last executing test programs: 2m55.926324061s ago: executing program 2 (id=1067): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101900, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000300)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0xffff0000) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000002540)=0x13) 2m55.542858448s ago: executing program 2 (id=1069): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x2000000}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x2000) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) 2m55.455944431s ago: executing program 2 (id=1071): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000040)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYRES32=r3, @ANYBLOB=',\x00/'], 0x48}, 0x1, 0x0, 0x0, 0x40800}, 0x4040044) 2m55.431559174s ago: executing program 2 (id=1072): socket$inet6_tcp(0xa, 0x1, 0x0) socket(0xa, 0x3, 0xff) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x8001, @empty, 0x80000001}, 0x1c) unshare(0x28000600) ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0xa048c5, &(0x7f0000000340)={[{@shortname_mixed}, {@utf8no}, {@numtail}, {@uni_xlateno}, {@uni_xlateno}, {@uni_xlate}, {@uni_xlate}, {@shortname_win95}, {@fat=@nocase}, {@uni_xlateno}, {@utf8no}, {}]}, 0x0, 0x291, &(0x7f0000000580)="$eJzs3c1qE28Ux/Ffk6YvKW2y+PMHBfGgG90MbbyCIC2IAaU2oi6EqZ1oyJiUTKxExHbn1usoLt0J6g104869uCmC4KYLMdIkY5M2YltTpzbfD5Q5nec5M8+8hTMDmWzeevGwVAicgltTbMwUk9a0JaW3o7ah9jTWjEfUaU0XJ75+OHPj9p2r2Vxudt5sLrtwKWNmU2ffPH768ty72sTNV1OvR7WRvrv5JfNx4/+NU5vfF8KlVyTXFiuVmrvoe7ZUDEqO2XXfcwPPiuXAq9aso73gV5aX6+aWlyaTy1UvCMwt163k1a1WsVq1bu59t1g2x3FsMqlBEz9wRn59ft7NHslgEIXxXjOr1awb79mYX/8bgwIAAMdLVPX/g2JgxcDKla76fm/9HxP1/9Gh/h8E2/V/sn39dqP+BwAAAAAAAAAAAAAAAAAAAADgX7DVaKQajUYqnIZ/o5LGJIX/h/1Hoh0u+uygxx8nS8cX98Yk//lKfiXfmrbaswUV5cvTdEL61jwf2lrx3JXc7LQ1pfXWX23nr67k4xoN80Pp3vkzrXzrzk8o2bn+jFL6r3d+pmf+iC6cD/MTnhyl9P6eKvK11Dyvd/KfzZhdvpbblT/e7AcAAAAAwEng2E977t+b7Y6Frw3Z1d6aufN8QKnfPB/YdX89rNPD0W03AAAAAACDJKg/Kbm+71W7gtieOSchCH//oC8L/NWuI+hbEJN02PT4nx3lz5ISOg47oa/Bp0etK2A/naP8VAIAAABwFMKifyjqgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMMD2+/KwsP9h3j3Wsbp4NFsJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHA8/AgAA//+oMRp3") r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1333404, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) read$FUSE(r0, &(0x7f0000000840)={0x2020}, 0x2020) 2m55.351326429s ago: executing program 2 (id=1073): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) getdents64(r5, &(0x7f0000000580)=""/174, 0xae) 2m54.055192114s ago: executing program 2 (id=1078): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x800) r4 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r4, 0x0, 0x800) 2m53.91604953s ago: executing program 32 (id=1078): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x800) r4 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r4, 0x0, 0x800) 2m38.406300851s ago: executing program 3 (id=1207): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1f, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18000000fbffffff000000008000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 2m38.335261369s ago: executing program 3 (id=1208): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "de442bfc7910e10ac69ac014b0fa7807b11d2c99ed1f40d47a6edb3367b5cc888e1fd5102ae2d3d05f251f8d49025ceab4152b6e6d87cd6088e97a9d06d29143"}, 0x48, 0xffffffffffffffff) keyctl$chown(0x4, r5, 0xee01, 0xee00) 2m37.447519857s ago: executing program 3 (id=1214): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="07000000040000008000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000700000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r2, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) sendmmsg$inet(r2, &(0x7f0000001380)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000640)="8d", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000dc0)="97", 0x1}], 0x1}}], 0x2, 0x24044c41) 2m37.447202928s ago: executing program 3 (id=1215): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x18000000000002a0, 0xb, 0x0, &(0x7f0000000240)="b9ff03316844268cb89e14", 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m37.446444611s ago: executing program 3 (id=1217): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2c2b01, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x8000000, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x1000100, 0x7, 0x6361, 0x805, 0x9, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20008050}, 0x0) sendmsg$nl_route_sched(r6, 0x0, 0x4000000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2m37.306153116s ago: executing program 3 (id=1220): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='ext4_sync_fs\x00', r2}, 0x10) sync() 2m21.674965695s ago: executing program 33 (id=1220): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='ext4_sync_fs\x00', r2}, 0x10) sync() 5.982615848s ago: executing program 0 (id=2169): prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000600)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$audio(0xffffffffffffff9c, 0x0, 0xa0100, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$binfmt_register(r4, &(0x7f0000000500)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x6, 0x3a, '@', 0x3a, '\\\x9e\xbd\x1d\r6\xea\x12+(\x03z', 0x3a, './file0', 0x3a, [0x50, 0x43]}, 0x36) r5 = epoll_create1(0x80000) r6 = fcntl$dupfd(r3, 0x406, r5) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r3, &(0x7f00000001c0)={0x10000014}) r7 = getpid() r8 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) kcmp$KCMP_EPOLL_TFD(r7, r8, 0x7, r6, &(0x7f0000000100)={r5, r6}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c80)=@newtaction={0x64, 0x30, 0x871a15abc695fb3d, 0x0, 0x80000, {}, [{0x50, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0xfffff800, 0x40, 0x1, 0x3, 0x80000000}, 0x3}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000044}, 0x0) ioctl$KDGKBTYPE(0xffffffffffffffff, 0x4b33, &(0x7f0000000140)) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) 4.803248963s ago: executing program 0 (id=2181): r0 = socket(0x840000000002, 0x3, 0x100) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$unix(r1, 0x0, 0x24040040) recvmsg(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) socket$inet6(0xa, 0x2, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000000)={@mcast2={0xff, 0x5}, 0x200, 0x0, 0xff, 0x3}, 0x20) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') pread64(r4, &(0x7f0000001480)=""/4122, 0x101a, 0x9a) connect$inet(r0, 0x0, 0x0) ioctl$EVIOCSMASK(0xffffffffffffffff, 0x40104593, &(0x7f0000000100)={0x8, 0x0, 0x0}) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000080)=0x7) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, 0x0) sendmmsg$inet(r0, &(0x7f0000000c00), 0x0, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, 0x0, 0x0) 3.831306927s ago: executing program 0 (id=2189): unshare(0x24000400) r0 = gettid() timer_create(0x1, &(0x7f0000000900)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f00000008c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) preadv(r1, 0x0, 0x0, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee7, 0x8031, 0xffffffffffffffff, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, 0x0) preadv2(r2, &(0x7f0000000100)=[{&(0x7f0000000180)=""/149, 0x95}], 0x1, 0x100005, 0x1, 0x0) 2.759776017s ago: executing program 5 (id=2195): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r3, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r1], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) r4 = openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.log\x00', 0x101080, 0x140) setsockopt$MRT_DEL_VIF(r4, 0x0, 0xcb, &(0x7f00000000c0)={0x0, 0x1, 0x1, 0x4b, @vifc_lcl_ifindex=r3, @broadcast}, 0x10) r5 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r5, 0x0, 0x0, 0x44010, &(0x7f0000000180)={0x11, 0x1, r3, 0x1, 0x12, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x40}}, 0x14) 2.68302902s ago: executing program 5 (id=2196): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r3}, 0x18) sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x20, 0x0, 0x0, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x4, 0x63}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) getdents64(r4, &(0x7f0000000580)=""/174, 0xae) 2.451994158s ago: executing program 1 (id=2199): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000940)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0x5, 0xb}, {0xfff3, 0xb}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x40000) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'syzkaller0\x00', 0x0}) r5 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r5, 0x0, 0x0, 0x40, &(0x7f0000000140)={0x11, 0x86dd, r4, 0x1, 0x3, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}}, 0x14) 2.371321318s ago: executing program 0 (id=2200): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002240), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) pivot_root(&(0x7f0000000040)='./file0/../file0/../file0/../file0/../file0\x00', &(0x7f0000000600)='./file0/../file0/../file0/../file0\x00') 2.363805297s ago: executing program 1 (id=2201): r0 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0xa) fchdir(r1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r5, &(0x7f0000000f80)=""/4096, 0x1000) 1.852865264s ago: executing program 5 (id=2203): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000"], 0x40}}, 0x0) 1.54174237s ago: executing program 0 (id=2206): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) write$binfmt_elf32(r1, &(0x7f0000000e00)=ANY=[], 0x958) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) write$binfmt_script(r1, &(0x7f0000000300)={'#! ', './file0', [], 0xa, "574af3849be33785b8533755"}, 0x17) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1) 1.488352148s ago: executing program 1 (id=2207): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x8982, &(0x7f0000000480)={0x7, 'pimreg1\x00', {0x7}, 0x8}) sendmsg$rds(r2, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x10000000) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r5, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e21, 0x80000, @loopback, 0xfffffffd}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=[@dstopts={{0x18}}], 0x18}, 0xc4) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r6, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x1b, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b70500182a000200000555000000000000000000", @ANYRES32=0x1, @ANYBLOB="00000000080000005047100010000000007701000000000085200000010000004bb90001fcffffff18110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70200000000000085000000860000008520000001000000950000000000"], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7fff}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000001c0)=[{0x1, 0x2, 0x2, 0x9}], 0x10, 0x1}, 0x94) r7 = socket$kcm(0x29, 0x5, 0x0) r8 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x10000003, 0x0, 0x81, 0x1ff, 0x1}, 0x1c) recvmmsg(r8, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)=""/82, 0x52}], 0x1}, 0x10}], 0x1, 0x2100, 0x0) recvmmsg$unix(r8, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) sendmmsg(r8, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) sendmsg$kcm(r7, &(0x7f0000000680)={&(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, r8, 0x3, 0x0, 0x2, 0x2, {0xa, 0x4e22, 0xc, @mcast1, 0xbe4}}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000080)="956a3456", 0x4}], 0x1, &(0x7f00000006c0)=ANY=[@ANYBLOB="d8000000000000000f01000047000000989757ac1b87091f22d6da63611423cb97737e8214a0eea85eda5eb87c161847e35004a35f4a0451c512ae9f19db439b4eff0f2462314d6ce1a94a6ab1854301b3e151aa4cd40fc514bb121dac596d45bdad4beb223477f66d6450ca695e8c9e97368d051965ab5585f659a9520b971e5d47c6898b0aeb0b03b4b8adc82e4eed07c387024db0131165e25326fd8bbfa9cfd65054c7daa6d793d58fc010391ba1c1e6b993a455d6bf7f1f76edef3c325c6a32d3937d81e62e551e7d1d5934629a532d00000000000048000000000000001401000003000000f71683e7b16f08dc3d4f68e78375f8466ef1c527ec568d2206cd08278cf688e55104081ba271792842a7f001419cd8ffbd7f354f2a6c00000f00000000000000110100000f0000008ba75eef003ea8bbca331b8c9c7d4075375ed4be7daff79007c2ee938def1fedd53ed6f18e49ea9959e77cff43c9436aa1a4c824d7a0eaccd3779c18c049a61e48e982a1d4e17251de4bc0d74d9082e17925650c76436180613143982b595c2519a65b80c35076608f71857d06cf876f8509e860f9fc258449ac8c1a0ea1202a142d19e3141c1f52fd62f64799d21ad28fbf31b970d74bcacbf2c875645600001000000000000000020100000500000068b4afd7a129a61568c02de53140d46e5c8bcf1ffec57e6e8e0c676bc72791f9c8f815d04897c40343138cc22f491f49f0f6866ef8b29ab600000000beed8ee6e99cffe558700a7a1fb584112dd138bc77e766a4952404de8b7b69434ebd0624dece30eb4a6416489ae95180e0e081da4df0687c7000219b3bafa4a59a8980637ab7a030311b0cdfaa183bbcac1199e48e8ae35029bf0ba251a86f756dfcf76023239a7bb15584341c20abca0bd308f7845b2d73f12b56d784bf26632bc80e6b8d60f02e17121d0964452c87174c6c7ca5920cc3c03957193fcefa44a48b97582b229c3f7897dbab3b9127f3341bc644bb090bce59e75404e565133df8d8cf14fe846ced39894a07d6d5b6dc392f4e6b2f7fb3c59f52834537ba558300000000"], 0x1e0}, 0x8080) sendmmsg(r4, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 1.146239917s ago: executing program 1 (id=2211): epoll_create1(0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x0, 0x0) syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00', 0x40}) ioctl$UI_DEV_CREATE(r2, 0x5501) 1.144584325s ago: executing program 6 (id=2212): openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40)={0x8000203d}) 1.053632939s ago: executing program 6 (id=2213): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0) write$nbd(r0, &(0x7f0000000340)={0x1000000, 0x0, 0x0, 0x0, 0x200000, "82b0cfc4337965941538be02000000000000000000007400a391793ba7f40000000000fdf70000000000000000"}, 0x3d) 1.052192424s ago: executing program 1 (id=2214): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000b702000014000000b70300"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r2, 0x0, 0x1843}, 0x18) r3 = openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r3, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f00000000c0)={0x4, &(0x7f0000000000)=[{0x2d, 0x0, 0x3, 0xb}, {0x20}, {}, {0x0, 0x2}]}) r5 = socket(0x840000000002, 0x3, 0x100) connect$inet(r5, &(0x7f00000005c0)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r5, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'gretap0\x00'}) r6 = socket(0x8000000010, 0x2, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$AUTOFS_IOC_PROTOVER(r6, 0x80049363, &(0x7f0000000240)) ioctl$sock_inet_SIOCSARP(r7, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) socket$netlink(0x10, 0x3, 0x0) 999.222646ms ago: executing program 6 (id=2215): bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, 0x0, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x10000000) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r3, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r4, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e21, 0x80000, @loopback, 0xfffffffd}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=[@dstopts={{0x18}}], 0x18}, 0xc4) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r5, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x1b, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=r6, @ANYBLOB="0000000000000000b70500182a000200000555000000000000000000", @ANYRES32=0x1, @ANYBLOB="00000000080000005047100010000000007701000000000085200000010000004bb90001fcffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70200000000000085000000860000008520000001000000950000000000"], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x8, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000001c0)=[{0x1, 0x2, 0x2, 0x9}], 0x10, 0x1}, 0x94) r7 = socket$kcm(0x29, 0x5, 0x0) r8 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x10000003, 0x0, 0x81, 0x1ff, 0x1}, 0x1c) recvmmsg(r8, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)=""/82, 0x52}], 0x1}, 0x10}], 0x1, 0x2100, 0x0) recvmmsg$unix(r8, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) sendmmsg(r8, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) sendmsg$kcm(r7, &(0x7f0000000680)={&(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, r8, 0x3, 0x0, 0x2, 0x2, {0xa, 0x4e22, 0xc, @mcast1, 0xbe4}}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000080)="956a3456", 0x4}], 0x1, &(0x7f00000006c0)=ANY=[@ANYBLOB="d8000000000000000f01000047000000989757ac1b87091f22d6da63611423cb97737e8214a0eea85eda5eb87c161847e35004a35f4a0451c512ae9f19db439b4eff0f2462314d6ce1a94a6ab1854301b3e151aa4cd40fc514bb121dac596d45bdad4beb223477f66d6450ca695e8c9e97368d051965ab5585f659a9520b971e5d47c6898b0aeb0b03b4b8adc82e4eed07c387024db0131165e25326fd8bbfa9cfd65054c7daa6d793d58fc010391ba1c1e6b993a455d6bf7f1f76edef3c325c6a32d3937d81e62e551e7d1d5934629a532d00000000000048000000000000001401000003000000f71683e7b16f08dc3d4f68e78375f8466ef1c527ec568d2206cd08278cf688e55104081ba271792842a7f001419cd8ffbd7f354f2a6c00000f00000000000000110100000f0000008ba75eef003ea8bbca331b8c9c7d4075375ed4be7daff79007c2ee938def1fedd53ed6f18e49ea9959e77cff43c9436aa1a4c824d7a0eaccd3779c18c049a61e48e982a1d4e17251de4bc0d74d9082e17925650c76436180613143982b595c2519a65b80c35076608f71857d06cf876f8509e860f9fc258449ac8c1a0ea1202a142d19e3141c1f52fd62f64799d21ad28fbf31b970d74bcacbf2c875645600001000000000000000020100000500000068b4afd7a129a61568c02de53140d46e5c8bcf1ffec57e6e8e0c676bc72791f9c8f815d04897c40343138cc22f491f49f0f6866ef8b29ab600000000beed8ee6e99cffe558700a7a1fb584112dd138bc77e766a4952404de8b7b69434ebd0624dece30eb4a6416489ae95180e0e081da4df0687c7000219b3bafa4a59a8980637ab7a030311b0cdfaa183bbcac1199e48e8ae35029bf0ba251a86f756dfcf76023239a7bb15584341c20abca0bd308f7845b2d73f12b56d784bf26632bc80e6b8d60f02e17121d0964452c87174c6c7ca5920cc3c03957193fcefa44a48b97582b229c3f7897dbab3b9127f3341bc644bb090bce59e75404e565133df8d8cf14fe846ced39894a07d6d5b6dc392f4e6b2f7fb3c59f52834537ba558300000000"], 0x1e0}, 0x8080) sendmmsg(r3, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 995.16898ms ago: executing program 5 (id=2216): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000000)={0x9fe2, 0x1, 0x7, 0x9, &(0x7f0000000140)=[{}]}) 971.051762ms ago: executing program 5 (id=2217): r0 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0xa) fchdir(r1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$dir(0xffffffffffffff9c, 0x0, 0x101000, 0x108) getdents64(r5, &(0x7f0000000f80)=""/4096, 0x1000) 884.781838ms ago: executing program 6 (id=2218): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0x1, 0x120d, &(0x7f0000001280)="$eJzs3M+LG2UYB/Bnd2u3bt0faq22IL7oRS9Ddw9e9BJkC9KA0jZCKwhTN9GwYxIyYSEiVk+eBP8OEUTwJog3vezF/0DwthdvVhBHNqlto6k0omYpn88lDzzzTZ43IYEJ78zBi5+8s9sqs1Y+iMWFhVjsRaQbKVIsxh8+iOde+Pa7Jy9duXqhVq9vX0zpfO3y5vMppbWnvn79vc+e/mZw8rUv175ajv2NNw5+2vpx//T+mYPfLr/dLlO7TJ3uIOXpWrc7yK8VzbTTLnezlF4tmnnZTO1O2exP9FtFt9cbpryzs7rS6zfLMuWdpZuTpEF/mPK38nYnZVmWVleC2R27VTU+vVFVVURVPRDHo6qq6sFYiZPxUKzGWqzHRjwcj8SjcSoei9PxeDwRX/zw+fAwAQAAAAAAAAAAAAAAAAAAAPx7Zr3+/8zoqHlPDQAAAAAAAAAAAAAAAAAAAPeXS1euXqjV69sXUzoRUXy019hrjB/H/Vor2lFEM87Fevwao6v/x8b1+Zfr2+fSyEZ8WFy/mb++11iazG+ObicwNb85zqfJ/HKs3JnfivU4NT2/NTV/Ip595o58Fuvx/ZvRjSJ24jB7O//+ZkovvVL/U/7s6DgAAAC4H2Tplqnn71l2t/44P8P/AxPn14fZs8fmunQiohy+u5sXRbOvOPLF8fmO8UtVVf/VSywdgbf3b4u7f1OWI+Jenufnaa2FiDgaC/xLMe9fJv4Ptz/0eU8CAAAAAAAAAADALP7pDsGPx9vD72nn47zXCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Ds7cCwAAAAAIMzfOo2ODQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACArwIAAP//GgHNcg==") 539.400213ms ago: executing program 0 (id=2219): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000540)={r3, 0x1}, 0x8) 497.770825ms ago: executing program 4 (id=2221): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x8982, &(0x7f0000000480)={0x7, 'pimreg1\x00', {0x7}, 0x8}) sendmsg$rds(r2, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x10000000) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r5, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e21, 0x80000, @loopback, 0xfffffffd}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=[@dstopts={{0x18}}], 0x18}, 0xc4) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r6, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x1b, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b70500182a000200000555000000000000000000", @ANYRES32=0x1, @ANYBLOB="00000000080000005047100010000000007701000000000085200000010000004bb90001fcffffff18110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70200000000000085000000860000008520000001000000950000000000"], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7fff}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000001c0)=[{0x1, 0x2, 0x2, 0x9}], 0x10, 0x1}, 0x94) r7 = socket$kcm(0x29, 0x5, 0x0) r8 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x10000003, 0x0, 0x81, 0x1ff, 0x1}, 0x1c) recvmmsg(r8, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)=""/82, 0x52}], 0x1}, 0x10}], 0x1, 0x2100, 0x0) recvmmsg$unix(r8, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) sendmmsg(r8, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) sendmsg$kcm(r7, &(0x7f0000000680)={&(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, r8, 0x3, 0x0, 0x2, 0x2, {0xa, 0x4e22, 0xc, @mcast1, 0xbe4}}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000080)="956a3456", 0x4}], 0x1, &(0x7f00000006c0)=ANY=[@ANYBLOB="d8000000000000000f01000047000000989757ac1b87091f22d6da63611423cb97737e8214a0eea85eda5eb87c161847e35004a35f4a0451c512ae9f19db439b4eff0f2462314d6ce1a94a6ab1854301b3e151aa4cd40fc514bb121dac596d45bdad4beb223477f66d6450ca695e8c9e97368d051965ab5585f659a9520b971e5d47c6898b0aeb0b03b4b8adc82e4eed07c387024db0131165e25326fd8bbfa9cfd65054c7daa6d793d58fc010391ba1c1e6b993a455d6bf7f1f76edef3c325c6a32d3937d81e62e551e7d1d5934629a532d00000000000048000000000000001401000003000000f71683e7b16f08dc3d4f68e78375f8466ef1c527ec568d2206cd08278cf688e55104081ba271792842a7f001419cd8ffbd7f354f2a6c00000f00000000000000110100000f0000008ba75eef003ea8bbca331b8c9c7d4075375ed4be7daff79007c2ee938def1fedd53ed6f18e49ea9959e77cff43c9436aa1a4c824d7a0eaccd3779c18c049a61e48e982a1d4e17251de4bc0d74d9082e17925650c76436180613143982b595c2519a65b80c35076608f71857d06cf876f8509e860f9fc258449ac8c1a0ea1202a142d19e3141c1f52fd62f64799d21ad28fbf31b970d74bcacbf2c875645600001000000000000000020100000500000068b4afd7a129a61568c02de53140d46e5c8bcf1ffec57e6e8e0c676bc72791f9c8f815d04897c40343138cc22f491f49f0f6866ef8b29ab600000000beed8ee6e99cffe558700a7a1fb584112dd138bc77e766a4952404de8b7b69434ebd0624dece30eb4a6416489ae95180e0e081da4df0687c7000219b3bafa4a59a8980637ab7a030311b0cdfaa183bbcac1199e48e8ae35029bf0ba251a86f756dfcf76023239a7bb15584341c20abca0bd308f7845b2d73f12b56d784bf26632bc80e6b8d60f02e17121d0964452c87174c6c7ca5920cc3c03957193fcefa44a48b97582b229c3f7897dbab3b9127f3341bc644bb090bce59e75404e565133df8d8cf14fe846ced39894a07d6d5b6dc392f4e6b2f7fb3c59f52834537ba558300000000"], 0x1e0}, 0x8080) sendmmsg(r4, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 335.897908ms ago: executing program 4 (id=2222): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) sendmsg$nl_route(r0, 0x0, 0xc020) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0) 313.81745ms ago: executing program 4 (id=2223): openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x80800, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f0000000280)={0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 291.323195ms ago: executing program 4 (id=2224): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) r1 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10, 0x0}, 0x300060c1) setsockopt$sock_attach_bpf(r1, 0x6, 0x3, 0x0, 0x0) sendmsg$inet(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000005c0)='=', 0x1}], 0x1}, 0x41) sendto$inet6(r0, &(0x7f00000000c0)="b2", 0x1, 0x240040c4, &(0x7f0000000040)={0xa, 0x2, 0x80398, @empty, 0xfffffffe}, 0x1c) 227.378668ms ago: executing program 4 (id=2225): r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0) write$nbd(r0, &(0x7f0000000340)={0x1000000, 0x0, 0x0, 0x0, 0x200000, "82b0cfc4337965941538be02000000000000000000007400a391793ba7f40000000000fdf70000000000000000"}, 0x3d) 227.065597ms ago: executing program 4 (id=2226): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f00050000000300"], 0x40}}, 0x0) 193.167159ms ago: executing program 1 (id=2227): ioctl$SNDRV_PCM_IOCTL_REWIND(0xffffffffffffffff, 0x40084146, &(0x7f00000000c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) bind$can_raw(r2, &(0x7f0000000000)={0x1d, r3}, 0x10) setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, &(0x7f00000000c0), 0xf00) bind$can_raw(r2, &(0x7f0000000080), 0x10) 84.131402ms ago: executing program 5 (id=2228): bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, 0x0, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x10000000) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r3, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r4, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e21, 0x80000, @loopback, 0xfffffffd}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=[@dstopts={{0x18}}], 0x18}, 0xc4) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r5, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x1b, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=r6, @ANYBLOB="0000000000000000b70500182a000200000555000000000000000000", @ANYRES32=0x1, @ANYBLOB="00000000080000005047100010000000007701000000000085200000010000004bb90001fcffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70200000000000085000000860000008520000001000000950000000000"], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7fff}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r7 = socket$kcm(0x29, 0x5, 0x0) r8 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x10000003, 0x0, 0x81, 0x1ff, 0x1}, 0x1c) recvmmsg(r8, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)=""/82, 0x52}], 0x1}, 0x10}], 0x1, 0x2100, 0x0) recvmmsg$unix(r8, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) sendmmsg(r8, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) sendmsg$kcm(r7, &(0x7f0000000680)={&(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, r8, 0x3, 0x0, 0x2, 0x2, {0xa, 0x4e22, 0xc, @mcast1, 0xbe4}}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000080)="956a3456", 0x4}], 0x1, &(0x7f00000006c0)=ANY=[@ANYBLOB="d8000000000000000f01000047000000989757ac1b87091f22d6da63611423cb97737e8214a0eea85eda5eb87c161847e35004a35f4a0451c512ae9f19db439b4eff0f2462314d6ce1a94a6ab1854301b3e151aa4cd40fc514bb121dac596d45bdad4beb223477f66d6450ca695e8c9e97368d051965ab5585f659a9520b971e5d47c6898b0aeb0b03b4b8adc82e4eed07c387024db0131165e25326fd8bbfa9cfd65054c7daa6d793d58fc010391ba1c1e6b993a455d6bf7f1f76edef3c325c6a32d3937d81e62e551e7d1d5934629a532d00000000000048000000000000001401000003000000f71683e7b16f08dc3d4f68e78375f8466ef1c527ec568d2206cd08278cf688e55104081ba271792842a7f001419cd8ffbd7f354f2a6c00000f00000000000000110100000f0000008ba75eef003ea8bbca331b8c9c7d4075375ed4be7daff79007c2ee938def1fedd53ed6f18e49ea9959e77cff43c9436aa1a4c824d7a0eaccd3779c18c049a61e48e982a1d4e17251de4bc0d74d9082e17925650c76436180613143982b595c2519a65b80c35076608f71857d06cf876f8509e860f9fc258449ac8c1a0ea1202a142d19e3141c1f52fd62f64799d21ad28fbf31b970d74bcacbf2c875645600001000000000000000020100000500000068b4afd7a129a61568c02de53140d46e5c8bcf1ffec57e6e8e0c676bc72791f9c8f815d04897c40343138cc22f491f49f0f6866ef8b29ab600000000beed8ee6e99cffe558700a7a1fb584112dd138bc77e766a4952404de8b7b69434ebd0624dece30eb4a6416489ae95180e0e081da4df0687c7000219b3bafa4a59a8980637ab7a030311b0cdfaa183bbcac1199e48e8ae35029bf0ba251a86f756dfcf76023239a7bb15584341c20abca0bd308f7845b2d73f12b56d784bf26632bc80e6b8d60f02e17121d0964452c87174c6c7ca5920cc3c03957193fcefa44a48b97582b229c3f7897dbab3b9127f3341bc644bb090bce59e75404e565133df8d8cf14fe846ced39894a07d6d5b6dc392f4e6b2f7fb3c59f52834537ba558300000000"], 0x1e0}, 0x8080) sendmmsg(r3, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 36.574456ms ago: executing program 6 (id=2229): openat$fuse(0xffffffffffffff9c, &(0x7f0000002240), 0x2, 0x0) pivot_root(&(0x7f0000000040)='./file0/../file0/../file0/../file0/../file0\x00', &(0x7f0000000600)='./file0/../file0/../file0/../file0\x00') 0s ago: executing program 6 (id=2230): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r0, 0x0, 0x0, 0x20004041, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x5, &(0x7f0000000080)=0x2, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) clock_nanosleep(0x2, 0x1, 0x0, &(0x7f0000000380)) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000600)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, r3, 0x0, &(0x7f0000000000)="bd", 0x1, 0x100, 0x1}) io_uring_enter(0xffffffffffffffff, 0x46f3, 0x0, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x2, 0x0) kernel console output (not intermixed with test programs): 62] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.139335][ T4862] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.193154][T10107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.194686][T10107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.215459][ T5080] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.215510][ T5080] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.412438][T10612] loop1: detected capacity change from 0 to 256 [ 150.445142][T10612] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 150.445214][T10612] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 150.546945][ T31] audit: type=1326 audit(150.520:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10610 comm="syz.4.1327" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 150.546989][ T31] audit: type=1326 audit(150.520:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10610 comm="syz.4.1327" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 150.554189][T10612] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 150.556290][T10612] exFAT-fs (loop1): failed to load alloc-bitmap [ 150.556304][T10612] exFAT-fs (loop1): failed to recognize exfat type [ 150.585742][T10619] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 151.937243][ T6568] Bluetooth: hci5: command tx timeout [ 152.248917][T10644] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1336'. [ 153.105332][T10670] binder: 10669:10670 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 153.108455][T10670] binder: 10670 RLIMIT_NICE not set [ 153.156133][T10671] binder: 10669:10671 tried to acquire reference to desc 0, got 1 instead [ 153.161824][T10670] binder: 10670 RLIMIT_NICE not set [ 153.167046][ T6559] binder: release 10669:10671 transaction 19 out, still active [ 153.167091][ T6559] binder: undelivered TRANSACTION_COMPLETE [ 153.180464][ T6559] binder: release 10669:10670 transaction 19 in, still active [ 153.180503][ T6559] binder: send failed reply for transaction 19, target dead [ 153.765645][T10692] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 153.841330][T10696] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 154.002758][ T6568] Bluetooth: hci5: command tx timeout [ 154.027817][T10699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1355'. [ 154.028080][T10699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1355'. [ 154.036340][T10701] binder: 10700:10701 got reply transaction with no transaction stack [ 154.038396][T10701] binder: 10700:10701 transaction reply to 0:0 failed 20/29201/-71, code 0 size 0-0 line 3135 [ 154.040858][ T6559] binder: undelivered TRANSACTION_ERROR: 29201 [ 154.615855][T10729] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1367'. [ 154.619037][T10729] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1367'. [ 155.092676][T10739] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 155.584810][T10759] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 156.086937][ T6568] Bluetooth: hci5: command tx timeout [ 156.116464][T10763] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1378'. [ 156.119236][T10763] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1378'. [ 158.076901][T10772] loop1: detected capacity change from 0 to 512 [ 158.078203][T10772] ext3: Unknown parameter 'rootcontext' [ 158.186638][T10782] overlayfs: failed to resolve './file1': -2 [ 158.960833][T10803] binder: 10802:10803 ioctl c0306201 0 returned -14 [ 159.171751][T10805] binder: 10802:10805 ioctl 4018620d 0 returned -22 [ 159.424634][T10811] loop1: detected capacity change from 0 to 512 [ 159.436181][T10811] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.1394: inode has both inline data and extents flags [ 159.438981][T10811] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1394: couldn't read orphan inode 15 (err -117) [ 159.442978][T10811] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.534945][ T1813] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 159.540063][ T1813] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 159.542090][T10818] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 159.561813][T10819] fido_id[10819]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 160.369579][ T6554] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.458535][T10840] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1402'. [ 161.468016][T10840] tipc: Enabling of bearer rejected, already enabled [ 161.472262][T10840] netlink: 'syz.4.1402': attribute type 1 has an invalid length. [ 161.474970][T10840] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1402'. [ 162.221677][T10858] loop0: detected capacity change from 0 to 40427 [ 162.259248][T10858] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 162.261860][T10858] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 162.369559][T10865] loop6: detected capacity change from 0 to 128 [ 162.420750][T10858] bio_check_eod: 215 callbacks suppressed [ 162.422150][T10858] syz.0.1407: attempt to access beyond end of device [ 162.422150][T10858] loop0: rw=2049, sector=45096, nr_sectors = 8152 limit=40427 [ 162.428379][T10858] syz.0.1407: attempt to access beyond end of device [ 162.428379][T10858] loop0: rw=2049, sector=45056, nr_sectors = 8 limit=40427 [ 162.445440][T10858] syz.0.1407: attempt to access beyond end of device [ 162.445440][T10858] loop0: rw=2049, sector=57344, nr_sectors = 3896 limit=40427 [ 162.505815][T10858] syz.0.1407: attempt to access beyond end of device [ 162.505815][T10858] loop0: rw=524288, sector=45096, nr_sectors = 256 limit=40427 [ 162.508750][T10858] syz.0.1407: attempt to access beyond end of device [ 162.508750][T10858] loop0: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 162.511467][T10858] syz.0.1407: attempt to access beyond end of device [ 162.511467][T10858] loop0: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 162.514252][T10858] syz.0.1407: attempt to access beyond end of device [ 162.514252][T10858] loop0: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 162.517661][T10858] syz.0.1407: attempt to access beyond end of device [ 162.517661][T10858] loop0: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 162.520439][T10858] syz.0.1407: attempt to access beyond end of device [ 162.520439][T10858] loop0: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 162.523128][T10858] syz.0.1407: attempt to access beyond end of device [ 162.523128][T10858] loop0: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 162.858643][ T31] audit: type=1326 audit(162.840:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10873 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 162.862396][ T31] audit: type=1326 audit(162.850:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10873 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 162.862436][ T31] audit: type=1326 audit(162.850:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10873 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 162.862465][ T31] audit: type=1326 audit(162.850:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10873 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 162.862480][ T31] audit: type=1326 audit(162.850:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10873 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 162.869555][ T31] audit: type=1326 audit(162.850:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10873 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=0 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 162.869578][ T31] audit: type=1326 audit(162.850:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10873 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 162.869592][ T31] audit: type=1326 audit(162.850:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10873 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 162.869606][ T31] audit: type=1326 audit(162.850:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10873 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=2 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 162.869619][ T31] audit: type=1326 audit(162.850:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10873 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 162.929841][T10867] buffer_io_error: 286 callbacks suppressed [ 162.929875][T10867] Buffer I/O error on dev loop6, logical block 128, lost async page write [ 162.929988][T10865] Buffer I/O error on dev loop6, logical block 128, lost async page write [ 162.930216][T10867] Buffer I/O error on dev loop6, logical block 128, lost async page write [ 162.972491][ T6561] CPU: 1 UID: 0 PID: 6561 Comm: syz-executor Not tainted syzkaller #0 PREEMPT [ 162.972513][ T6561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 162.972518][ T6561] Call trace: [ 162.972521][ T6561] show_stack+0x2c/0x3c (C) [ 162.972536][ T6561] __dump_stack+0x30/0x40 [ 162.972542][ T6561] dump_stack_lvl+0xd8/0x12c [ 162.972547][ T6561] dump_stack+0x1c/0x28 [ 162.972551][ T6561] f2fs_handle_critical_error+0x34c/0x4b8 [ 162.972565][ T6561] f2fs_stop_checkpoint+0x5c/0x70 [ 162.972571][ T6561] f2fs_write_end_io+0x768/0xa70 [ 162.972578][ T6561] bio_endio+0x858/0x894 [ 162.972584][ T6561] submit_bio_noacct+0xd64/0x186c [ 162.972591][ T6561] submit_bio+0x3b4/0x550 [ 162.972597][ T6561] f2fs_submit_write_bio+0x13c/0x324 [ 162.972603][ T6561] __submit_merged_bio+0x254/0x704 [ 162.972610][ T6561] __submit_merged_write_cond+0x23c/0x4ac [ 162.972616][ T6561] f2fs_write_data_pages+0x1d28/0x2634 [ 162.972622][ T6561] do_writepages+0x270/0x468 [ 162.972630][ T6561] filemap_fdatawrite+0x14c/0x1f4 [ 162.972634][ T6561] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 162.972640][ T6561] f2fs_write_checkpoint+0x70c/0x1c30 [ 162.972645][ T6561] kill_f2fs_super+0x228/0x594 [ 162.972651][ T6561] deactivate_locked_super+0xc4/0x12c [ 162.972658][ T6561] deactivate_super+0xe0/0x100 [ 162.972663][ T6561] cleanup_mnt+0x31c/0x3ac [ 162.972670][ T6561] __cleanup_mnt+0x20/0x30 [ 162.972675][ T6561] task_work_run+0x1dc/0x260 [ 162.972682][ T6561] exit_to_user_mode_loop+0xfc/0x178 [ 162.972688][ T6561] el0_svc+0x170/0x254 [ 162.972696][ T6561] el0t_64_sync_handler+0x84/0x12c [ 162.972702][ T6561] el0t_64_sync+0x198/0x19c [ 162.973395][ T6561] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 163.042084][T10880] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 163.049739][T10880] overlayfs: missing 'lowerdir' [ 163.392360][T10893] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.392556][T10893] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.568478][T10895] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2 [ 163.568550][T10895] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 163.907491][T10903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1414'. [ 163.907829][T10903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1414'. [ 163.907918][T10903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1414'. [ 163.907995][T10903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1414'. [ 164.167535][T10908] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1421'. [ 165.523494][T10925] loop1: detected capacity change from 0 to 512 [ 165.528803][T10925] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 165.533751][T10925] EXT4-fs (loop1): 1 truncate cleaned up [ 165.535393][T10925] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.576213][T10931] syz.4.1429 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 165.714026][T10935] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1427'. [ 165.766255][T10935] vlan2: entered promiscuous mode [ 165.766380][T10935] gretap0: entered promiscuous mode [ 166.248187][ T65] block nbd4: Possible stuck request 0000000024171d88: control (read@0,1024B). Runtime 90 seconds [ 166.248645][ T65] block nbd4: Possible stuck request 0000000026ef243b: control (read@1024,1024B). Runtime 90 seconds [ 166.249280][ T65] block nbd4: Possible stuck request 000000008cfc8cc4: control (read@2048,1024B). Runtime 90 seconds [ 166.249302][ T65] block nbd4: Possible stuck request 00000000f50e3908: control (read@3072,1024B). Runtime 90 seconds [ 167.833269][ T57] block nbd5: Possible stuck request 00000000705f32fb: control (read@0,1024B). Runtime 90 seconds [ 167.835213][ T57] block nbd5: Possible stuck request 00000000ebc554c6: control (read@1024,1024B). Runtime 90 seconds [ 167.837097][ T57] block nbd5: Possible stuck request 0000000080b4dd3c: control (read@2048,1024B). Runtime 90 seconds [ 167.838816][ T57] block nbd5: Possible stuck request 000000009213a592: control (read@3072,1024B). Runtime 90 seconds [ 167.855889][ T6554] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.978641][T10974] loop6: detected capacity change from 0 to 256 [ 167.980619][T10974] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 167.982806][T10974] exFAT-fs (loop6): Medium has reported failures. Some data may be lost. [ 168.083200][T10975] loop1: detected capacity change from 0 to 512 [ 168.607825][T10975] EXT4-fs (loop1): orphan cleanup on readonly fs [ 168.611471][T10975] __quota_error: 24 callbacks suppressed [ 168.611512][T10975] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 168.611612][T10975] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 168.611652][T10975] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.1439: Failed to acquire dquot type 1 [ 168.621271][T10975] EXT4-fs (loop1): 1 truncate cleaned up [ 168.937075][T10975] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 169.136223][T10974] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 169.142862][T10974] exFAT-fs (loop6): failed to load alloc-bitmap [ 169.142879][T10974] exFAT-fs (loop6): failed to recognize exfat type [ 169.178716][T10979] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 169.588080][ T6554] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.339153][ T31] audit: type=1326 audit(170.330:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10997 comm="syz.1.1448" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 170.342901][ T31] audit: type=1326 audit(170.330:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10997 comm="syz.1.1448" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=71 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 170.669991][T11023] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 170.752507][T11027] loop1: detected capacity change from 0 to 512 [ 170.899836][T11027] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.1457: invalid block [ 170.903742][T11027] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.1457: invalid indirect mapped block 4294967295 (level 1) [ 170.908129][T11027] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.1457: invalid indirect mapped block 4294967295 (level 1) [ 170.914631][T11027] EXT4-fs (loop1): 2 truncates cleaned up [ 170.917740][T11027] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.547294][T11029] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 171.691755][T11040] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1462'. [ 171.708099][ T6554] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.835079][T11048] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1465'. [ 171.942268][T11054] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 172.257496][T11060] loop6: detected capacity change from 0 to 512 [ 172.273994][T11060] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.353416][T10512] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.706119][T11081] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 173.733472][T11079] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1476'. [ 173.758412][T11083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 173.759084][T11083] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 173.898962][T11093] loop4: detected capacity change from 0 to 128 [ 174.336926][T11093] bio_check_eod: 429 callbacks suppressed [ 174.337220][T11093] syz.4.1481: attempt to access beyond end of device [ 174.337220][T11093] loop4: rw=2049, sector=129, nr_sectors = 8 limit=128 [ 174.337361][T11093] syz.4.1481: attempt to access beyond end of device [ 174.337361][T11093] loop4: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 174.337407][T11093] syz.4.1481: attempt to access beyond end of device [ 174.337407][T11093] loop4: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 174.337445][T11093] syz.4.1481: attempt to access beyond end of device [ 174.337445][T11093] loop4: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 174.337487][T11093] syz.4.1481: attempt to access beyond end of device [ 174.337487][T11093] loop4: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 174.337519][T11093] syz.4.1481: attempt to access beyond end of device [ 174.337519][T11093] loop4: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 174.337552][T11093] syz.4.1481: attempt to access beyond end of device [ 174.337552][T11093] loop4: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 174.337585][T11093] syz.4.1481: attempt to access beyond end of device [ 174.337585][T11093] loop4: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 174.337614][T11093] syz.4.1481: attempt to access beyond end of device [ 174.337614][T11093] loop4: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 174.337643][T11093] syz.4.1481: attempt to access beyond end of device [ 174.337643][T11093] loop4: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 174.458642][T11109] loop4: detected capacity change from 0 to 512 [ 174.525218][T11112] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 174.690057][T11109] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.1486: inode has both inline data and extents flags [ 174.693086][T11109] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1486: couldn't read orphan inode 15 (err -117) [ 174.697002][T11109] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.148152][T11120] loop1: detected capacity change from 0 to 512 [ 175.494395][T11117] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1488'. [ 175.525564][ T6560] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.568295][T11130] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 175.604182][T11133] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.604386][T11133] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.898281][T10464] block nbd8: Possible stuck request 00000000d5efd87c: control (read@0,1024B). Runtime 90 seconds [ 175.898325][T10464] block nbd8: Possible stuck request 0000000003ce7d3d: control (read@1024,1024B). Runtime 90 seconds [ 175.898346][T10464] block nbd8: Possible stuck request 00000000bad9978e: control (read@2048,1024B). Runtime 90 seconds [ 175.898358][T10464] block nbd8: Possible stuck request 00000000b9bff10b: control (read@3072,1024B). Runtime 90 seconds [ 175.904123][ T65] block nbd9: Possible stuck request 00000000eb2c260a: control (read@0,1024B). Runtime 90 seconds [ 175.904329][ T65] block nbd9: Possible stuck request 00000000c8c4460c: control (read@1024,1024B). Runtime 90 seconds [ 175.904338][ T65] block nbd9: Possible stuck request 00000000a3133b83: control (read@2048,1024B). Runtime 90 seconds [ 175.904346][ T65] block nbd9: Possible stuck request 0000000023900c11: control (read@3072,1024B). Runtime 90 seconds [ 176.218189][T11148] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 176.477378][ T65] block nbd10: Possible stuck request 0000000035090127: control (read@0,1024B). Runtime 90 seconds [ 176.477419][ T65] block nbd10: Possible stuck request 00000000ac3e392d: control (read@1024,1024B). Runtime 90 seconds [ 176.477435][ T65] block nbd10: Possible stuck request 0000000006b640e8: control (read@2048,1024B). Runtime 90 seconds [ 176.477445][ T65] block nbd10: Possible stuck request 0000000053a0fdae: control (read@3072,1024B). Runtime 90 seconds [ 176.697494][T11164] netlink: 128 bytes leftover after parsing attributes in process `syz.6.1506'. [ 176.734678][T11167] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 176.777651][T11165] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1504'. [ 177.793023][T11190] loop5: detected capacity change from 0 to 8192 [ 177.853403][ T31] audit: type=1326 audit(177.840:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.1.1516" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 177.853806][ T31] audit: type=1326 audit(177.840:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.1.1516" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=26 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 177.853987][ T31] audit: type=1326 audit(177.840:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.1.1516" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 177.854046][ T31] audit: type=1326 audit(177.840:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.1.1516" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 177.854319][ T31] audit: type=1326 audit(177.840:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.1.1516" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 177.854613][ T31] audit: type=1326 audit(177.840:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.1.1516" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 177.854682][ T31] audit: type=1326 audit(177.840:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.1.1516" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 177.855247][ T31] audit: type=1326 audit(177.840:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.1.1516" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=279 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 177.855356][ T31] audit: type=1326 audit(177.840:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.1.1516" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffb395ba1c code=0x7ffc0000 [ 177.856348][ T31] audit: type=1326 audit(177.840:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11196 comm="syz.1.1516" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffb395a0d0 code=0x7ffc0000 [ 177.858146][T11197] loop1: detected capacity change from 0 to 512 [ 178.120484][T11197] EXT4-fs (loop1): orphan cleanup on readonly fs [ 178.122155][T11197] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.1516: bad orphan inode 13 [ 178.124058][T11197] ext4_test_bit(bit=12, block=18) = 1 [ 178.124077][T11197] is_bad_inode(inode)=0 [ 178.124084][T11197] NEXT_ORPHAN(inode)=2130706432 [ 178.124088][T11197] max_ino=32 [ 178.124092][T11197] i_nlink=1 [ 178.124629][T11197] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 178.143521][T11197] EXT4-fs error (device loop1): ext4_lookup:1791: inode #2: comm syz.1.1516: deleted inode referenced: 12 [ 178.150023][T11197] EXT4-fs error (device loop1): ext4_lookup:1791: inode #2: comm syz.1.1516: deleted inode referenced: 12 [ 178.177519][T11197] EXT4-fs error (device loop1): ext4_lookup:1791: inode #2: comm syz.1.1516: deleted inode referenced: 12 [ 178.207156][T11197] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 178.218684][T11197] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 178.273760][T11197] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1516: bg 0: block 248: padding at end of block bitmap is not set [ 178.277248][T11207] netlink: 'syz.6.1518': attribute type 16 has an invalid length. [ 178.277294][T11207] netlink: 'syz.6.1518': attribute type 17 has an invalid length. [ 178.316883][T11207] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 178.492875][T11197] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.1516: Failed to acquire dquot type 1 [ 178.613958][T11210] netlink: 324 bytes leftover after parsing attributes in process `syz.5.1517'. [ 179.639677][T11231] loop0: detected capacity change from 0 to 4096 [ 179.640102][T11231] EXT4-fs: Ignoring removed mblk_io_submit option [ 179.790953][T11231] EXT4-fs (loop0): Test dummy encryption mode enabled [ 179.805484][T11231] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.610840][ T6554] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.623809][T11239] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 181.087816][ T6561] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.538052][ T31] kauditd_printk_skb: 58 callbacks suppressed [ 184.538096][ T31] audit: type=1107 audit(184.520:167): pid=11286 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 184.908817][T11299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.910031][T11299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.202564][T11301] loop1: detected capacity change from 0 to 512 [ 185.224803][T11301] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.1544: inode has both inline data and extents flags [ 185.224946][T11301] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1544: couldn't read orphan inode 15 (err -117) [ 185.225434][T11301] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.019100][T11312] syzkaller0: entered promiscuous mode [ 186.020998][T11312] syzkaller0: entered allmulticast mode [ 186.073987][ T6554] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.126317][ T31] audit: type=1326 audit(186.110:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11316 comm="syz.1.1547" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 186.126366][ T31] audit: type=1326 audit(186.110:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11316 comm="syz.1.1547" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 186.133776][ T31] audit: type=1326 audit(186.120:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11316 comm="syz.1.1547" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=26 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 186.138569][ T31] audit: type=1326 audit(186.130:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11316 comm="syz.1.1547" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 186.142151][ T31] audit: type=1326 audit(186.130:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11316 comm="syz.1.1547" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 186.286085][T11328] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 186.822545][T11330] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 186.829732][T11329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1550'. [ 186.830414][T11329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1550'. [ 186.830574][T11329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1550'. [ 186.830724][T11329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1550'. [ 187.412749][T11350] loop6: detected capacity change from 0 to 256 [ 188.219596][ T2451] ieee802154 phy1 wpan1: encryption failed: -22 [ 188.239708][T11351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.239894][T11351] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.266492][T11350] exFAT-fs (loop6): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 188.266766][T11350] exFAT-fs (loop6): failed to load alloc-bitmap [ 188.266772][T11350] exFAT-fs (loop6): failed to recognize exfat type [ 189.056028][T11360] syzkaller0: entered promiscuous mode [ 189.057314][T11360] syzkaller0: entered allmulticast mode [ 189.787584][T11376] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1565'. [ 190.337256][T11380] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 190.339010][T11387] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1566'. [ 190.339334][T11387] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1566'. [ 190.339469][T11387] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1566'. [ 190.339653][T11387] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1566'. [ 191.366124][ T31] audit: type=1326 audit(191.344:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11398 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 191.366373][ T31] audit: type=1326 audit(191.344:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11398 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=26 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 191.367857][ T31] audit: type=1326 audit(191.354:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11398 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 191.368507][ T31] audit: type=1326 audit(191.354:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11398 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 191.369167][ T31] audit: type=1326 audit(191.354:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11398 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 191.369585][ T31] audit: type=1326 audit(191.354:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11398 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 191.369788][ T31] audit: type=1326 audit(191.354:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11398 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=279 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 191.370547][ T31] audit: type=1326 audit(191.354:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11398 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffff8a55ba1c code=0x7ffc0000 [ 191.371875][ T31] audit: type=1326 audit(191.354:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11398 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff8a55a0d0 code=0x7ffc0000 [ 191.372815][ T31] audit: type=1326 audit(191.354:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11398 comm="syz.5.1571" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=215 compat=0 ip=0xffff8a55ba8c code=0x7ffc0000 [ 191.373881][T11400] loop5: detected capacity change from 0 to 512 [ 191.392850][T11400] EXT4-fs (loop5): orphan cleanup on readonly fs [ 191.394410][T11400] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.1571: bad orphan inode 13 [ 191.395874][T11400] ext4_test_bit(bit=12, block=18) = 1 [ 191.395891][T11400] is_bad_inode(inode)=0 [ 191.396374][T11400] NEXT_ORPHAN(inode)=2130706432 [ 191.396401][T11400] max_ino=32 [ 191.396418][T11400] i_nlink=1 [ 191.399328][T11400] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 191.430284][T11400] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz.5.1571: deleted inode referenced: 12 [ 191.435732][T11400] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz.5.1571: deleted inode referenced: 12 [ 191.457913][T11400] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz.5.1571: deleted inode referenced: 12 [ 191.643400][T11405] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 191.756773][T11400] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 191.835416][T11400] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 191.867667][T11416] loop6: detected capacity change from 0 to 1024 [ 191.878611][T11416] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 191.880806][T11416] EXT4-fs error (device loop6): ext4_lookup:1787: inode #15: comm syz.6.1575: inode has both inline data and extents flags [ 191.882391][T11416] EXT4-fs (loop6): Remounting filesystem read-only [ 192.131141][T10512] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.154684][T11422] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 192.156276][T11422] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 192.253172][T11425] loop4: detected capacity change from 0 to 512 [ 192.284677][T11425] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.290261][T11414] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set [ 193.358172][ T9817] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.474004][ T6560] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.774859][T11444] loop4: detected capacity change from 0 to 16 [ 193.806469][T11444] erofs (device loop4): mounted with root inode @ nid 36. [ 193.946919][T11449] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1582'. [ 193.958217][T11449] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1582'. [ 193.959453][T11449] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1582'. [ 193.960848][T11449] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1582'. [ 195.517934][T11478] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 195.661934][T11481] ip6gretap1: entered allmulticast mode [ 195.716143][T11485] binder: 11484:11485 got transaction to invalid handle, 1 [ 195.717702][T11485] binder: 11484:11485 cannot find target node [ 195.718926][T11485] binder: 11484:11485 transaction call to 0:0 failed 23/29201/-22, code 0 size 0-0 line 3232 [ 195.723950][ T1813] binder: undelivered TRANSACTION_ERROR: 29201 [ 196.429785][ T65] block nbd4: Possible stuck request 0000000024171d88: control (read@0,1024B). Runtime 120 seconds [ 196.429837][ T65] block nbd4: Possible stuck request 0000000026ef243b: control (read@1024,1024B). Runtime 120 seconds [ 196.429865][ T65] block nbd4: Possible stuck request 000000008cfc8cc4: control (read@2048,1024B). Runtime 120 seconds [ 196.429881][ T65] block nbd4: Possible stuck request 00000000f50e3908: control (read@3072,1024B). Runtime 120 seconds [ 196.459865][T11497] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1599'. [ 196.462462][T11497] tipc: Started in network mode [ 196.463433][T11497] tipc: Node identity ac14140f, cluster identity 4711 [ 196.464734][T11497] tipc: New replicast peer: 255.255.255.255 [ 196.466067][T11497] tipc: Enabled bearer , priority 10 [ 196.468443][T11497] netlink: 'syz.5.1599': attribute type 1 has an invalid length. [ 196.469899][T11497] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1599'. [ 196.557947][T11503] syzkaller0: entered promiscuous mode [ 196.557981][T11503] syzkaller0: entered allmulticast mode [ 196.677928][T11507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.681163][T11507] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.973048][T11514] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 197.022245][T11515] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 197.134159][T11519] loop5: detected capacity change from 0 to 16 [ 197.186961][T11519] erofs (device loop5): mounted with root inode @ nid 36. [ 197.497579][T11530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1608'. [ 197.497971][T11530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1608'. [ 197.498082][T11530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1608'. [ 197.498165][T11530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1608'. [ 197.705124][ T1813] tipc: Node number set to 2886997007 [ 197.850068][T11533] binder: 11526:11533 cannot find target node [ 197.850229][T11533] binder: 11526:11533 transaction call to 0:0 failed 24/29189/-22, code 0 size 0-0 line 3232 [ 198.223885][ T9] binder: undelivered TRANSACTION_ERROR: 29189 [ 198.508461][ T57] block nbd5: Possible stuck request 00000000705f32fb: control (read@0,1024B). Runtime 120 seconds [ 198.508506][ T57] block nbd5: Possible stuck request 00000000ebc554c6: control (read@1024,1024B). Runtime 120 seconds [ 198.508527][ T57] block nbd5: Possible stuck request 0000000080b4dd3c: control (read@2048,1024B). Runtime 120 seconds [ 198.508539][ T57] block nbd5: Possible stuck request 000000009213a592: control (read@3072,1024B). Runtime 120 seconds [ 198.559859][T11547] process 'syz.4.1614' launched '/dev/fd/4' with NULL argv: empty string added [ 198.568610][ T31] kauditd_printk_skb: 47 callbacks suppressed [ 198.570040][ T31] audit: type=1326 audit(198.554:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11546 comm="syz.6.1615" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 198.573248][ T31] audit: type=1326 audit(198.554:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11546 comm="syz.6.1615" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 198.576718][ T31] audit: type=1326 audit(198.554:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11546 comm="syz.6.1615" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=26 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 198.580062][ T31] audit: type=1326 audit(198.554:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11546 comm="syz.6.1615" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 198.583345][ T31] audit: type=1326 audit(198.554:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11546 comm="syz.6.1615" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 198.586657][ T31] audit: type=1326 audit(198.554:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11546 comm="syz.6.1615" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 198.587676][T11548] loop6: detected capacity change from 0 to 512 [ 198.590802][ T31] audit: type=1326 audit(198.554:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11546 comm="syz.6.1615" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 198.594359][ T31] audit: type=1326 audit(198.554:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11546 comm="syz.6.1615" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=279 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 198.598066][ T31] audit: type=1326 audit(198.554:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11546 comm="syz.6.1615" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffbb75ba1c code=0x7ffc0000 [ 198.601341][ T31] audit: type=1326 audit(198.554:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11546 comm="syz.6.1615" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffbb75a0d0 code=0x7ffc0000 [ 198.608381][T11548] EXT4-fs (loop6): orphan cleanup on readonly fs [ 198.612762][T11548] EXT4-fs error (device loop6): ext4_orphan_get:1418: comm syz.6.1615: bad orphan inode 13 [ 198.615064][T11548] ext4_test_bit(bit=12, block=18) = 1 [ 198.616321][T11548] is_bad_inode(inode)=0 [ 198.617343][T11548] NEXT_ORPHAN(inode)=2130706432 [ 198.618157][T11548] max_ino=32 [ 198.618735][T11548] i_nlink=1 [ 198.619811][T11548] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 198.633033][T11548] EXT4-fs error (device loop6): ext4_lookup:1791: inode #2: comm syz.6.1615: deleted inode referenced: 12 [ 198.636949][T11548] EXT4-fs error (device loop6): ext4_lookup:1791: inode #2: comm syz.6.1615: deleted inode referenced: 12 [ 198.661426][T11554] loop5: detected capacity change from 0 to 512 [ 198.675565][T11548] EXT4-fs error (device loop6): ext4_lookup:1791: inode #2: comm syz.6.1615: deleted inode referenced: 12 [ 198.739115][T11554] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.062637][T11563] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 199.225651][T10512] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.357521][T11571] loop1: detected capacity change from 0 to 512 [ 199.701620][T11571] EXT4-fs (loop1): orphan cleanup on readonly fs [ 199.704400][T11571] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.1619: Failed to acquire dquot type 1 [ 199.715062][T11571] EXT4-fs (loop1): 1 truncate cleaned up [ 200.151716][T11571] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 200.189335][T11574] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1621'. [ 200.223527][ T9817] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.228080][T11577] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1623'. [ 200.231459][T11577] ip6gre1: entered allmulticast mode [ 200.347326][ T6554] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.696242][T11591] loop4: detected capacity change from 0 to 16 [ 200.699569][T11591] erofs (device loop4): mounted with root inode @ nid 36. [ 200.714920][T11590] loop6: detected capacity change from 0 to 512 [ 201.239518][T11602] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 201.606469][T11610] loop5: detected capacity change from 0 to 256 [ 201.608750][T11610] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 201.785589][T11619] tipc: Enabling of bearer rejected, failed to enable media [ 203.133781][T11719] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 203.610009][ T31] kauditd_printk_skb: 56 callbacks suppressed [ 203.611405][ T31] audit: type=1326 audit(203.594:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11725 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 203.617963][ T31] audit: type=1326 audit(203.604:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11725 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 203.622609][ T31] audit: type=1326 audit(203.604:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11725 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=110 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 203.627321][ T31] audit: type=1326 audit(203.614:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11725 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 203.631291][ T31] audit: type=1326 audit(203.614:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11725 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 203.649874][T11728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 203.652937][T11728] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 203.665605][T11730] loop6: detected capacity change from 0 to 256 [ 203.677791][T11730] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 203.677818][T11730] exFAT-fs (loop6): Medium has reported failures. Some data may be lost. [ 203.705739][T11730] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 203.705961][T11730] exFAT-fs (loop6): failed to load alloc-bitmap [ 203.705967][T11730] exFAT-fs (loop6): failed to recognize exfat type [ 203.919188][T11736] loop6: detected capacity change from 0 to 128 [ 203.919846][T11736] ext4: Unknown parameter 'seclabel' [ 204.590915][ T31] audit: type=1326 audit(204.574:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11737 comm="syz.1.1649" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 204.591050][ T31] audit: type=1326 audit(204.574:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11737 comm="syz.1.1649" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 204.591133][ T31] audit: type=1326 audit(204.574:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11737 comm="syz.1.1649" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=275 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 204.591196][ T31] audit: type=1326 audit(204.574:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11737 comm="syz.1.1649" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 204.591270][ T31] audit: type=1326 audit(204.574:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11737 comm="syz.1.1649" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 204.848809][T11748] syzkaller0: entered promiscuous mode [ 204.850051][T11748] syzkaller0: entered allmulticast mode [ 205.007288][T11750] loop6: detected capacity change from 0 to 8192 [ 205.921940][ T65] block nbd8: Possible stuck request 00000000d5efd87c: control (read@0,1024B). Runtime 120 seconds [ 205.921977][ T65] block nbd8: Possible stuck request 0000000003ce7d3d: control (read@1024,1024B). Runtime 120 seconds [ 205.921999][ T65] block nbd8: Possible stuck request 00000000bad9978e: control (read@2048,1024B). Runtime 120 seconds [ 205.922008][ T65] block nbd8: Possible stuck request 00000000b9bff10b: control (read@3072,1024B). Runtime 120 seconds [ 205.922023][T10464] block nbd9: Possible stuck request 00000000eb2c260a: control (read@0,1024B). Runtime 120 seconds [ 205.922034][T10464] block nbd9: Possible stuck request 00000000c8c4460c: control (read@1024,1024B). Runtime 120 seconds [ 205.922041][T10464] block nbd9: Possible stuck request 00000000a3133b83: control (read@2048,1024B). Runtime 120 seconds [ 205.922048][T10464] block nbd9: Possible stuck request 0000000023900c11: control (read@3072,1024B). Runtime 120 seconds [ 206.557714][T10464] block nbd10: Possible stuck request 0000000035090127: control (read@0,1024B). Runtime 120 seconds [ 206.557884][T10464] block nbd10: Possible stuck request 00000000ac3e392d: control (read@1024,1024B). Runtime 120 seconds [ 206.557926][T10464] block nbd10: Possible stuck request 0000000006b640e8: control (read@2048,1024B). Runtime 120 seconds [ 206.557944][T10464] block nbd10: Possible stuck request 0000000053a0fdae: control (read@3072,1024B). Runtime 120 seconds [ 206.879948][T11775] loop6: detected capacity change from 0 to 16 [ 206.896045][T11775] erofs (device loop6): mounted with root inode @ nid 36. [ 207.421817][T11768] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 207.483861][T11785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.488338][T11785] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.519899][T11789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.520092][T11789] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.614435][T11790] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 207.879853][T11797] loop0: detected capacity change from 0 to 512 [ 207.882796][T11797] EXT4-fs (loop0): blocks per group (34) and clusters per group (32768) inconsistent [ 208.017122][T11800] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 208.942466][T11815] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1672'. [ 209.027340][T11823] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 209.845605][T11838] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 210.264774][ T31] kauditd_printk_skb: 5 callbacks suppressed [ 210.265061][ T31] audit: type=1326 audit(210.244:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11846 comm="syz.5.1678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 210.265527][ T31] audit: type=1326 audit(210.244:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11846 comm="syz.5.1678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=26 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 210.265546][ T31] audit: type=1326 audit(210.244:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11846 comm="syz.5.1678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 210.265682][ T31] audit: type=1326 audit(210.244:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11846 comm="syz.5.1678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 210.265831][ T31] audit: type=1326 audit(210.244:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11846 comm="syz.5.1678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 210.266001][ T31] audit: type=1326 audit(210.244:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11846 comm="syz.5.1678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=279 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 210.266097][ T31] audit: type=1326 audit(210.244:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11846 comm="syz.5.1678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffff8a55ba1c code=0x7ffc0000 [ 210.268071][ T31] audit: type=1326 audit(210.254:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11846 comm="syz.5.1678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff8a55a0d0 code=0x7ffc0000 [ 210.269435][T11847] loop5: detected capacity change from 0 to 512 [ 210.269622][ T31] audit: type=1326 audit(210.254:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11846 comm="syz.5.1678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=215 compat=0 ip=0xffff8a55ba8c code=0x7ffc0000 [ 210.269642][ T31] audit: type=1326 audit(210.254:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11846 comm="syz.5.1678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff8a559dd4 code=0x7ffc0000 [ 210.278727][T11849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.279204][T11849] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.298575][T11847] EXT4-fs (loop5): orphan cleanup on readonly fs [ 210.298859][T11847] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.1678: bad orphan inode 13 [ 210.299001][T11847] ext4_test_bit(bit=12, block=18) = 1 [ 210.299007][T11847] is_bad_inode(inode)=0 [ 210.299010][T11847] NEXT_ORPHAN(inode)=2130706432 [ 210.299014][T11847] max_ino=32 [ 210.299018][T11847] i_nlink=1 [ 210.299591][T11847] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 210.310561][T11847] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz.5.1678: deleted inode referenced: 12 [ 210.311119][T11847] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz.5.1678: deleted inode referenced: 12 [ 210.316750][T11847] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz.5.1678: deleted inode referenced: 12 [ 210.347182][T11847] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 210.358540][T11847] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 210.359969][T11847] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1678: bg 0: block 248: padding at end of block bitmap is not set [ 210.360169][T11847] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.1678: Failed to acquire dquot type 1 [ 210.508210][T11854] binder: BINDER_SET_CONTEXT_MGR already set [ 210.510238][T11854] binder: 11853:11854 ioctl 4018620d 200001c0 returned -16 [ 211.013356][T11863] loop6: detected capacity change from 0 to 128 [ 211.013703][T11863] EXT4-fs: Ignoring removed nobh option [ 211.018372][T11865] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 211.020874][T11863] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 211.038121][T10512] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 211.111795][ T9817] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.400092][T11875] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 211.897528][T11883] loop1: detected capacity change from 0 to 16 [ 211.972364][T11883] erofs (device loop1): mounted with root inode @ nid 36. [ 212.044312][T11886] tracefs: Unknown parameter 'ÌY8ÌëWÀÉÍe±*ÒÈfžâªV9]©cšMD÷NÄ·¬²ÿ®ùRÑ ËÉá¼Ëå!¶!³PóIÔ¤¬qØô' [ 212.231880][T11895] overlayfs: overlapping lowerdir path [ 212.291654][T11896] overlayfs: missing 'lowerdir' [ 212.538070][T11902] loop4: detected capacity change from 0 to 512 [ 212.559264][T11902] EXT4-fs (loop4): orphan cleanup on readonly fs [ 212.561133][T11902] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.1693: bad orphan inode 13 [ 212.563720][T11902] ext4_test_bit(bit=12, block=18) = 1 [ 212.564753][T11902] is_bad_inode(inode)=0 [ 212.565498][T11902] NEXT_ORPHAN(inode)=2130706432 [ 212.566510][T11902] max_ino=32 [ 212.567868][T11902] i_nlink=1 [ 212.569111][T11902] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 212.575627][T11902] EXT4-fs error (device loop4): ext4_lookup:1791: inode #2: comm syz.4.1693: deleted inode referenced: 12 [ 212.579387][T11902] EXT4-fs error (device loop4): ext4_lookup:1791: inode #2: comm syz.4.1693: deleted inode referenced: 12 [ 212.607307][T11902] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 212.629840][T11902] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 212.631649][T11902] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1693: bg 0: block 248: padding at end of block bitmap is not set [ 212.634677][T11902] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.1693: Failed to acquire dquot type 1 [ 212.665162][ T6560] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.648871][T11916] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1696'. [ 213.924613][T11920] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 214.014576][T11926] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 214.298287][T11935] loop5: detected capacity change from 0 to 512 [ 214.303278][T11935] ext3: Unknown parameter 'rootcontext' [ 215.292893][T11945] overlayfs: overlapping lowerdir path [ 215.294121][T11945] overlayfs: missing 'lowerdir' [ 216.738919][ T31] kauditd_printk_skb: 119 callbacks suppressed [ 216.738955][ T31] audit: type=1326 audit(216.724:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11949 comm="syz.6.1707" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 216.738981][ T31] audit: type=1326 audit(216.724:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11949 comm="syz.6.1707" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 216.739000][ T31] audit: type=1326 audit(216.724:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11949 comm="syz.6.1707" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=275 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 216.739017][ T31] audit: type=1326 audit(216.724:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11949 comm="syz.6.1707" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 216.739036][ T31] audit: type=1326 audit(216.724:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11949 comm="syz.6.1707" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbb75b9e8 code=0x7ffc0000 [ 217.104219][T11968] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 217.546772][T11975] netlink: 'syz.0.1713': attribute type 12 has an invalid length. [ 217.550543][T11975] loop0: detected capacity change from 0 to 512 [ 217.566433][T11975] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 217.929130][T11986] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 218.035689][T11972] loop4: detected capacity change from 0 to 40427 [ 218.055665][T11972] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 218.059495][T11972] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 218.133317][T11972] bio_check_eod: 104 callbacks suppressed [ 218.133609][T11972] syz.4.1712: attempt to access beyond end of device [ 218.133609][T11972] loop4: rw=2049, sector=45096, nr_sectors = 2064 limit=40427 [ 218.142570][T11972] syz.4.1712: attempt to access beyond end of device [ 218.142570][T11972] loop4: rw=2049, sector=47160, nr_sectors = 2048 limit=40427 [ 218.149490][T11972] syz.4.1712: attempt to access beyond end of device [ 218.149490][T11972] loop4: rw=2049, sector=49208, nr_sectors = 2520 limit=40427 [ 218.154310][T11972] syz.4.1712: attempt to access beyond end of device [ 218.154310][T11972] loop4: rw=2049, sector=51728, nr_sectors = 1520 limit=40427 [ 218.155779][T11972] syz.4.1712: attempt to access beyond end of device [ 218.155779][T11972] loop4: rw=2049, sector=45056, nr_sectors = 8 limit=40427 [ 218.166072][T11972] syz.4.1712: attempt to access beyond end of device [ 218.166072][T11972] loop4: rw=2049, sector=57344, nr_sectors = 3664 limit=40427 [ 218.188120][T11972] syz.4.1712: attempt to access beyond end of device [ 218.188120][T11972] loop4: rw=524288, sector=45096, nr_sectors = 256 limit=40427 [ 218.188196][T11972] syz.4.1712: attempt to access beyond end of device [ 218.188196][T11972] loop4: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 218.188886][T11972] syz.4.1712: attempt to access beyond end of device [ 218.188886][T11972] loop4: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 218.188930][T11972] syz.4.1712: attempt to access beyond end of device [ 218.188930][T11972] loop4: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 218.283605][ T6561] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.426209][ T6560] CPU: 0 UID: 0 PID: 6560 Comm: syz-executor Not tainted syzkaller #0 PREEMPT [ 218.426233][ T6560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 218.426240][ T6560] Call trace: [ 218.426243][ T6560] show_stack+0x2c/0x3c (C) [ 218.426260][ T6560] __dump_stack+0x30/0x40 [ 218.426270][ T6560] dump_stack_lvl+0xd8/0x12c [ 218.426276][ T6560] dump_stack+0x1c/0x28 [ 218.426281][ T6560] f2fs_handle_critical_error+0x34c/0x4b8 [ 218.426289][ T6560] f2fs_stop_checkpoint+0x5c/0x70 [ 218.426295][ T6560] f2fs_write_end_io+0x768/0xa70 [ 218.426301][ T6560] bio_endio+0x858/0x894 [ 218.426306][ T6560] submit_bio_noacct+0xd64/0x186c [ 218.426313][ T6560] submit_bio+0x3b4/0x550 [ 218.426319][ T6560] f2fs_submit_write_bio+0x13c/0x324 [ 218.426325][ T6560] __submit_merged_bio+0x254/0x704 [ 218.426331][ T6560] __submit_merged_write_cond+0x23c/0x4ac [ 218.426336][ T6560] f2fs_write_data_pages+0x1d28/0x2634 [ 218.426343][ T6560] do_writepages+0x270/0x468 [ 218.426351][ T6560] filemap_fdatawrite+0x14c/0x1f4 [ 218.426355][ T6560] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 218.426361][ T6560] f2fs_write_checkpoint+0x70c/0x1c30 [ 218.426366][ T6560] kill_f2fs_super+0x228/0x594 [ 218.426372][ T6560] deactivate_locked_super+0xc4/0x12c [ 218.426379][ T6560] deactivate_super+0xe0/0x100 [ 218.426384][ T6560] cleanup_mnt+0x31c/0x3ac [ 218.426391][ T6560] __cleanup_mnt+0x20/0x30 [ 218.426397][ T6560] task_work_run+0x1dc/0x260 [ 218.426403][ T6560] exit_to_user_mode_loop+0xfc/0x178 [ 218.426410][ T6560] el0_svc+0x170/0x254 [ 218.426417][ T6560] el0t_64_sync_handler+0x84/0x12c [ 218.426423][ T6560] el0t_64_sync+0x198/0x19c [ 218.431472][ T6560] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 218.517528][T11998] loop0: detected capacity change from 0 to 256 [ 218.518522][T11998] vfat: Bad value for 'check' [ 219.775151][T12014] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 220.341918][ T31] audit: type=1326 audit(220.324:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12022 comm="syz.0.1724" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 220.341957][ T31] audit: type=1326 audit(220.324:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12022 comm="syz.0.1724" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 220.341987][ T31] audit: type=1326 audit(220.324:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12022 comm="syz.0.1724" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=275 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 220.342006][ T31] audit: type=1326 audit(220.324:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12022 comm="syz.0.1724" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 220.349883][ T31] audit: type=1326 audit(220.324:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12022 comm="syz.0.1724" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 221.772291][T12057] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 223.129935][ T31] audit: type=1326 audit(223.114:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.4.1740" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 223.129971][ T31] audit: type=1326 audit(223.114:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.4.1740" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 223.130003][ T31] audit: type=1326 audit(223.114:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.4.1740" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=275 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 223.130023][ T31] audit: type=1326 audit(223.114:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.4.1740" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 223.130040][ T31] audit: type=1326 audit(223.114:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12076 comm="syz.4.1740" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 223.180696][T12086] loop6: detected capacity change from 0 to 128 [ 223.450727][T12086] bio_check_eod: 1363 callbacks suppressed [ 223.451834][T12086] syz.6.1742: attempt to access beyond end of device [ 223.451834][T12086] loop6: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 223.454561][T12086] Buffer I/O error on dev loop6, logical block 128, lost async page write [ 223.458921][T12087] syz.6.1742: attempt to access beyond end of device [ 223.458921][T12087] loop6: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 223.461106][T12087] Buffer I/O error on dev loop6, logical block 128, lost async page write [ 223.528222][ T31] audit: type=1326 audit(223.514:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12095 comm="syz.5.1746" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 223.531987][ T31] audit: type=1326 audit(223.514:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12095 comm="syz.5.1746" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=26 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 223.535620][ T31] audit: type=1326 audit(223.514:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12095 comm="syz.5.1746" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 223.540332][ T31] audit: type=1326 audit(223.524:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12095 comm="syz.5.1746" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 223.544108][ T31] audit: type=1326 audit(223.524:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12095 comm="syz.5.1746" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 223.551948][T12096] loop5: detected capacity change from 0 to 512 [ 223.563480][T12096] EXT4-fs (loop5): orphan cleanup on readonly fs [ 223.567412][T12096] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.1746: bad orphan inode 13 [ 223.568809][T12096] ext4_test_bit(bit=12, block=18) = 1 [ 223.568828][T12096] is_bad_inode(inode)=0 [ 223.568837][T12096] NEXT_ORPHAN(inode)=2130706432 [ 223.568842][T12096] max_ino=32 [ 223.568846][T12096] i_nlink=1 [ 223.570652][T12096] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 223.592804][T12096] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz.5.1746: deleted inode referenced: 12 [ 223.604409][T12096] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz.5.1746: deleted inode referenced: 12 [ 223.604414][T12102] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 223.611489][T12096] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz.5.1746: deleted inode referenced: 12 [ 223.639472][T12096] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 223.687781][T12096] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 223.688916][T12107] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1746: bg 0: block 248: padding at end of block bitmap is not set [ 223.689434][T12107] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.1746: Failed to acquire dquot type 1 [ 224.112291][T12118] loop1: detected capacity change from 0 to 512 [ 224.113830][T12118] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 224.128213][T12118] EXT4-fs (loop1): orphan cleanup on readonly fs [ 224.376239][T12118] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1752: bg 0: block 248: padding at end of block bitmap is not set [ 224.379144][T12118] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.1752: Failed to acquire dquot type 1 [ 224.381794][T12118] EXT4-fs (loop1): 1 truncate cleaned up [ 224.385481][T12118] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 224.500963][T12126] loop0: detected capacity change from 0 to 512 [ 224.523868][T12126] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.1754: inode has both inline data and extents flags [ 224.527819][T12126] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1754: couldn't read orphan inode 15 (err -117) [ 224.531637][T12126] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.589399][ T9817] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.224246][ T6554] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.292171][T12145] loop6: detected capacity change from 0 to 1024 [ 225.319069][T12145] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 225.643045][T12152] loop1: detected capacity change from 0 to 128 [ 225.680326][ T6561] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.709268][T12146] syz.1.1758: attempt to access beyond end of device [ 225.709268][T12146] loop1: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 225.711796][T12146] syz.1.1758: attempt to access beyond end of device [ 225.711796][T12146] loop1: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 225.714382][T12146] syz.1.1758: attempt to access beyond end of device [ 225.714382][T12146] loop1: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 225.717466][T12146] syz.1.1758: attempt to access beyond end of device [ 225.717466][T12146] loop1: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 225.719941][T12146] syz.1.1758: attempt to access beyond end of device [ 225.719941][T12146] loop1: rw=2049, sector=217, nr_sectors = 8 limit=128 [ 225.722548][T12146] syz.1.1758: attempt to access beyond end of device [ 225.722548][T12146] loop1: rw=2049, sector=233, nr_sectors = 8 limit=128 [ 225.725052][T12146] syz.1.1758: attempt to access beyond end of device [ 225.725052][T12146] loop1: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 225.728249][T12146] syz.1.1758: attempt to access beyond end of device [ 225.728249][T12146] loop1: rw=2049, sector=265, nr_sectors = 8 limit=128 [ 225.810078][T10512] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.869903][T12163] tipc: Enabling of bearer rejected, failed to enable media [ 227.128616][T12167] loop5: detected capacity change from 0 to 512 [ 227.129037][T12167] EXT4-fs: Ignoring removed oldalloc option [ 227.821704][T12167] EXT4-fs (loop5): 1 truncate cleaned up [ 227.825020][T12167] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.916994][T10464] block nbd4: Possible stuck request 0000000024171d88: control (read@0,1024B). Runtime 150 seconds [ 227.917044][T10464] block nbd4: Possible stuck request 0000000026ef243b: control (read@1024,1024B). Runtime 150 seconds [ 227.917062][T10464] block nbd4: Possible stuck request 000000008cfc8cc4: control (read@2048,1024B). Runtime 150 seconds [ 227.917080][T10464] block nbd4: Possible stuck request 00000000f50e3908: control (read@3072,1024B). Runtime 150 seconds [ 227.989036][T12166] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.989208][T12166] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.749253][T12166] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 228.762974][T12166] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 228.857380][T12198] loop0: detected capacity change from 0 to 16 [ 228.917680][T12198] erofs (device loop0): mounted with root inode @ nid 36. [ 228.932448][T12198] x_tables: duplicate underflow at hook 1 [ 229.066707][ T57] block nbd5: Possible stuck request 00000000705f32fb: control (read@0,1024B). Runtime 150 seconds [ 229.066753][ T57] block nbd5: Possible stuck request 00000000ebc554c6: control (read@1024,1024B). Runtime 150 seconds [ 229.066766][ T57] block nbd5: Possible stuck request 0000000080b4dd3c: control (read@2048,1024B). Runtime 150 seconds [ 229.066774][ T57] block nbd5: Possible stuck request 000000009213a592: control (read@3072,1024B). Runtime 150 seconds [ 229.499428][ T4157] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.499486][ T4157] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.499514][ T4157] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.499532][ T4157] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.508147][T12202] tipc: Started in network mode [ 229.508205][T12202] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711 [ 229.508243][T12202] tipc: Enabling of bearer rejected, failed to enable media [ 229.525848][ T9817] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.572834][ T31] kauditd_printk_skb: 117 callbacks suppressed [ 229.573955][ T31] audit: type=1326 audit(229.554:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12213 comm="syz.0.1781" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 229.577852][ T31] audit: type=1326 audit(229.564:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12213 comm="syz.0.1781" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=26 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 229.583861][ T31] audit: type=1326 audit(229.564:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12213 comm="syz.0.1781" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 229.589885][ T31] audit: type=1326 audit(229.574:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12213 comm="syz.0.1781" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 229.596139][ T31] audit: type=1326 audit(229.574:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12213 comm="syz.0.1781" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 229.600989][ T31] audit: type=1326 audit(229.574:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12213 comm="syz.0.1781" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 229.604618][ T31] audit: type=1326 audit(229.574:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12213 comm="syz.0.1781" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 229.612606][ T31] audit: type=1326 audit(229.594:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12213 comm="syz.0.1781" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=279 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 229.615499][ T31] audit: type=1326 audit(229.594:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12213 comm="syz.0.1781" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffff9935ba1c code=0x7ffc0000 [ 229.618104][ T31] audit: type=1326 audit(229.604:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12213 comm="syz.0.1781" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff9935a0d0 code=0x7ffc0000 [ 229.629345][T12214] loop0: detected capacity change from 0 to 512 [ 229.651625][T12214] EXT4-fs (loop0): orphan cleanup on readonly fs [ 229.654502][T12214] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.1781: bad orphan inode 13 [ 229.659538][T12214] ext4_test_bit(bit=12, block=18) = 1 [ 229.660424][T12214] is_bad_inode(inode)=0 [ 229.661248][T12214] NEXT_ORPHAN(inode)=2130706432 [ 229.662103][T12214] max_ino=32 [ 229.662755][T12214] i_nlink=1 [ 229.683176][T12214] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 229.724159][T12214] EXT4-fs error (device loop0): ext4_lookup:1791: inode #2: comm syz.0.1781: deleted inode referenced: 12 [ 229.727802][T12214] EXT4-fs error (device loop0): ext4_lookup:1791: inode #2: comm syz.0.1781: deleted inode referenced: 12 [ 229.731229][T12214] EXT4-fs error (device loop0): ext4_lookup:1791: inode #2: comm syz.0.1781: deleted inode referenced: 12 [ 230.084010][T12214] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 230.452002][T12214] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 230.455511][T12228] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1781: bg 0: block 248: padding at end of block bitmap is not set [ 230.455830][T12228] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.1781: Failed to acquire dquot type 1 [ 230.847521][T12241] loop4: detected capacity change from 0 to 256 [ 230.890537][T12241] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x64c916ba, utbl_chksum : 0xe619d30d) [ 230.952589][T12243] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1788'. [ 231.482692][T12267] loop1: detected capacity change from 0 to 16 [ 231.705464][T12267] erofs (device loop1): mounted with root inode @ nid 36. [ 231.987588][ T6561] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.584651][T12278] tipc: Enabled bearer , priority 10 [ 232.982208][T12280] loop6: detected capacity change from 0 to 40427 [ 233.017931][T12280] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 233.022684][T12280] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 233.028879][T12294] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1803'. [ 233.115694][T12280] bio_check_eod: 1879 callbacks suppressed [ 233.118843][T12280] syz.6.1800: attempt to access beyond end of device [ 233.118843][T12280] loop6: rw=2049, sector=45096, nr_sectors = 2112 limit=40427 [ 233.129268][T12280] syz.6.1800: attempt to access beyond end of device [ 233.129268][T12280] loop6: rw=2049, sector=47208, nr_sectors = 2048 limit=40427 [ 233.169815][T12280] syz.6.1800: attempt to access beyond end of device [ 233.169815][T12280] loop6: rw=2049, sector=49256, nr_sectors = 2048 limit=40427 [ 233.202147][T12299] syz.6.1800: attempt to access beyond end of device [ 233.202147][T12299] loop6: rw=524288, sector=45096, nr_sectors = 256 limit=40427 [ 233.204817][T12299] syz.6.1800: attempt to access beyond end of device [ 233.204817][T12299] loop6: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 233.207354][T12299] syz.6.1800: attempt to access beyond end of device [ 233.207354][T12299] loop6: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 233.209081][T12280] syz.6.1800: attempt to access beyond end of device [ 233.209081][T12280] loop6: rw=2049, sector=51304, nr_sectors = 1944 limit=40427 [ 233.211771][T12299] syz.6.1800: attempt to access beyond end of device [ 233.211771][T12299] loop6: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 233.214260][T12299] syz.6.1800: attempt to access beyond end of device [ 233.214260][T12299] loop6: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 233.216425][T12280] syz.6.1800: attempt to access beyond end of device [ 233.216425][T12280] loop6: rw=2049, sector=45056, nr_sectors = 8 limit=40427 [ 233.829503][T12311] netlink: 'syz.4.1807': attribute type 4 has an invalid length. [ 234.139763][T10512] CPU: 0 UID: 0 PID: 10512 Comm: syz-executor Not tainted syzkaller #0 PREEMPT [ 234.139785][T10512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 234.139790][T10512] Call trace: [ 234.139794][T10512] show_stack+0x2c/0x3c (C) [ 234.139811][T10512] __dump_stack+0x30/0x40 [ 234.139819][T10512] dump_stack_lvl+0xd8/0x12c [ 234.139827][T10512] dump_stack+0x1c/0x28 [ 234.139833][T10512] f2fs_handle_critical_error+0x34c/0x4b8 [ 234.139842][T10512] f2fs_stop_checkpoint+0x5c/0x70 [ 234.139847][T10512] f2fs_write_end_io+0x768/0xa70 [ 234.139854][T10512] bio_endio+0x858/0x894 [ 234.139859][T10512] submit_bio_noacct+0xd64/0x186c [ 234.139866][T10512] submit_bio+0x3b4/0x550 [ 234.139871][T10512] f2fs_submit_write_bio+0x13c/0x324 [ 234.139877][T10512] __submit_merged_bio+0x254/0x704 [ 234.139883][T10512] __submit_merged_write_cond+0x23c/0x4ac [ 234.139889][T10512] f2fs_write_data_pages+0x1d28/0x2634 [ 234.139896][T10512] do_writepages+0x270/0x468 [ 234.139903][T10512] filemap_fdatawrite+0x14c/0x1f4 [ 234.139908][T10512] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 234.139913][T10512] f2fs_write_checkpoint+0x70c/0x1c30 [ 234.139918][T10512] kill_f2fs_super+0x228/0x594 [ 234.139925][T10512] deactivate_locked_super+0xc4/0x12c [ 234.139931][T10512] deactivate_super+0xe0/0x100 [ 234.139937][T10512] cleanup_mnt+0x31c/0x3ac [ 234.139943][T10512] __cleanup_mnt+0x20/0x30 [ 234.139949][T10512] task_work_run+0x1dc/0x260 [ 234.139956][T10512] exit_to_user_mode_loop+0xfc/0x178 [ 234.139962][T10512] el0_svc+0x170/0x254 [ 234.139970][T10512] el0t_64_sync_handler+0x84/0x12c [ 234.139976][T10512] el0t_64_sync+0x198/0x19c [ 234.146150][T10512] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 234.156472][T12317] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 234.554864][T12333] loop6: detected capacity change from 0 to 2048 [ 234.575697][T12333] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 234.600663][T10512] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.610274][ T31] kauditd_printk_skb: 54 callbacks suppressed [ 234.610873][ T31] audit: type=1326 audit(234.594:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12339 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 234.611620][ T31] audit: type=1326 audit(234.594:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12339 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=220 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 234.616064][ T31] audit: type=1326 audit(234.594:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12339 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 234.616339][ T31] audit: type=1326 audit(234.594:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12341 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=115 compat=0 ip=0xffff8a586108 code=0x7ffc0000 [ 234.618013][ T31] audit: type=1326 audit(234.594:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12339 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 234.620236][ T31] audit: type=1326 audit(234.604:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12339 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=117 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 234.620459][T12340] ptrace attach of "./syz-executor exec"[12341] was attempted by "./syz-executor exec"[12340] [ 234.620534][ T31] audit: type=1326 audit(234.604:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12339 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 234.620850][ T31] audit: type=1326 audit(234.604:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12339 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=260 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 234.620926][ T31] audit: type=1326 audit(234.604:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12339 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 234.977461][ T31] audit: type=1326 audit(234.804:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12341 comm="syz.5.1820" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=93 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 235.556286][T12357] loop6: detected capacity change from 0 to 512 [ 235.591591][T12361] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 235.700726][T12370] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 235.845475][T12357] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.935783][T12378] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1832'. [ 236.035719][T10464] block nbd8: Possible stuck request 00000000d5efd87c: control (read@0,1024B). Runtime 150 seconds [ 236.035787][T10464] block nbd8: Possible stuck request 0000000003ce7d3d: control (read@1024,1024B). Runtime 150 seconds [ 236.035830][T10464] block nbd8: Possible stuck request 00000000bad9978e: control (read@2048,1024B). Runtime 150 seconds [ 236.035948][T10464] block nbd8: Possible stuck request 00000000b9bff10b: control (read@3072,1024B). Runtime 150 seconds [ 236.052749][ T65] block nbd9: Possible stuck request 00000000eb2c260a: control (read@0,1024B). Runtime 150 seconds [ 236.052819][ T65] block nbd9: Possible stuck request 00000000c8c4460c: control (read@1024,1024B). Runtime 150 seconds [ 236.052853][ T65] block nbd9: Possible stuck request 00000000a3133b83: control (read@2048,1024B). Runtime 150 seconds [ 236.052885][ T65] block nbd9: Possible stuck request 0000000023900c11: control (read@3072,1024B). Runtime 150 seconds [ 237.208004][ T65] block nbd10: Possible stuck request 0000000035090127: control (read@0,1024B). Runtime 150 seconds [ 237.208056][ T65] block nbd10: Possible stuck request 00000000ac3e392d: control (read@1024,1024B). Runtime 150 seconds [ 237.208084][ T65] block nbd10: Possible stuck request 0000000006b640e8: control (read@2048,1024B). Runtime 150 seconds [ 237.208101][ T65] block nbd10: Possible stuck request 0000000053a0fdae: control (read@3072,1024B). Runtime 150 seconds [ 237.470851][T10512] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.489233][T12406] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 237.491498][T12406] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 237.591546][T12412] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1844'. [ 237.739552][T12421] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1845'. [ 237.743355][T12421] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1845'. [ 237.850278][T12424] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 238.572480][ T6629] kernel read not supported for file /vcs (pid: 6629 comm: kworker/0:5) [ 238.574124][T12436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 238.574331][T12436] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 238.992010][T12444] loop1: detected capacity change from 0 to 512 [ 239.011373][T12428] loop5: detected capacity change from 0 to 131072 [ 239.020673][T12428] F2FS-fs (loop5): Test dummy encryption mode enabled [ 239.023491][T12428] F2FS-fs (loop5): invalid crc value [ 239.095203][T12428] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 239.099280][T12444] EXT4-fs (loop1): orphan cleanup on readonly fs [ 239.101950][T12444] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.1854: bad orphan inode 13 [ 239.104232][T12444] ext4_test_bit(bit=12, block=18) = 1 [ 239.105489][T12444] is_bad_inode(inode)=0 [ 239.106721][T12444] NEXT_ORPHAN(inode)=2130706432 [ 239.107922][T12444] max_ino=32 [ 239.108844][T12444] i_nlink=1 [ 239.110452][T12444] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 239.115916][T12428] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 239.137992][T12428] fscrypt: AES-256-XTS using implementation "xts-aes-ce" [ 239.146798][T12444] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 239.148698][T12428] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-ce" [ 239.159390][T12444] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 239.160079][T12428] overlay: ./file0 is not a directory [ 239.163401][T12444] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1854: bg 0: block 248: padding at end of block bitmap is not set [ 239.167449][T12444] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.1854: Failed to acquire dquot type 1 [ 239.194789][ T6554] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.250373][T12455] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 240.021404][T12475] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 240.656719][ T6558] Bluetooth: hci3: command 0x0406 tx timeout [ 240.746710][ T31] kauditd_printk_skb: 42 callbacks suppressed [ 240.746752][ T31] audit: type=1326 audit(240.694:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12482 comm="syz.0.1864" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 240.746887][ T31] audit: type=1326 audit(240.694:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12482 comm="syz.0.1864" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 240.746964][ T31] audit: type=1326 audit(240.694:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12482 comm="syz.0.1864" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=275 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 240.747029][ T31] audit: type=1326 audit(240.694:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12482 comm="syz.0.1864" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 240.747092][ T31] audit: type=1326 audit(240.694:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12482 comm="syz.0.1864" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9935b9e8 code=0x7ffc0000 [ 240.851073][ T31] audit: type=1326 audit(240.834:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12488 comm="syz.5.1867" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 240.854882][ T31] audit: type=1326 audit(240.834:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12488 comm="syz.5.1867" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 240.858782][ T31] audit: type=1326 audit(240.844:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12488 comm="syz.5.1867" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=26 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 240.859773][T12489] binder: 12487:12489 tried to acquire reference to desc 0, got 1 instead [ 240.859975][T12489] binder: 12487:12489 got transaction with invalid data ptr [ 240.859998][T12489] binder: 12487:12489 transaction call to 12487:0 failed 30/29201/-14, code 0 size 12288-0 line 3723 [ 240.866457][ T31] audit: type=1326 audit(240.844:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12488 comm="syz.5.1867" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 240.866509][ T31] audit: type=1326 audit(240.844:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12488 comm="syz.5.1867" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 240.867425][ T6559] binder: undelivered TRANSACTION_ERROR: 29201 [ 240.872117][T12490] loop5: detected capacity change from 0 to 512 [ 240.916192][T12490] EXT4-fs (loop5): orphan cleanup on readonly fs [ 240.922504][T12490] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.1867: bad orphan inode 13 [ 240.924616][T12490] ext4_test_bit(bit=12, block=18) = 1 [ 240.924671][T12490] is_bad_inode(inode)=0 [ 240.924685][T12490] NEXT_ORPHAN(inode)=2130706432 [ 240.924699][T12490] max_ino=32 [ 240.924710][T12490] i_nlink=1 [ 240.925226][T12490] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 240.958070][ T9817] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.120122][T12502] loop6: detected capacity change from 0 to 16 [ 241.151564][T12502] erofs (device loop6): mounted with root inode @ nid 36. [ 242.038405][T12506] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 242.632316][T12512] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1874'. [ 242.633904][T12512] netlink: 'syz.6.1874': attribute type 1 has an invalid length. [ 242.633933][T12512] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1874'. [ 242.808227][T12530] loop6: detected capacity change from 0 to 16 [ 242.813906][T12530] erofs (device loop6): mounted with root inode @ nid 36. [ 243.135905][T12532] loop0: detected capacity change from 0 to 512 [ 243.160713][T12532] EXT4-fs (loop0): orphan cleanup on readonly fs [ 243.163730][T12532] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.1880: bad orphan inode 13 [ 243.166483][T12532] ext4_test_bit(bit=12, block=18) = 1 [ 243.167729][T12532] is_bad_inode(inode)=0 [ 243.168349][T12532] NEXT_ORPHAN(inode)=2130706432 [ 243.168363][T12532] max_ino=32 [ 243.168371][T12532] i_nlink=1 [ 243.170218][T12532] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 243.252211][T12538] loop5: detected capacity change from 0 to 16 [ 243.260099][ T6561] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.352435][T12538] erofs (device loop5): mounted with root inode @ nid 36. [ 243.420047][T12544] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 243.444645][T12549] netlink: 'syz.5.1886': attribute type 1 has an invalid length. [ 243.456230][T12549] 8021q: adding VLAN 0 to HW filter on device bond1 [ 243.465675][T12549] bond1: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 243.473825][T12549] bond1: entered allmulticast mode [ 243.515209][T12555] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1887'. [ 243.518841][T12555] netlink: 'syz.5.1887': attribute type 1 has an invalid length. [ 243.520327][T12555] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1887'. [ 243.754590][T12564] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 243.765646][T12564] overlayfs: missing 'lowerdir' [ 244.310928][T12572] loop0: detected capacity change from 0 to 512 [ 244.317677][T12572] EXT4-fs (loop0): orphan cleanup on readonly fs [ 244.320469][T12572] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.1892: bad orphan inode 13 [ 244.323050][T12572] ext4_test_bit(bit=12, block=18) = 1 [ 244.324120][T12572] is_bad_inode(inode)=0 [ 244.324157][T12572] NEXT_ORPHAN(inode)=2130706432 [ 244.324171][T12572] max_ino=32 [ 244.324453][T12572] i_nlink=1 [ 244.328148][T12572] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 244.352768][ T6561] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.431470][T12577] loop4: detected capacity change from 0 to 16 [ 244.434217][T12577] erofs (device loop4): mounted with root inode @ nid 36. [ 244.632066][T12594] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 245.528519][T12615] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 245.536316][T12615] overlayfs: missing 'lowerdir' [ 245.789250][T12624] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1910'. [ 247.963714][T12670] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 247.970708][T12670] overlayfs: missing 'lowerdir' [ 248.254701][T12674] tipc: Enabling of bearer rejected, failed to enable media [ 248.797278][ T2451] ieee802154 phy1 wpan1: encryption failed: -22 [ 248.876790][ T31] kauditd_printk_skb: 92 callbacks suppressed [ 248.877907][ T31] audit: type=1326 audit(248.834:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12691 comm="syz.1.1928" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 248.881187][ T31] audit: type=1326 audit(248.844:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12691 comm="syz.1.1928" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 248.884402][ T31] audit: type=1326 audit(248.844:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12691 comm="syz.1.1928" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 248.888119][ T31] audit: type=1326 audit(248.844:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12691 comm="syz.1.1928" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 248.891576][ T31] audit: type=1326 audit(248.844:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12691 comm="syz.1.1928" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 250.927426][T12724] tipc: Enabled bearer , priority 0 [ 250.928972][T12724] tipc: Resetting bearer [ 250.988759][T12723] tipc: Disabling bearer [ 251.015709][T12730] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 251.053802][T12732] syzkaller0: entered promiscuous mode [ 251.054743][T12732] syzkaller0: entered allmulticast mode [ 252.191023][T12767] tipc: Enabled bearer , priority 0 [ 252.194689][T12767] tipc: Resetting bearer [ 252.217148][T12766] tipc: Disabling bearer [ 252.459630][T12776] loop4: detected capacity change from 0 to 512 [ 252.477751][T12776] EXT4-fs (loop4): orphan cleanup on readonly fs [ 252.481002][T12776] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.1954: bad orphan inode 13 [ 252.481634][T12776] ext4_test_bit(bit=12, block=18) = 1 [ 252.481641][T12776] is_bad_inode(inode)=0 [ 252.481713][T12776] NEXT_ORPHAN(inode)=2130706432 [ 252.481719][T12776] max_ino=32 [ 252.481724][T12776] i_nlink=1 [ 252.482445][T12776] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 252.506950][T12776] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 252.508586][T12779] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 252.518874][T12776] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 252.519550][T12776] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1954: bg 0: block 248: padding at end of block bitmap is not set [ 252.519791][T12776] Quota error (device loop4): write_blk: dquota write failed [ 252.519818][T12776] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 252.519830][T12776] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.1954: Failed to acquire dquot type 1 [ 252.530449][ T6560] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.701406][T12790] IPv6: Can't replace route, no match found [ 253.679596][T12817] syzkaller0: entered promiscuous mode [ 253.680894][T12817] syzkaller0: entered allmulticast mode [ 253.800906][T12819] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 254.254955][T12844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1974'. [ 254.256962][T12844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1974'. [ 254.257047][T12844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1974'. [ 254.257125][T12844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1974'. [ 255.208677][T12853] syzkaller0: entered promiscuous mode [ 255.209695][T12853] syzkaller0: entered allmulticast mode [ 255.535038][T12864] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 255.800106][T12879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1985'. [ 255.801892][T12879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1985'. [ 255.801991][T12879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1985'. [ 255.802070][T12879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1985'. [ 256.078268][T12892] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 256.078697][T12892] overlayfs: missing 'lowerdir' [ 256.583552][T12897] syzkaller0: entered promiscuous mode [ 256.584792][T12897] syzkaller0: entered allmulticast mode [ 256.868612][T12911] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 257.000945][T12912] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 257.008785][T12912] overlayfs: missing 'lowerdir' [ 257.384747][T12920] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1997'. [ 257.386806][T12920] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1997'. [ 258.245908][T12937] syzkaller0: entered promiscuous mode [ 258.245945][T12937] syzkaller0: entered allmulticast mode [ 258.412342][ T65] block nbd4: Possible stuck request 0000000024171d88: control (read@0,1024B). Runtime 180 seconds [ 258.414613][ T65] block nbd4: Possible stuck request 0000000026ef243b: control (read@1024,1024B). Runtime 180 seconds [ 258.416871][ T65] block nbd4: Possible stuck request 000000008cfc8cc4: control (read@2048,1024B). Runtime 180 seconds [ 258.417055][ T65] block nbd4: Possible stuck request 00000000f50e3908: control (read@3072,1024B). Runtime 180 seconds [ 258.997208][T12950] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 259.149943][T12952] loop4: detected capacity change from 0 to 8192 [ 259.677175][ T57] block nbd5: Possible stuck request 00000000705f32fb: control (read@0,1024B). Runtime 180 seconds [ 259.677252][ T57] block nbd5: Possible stuck request 00000000ebc554c6: control (read@1024,1024B). Runtime 180 seconds [ 259.677320][ T57] block nbd5: Possible stuck request 0000000080b4dd3c: control (read@2048,1024B). Runtime 180 seconds [ 259.677362][ T57] block nbd5: Possible stuck request 000000009213a592: control (read@3072,1024B). Runtime 180 seconds [ 259.943768][T12958] __nla_validate_parse: 2 callbacks suppressed [ 259.944026][T12958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2009'. [ 260.016393][T12960] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2008'. [ 260.016692][T12960] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2008'. [ 260.016786][T12960] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2008'. [ 260.016863][T12960] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2008'. [ 260.190186][T12970] syzkaller0: entered promiscuous mode [ 260.191212][T12970] syzkaller0: entered allmulticast mode [ 261.350204][T13002] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 261.968502][T13015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2025'. [ 261.968797][T13015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2025'. [ 261.968896][T13015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2025'. [ 261.968982][T13015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2025'. [ 262.118598][ T31] audit: type=1326 audit(262.104:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13017 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 262.119270][ T31] audit: type=1326 audit(262.104:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13017 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=26 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 262.119341][ T31] audit: type=1326 audit(262.104:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13017 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 262.119566][ T31] audit: type=1326 audit(262.104:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13017 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 262.119721][ T31] audit: type=1326 audit(262.104:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13017 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 262.119771][ T31] audit: type=1326 audit(262.104:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13017 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 262.120655][ T31] audit: type=1326 audit(262.104:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13017 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=279 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 262.120779][ T31] audit: type=1326 audit(262.104:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13017 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffb395ba1c code=0x7ffc0000 [ 262.122960][ T31] audit: type=1326 audit(262.104:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13017 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffffb395a0d0 code=0x7ffc0000 [ 262.125101][ T31] audit: type=1326 audit(262.104:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13017 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=215 compat=0 ip=0xffffb395ba8c code=0x7ffc0000 [ 262.125665][T13018] loop1: detected capacity change from 0 to 512 [ 262.209808][T13018] EXT4-fs (loop1): orphan cleanup on readonly fs [ 262.213658][T13018] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.2026: bad orphan inode 13 [ 262.213900][T13018] ext4_test_bit(bit=12, block=18) = 1 [ 262.213912][T13018] is_bad_inode(inode)=0 [ 262.213926][T13018] NEXT_ORPHAN(inode)=2130706432 [ 262.213935][T13018] max_ino=32 [ 262.213944][T13018] i_nlink=1 [ 262.214462][T13018] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 262.233457][T13018] EXT4-fs error (device loop1): ext4_lookup:1791: inode #2: comm syz.1.2026: deleted inode referenced: 12 [ 262.236538][T13018] EXT4-fs error (device loop1): ext4_lookup:1791: inode #2: comm syz.1.2026: deleted inode referenced: 12 [ 262.241107][T13018] EXT4-fs error (device loop1): ext4_lookup:1791: inode #2: comm syz.1.2026: deleted inode referenced: 12 [ 262.356845][T13018] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 262.526730][T13018] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 262.528773][T13025] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2026: bg 0: block 248: padding at end of block bitmap is not set [ 262.531410][T13025] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.2026: Failed to acquire dquot type 1 [ 262.584060][ T6554] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.921013][T13035] input: syz1 as /devices/virtual/input/input13 [ 263.176993][T13043] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 263.992323][T13061] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 265.415057][T13084] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 266.057567][T13098] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2048'. [ 266.057903][T13098] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2048'. [ 266.057997][T13098] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2048'. [ 266.058076][T13098] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2048'. [ 266.237289][T10464] block nbd9: Possible stuck request 00000000eb2c260a: control (read@0,1024B). Runtime 180 seconds [ 266.237332][T10464] block nbd9: Possible stuck request 00000000c8c4460c: control (read@1024,1024B). Runtime 180 seconds [ 266.237356][T10464] block nbd9: Possible stuck request 00000000a3133b83: control (read@2048,1024B). Runtime 180 seconds [ 266.237371][T10464] block nbd9: Possible stuck request 0000000023900c11: control (read@3072,1024B). Runtime 180 seconds [ 266.244851][ T65] block nbd8: Possible stuck request 00000000d5efd87c: control (read@0,1024B). Runtime 180 seconds [ 266.244895][ T65] block nbd8: Possible stuck request 0000000003ce7d3d: control (read@1024,1024B). Runtime 180 seconds [ 266.244917][ T65] block nbd8: Possible stuck request 00000000bad9978e: control (read@2048,1024B). Runtime 180 seconds [ 266.244933][ T65] block nbd8: Possible stuck request 00000000b9bff10b: control (read@3072,1024B). Runtime 180 seconds [ 267.138939][T13116] syzkaller0: entered promiscuous mode [ 267.138976][T13116] syzkaller0: entered allmulticast mode [ 267.262697][T13128] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 267.356889][ T65] block nbd10: Possible stuck request 0000000035090127: control (read@0,1024B). Runtime 180 seconds [ 267.359042][ T65] block nbd10: Possible stuck request 00000000ac3e392d: control (read@1024,1024B). Runtime 180 seconds [ 267.360925][ T65] block nbd10: Possible stuck request 0000000006b640e8: control (read@2048,1024B). Runtime 180 seconds [ 267.362726][ T65] block nbd10: Possible stuck request 0000000053a0fdae: control (read@3072,1024B). Runtime 180 seconds [ 268.080855][T13139] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2060'. [ 268.081139][T13139] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2060'. [ 268.081240][T13139] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2060'. [ 268.081320][T13139] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2060'. [ 268.388542][ T31] kauditd_printk_skb: 53 callbacks suppressed [ 268.388588][ T31] audit: type=1326 audit(268.374:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13144 comm="syz.1.2063" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 268.393821][ T31] audit: type=1326 audit(268.374:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13144 comm="syz.1.2063" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 268.393865][ T31] audit: type=1326 audit(268.374:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13144 comm="syz.1.2063" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=275 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 268.393919][ T31] audit: type=1326 audit(268.374:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13144 comm="syz.1.2063" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 268.393968][ T31] audit: type=1326 audit(268.374:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13144 comm="syz.1.2063" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb395b9e8 code=0x7ffc0000 [ 268.709713][T13154] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 268.710161][T13154] overlayfs: missing 'lowerdir' [ 269.267578][T13169] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 269.823496][T13185] binder: 13184:13185 got transaction to invalid handle, 1 [ 269.823530][T13185] binder: 13184:13185 cannot find target node [ 269.823563][T13185] binder: 13184:13185 transaction call to 0:0 failed 33/29201/-22, code 0 size 0-0 line 3232 [ 269.825319][ T1813] binder: undelivered TRANSACTION_ERROR: 29201 [ 270.161032][T13196] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2078'. [ 270.166862][T13196] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2078'. [ 270.724090][T13208] loop5: detected capacity change from 0 to 16 [ 270.729457][T13208] erofs (device loop5): mounted with root inode @ nid 36. [ 270.736188][T13208] x_tables: duplicate underflow at hook 1 [ 271.126160][T13210] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 271.339314][T13221] binder: 13220:13221 ioctl 4018620d 0 returned -22 [ 271.340950][T13221] binder: 13220:13221 got transaction to invalid handle, 1 [ 271.342415][T13221] binder: 13220:13221 cannot find target node [ 271.343598][T13221] binder: 13220:13221 transaction call to 0:0 failed 36/29201/-22, code 0 size 0-0 line 3232 [ 271.346469][ T1813] binder: undelivered TRANSACTION_ERROR: 29201 [ 271.425773][ T6558] Bluetooth: hci5: command 0x0406 tx timeout [ 271.575398][T13229] syzkaller0: entered promiscuous mode [ 271.575434][T13229] syzkaller0: entered allmulticast mode [ 271.675402][ T31] audit: type=1326 audit(271.654:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13224 comm="syz.5.2084" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 271.679675][ T31] audit: type=1326 audit(271.664:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13224 comm="syz.5.2084" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 271.689899][ T31] audit: type=1326 audit(271.674:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13224 comm="syz.5.2084" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=275 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 271.697593][ T31] audit: type=1326 audit(271.674:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13224 comm="syz.5.2084" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 271.707639][ T31] audit: type=1326 audit(271.684:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13224 comm="syz.5.2084" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a55b9e8 code=0x7ffc0000 [ 272.200789][T13245] __nla_validate_parse: 2 callbacks suppressed [ 272.201257][T13245] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2094'. [ 272.204693][T13245] tipc: New replicast peer: 255.255.255.255 [ 272.205691][T13245] tipc: Enabled bearer , priority 10 [ 272.280071][T13247] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2093'. [ 272.285108][T13247] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2093'. [ 272.286104][T13247] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2093'. [ 272.287196][T13247] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2093'. [ 273.326705][ T6566] tipc: Node number set to 4278255617 [ 273.658505][T13261] binder: 13257:13261 ioctl 4018620d 0 returned -22 [ 273.660124][T13261] binder: 13257:13261 got transaction to invalid handle, 1 [ 273.661637][T13261] binder: 13257:13261 cannot find target node [ 273.662619][T13261] binder: 13257:13261 transaction call to 0:0 failed 39/29201/-22, code 0 size 0-0 line 3232 [ 273.670737][ T1813] binder: undelivered TRANSACTION_ERROR: 29201 [ 273.942197][T13280] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2105'. [ 273.944976][T13280] tipc: Enabling of bearer rejected, already enabled [ 274.015575][T13288] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 274.857743][T13303] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2110'. [ 274.858198][T13303] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2110'. [ 274.858352][T13303] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2110'. [ 274.858490][T13303] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2110'. [ 275.411796][ T31] audit: type=1326 audit(275.394:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13309 comm="syz.4.2113" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 275.412902][ T31] audit: type=1326 audit(275.394:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13309 comm="syz.4.2113" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 275.412943][ T31] audit: type=1326 audit(275.394:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13309 comm="syz.4.2113" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=275 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 275.412959][ T31] audit: type=1326 audit(275.394:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13309 comm="syz.4.2113" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 275.412973][ T31] audit: type=1326 audit(275.394:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13309 comm="syz.4.2113" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa655b9e8 code=0x7ffc0000 [ 276.473587][T13339] tipc: Enabling of bearer rejected, already enabled [ 277.190578][T13353] loop4: detected capacity change from 0 to 16 [ 277.193196][T13353] erofs (device loop4): mounted with root inode @ nid 36. [ 278.174602][T13361] syzkaller0: entered promiscuous mode [ 278.174641][T13361] syzkaller0: entered allmulticast mode [ 278.233044][T13359] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 278.233483][T13359] overlayfs: missing 'lowerdir' [ 278.276091][T13367] syzkaller0: entered promiscuous mode [ 278.277719][T13367] syzkaller0: entered allmulticast mode [ 278.283195][T13363] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 278.379001][T13372] __nla_validate_parse: 1 callbacks suppressed [ 278.380209][T13372] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2132'. [ 278.382910][T13372] tipc: Enabling of bearer rejected, already enabled [ 279.971770][T13432] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 279.974519][T13433] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 279.975053][T13433] overlayfs: missing 'lowerdir' [ 279.992829][T13435] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2143'. [ 279.993830][T13435] tipc: Enabling of bearer rejected, already enabled [ 280.370674][T13399] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 280.370707][T13399] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 280.373159][T13455] syzkaller1: entered promiscuous mode [ 280.373419][T13455] syzkaller1: entered allmulticast mode [ 280.473039][T13399] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 280.473086][T13399] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 280.505178][T13465] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 280.507679][T13465] overlayfs: missing 'lowerdir' [ 280.530116][T13399] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 280.530150][T13399] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 280.637148][T13399] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 280.637187][T13399] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 280.890245][T13399] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 280.890292][T13399] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 281.219042][T13503] syzkaller0: entered promiscuous mode [ 281.221335][T13503] syzkaller0: entered allmulticast mode [ 281.488380][T13526] syzkaller0: entered promiscuous mode [ 281.488415][T13526] syzkaller0: entered allmulticast mode [ 281.861172][T13531] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 282.221402][T13538] IPv6: Can't replace route, no match found [ 282.409966][T13548] binder: tried to use weak ref as strong ref [ 282.409993][T13548] binder: 13547:13548 Acquire 1 refcount change on invalid ref 0 ret -22 [ 282.411296][T13548] binder: 13547:13548 got transaction to invalid handle, 1 [ 282.411308][T13548] binder: 13547:13548 cannot find target node [ 282.411323][T13548] binder: 13547:13548 transaction call to 0:0 failed 42/29201/-22, code 0 size 12288-0 line 3232 [ 282.411684][ T1813] binder: undelivered TRANSACTION_ERROR: 29201 [ 282.432750][T13550] syzkaller0: entered promiscuous mode [ 282.432781][T13550] syzkaller0: entered allmulticast mode [ 282.723173][T13557] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 282.837948][T13560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 282.839104][T13560] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 282.841691][T13560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 282.842734][T13560] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 282.845843][T13560] UHID_CREATE from different security context by process 534 (syz.6.2166), this is not allowed. [ 283.109383][T13565] IPv6: Can't replace route, no match found [ 283.125949][T13566] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 283.493485][T13579] binder: tried to use weak ref as strong ref [ 283.494881][T13579] binder: 13576:13579 Acquire 1 refcount change on invalid ref 0 ret -22 [ 283.498866][T13579] binder: 13576:13579 got transaction to invalid handle, 1 [ 283.498905][T13579] binder: 13576:13579 cannot find target node [ 283.498941][T13579] binder: 13576:13579 transaction call to 0:0 failed 45/29201/-22, code 0 size 12288-0 line 3232 [ 283.503079][ T26] binder: undelivered TRANSACTION_ERROR: 29201 [ 283.508945][T13580] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2173'. [ 283.510910][T13580] tipc: Enabling of bearer rejected, already enabled [ 284.119464][T13598] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 284.120268][T13598] overlayfs: missing 'lowerdir' [ 284.133883][T13589] syzkaller0: entered promiscuous mode [ 284.134858][T13589] syzkaller0: entered allmulticast mode [ 284.265006][T13603] IPv6: Can't replace route, no match found [ 284.296775][T13605] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 284.457792][T13613] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 284.741751][T13623] binder: 13622:13623 got transaction to invalid handle, 1 [ 284.743242][T13623] binder: 13622:13623 cannot find target node [ 284.744437][T13623] binder: 13622:13623 transaction call to 0:0 failed 49/29201/-22, code 0 size 12288-0 line 3232 [ 284.748777][ T6566] binder: undelivered TRANSACTION_ERROR: 29201 [ 284.806331][T13626] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2186'. [ 284.811598][T13626] tipc: Enabling of bearer rejected, already enabled [ 285.792741][T13638] syzkaller0: entered promiscuous mode [ 285.792774][T13638] syzkaller0: entered allmulticast mode [ 285.903721][T13643] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 286.167145][T13651] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 286.168896][T13651] overlayfs: missing 'lowerdir' [ 286.270980][T13654] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 286.468490][T13663] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2197'. [ 286.470475][T13663] tipc: Enabling of bearer rejected, already enabled [ 286.547323][T13666] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 286.547831][T13666] overlayfs: missing 'lowerdir' [ 286.658834][T13669] syzkaller0: entered promiscuous mode [ 286.658862][T13669] syzkaller0: entered allmulticast mode [ 287.000704][T13678] loop6: detected capacity change from 0 to 8192 [ 287.347653][T13683] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 287.748606][T13695] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 287.993165][T13707] input: syz1 as /devices/virtual/input/input14 [ 288.067083][T13713] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 288.514675][T13725] loop6: detected capacity change from 0 to 8192 [ 288.519228][ T65] block nbd4: Possible stuck request 0000000024171d88: control (read@0,1024B). Runtime 210 seconds [ 288.519274][ T65] block nbd4: Possible stuck request 0000000026ef243b: control (read@1024,1024B). Runtime 210 seconds [ 288.519287][ T65] block nbd4: Possible stuck request 000000008cfc8cc4: control (read@2048,1024B). Runtime 210 seconds [ 288.519296][ T65] block nbd4: Possible stuck request 00000000f50e3908: control (read@3072,1024B). Runtime 210 seconds [ 288.625970][T13734] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 288.793331][T13740] binder: tried to use weak ref as strong ref [ 288.794486][T13740] binder: 13739:13740 Acquire 1 refcount change on invalid ref 0 ret -22 [ 288.796228][T13740] binder: 13739:13740 got transaction to invalid handle, 1 [ 288.799377][T13740] binder: 13739:13740 cannot find target node [ 288.800488][T13740] binder: 13739:13740 transaction call to 0:0 failed 52/29201/-22, code 0 size 12288-0 line 3232 [ 288.801265][ T1813] binder: undelivered TRANSACTION_ERROR: 29201 [ 289.029658][T13752] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 289.118340][ T32] INFO: task syz.3.1220:10230 b ** replaying previous printk message ** [ 289.118340][ T32] INFO: task syz.3.1220:10230 blocked for more than 143 seconds. [ 289.118374][ T32] Not tainted syzkaller #0 [ 289.118704][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 289.118716][ T32] task:syz.3.1220 state:D stack:0 pid:10230 tgid:10229 ppid:6553 task_flags:0x400140 flags:0x00000011 [ 289.118737][ T32] Call trace: [ 289.118742][ T32] __switch_to+0x418/0x87c (T) [ 289.118761][ T32] __schedule+0x13b0/0x2864 [ 289.118773][ T32] schedule+0xb4/0x230 [ 289.118780][ T32] schedule_preempt_disabled+0x18/0x2c [ 289.118788][ T32] __mutex_lock_common+0xd04/0x2678 [ 289.118796][ T32] mutex_lock_nested+0x2c/0x38 [ 289.118802][ T32] sync_bdevs+0x164/0x2e4 [ 289.118812][ T32] ksys_sync+0xb8/0x164 [ 289.118820][ T32] __arm64_sys_sync+0x14/0x24 [ 289.118826][ T32] invoke_syscall+0x98/0x254 [ 289.118833][ T32] el0_svc_common+0xe8/0x23c [ 289.118838][ T32] do_el0_svc+0x48/0x58 [ 289.118844][ T32] el0_svc+0x5c/0x254 [ 289.118851][ T32] el0t_64_sync_handler+0x84/0x12c [ 289.118858][ T32] el0t_64_sync+0x198/0x19c [ 289.118873][ T32] [ 289.118873][ T32] Showing all locks held in the system: [ 289.118879][ T32] 1 lock held by khungtaskd/32: [ 289.118883][ T32] #0: ffff80008f78ba20 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 [ 289.118907][ T32] 2 locks held by pr/ttyAMA-1/43: [ 289.118924][ T32] 1 lock held by klogd/6183: [ 289.118929][ T32] 2 locks held by getty/6336: [ 289.118932][ T32] #0: ffff0000d80020a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 289.118951][ T32] #1: ffff80009baa72f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x34c/0xfa4 [ 289.118970][ T32] 1 lock held by udevd/6545: [ 289.118974][ T32] #0: ffff0000cbec3358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 [ 289.118992][ T32] 1 lock held by udevd/6564: [ 289.118996][ T32] #0: ffff0000cbd6f358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 [ 289.119030][ T32] 1 lock held by udevd/8601: [ 289.119034][ T32] #0: ffff0000cbf87358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 [ 289.119054][ T32] 1 lock held by udevd/8680: [ 289.119058][ T32] #0: ffff0000cbfab358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 [ 289.119075][ T32] 1 lock held by udevd/8888: [ 289.119078][ T32] #0: ffff0000cbfaf358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 [ 289.119097][ T32] 1 lock held by syz.3.1220/10230: [ 289.119100][ T32] #0: ffff0000cbfaf358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x164/0x2e4 [ 289.119118][ T32] 1 lock held by syz.1.2227/13750: [ 289.119122][ T32] [ 289.119124][ T32] ============================================= [ 289.119124][ T32] [ 289.119128][ T32] Kernel panic - not syncing: hung_task: blocked tasks [ 289.156832][ T32] CPU: 1 UID: 0 PID: 32 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT [ 289.158037][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 289.159469][ T32] Call trace: [ 289.159926][ T32] show_stack+0x2c/0x3c (C) [ 289.160542][ T32] __dump_stack+0x30/0x40 [ 289.161134][ T32] dump_stack_lvl+0x30/0x12c [ 289.161747][ T32] dump_stack+0x1c/0x28 [ 289.162354][ T32] vpanic+0x22c/0x6c0 [ 289.162917][ T32] vpanic+0x0/0x6c0 [ 289.163517][ T32] hung_task_panic+0x0/0x2c [ 289.164167][ T32] kthread+0x5fc/0x75c [ 289.164785][ T32] ret_from_fork+0x10/0x20 [ 289.165405][ T32] SMP: stopping secondary CPUs [ 289.166084][ T32] Kernel Offset: disabled [ 289.166693][ T32] CPU features: 0x100000,0001e000,42702281,5427fea7 [ 289.167574][ T32] Memory Limit: none [ 289.458482][ T32] Rebooting in 86400 seconds..