283] ext4: Unknown parameter 'subj_role' [ 342.124964][ T7292] netlink: 8 bytes leftover after parsing attributes in process `syz.4.424'. [ 342.138159][ T7292] openvswitch: netlink: Flow key attr not present in new flow. [ 343.294543][ T7307] loop2: detected capacity change from 0 to 1024 [ 343.307979][ T4580] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0xcc [ 343.316570][ T4580] ===================================================== [ 343.324144][ T4580] BUG: KMSAN: uninit-value in nci_ntf_packet+0x26b2/0x46c0 [ 343.331652][ T4580] nci_ntf_packet+0x26b2/0x46c0 [ 343.336719][ T4580] nci_rx_work+0x403/0x750 [ 343.341480][ T4580] process_scheduled_works+0xb91/0x1d80 [ 343.347641][ T4580] worker_thread+0xedf/0x1590 [ 343.353054][ T7307] EXT4-fs: Ignoring removed bh option [ 343.358673][ T4580] kthread+0xd5c/0xf00 [ 343.365606][ T4580] ret_from_fork+0x208/0x710 [ 343.370412][ T4580] ret_from_fork_asm+0x1a/0x30 [ 343.376826][ T4580] [ 343.379220][ T4580] Uninit was created at: [ 343.384276][ T4580] kmem_cache_alloc_node_noprof+0x9e7/0x17a0 [ 343.390485][ T4580] kmalloc_reserve+0x13c/0x4b0 [ 343.396818][ T4580] __alloc_skb+0x805/0x1040 [ 343.401784][ T7307] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 343.412213][ T4580] virtual_ncidev_write+0x6b/0x430 [ 343.417521][ T4580] vfs_write+0x48a/0x15d0 [ 343.422268][ T4580] __x64_sys_write+0x1fb/0x4d0 [ 343.427217][ T4580] x64_sys_call+0x30ab/0x3e70 [ 343.432425][ T4580] do_syscall_64+0xd3/0xf80 [ 343.437123][ T4580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.443958][ T4580] [ 343.446403][ T4580] CPU: 1 UID: 0 PID: 4580 Comm: kworker/u8:35 Tainted: G W L syzkaller #0 PREEMPT(none) [ 343.457829][ T4580] Tainted: [W]=WARN, [L]=SOFTLOCKUP [ 343.465648][ T4580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 343.477325][ T4580] Workqueue: nfc2_nci_rx_wq nci_rx_work [ 343.483223][ T4580] ===================================================== [ 343.490246][ T4580] Disabling lock debugging due to kernel taint [ 343.496610][ T4580] Kernel panic - not syncing: kmsan.panic set ... [ 343.503214][ T4580] CPU: 1 UID: 0 PID: 4580 Comm: kworker/u8:35 Tainted: G B W L syzkaller #0 PREEMPT(none) [ 343.514545][ T4580] Tainted: [B]=BAD_PAGE, [W]=WARN, [L]=SOFTLOCKUP [ 343.521054][ T4580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 343.531263][ T4580] Workqueue: nfc2_nci_rx_wq nci_rx_work [ 343.537041][ T4580] Call Trace: [ 343.540418][ T4580] [ 343.543428][ T4580] __dump_stack+0x26/0x30 [ 343.547926][ T4580] dump_stack_lvl+0x50/0x1c0 [ 343.552672][ T4580] ? dump_stack+0x12/0x25 [ 343.557157][ T4580] dump_stack+0x1e/0x25 [ 343.561464][ T4580] vpanic+0x435/0xd30 [ 343.565630][ T4580] panic+0x15d/0x160 [ 343.569734][ T4580] kmsan_report+0x31c/0x320 [ 343.574426][ T4580] ? __msan_warning+0x1b/0x30 [ 343.579283][ T4580] ? nci_ntf_packet+0x26b2/0x46c0 [ 343.584490][ T4580] ? nci_rx_work+0x403/0x750 [ 343.589278][ T4580] ? process_scheduled_works+0xb91/0x1d80 [ 343.595252][ T4580] ? worker_thread+0xedf/0x1590 [ 343.600266][ T4580] ? kthread+0xd5c/0xf00 [ 343.604648][ T4580] ? ret_from_fork+0x208/0x710 [ 343.609603][ T4580] ? ret_from_fork_asm+0x1a/0x30 [ 343.614717][ T4580] ? ret_from_fork_asm+0x1a/0x30 [ 343.619840][ T4580] ? vprintk_emit+0xb5e/0xb70 [ 343.624695][ T4580] ? vprintk_default+0x3f/0x50 [ 343.629710][ T4580] ? vprintk+0x36/0x50 [ 343.633902][ T4580] ? _printk+0x17e/0x1b0 [ 343.638350][ T4580] ? kmsan_get_metadata+0xfb/0x160 [ 343.643667][ T4580] __msan_warning+0x1b/0x30 [ 343.648333][ T4580] nci_ntf_packet+0x26b2/0x46c0 [ 343.653380][ T4580] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 343.659630][ T4580] ? sk_skb_reason_drop+0x13f/0x440 [ 343.665032][ T4580] nci_rx_work+0x403/0x750 [ 343.669632][ T4580] ? __pfx_nci_rx_work+0x10/0x10 [ 343.674745][ T4580] process_scheduled_works+0xb91/0x1d80 [ 343.680561][ T4580] worker_thread+0xedf/0x1590 [ 343.685424][ T4580] kthread+0xd5c/0xf00 [ 343.689646][ T4580] ? __pfx_worker_thread+0x10/0x10 [ 343.694919][ T4580] ? __pfx_kthread+0x10/0x10 [ 343.699653][ T4580] ret_from_fork+0x208/0x710 [ 343.704426][ T4580] ? __switch_to+0x53d/0x790 [ 343.709192][ T4580] ? __pfx_kthread+0x10/0x10 [ 343.713930][ T4580] ret_from_fork_asm+0x1a/0x30 [ 343.718898][ T4580] [ 343.722444][ T4580] Kernel Offset: disabled [ 343.726818][ T4580] Rebooting in 86400 seconds..