last executing test programs: 2m7.647567065s ago: executing program 3 (id=30): socket$inet6_udp(0xa, 0x2, 0x0) setresuid(0x0, 0x0, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000140)=""/255, 0xff}], 0x1, &(0x7f0000001500)=[{&(0x7f0000000300)=""/233, 0xe9}], 0x1, 0x0) 2m7.420032224s ago: executing program 3 (id=33): r0 = socket(0x1c, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000180)={0x1c, 0x1c, 0x3}, 0x1c) sendmsg$inet_sctp(r0, &(0x7f0000000500)={&(0x7f0000000100)=@in6={0x1c, 0x1c, 0x2}, 0x1c, 0x0, 0x0, 0x0, 0x1c}, 0x0) 2m7.024500749s ago: executing program 3 (id=36): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="28000000ffff000001"], 0x28}, 0x0) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/193, 0xc1}, 0x0) 2m6.06975241s ago: executing program 3 (id=48): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) 2m5.868268063s ago: executing program 3 (id=49): pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setstatus(r1, 0x4, 0xcc) r2 = getpid() setreuid(0x0, 0xee01) fcntl$setown(r1, 0x6, r2) r3 = socket(0x2, 0x1, 0x0) dup2(r3, r0) 2m5.360560989s ago: executing program 3 (id=53): r0 = socket(0x11, 0x3, 0x0) sendto$unix(r0, &(0x7f00000000c0)="b1000501600000903fb1000007000000331c1306cfa10500fef96ecfc73fd3357ae36caa0416fa4f376b36acf00b7804be381e4991f7c8cf5f882b297be1aa5323edeb51e2f0ca3ebbc257699a1f133ea7acb5d602000d7d026ba8af6300372a2102000000720fd38bfbb770c1f5a8aec881ea772ec5890400000000000000361b1257aea8c500002012000000042000"/177, 0xb1, 0x0, 0x0, 0x0) 2m4.80776783s ago: executing program 32 (id=53): r0 = socket(0x11, 0x3, 0x0) sendto$unix(r0, &(0x7f00000000c0)="b1000501600000903fb1000007000000331c1306cfa10500fef96ecfc73fd3357ae36caa0416fa4f376b36acf00b7804be381e4991f7c8cf5f882b297be1aa5323edeb51e2f0ca3ebbc257699a1f133ea7acb5d602000d7d026ba8af6300372a2102000000720fd38bfbb770c1f5a8aec881ea772ec5890400000000000000361b1257aea8c500002012000000042000"/177, 0xb1, 0x0, 0x0, 0x0) 53.614687408s ago: executing program 4 (id=730): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x88441) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r4}, 0x10) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x5, &(0x7f0000000080)={0x5, 0x31, 0x0, 0x0, 0x7995}, 0x799d, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 53.128460602s ago: executing program 4 (id=733): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x10, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000000)="b0", 0x1}], 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x0, 0x0, 0x1, 0x0, {0xa, 0x4e21, 0x7, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x3a) 52.900899153s ago: executing program 4 (id=736): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[], 0x2c}}, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000200)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x0, 0x1, 0x1}}, 0x18) sendmsg$can_j1939(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x0, 0x1ee}}, 0x18, &(0x7f00000004c0)={&(0x7f0000000140)='\x00', 0x8}}, 0x0) 52.54050774s ago: executing program 4 (id=740): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x200000, &(0x7f00000000c0)={[{@nombcache}, {@usrquota}, {@lazytime}, {@usrquota}]}, 0xfc, 0x564, &(0x7f00000008c0)="$eJzs3c9rHFUcAPDvbJI2/aFJoRT1IIEerNRumsQfFTzUo2ixoPe6JNNQsumW7KY0sWB7sBcvUgQRC6J37x6L/4B/RUELRUrQg5eV2cym22Y32aSbJu1+PjDJezOzee+7M9+XNzu7bAB9ayz7UYh4NSK+TSJGWrYNRr5xbHW/lYfXp7MliXr9s7+TSPJ1zf2T/PehvPJKRPz+dcTJwvp2q0vLc6VyOV3I6+O1+Svj1aXlU5fmS7PpbHp5cmrqzDtTk++/927PYn3z/L8/fHr3ozPfHF/5/tf7R24ncTYO59ta43gKN1orYzGWPydDcfaJHSd60Nhekux2B9iWgTzPhyIbA0ZiIM/6tuojz7JrwA77KktroE8l8h/6VHMe0Ly279F18HPjwYerF0Dr4x9cfW0khhvXRgdXkseujLLr3dEetJ+18dtfd25nS/TudQiATd24GRGnBwfXj39JPv5t3+ku9nmyDeMfPDt3s/nPW+3mP4W1+U+0mf8capO727F5/hfu96CZjrL53wdt579rN61GB/LaS40531By8VI5zca2lyPiRAztz+ob3M/5orByr95pY+v8L1uy9ptzwbwf9wf3P/6YmVKt9FRBt3hwM+K1tvPfZO34J22Of/Z8nO+yjWPpndc7bds8/p1V/znijbbH/9EdrWTj+5PjjfNhvHlWrPfPrWN/dGp/t+PPjv/BjeMfTVrv11a33sZPw/+lnbZt9/zfl3zeKO/L110r1WoLExH7kk/Wr5989Nhmvbl/Fv+J4xuPf+3O/wNZYncZ/62jt1p3Hd5a/Dsri39mS8d/64V7H3/5Y6f2uzv+bzdKJ/I13Yx/3XbwaZ47AAAAAAAA2GsKEXE4kkJxrVwoFIur7+84GgcL5Uq1dvJiZfHyTDQ+KzsaQ4Xmne6RlvdDTOTvh23WJ5+oT0XEkYj4buBAo16crpRndjt4AAAAAAAAAAAAAAAAAAAA2CMORQy3+/x/5s+B3e4dsOM2+Mpv4AXXOf/zLb34pidgT/L/H/qX/If+Jf+hf8l/6F/yH/qX/If+Jf+hf20l/385t4MdAQAAAAAAAAAAAAAAAAAAAAAAAAAAgBfD+XPnsqW+8vD6dFafubq0OFe5emomrc4V5xeni9OVhSvF2UpltpwWpyvzm/29cqVyZWIyFq+N19Jqbby6tHxhvrJ4uXbh0nxpNr2QDj2TqAAAAAAAAAAAAAAAAAAAAOD5Ul1aniuVy+mCgsK2CoN7oxsKPS7s9sgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/8HwAA///F1Dry") r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000007c0), 0x1, 0x0) write$binfmt_register(r0, &(0x7f0000000000)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x2007, 0x3a, 'M', 0x3a, 'M', 0x3a, './file2', 0x3a, [0x46]}, 0x2a) 52.017268238s ago: executing program 4 (id=746): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x10, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000000)="b0", 0x1}], 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x0, 0x0, 0x1, 0x0, {0xa, 0x4e21, 0x7, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x3a) 50.22108748s ago: executing program 4 (id=765): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) bind$tipc(0xffffffffffffffff, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10) bind$tipc(r1, &(0x7f0000000540)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000500)=@name={0x1e, 0x2, 0x3, {{0x42, 0x1}, 0x1}}, 0x10) sendmsg$tipc(r2, &(0x7f0000000340)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20044094}, 0x0) 49.712377993s ago: executing program 33 (id=765): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) bind$tipc(0xffffffffffffffff, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10) bind$tipc(r1, &(0x7f0000000540)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000500)=@name={0x1e, 0x2, 0x3, {{0x42, 0x1}, 0x1}}, 0x10) sendmsg$tipc(r2, &(0x7f0000000340)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20044094}, 0x0) 7.015050118s ago: executing program 6 (id=1150): bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000300)=[{0x200000000006, 0x4, 0x0, 0x7ffc1ffb}]}) ioprio_set$pid(0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_clone(0xc510c080, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800) 3.256510951s ago: executing program 5 (id=1180): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0x101}, 0x18) r0 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) r1 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x1e0, &(0x7f0000000040)={0x0, 0x1, 0x4}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x10) mq_timedreceive(r1, &(0x7f0000000340)=""/195, 0xc3, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) mq_timedreceive(r1, &(0x7f0000000080)=""/92, 0x5c, 0x0, 0x0) 2.28632687s ago: executing program 5 (id=1188): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484e2431dca5436a6d3e3e50d111fbdf23ea32db0e8f21d5bc", 0x1b}], 0x2) 2.175477321s ago: executing program 5 (id=1191): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x800) 2.021528444s ago: executing program 6 (id=1194): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="05000000060000"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="0d00000002000000040000000240000005000000", @ANYRES32=r1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\b\x00'], 0x48) 1.902198444s ago: executing program 5 (id=1195): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), r5) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c000000020603000000000000000000ffea000005000100070000000900020073797a300000000014000780080012401b0000000800084000000000050005000000001005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0) r7 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r7, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r7, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r9 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r8, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d75a3d0000b110000000000000000000000000000000000ff0200000000000000000000000000014f1c4e20", @ANYRESHEX=r7], 0xd6) 1.78443491s ago: executing program 6 (id=1196): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b40)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0x260, 0x260, 0xe8, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffff00, 0xffffffff, 0xffffffff, 0xffffffff], 'hsr0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbe, 0x7, 0x5aa9, @ipv4={'\x00', '\xff\xff', @empty}, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3c80}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x2000010}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast1, @private1, [0x0, 0x0, 0xff, 0xff], [0x0, 0xffffff00], [0x0, 0xff000000], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518) 1.778792956s ago: executing program 1 (id=1197): r0 = creat(&(0x7f0000000000)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_elf32(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="7f454c4604030003000000000000000002003e00000000000103000038000000000000000f000000000020000100040000000000000000000300000008000000f30000008100000004"], 0x58) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b70300000000ecff850000000400000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) close(r0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) 1.660340894s ago: executing program 6 (id=1198): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0x101}, 0x18) r0 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) r1 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x1e0, &(0x7f0000000040)={0x0, 0x1, 0x4}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x10) mq_timedreceive(r1, &(0x7f0000000340)=""/195, 0xc3, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) mq_timedreceive(r1, &(0x7f0000000080)=""/92, 0x5c, 0x0, 0x0) 1.447075763s ago: executing program 5 (id=1199): creat(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) syz_io_uring_setup(0x3b, 0x0, &(0x7f0000000000), 0x0) set_mempolicy(0x6, 0x0, 0x6) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) creat(&(0x7f0000000380)='./file0\x00', 0xc2) umount2(&(0x7f0000000280)='./file0\x00', 0x0) 1.418591963s ago: executing program 2 (id=1200): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='kfree\x00', r3}, 0xc) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c40)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="8b33000000000000000005000000080003"], 0x38}}, 0x40000) 1.328888555s ago: executing program 1 (id=1201): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484e2431dca5436a6d3e3e50d111fbdf23ea32db0e8f21d5bc", 0x1b}], 0x2) 1.224411161s ago: executing program 2 (id=1202): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54008cb07b783a3221f800000000000002000000280004802400018009"], 0x7c}}, 0x4041) sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="0a012a20", @ANYRES16=0x0, @ANYBLOB="e60f000901008b00005d33cdc96be58bd5b3274e000f", @ANYRES32, @ANYBLOB="0c001a8048"], 0x2c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000240)="aefc00001a0025f01d85bc04fef7681d020b49ff708800008003280008021000ac0a1410bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae) 1.192332696s ago: executing program 0 (id=1203): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r3}, 0x10) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="020114000129184ad4a08058195c60140000002f0600ac141414e0ecff02808a8972bd0b72e41082b1a3d206"], 0xdd12}], 0x1, 0x0, 0x0, 0x4008084}, 0x0) 1.165378678s ago: executing program 5 (id=1204): set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a00000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000106a0529000000000000010902"], 0x0) syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1.12347848s ago: executing program 1 (id=1205): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x800) 984.436712ms ago: executing program 0 (id=1206): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="05000000060000"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="0d00000002000000040000000240000005000000", @ANYRES32=r1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\b\x00'], 0x48) 926.725945ms ago: executing program 2 (id=1207): socket$kcm(0x2, 0x0, 0x106) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00'}, 0x10) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) symlinkat(0x0, r1, &(0x7f0000000100)='./file0\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180)) ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001) 855.878955ms ago: executing program 0 (id=1208): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000000000000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10) ioprio_set$uid(0x3, 0x0, 0x0) 760.253186ms ago: executing program 1 (id=1209): syz_read_part_table(0x5e0, &(0x7f0000000000)="$eJzs3L9rJFUcAPDvzM7ObiAasbZYSCMKRrATF23UpBONnYWNgkVEYiFWu4uC4I8/IK1oYRRCrC08OEK4dFcdB+Huv7gUF94xP/fgUt2Gg4PPp9jve2++3/dmdl77Jni+pY2IlEWc1b3fB3Uo8u1Be/2LrMscNWHYdqvxTw/f/2Bn8lE26seq0Xl7dbRcpWxjEZO29V8Rvx1++VPeZcyaMI8Y/lNGUeWmpu7gyZu+qKYvsmv5A1hF8X+qX1aUcTv+jYi9bFC9/FHEIv6MeCnGdd5WxMuDlFL9mucRaxGDKPt98dSOpieLd6PYrdpr0e60YdOb/ZylN9u8YaSUUh6zza5yEPHKO1v7V01a1y/qPdYNpZSG611tvrywd1l2zbdO789iMe5nj9Ru7m6ffnP+8Rv1nWTNHMNVHx4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGv36rev3ci7znv1b9b/bv8V+TJ1HvGwa0/G17T+0fRk44cf9/P4fvrVna+zbngQWx+uR4z6vM+bcPxLHYo+bVV7l3n59x831/qBduos4tbm3YvUrXDexu/efqx4mq+8PgAAAAAAAAAAAAAAAAAAAFSOY2fySR67EVl8Fsvj/inGEVl/Hn8ckVJKD1KtO/xfHrzYts7uRVYVRepKTsvmgwIbL0Sk0a+v1x8UaApTSkW9RPYMH5QrPQoAAP//HdhdXQ==") r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x24, 0x13, 0x821, 0x0, 0x0, "", [@typed={0x6, 0x0, 0x0, 0x0, @str='!\xa5'}, @typed={0xc, 0x1, 0x0, 0x0, @u64}]}, 0x24}], 0x1}, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) 568.385236ms ago: executing program 6 (id=1210): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d6163767461700000000800014000000005"], 0xe8}}, 0x0) 568.16773ms ago: executing program 0 (id=1211): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000800)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000007c0)={0xffffffffffffffff}, 0x111, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0x8, @remote, 0x81}, r2}}, 0x30) 538.200124ms ago: executing program 2 (id=1212): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x3, &(0x7f0000000900)=@framed, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00}, 0x50) 384.181991ms ago: executing program 6 (id=1213): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000810000000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x800) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, 0x0, 0x0) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) r3 = getpid() r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x3c, r5, 0x1, 0x70bd2b, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r3}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x8000000000000000}, 0x18) unlink(0x0) 332.593533ms ago: executing program 0 (id=1214): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x2000, 0x0) chdir(0x0) linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) rename(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='./bus\x00') unlink(&(0x7f0000000080)='./file0\x00') 273.405714ms ago: executing program 1 (id=1215): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484e2431dca5436a6d3e3e50d111fbdf23ea32db0e8f21d5bc", 0x1b}], 0x2) 234.405959ms ago: executing program 2 (id=1216): semop(0x0, &(0x7f0000000100)=[{0x0, 0x2, 0x1800}], 0x1) r0 = semget(0x3, 0x1, 0xb6) semctl$SETVAL(r0, 0x3, 0x10, 0x0) 97.025255ms ago: executing program 0 (id=1217): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000005c0)='kfree\x00', r1}, 0x18) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, 0x0, 0x80) unshare(0x2040400) r2 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}, {0x2, 0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x4000400) unshare(0x2000400) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0x3, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0xc, 0x0, 0x0, 0x0, 0x23456}) socket$tipc(0x1e, 0x5, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x8000000, {0x0, 0x0, 0x0, r8, {0x1f, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008040}, 0x4000000) 148.337µs ago: executing program 1 (id=1218): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="05000000060000000800"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="0d00000002000000040000000240000005000000", @ANYRES32=r1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\b\x00'], 0x48) 0s ago: executing program 2 (id=1219): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x800) kernel console output (not intermixed with test programs): sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 133.857116][ T29] audit: type=1326 audit(1740264859.191:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6917 comm="syz.4.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 133.880061][ T29] audit: type=1326 audit(1740264859.191:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6917 comm="syz.4.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 133.954073][ T29] audit: type=1326 audit(1740264859.191:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6917 comm="syz.4.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 134.054461][ T6918] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.076470][ T29] audit: type=1326 audit(1740264859.191:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6917 comm="syz.4.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 134.099731][ T29] audit: type=1326 audit(1740264859.191:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6917 comm="syz.4.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 134.122385][ T29] audit: type=1326 audit(1740264859.191:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6917 comm="syz.4.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 134.144935][ T29] audit: type=1326 audit(1740264859.191:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6917 comm="syz.4.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 134.208343][ T29] audit: type=1326 audit(1740264859.191:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6917 comm="syz.4.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 134.362220][ T6918] netlink: 4 bytes leftover after parsing attributes in process `syz.4.324'. [ 134.605982][ T6918] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 134.752979][ T6918] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 134.819185][ T6918] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 134.842645][ T6918] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 134.892680][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.915592][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.100529][ T6941] No control pipe specified [ 135.246747][ T5826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.811883][ T6972] netlink: 'syz.4.342': attribute type 10 has an invalid length. [ 136.220147][ T6985] No control pipe specified [ 137.096749][ T7019] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 137.103584][ T7019] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 137.212460][ T7028] No control pipe specified [ 137.230794][ T7019] vhci_hcd vhci_hcd.0: Device attached [ 137.453657][ T5819] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 137.620004][ T7033] loop2: detected capacity change from 0 to 512 [ 137.725372][ T7033] EXT4-fs (loop2): orphan cleanup on readonly fs [ 137.884817][ T7033] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.356: bg 0: block 248: padding at end of block bitmap is not set [ 137.966419][ T7033] EXT4-fs error (device loop2): ext4_acquire_dquot:6912: comm syz.2.356: Failed to acquire dquot type 1 [ 138.041093][ T7033] EXT4-fs (loop2): 1 truncate cleaned up [ 138.087319][ T7033] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 138.147392][ T7057] loop1: detected capacity change from 0 to 512 [ 138.297164][ T7057] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.342526][ T7057] ext4 filesystem being mounted at /78/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 138.634072][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.805970][ T5885] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 139.004842][ T7089] xt_hashlimit: max too large, truncated to 1048576 [ 139.027937][ T5885] usb 3-1: config 15 has an invalid interface number: 165 but max is 2 [ 139.063445][ T5885] usb 3-1: config 15 has an invalid interface number: 18 but max is 2 [ 139.093960][ T5885] usb 3-1: config 15 contains an unexpected descriptor of type 0x2, skipping [ 139.116342][ T5885] usb 3-1: config 15 has an invalid descriptor of length 111, skipping remainder of the config [ 139.154513][ T5885] usb 3-1: config 15 has 2 interfaces, different from the descriptor's value: 3 [ 139.193814][ T5885] usb 3-1: config 15 has no interface number 0 [ 139.218188][ T5885] usb 3-1: config 15 has no interface number 1 [ 139.230851][ T5885] usb 3-1: config 15 interface 165 altsetting 213 has an invalid descriptor for endpoint zero, skipping [ 139.249091][ T5885] usb 3-1: config 15 interface 165 altsetting 213 has 2 endpoint descriptors, different from the interface descriptor's value: 10 [ 139.271821][ T5885] usb 3-1: too many endpoints for config 15 interface 18 altsetting 166: 90, using maximum allowed: 30 [ 139.287245][ T5885] usb 3-1: config 15 interface 18 altsetting 166 endpoint 0xC has invalid wMaxPacketSize 0 [ 139.288167][ T7101] sctp: [Deprecated]: syz.4.379 (pid 7101) Use of int in max_burst socket option. [ 139.288167][ T7101] Use struct sctp_assoc_value instead [ 139.318488][ T5885] usb 3-1: config 15 interface 18 altsetting 166 has an endpoint descriptor with address 0xB1, changing to 0x81 [ 139.331251][ T5885] usb 3-1: config 15 interface 18 altsetting 166 endpoint 0x81 has an invalid bInterval 176, changing to 11 [ 139.343551][ T5885] usb 3-1: config 15 interface 18 altsetting 166 endpoint 0x81 has invalid maxpacket 33483, setting to 1024 [ 139.355803][ T5885] usb 3-1: config 15 interface 18 altsetting 166 has a duplicate endpoint with address 0xC, skipping [ 139.367705][ T5885] usb 3-1: config 15 interface 18 altsetting 166 has an endpoint descriptor with address 0xE7, changing to 0x87 [ 139.380428][ T5885] usb 3-1: config 15 interface 18 altsetting 166 endpoint 0x87 has invalid maxpacket 47487, setting to 1024 [ 139.437240][ T5885] usb 3-1: config 15 interface 18 altsetting 166 bulk endpoint 0x87 has invalid maxpacket 1024 [ 139.450598][ T5885] usb 3-1: config 15 interface 18 altsetting 166 has 5 endpoint descriptors, different from the interface descriptor's value: 90 [ 139.486261][ T5885] usb 3-1: config 15 interface 165 has no altsetting 0 [ 139.520136][ T5885] usb 3-1: config 15 interface 18 has no altsetting 0 [ 139.569423][ T5885] usb 3-1: New USB device found, idVendor=1039, idProduct=2131, bcdDevice=56.a0 [ 139.609652][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.622188][ T5885] usb 3-1: Product: syz [ 139.628737][ T5885] usb 3-1: Manufacturer: М [ 139.673404][ T5885] usb 3-1: SerialNumber: syz [ 139.724146][ T7111] netlink: 4 bytes leftover after parsing attributes in process `syz.0.382'. [ 139.753036][ T7027] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 140.811717][ T7135] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 141.197263][ T29] kauditd_printk_skb: 116 callbacks suppressed [ 141.197280][ T29] audit: type=1326 audit(1740264866.086:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7144 comm="syz.0.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 141.310607][ T29] audit: type=1326 audit(1740264866.132:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7144 comm="syz.0.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 141.375812][ T7033] syz.2.356 (7033) used greatest stack depth: 18480 bytes left [ 141.461234][ T29] audit: type=1326 audit(1740264866.132:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7144 comm="syz.0.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 141.575215][ T7155] sctp: [Deprecated]: syz.0.393 (pid 7155) Use of struct sctp_assoc_value in delayed_ack socket option. [ 141.575215][ T7155] Use struct sctp_sack_info instead [ 141.615302][ T29] audit: type=1326 audit(1740264866.132:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7144 comm="syz.0.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 141.677025][ T29] audit: type=1326 audit(1740264866.132:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7144 comm="syz.0.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 141.739840][ T29] audit: type=1326 audit(1740264866.132:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7144 comm="syz.0.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 141.795473][ T5885] usb 3-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2131) Rev (0X56A0): Eagle II [ 141.830021][ T7020] vhci_hcd: connection reset by peer [ 141.854912][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.891927][ T29] audit: type=1326 audit(1740264866.141:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7144 comm="syz.0.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 141.914735][ T2902] vhci_hcd: stop threads [ 141.929232][ T2902] vhci_hcd: release socket [ 141.946203][ T2902] vhci_hcd: disconnect device [ 141.970923][ T29] audit: type=1326 audit(1740264866.141:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7144 comm="syz.0.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 142.046009][ T29] audit: type=1326 audit(1740264866.141:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7144 comm="syz.0.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 142.188144][ T29] audit: type=1326 audit(1740264866.141:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7144 comm="syz.0.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 142.261654][ T7168] netlink: 'syz.2.397': attribute type 10 has an invalid length. [ 142.676450][ T7190] loop4: detected capacity change from 0 to 256 [ 142.721424][ T7190] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 142.760009][ T5885] usb 3-1: [ueagle-atm] pre-firmware device, uploading firmware [ 142.787165][ T5970] usb 3-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2 [ 142.798100][ T5885] usb 3-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 142.816691][ T7190] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 142.835392][ T5885] usb 3-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2131) Rev (0X56A0): Eagle II [ 142.845804][ T5970] usb 3-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw [ 142.900613][ T5885] usb 3-1: [ueagle-atm] pre-firmware device, uploading firmware [ 142.924958][ T5885] usb 3-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 143.024276][ T5819] vhci_hcd: vhci_device speed not set [ 143.051171][ T5885] usb 3-1: USB disconnect, device number 2 [ 143.228657][ T7205] netlink: 'syz.4.414': attribute type 10 has an invalid length. [ 143.608586][ T7219] Unsupported ieee802154 address type: 0 [ 144.187392][ T7242] netlink: 'syz.4.429': attribute type 10 has an invalid length. [ 144.555063][ T7254] loop5: detected capacity change from 0 to 7 [ 144.564739][ T7254] Buffer I/O error on dev loop5, logical block 0, async page read [ 144.578203][ T7254] Buffer I/O error on dev loop5, logical block 0, async page read [ 144.592972][ T7254] Buffer I/O error on dev loop5, logical block 0, async page read [ 144.606203][ T7254] Buffer I/O error on dev loop5, logical block 0, async page read [ 144.619337][ T7254] Buffer I/O error on dev loop5, logical block 0, async page read [ 144.631617][ T7254] Buffer I/O error on dev loop5, logical block 0, async page read [ 144.653596][ T7254] Buffer I/O error on dev loop5, logical block 0, async page read [ 144.666917][ T7254] ldm_validate_partition_table(): Disk read failed. [ 144.684844][ T7254] Buffer I/O error on dev loop5, logical block 0, async page read [ 144.724318][ T7254] Buffer I/O error on dev loop5, logical block 0, async page read [ 144.758174][ T7254] Buffer I/O error on dev loop5, logical block 0, async page read [ 144.805805][ T7254] Dev loop5: unable to read RDB block 0 [ 144.836884][ T7254] loop5: unable to read partition table [ 144.866037][ T7254] loop5: partition table beyond EOD, truncated [ 144.883265][ T7254] loop_reread_partitions: partition scan of loop5 (被xڬdƤݡ [ 144.883265][ T7254] ) failed (rc=-5) [ 144.923710][ T5202] ldm_validate_partition_table(): Disk read failed. [ 144.934856][ T5202] Dev loop5: unable to read RDB block 0 [ 144.947182][ T5202] loop5: unable to read partition table [ 144.965444][ T5202] loop5: partition table beyond EOD, truncated [ 145.116304][ T5890] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 145.157499][ T7268] netlink: 'syz.0.444': attribute type 10 has an invalid length. [ 145.196991][ T7268] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.297526][ T5890] usb 5-1: Using ep0 maxpacket: 8 [ 145.308894][ T5890] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 145.328293][ T5890] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 145.339992][ T5890] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.440896][ T7276] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 146.405556][ T7309] netlink: 'syz.5.459': attribute type 10 has an invalid length. [ 146.647017][ T7309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 147.775211][ T7335] loop5: detected capacity change from 0 to 2048 [ 147.782932][ T7334] netlink: 44 bytes leftover after parsing attributes in process `syz.0.469'. [ 147.797931][ T7335] EXT4-fs: Ignoring removed bh option [ 147.858684][ T7335] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.944638][ T7335] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2240: inode #12: comm syz.5.470: corrupted in-inode xattr: e_name out of bounds [ 148.181880][ T5885] usb 5-1: USB disconnect, device number 6 [ 148.755331][ T7340] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 148.844618][ T2982] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 148.889542][ T2982] EXT4-fs (loop5): This should not happen!! Data will be lost [ 148.889542][ T2982] [ 148.937914][ T2982] EXT4-fs (loop5): Total free blocks count 0 [ 148.943978][ T2982] EXT4-fs (loop5): Free/Dirty block details [ 148.985153][ T2982] EXT4-fs (loop5): free_blocks=2415919104 [ 149.014211][ T2982] EXT4-fs (loop5): dirty_blocks=2768 [ 149.019561][ T2982] EXT4-fs (loop5): Block reservation details [ 149.050476][ T2982] EXT4-fs (loop5): i_reserved_data_blocks=173 [ 149.072812][ T7371] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.087849][ T2982] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 149.352083][ T7371] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.459243][ T974] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 149.552729][ T7371] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.564081][ T7391] loop5: detected capacity change from 0 to 128 [ 149.652103][ T7391] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 149.664959][ T974] usb 2-1: Using ep0 maxpacket: 8 [ 149.677792][ T974] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 149.695042][ T974] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 149.705157][ T7391] FAT-fs (loop5): Filesystem has been set read-only [ 149.716262][ T7371] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.721191][ T974] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.735396][ T7391] syz.5.483: attempt to access beyond end of device [ 149.735396][ T7391] loop5: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 149.760563][ T7391] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 149.768845][ T7391] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 149.809182][ T7391] syz.5.483: attempt to access beyond end of device [ 149.809182][ T7391] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 149.829733][ T29] kauditd_printk_skb: 36 callbacks suppressed [ 149.829749][ T29] audit: type=1800 audit(1740264874.051:322): pid=7391 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.483" name="file2" dev="loop5" ino=4 res=0 errno=0 [ 149.905137][ T7391] syz.5.483 (7391) used greatest stack depth: 16272 bytes left [ 149.982038][ T7371] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.024142][ T7371] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.035114][ T7396] netlink: 'syz.2.491': attribute type 4 has an invalid length. [ 150.047694][ T7396] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.491'. [ 150.070053][ T7371] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.123244][ T7371] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.536642][ T7411] loop2: detected capacity change from 0 to 128 [ 151.052476][ T7416] loop5: detected capacity change from 0 to 8192 [ 151.129332][ T7427] loop4: detected capacity change from 0 to 512 [ 151.201806][ T7427] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.266322][ T7427] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 151.362365][ T5826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.851945][ T29] audit: type=1326 audit(1740264875.916:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7450 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 151.893916][ T29] audit: type=1326 audit(1740264875.925:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7450 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 151.971522][ T29] audit: type=1326 audit(1740264875.934:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7450 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 152.059851][ T29] audit: type=1326 audit(1740264875.934:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7450 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 152.125354][ T29] audit: type=1326 audit(1740264875.934:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7450 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 152.170925][ T7451] loop5: detected capacity change from 0 to 512 [ 152.217589][ T29] audit: type=1326 audit(1740264875.944:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7450 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 152.257841][ T7451] EXT4-fs (loop5): orphan cleanup on readonly fs [ 152.332120][ T7451] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.509: bg 0: block 248: padding at end of block bitmap is not set [ 152.353141][ T29] audit: type=1326 audit(1740264875.944:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7450 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf4eb8d169 code=0x7ffc0000 [ 152.357197][ T7451] Quota error (device loop5): write_blk: dquota write failed [ 152.390614][ T7451] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 152.401900][ T7451] EXT4-fs error (device loop5): ext4_acquire_dquot:6912: comm syz.5.509: Failed to acquire dquot type 1 [ 152.553739][ T5885] usb 2-1: USB disconnect, device number 2 [ 152.570157][ T7451] EXT4-fs (loop5): 1 truncate cleaned up [ 153.100223][ T7451] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 153.425301][ T7451] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 153.559100][ T7451] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 153.737464][ T5885] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 153.914276][ T5885] usb 6-1: config 15 has an invalid interface number: 165 but max is 2 [ 153.950185][ T5885] usb 6-1: config 15 has an invalid interface number: 18 but max is 2 [ 153.986632][ T5885] usb 6-1: config 15 contains an unexpected descriptor of type 0x2, skipping [ 154.020293][ T5885] usb 6-1: config 15 has an invalid descriptor of length 111, skipping remainder of the config [ 154.060053][ T5885] usb 6-1: config 15 has 2 interfaces, different from the descriptor's value: 3 [ 154.086240][ T5885] usb 6-1: config 15 has no interface number 0 [ 154.135898][ T5885] usb 6-1: config 15 has no interface number 1 [ 154.154516][ T5885] usb 6-1: config 15 interface 165 altsetting 213 has an invalid descriptor for endpoint zero, skipping [ 154.209070][ T5885] usb 6-1: config 15 interface 165 altsetting 213 has 2 endpoint descriptors, different from the interface descriptor's value: 10 [ 154.302340][ T5885] usb 6-1: too many endpoints for config 15 interface 18 altsetting 166: 90, using maximum allowed: 30 [ 154.835302][ T7505] capability: warning: `syz.0.523' uses deprecated v2 capabilities in a way that may be insecure [ 154.926731][ T5885] usb 6-1: config 15 interface 18 altsetting 166 endpoint 0xC has invalid wMaxPacketSize 0 [ 154.936916][ T5885] usb 6-1: config 15 interface 18 altsetting 166 has an endpoint descriptor with address 0xB1, changing to 0x81 [ 154.948863][ T5885] usb 6-1: config 15 interface 18 altsetting 166 endpoint 0x81 has an invalid bInterval 176, changing to 11 [ 154.960405][ T5885] usb 6-1: config 15 interface 18 altsetting 166 endpoint 0x81 has invalid maxpacket 33483, setting to 1024 [ 154.982458][ T5885] usb 6-1: config 15 interface 18 altsetting 166 has a duplicate endpoint with address 0xC, skipping [ 155.144180][ T5885] usb 6-1: config 15 interface 18 altsetting 166 has an endpoint descriptor with address 0xE7, changing to 0x87 [ 155.165384][ T5885] usb 6-1: config 15 interface 18 altsetting 166 endpoint 0x87 has invalid maxpacket 47487, setting to 1024 [ 155.184429][ T5885] usb 6-1: config 15 interface 18 altsetting 166 bulk endpoint 0x87 has invalid maxpacket 1024 [ 155.200650][ T5885] usb 6-1: config 15 interface 18 altsetting 166 has 5 endpoint descriptors, different from the interface descriptor's value: 90 [ 155.214587][ T5885] usb 6-1: config 15 interface 165 has no altsetting 0 [ 155.221491][ T5885] usb 6-1: config 15 interface 18 has no altsetting 0 [ 155.385066][ T29] kauditd_printk_skb: 26 callbacks suppressed [ 155.385084][ T29] audit: type=1326 audit(1740264879.183:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 155.419922][ T7515] Cannot find add_set index 0 as target [ 155.485908][ T29] audit: type=1326 audit(1740264879.202:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 155.572307][ T29] audit: type=1326 audit(1740264879.202:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 155.598952][ T29] audit: type=1326 audit(1740264879.202:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 155.621863][ T29] audit: type=1326 audit(1740264879.202:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 155.994416][ T29] audit: type=1326 audit(1740264879.202:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 156.299700][ T29] audit: type=1326 audit(1740264879.202:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 156.410423][ T29] audit: type=1326 audit(1740264879.211:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 156.479056][ T974] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 156.499974][ T29] audit: type=1326 audit(1740264879.211:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 156.525088][ T29] audit: type=1326 audit(1740264879.211:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.2.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 156.662966][ T974] usb 2-1: Using ep0 maxpacket: 8 [ 156.677209][ T974] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 156.717035][ T974] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 156.758586][ T974] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 156.773530][ T974] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.889515][ T974] usbtmc 2-1:16.0: bulk endpoints not found [ 156.918742][ T7533] No control pipe specified [ 157.184867][ T7541] netlink: 'syz.4.537': attribute type 10 has an invalid length. [ 157.463537][ T5885] usb 6-1: string descriptor 0 read error: -71 [ 157.485566][ T5885] usb 6-1: New USB device found, idVendor=1039, idProduct=2131, bcdDevice=56.a0 [ 157.518317][ T5885] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.562267][ T6107] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.611590][ T5885] usb 6-1: can't set config #15, error -71 [ 157.640226][ T5885] usb 6-1: USB disconnect, device number 2 [ 157.875302][ T7558] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in; [ 157.875302][ T7558] program syz.5.543 not setting count and/or reply_len properly [ 158.774958][ T834] usb 2-1: USB disconnect, device number 3 [ 158.910101][ T7567] netlink: 'syz.4.550': attribute type 10 has an invalid length. [ 158.998350][ T7578] No control pipe specified [ 159.066568][ T7582] xt_NFQUEUE: number of total queues is 0 [ 160.531228][ T7608] netlink: 'syz.1.564': attribute type 10 has an invalid length. [ 160.604545][ T7608] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.632239][ T7615] No control pipe specified [ 161.349338][ T7636] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.500545][ T7645] bond_slave_0: entered promiscuous mode [ 161.506764][ T7645] bond_slave_1: entered promiscuous mode [ 161.541091][ T7645] vlan2: entered promiscuous mode [ 161.548931][ T7645] bond0: entered promiscuous mode [ 161.558536][ T7645] bond0: left promiscuous mode [ 161.582422][ T7645] bond_slave_0: left promiscuous mode [ 161.587951][ T7645] bond_slave_1: left promiscuous mode [ 161.609768][ T7653] autofs: Bad value for 'fd' [ 161.725932][ T7636] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.765217][ T29] kauditd_printk_skb: 76 callbacks suppressed [ 161.765233][ T29] audit: type=1326 audit(1740264885.063:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 161.807153][ T29] audit: type=1326 audit(1740264885.090:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7f60929359 code=0x7ffc0000 [ 161.836180][ T29] audit: type=1326 audit(1740264885.090:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 161.879854][ T29] audit: type=1326 audit(1740264885.127:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7f60929359 code=0x7ffc0000 [ 161.922510][ T29] audit: type=1326 audit(1740264885.127:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 161.950283][ T7636] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.980671][ T7660] netlink: 8 bytes leftover after parsing attributes in process `syz.4.582'. [ 162.021553][ T29] audit: type=1326 audit(1740264885.155:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7f60929359 code=0x7ffc0000 [ 162.101933][ T29] audit: type=1326 audit(1740264885.155:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 162.146134][ T7636] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.169907][ T29] audit: type=1326 audit(1740264885.164:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7f60929359 code=0x7ffc0000 [ 162.194166][ T29] audit: type=1326 audit(1740264885.164:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6098d169 code=0x7ffc0000 [ 162.207914][ T7666] No control pipe specified [ 162.277571][ T29] audit: type=1326 audit(1740264885.164:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7655 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7f60929359 code=0x7ffc0000 [ 162.393808][ T7636] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.463785][ T7636] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.506043][ T7636] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.543467][ T7636] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.879248][ T7683] autofs: Bad value for 'fd' [ 162.941348][ T7684] netlink: 16 bytes leftover after parsing attributes in process `syz.2.592'. [ 163.342078][ T7691] netlink: 8 bytes leftover after parsing attributes in process `syz.2.595'. [ 163.374941][ T7691] IPVS: Error joining to the multicast group [ 163.421915][ T7699] No control pipe specified [ 163.865016][ T7717] netlink: 28 bytes leftover after parsing attributes in process `syz.2.605'. [ 164.307923][ T7726] loop2: detected capacity change from 0 to 2048 [ 164.338947][ T7729] netlink: 'syz.0.610': attribute type 8 has an invalid length. [ 164.391988][ T7726] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.496515][ T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 164.590267][ T7737] 9pnet: Could not find request transport: f [ 164.670960][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 164.689487][ T9] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 164.726753][ T9] usb 6-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 164.766646][ T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 164.786764][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.856088][ T9] usbtmc 6-1:16.0: bulk endpoints not found [ 164.856392][ T7744] No control pipe specified [ 164.952372][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.416221][ T7753] loop4: detected capacity change from 0 to 1024 [ 165.490305][ T7753] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 165.505894][ T7753] ext4 filesystem being mounted at /119/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.535350][ T7753] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 165.563797][ T7753] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 52 with error 28 [ 165.600144][ T7753] EXT4-fs (loop4): This should not happen!! Data will be lost [ 165.600144][ T7753] [ 165.613127][ T7753] EXT4-fs (loop4): Total free blocks count 0 [ 165.619167][ T7753] EXT4-fs (loop4): Free/Dirty block details [ 165.625806][ T7753] EXT4-fs (loop4): free_blocks=4293918720 [ 165.632196][ T7753] EXT4-fs (loop4): dirty_blocks=64 [ 165.637588][ T7753] EXT4-fs (loop4): Block reservation details [ 165.643595][ T7753] EXT4-fs (loop4): i_reserved_data_blocks=4 [ 165.739707][ T5826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.117601][ T7782] autofs: Bad value for 'fd' [ 166.943164][ T7812] autofs: Bad value for 'fd' [ 167.136936][ T7818] loop4: detected capacity change from 0 to 512 [ 167.174128][ T7818] journal_path: Non-blockdev passed as './bus' [ 167.180367][ T7818] EXT4-fs: error: could not find journal device path [ 167.469615][ T7834] netlink: 16 bytes leftover after parsing attributes in process `syz.0.649'. [ 167.510831][ T5885] usb 6-1: USB disconnect, device number 3 [ 167.709878][ T7844] autofs: Bad value for 'fd' [ 168.084358][ T29] kauditd_printk_skb: 130 callbacks suppressed [ 168.084375][ T29] audit: type=1326 audit(1740264890.905:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7854 comm="syz.5.659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 168.202154][ T29] audit: type=1326 audit(1740264890.905:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7854 comm="syz.5.659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 168.252674][ T29] audit: type=1326 audit(1740264890.905:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7854 comm="syz.5.659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 168.280674][ T7861] delete_channel: no stack [ 168.394479][ T29] audit: type=1326 audit(1740264890.915:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7854 comm="syz.5.659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 168.482858][ T29] audit: type=1326 audit(1740264891.155:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7864 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 168.518050][ T29] audit: type=1326 audit(1740264891.155:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7864 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 168.548198][ T834] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 168.568315][ T7873] autofs: Unknown parameter '0x0000000000000000' [ 168.611205][ T29] audit: type=1326 audit(1740264891.182:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7864 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 168.673890][ T29] audit: type=1326 audit(1740264891.182:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7864 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 168.747822][ T29] audit: type=1326 audit(1740264891.182:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7864 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 168.770745][ T834] usb 6-1: Using ep0 maxpacket: 8 [ 168.787704][ T834] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 168.834821][ T29] audit: type=1326 audit(1740264891.219:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7864 comm="syz.1.663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 168.835396][ T834] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 168.888942][ T834] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 168.939913][ T834] usb 6-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 168.990877][ T834] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 169.004272][ T834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.030451][ T834] usbtmc 6-1:16.0: bulk endpoints not found [ 169.115972][ T7888] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 169.320071][ T7896] sch_tbf: burst 127 is lower than device lo mtu (65550) ! [ 169.527051][ T7904] autofs: Unknown parameter '0x0000000000000000' [ 169.797873][ T7916] netlink: 96 bytes leftover after parsing attributes in process `syz.2.685'. [ 170.201396][ T7932] loop4: detected capacity change from 0 to 512 [ 170.219643][ T7932] EXT4-fs: Ignoring removed i_version option [ 170.226939][ T7932] EXT4-fs: Ignoring removed mblk_io_submit option [ 170.260831][ T7932] ext4: Unknown parameter 'seclabel' [ 170.549133][ T7941] autofs: Unknown parameter '0x0000000000000000' [ 171.167331][ T7950] atomic_op ffff88807d02a998 conn xmit_atomic 0000000000000000 [ 171.596453][ T7965] netlink: 'syz.4.706': attribute type 15 has an invalid length. [ 171.597577][ T23] usb 6-1: USB disconnect, device number 4 [ 172.232125][ T7987] loop5: detected capacity change from 0 to 164 [ 172.594868][ T8005] netlink: 12 bytes leftover after parsing attributes in process `syz.0.723'. [ 172.617114][ T8002] loop2: detected capacity change from 0 to 2048 [ 172.617623][ T8005] smc: net device bond0 applied user defined pnetid S [ 172.650427][ T8005] smc: net device bond0 erased user defined pnetid S [ 172.700626][ T8002] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.700780][ T8002] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 172.856399][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.039395][ T8018] netlink: 4 bytes leftover after parsing attributes in process `syz.1.726'. [ 173.440201][ T8024] usb usb7: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 173.751719][ T8029] loop2: detected capacity change from 0 to 1024 [ 173.775192][ T8029] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 173.812197][ T8029] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 173.864955][ T8029] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 173.897445][ T29] kauditd_printk_skb: 67 callbacks suppressed [ 173.897462][ T29] audit: type=1326 audit(1740264896.259:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8033 comm="syz.5.735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 173.949193][ T8029] EXT4-fs error (device loop2): ext4_get_journal_inode:5783: inode #5: comm syz.2.731: unexpected bad inode w/o EXT4_IGET_BAD [ 173.994448][ T8029] EXT4-fs (loop2): no journal found [ 174.003647][ T29] audit: type=1326 audit(1740264896.259:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8033 comm="syz.5.735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 174.026680][ T8029] EXT4-fs (loop2): can't get journal size [ 174.038638][ T29] audit: type=1326 audit(1740264896.259:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 174.089046][ T8029] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 174.097339][ T8039] vxcan1: tx address claim with different name [ 174.134594][ T29] audit: type=1326 audit(1740264896.259:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 174.168349][ T29] audit: type=1326 audit(1740264896.259:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 174.191936][ T8029] EXT4-fs (loop2): ext4_remount: Checksum for group 0 failed (42152!=20869) [ 174.210593][ T29] audit: type=1326 audit(1740264896.277:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8033 comm="syz.5.735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 174.236511][ T29] audit: type=1326 audit(1740264896.305:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 174.308704][ T29] audit: type=1326 audit(1740264896.305:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 174.335373][ T29] audit: type=1326 audit(1740264896.305:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 174.372581][ T29] audit: type=1326 audit(1740264896.305:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 174.465617][ T8047] loop4: detected capacity change from 0 to 1024 [ 174.480682][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.597201][ T8047] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.775101][ T8059] mmap: syz.5.744 (8059) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 174.829270][ T5826] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /153/file2/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 174.869552][ T5826] EXT4-fs error (device loop4): ext4_empty_dir:3109: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 174.903090][ T5826] EXT4-fs warning (device loop4): ext4_empty_dir:3111: inode #11: comm syz-executor: directory missing '.' [ 174.925935][ T5826] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /153/file2/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 174.953235][ T5826] EXT4-fs error (device loop4): ext4_empty_dir:3109: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 175.027279][ T5826] EXT4-fs warning (device loop4): ext4_empty_dir:3111: inode #11: comm syz-executor: directory missing '.' [ 175.047185][ T5826] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /153/file2/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 175.074534][ T5826] EXT4-fs error (device loop4): ext4_empty_dir:3109: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 175.123372][ T5826] EXT4-fs warning (device loop4): ext4_empty_dir:3111: inode #11: comm syz-executor: directory missing '.' [ 175.148349][ T5826] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /153/file2/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 175.212687][ T5826] EXT4-fs error (device loop4): ext4_empty_dir:3109: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 175.274287][ T8073] xt_CT: No such helper "pptp" [ 175.281587][ T5826] EXT4-fs warning (device loop4): ext4_empty_dir:3111: inode #11: comm syz-executor: directory missing '.' [ 175.310327][ T5826] EXT4-fs error (device loop4): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /153/file2/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 175.382694][ T5826] EXT4-fs error (device loop4): ext4_empty_dir:3109: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 175.439881][ T5826] EXT4-fs warning (device loop4): ext4_empty_dir:3111: inode #11: comm syz-executor: directory missing '.' [ 175.459694][ T5826] EXT4-fs warning (device loop4): ext4_empty_dir:3111: inode #11: comm syz-executor: directory missing '.' [ 175.491902][ T5826] EXT4-fs warning (device loop4): ext4_empty_dir:3111: inode #11: comm syz-executor: directory missing '.' [ 175.541409][ T5826] EXT4-fs warning (device loop4): ext4_empty_dir:3111: inode #11: comm syz-executor: directory missing '.' [ 175.572068][ T5826] EXT4-fs warning (device loop4): ext4_empty_dir:3111: inode #11: comm syz-executor: directory missing '.' [ 175.615912][ T5826] EXT4-fs warning (device loop4): ext4_empty_dir:3111: inode #11: comm syz-executor: directory missing '.' [ 175.632478][ T8078] loop5: detected capacity change from 0 to 512 [ 176.104474][ T8093] netlink: 8 bytes leftover after parsing attributes in process `syz.2.755'. [ 176.874901][ T6161] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.063698][ T7522] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 177.123712][ T6161] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.241475][ T7522] usb 3-1: Using ep0 maxpacket: 8 [ 177.254974][ T7522] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 177.269153][ T6161] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.276596][ T7522] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 177.310134][ T7522] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 177.367427][ T7522] usb 3-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 177.396895][ T7522] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 177.455362][ T7522] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.494712][ T7522] usbtmc 3-1:16.0: bulk endpoints not found [ 177.652740][ T6161] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.936899][ T8127] program syz.1.772 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 178.060546][ T6161] bridge_slave_1: left allmulticast mode [ 178.066263][ T6161] bridge_slave_1: left promiscuous mode [ 178.093588][ T6161] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.118976][ T6161] bridge_slave_0: left allmulticast mode [ 178.135720][ T6161] bridge_slave_0: left promiscuous mode [ 178.147309][ T6161] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.183183][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 178.193385][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 178.207091][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 178.224794][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 178.245954][ T5834] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 178.253804][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 178.313072][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 178.329934][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 178.340276][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 178.368595][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 178.379421][ T5848] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 178.387864][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 179.619595][ T6161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 179.640219][ T6161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 179.640502][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 179.640514][ T29] audit: type=1326 audit(1740264901.529:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8145 comm="syz.1.779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 179.678340][ T29] audit: type=1326 audit(1740264901.529:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8145 comm="syz.1.779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 179.689210][ T6161] bond0 (unregistering): Released all slaves [ 179.707060][ T29] audit: type=1326 audit(1740264901.529:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8145 comm="syz.1.779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 179.793789][ T29] audit: type=1326 audit(1740264901.529:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8145 comm="syz.1.779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 179.849010][ T29] audit: type=1326 audit(1740264901.529:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8145 comm="syz.1.779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 179.893352][ T29] audit: type=1326 audit(1740264901.529:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8145 comm="syz.1.779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 179.961003][ T29] audit: type=1326 audit(1740264901.529:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8145 comm="syz.1.779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 180.007688][ T29] audit: type=1326 audit(1740264901.529:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8145 comm="syz.1.779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 180.042010][ T29] audit: type=1326 audit(1740264901.529:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8145 comm="syz.1.779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 180.109821][ T23] usb 3-1: USB disconnect, device number 3 [ 180.184919][ T29] audit: type=1326 audit(1740264901.529:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8145 comm="syz.1.779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f8d58d169 code=0x7ffc0000 [ 180.649795][ T5848] Bluetooth: hci1: command tx timeout [ 180.742918][ T8166] bond0: (slave batadv0): Releasing backup interface [ 180.810713][ T8166] bridge_slave_0: left allmulticast mode [ 180.817078][ T8166] bridge_slave_0: left promiscuous mode [ 180.825311][ T8166] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.890581][ T8166] bridge_slave_1: left allmulticast mode [ 180.896370][ T8166] bridge_slave_1: left promiscuous mode [ 180.902770][ T8166] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.928566][ T8166] bond0: (slave bond_slave_0): Releasing backup interface [ 180.946865][ T8166] bond0: (slave bond_slave_1): Releasing backup interface [ 181.190413][ T8166] team0: Port device team_slave_0 removed [ 181.236467][ T8166] team0: Port device team_slave_1 removed [ 181.268608][ T8166] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 181.285188][ T8166] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 181.311638][ T8166] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 181.330150][ T8166] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 181.603358][ T5885] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 181.798829][ T5885] usb 1-1: Using ep0 maxpacket: 8 [ 181.821735][ T5885] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 181.862794][ T5885] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 181.895441][ T5885] usb 1-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 181.927157][ T5885] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 181.993307][ T5885] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 182.003349][ T6161] hsr_slave_0: left promiscuous mode [ 182.043960][ T5885] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.060603][ T6161] hsr_slave_1: left promiscuous mode [ 182.073671][ T5885] usbtmc 1-1:16.0: bulk endpoints not found [ 182.131705][ T6161] veth1_macvtap: left promiscuous mode [ 182.137607][ T6161] veth0_macvtap: left promiscuous mode [ 182.143351][ T6161] veth1_vlan: left promiscuous mode [ 182.165433][ T6161] veth0_vlan: left promiscuous mode [ 182.936390][ T5848] Bluetooth: hci1: command tx timeout [ 183.808157][ T6161] team0 (unregistering): Port device team_slave_1 removed [ 183.876354][ T6161] team0 (unregistering): Port device team_slave_0 removed [ 183.967328][ T8113] Set syz1 is full, maxelem 65536 reached [ 184.631696][ T8205] netlink: 'syz.1.800': attribute type 8 has an invalid length. [ 184.646103][ T5885] usb 1-1: USB disconnect, device number 2 [ 185.168471][ T5848] Bluetooth: hci1: command tx timeout [ 185.271762][ T8130] chnl_net:caif_netlink_parms(): no params data found [ 185.641115][ T8246] usb usb6: usbfs: process 8246 (syz.0.812) did not claim interface 0 before use [ 185.693113][ T8130] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.704122][ T8130] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.713337][ T8130] bridge_slave_0: entered allmulticast mode [ 185.739938][ T8130] bridge_slave_0: entered promiscuous mode [ 185.752779][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 185.771186][ T8130] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.793172][ T8130] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.810967][ T8130] bridge_slave_1: entered allmulticast mode [ 185.822928][ T8130] bridge_slave_1: entered promiscuous mode [ 185.917608][ T8130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.940292][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 185.941793][ T8130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.967887][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 185.980541][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 185.990720][ T9] usb 3-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 186.007986][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 186.022536][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 186.039904][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.067164][ T9] usbtmc 3-1:16.0: bulk endpoints not found [ 186.093929][ T8130] team0: Port device team_slave_0 added [ 186.134258][ T8130] team0: Port device team_slave_1 added [ 186.154873][ T8227] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 186.169008][ T8227] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 186.243644][ T8130] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.250653][ T8130] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.283061][ T8130] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.298881][ T8130] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.326952][ T8130] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.364629][ T8130] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.522849][ T8130] hsr_slave_0: entered promiscuous mode [ 186.544816][ T8130] hsr_slave_1: entered promiscuous mode [ 186.611067][ T8267] kvm: MONITOR instruction emulated as NOP! [ 186.695271][ T8270] block device autoloading is deprecated and will be removed. [ 186.949919][ T8276] netlink: 'syz.5.824': attribute type 10 has an invalid length. [ 186.982624][ T8276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.179263][ T29] kauditd_printk_skb: 40 callbacks suppressed [ 187.179279][ T29] audit: type=1326 audit(1740264908.525:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 187.217854][ T8130] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 187.259288][ T8130] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 187.272094][ T29] audit: type=1326 audit(1740264908.553:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 187.303730][ T8130] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 187.360234][ T29] audit: type=1326 audit(1740264908.553:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 187.378461][ T8130] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 187.438274][ T29] audit: type=1326 audit(1740264908.553:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 187.469895][ T8288] loop0: detected capacity change from 0 to 1024 [ 187.482662][ T8288] EXT4-fs: Ignoring removed mblk_io_submit option [ 187.534583][ T29] audit: type=1326 audit(1740264908.562:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 187.560966][ T8288] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 187.636038][ T8288] EXT4-fs error (device loop0): ext4_ext_check_inode:524: inode #11: comm syz.0.829: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 187.675044][ T29] audit: type=1326 audit(1740264908.562:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 187.721340][ T8288] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.829: couldn't read orphan inode 11 (err -117) [ 187.747714][ T29] audit: type=1326 audit(1740264908.562:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 187.781834][ T8288] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.805712][ T8130] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.818667][ T29] audit: type=1326 audit(1740264908.562:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 187.874688][ T8130] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.910598][ T8288] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.829: Invalid block bitmap block 0 in block_group 0 [ 187.921391][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.931491][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.938663][ T29] audit: type=1326 audit(1740264908.562:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 187.938712][ T29] audit: type=1326 audit(1740264908.562:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.0.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 188.001480][ T8288] EXT4-fs error (device loop0): ext4_acquire_dquot:6912: comm syz.0.829: Failed to acquire dquot type 0 [ 188.049083][ T2902] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.056372][ T2902] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.219632][ T6161] EXT4-fs error (device loop0): __ext4_get_inode_loc:4454: comm kworker/u8:9: Invalid inode table block 8589934593 in block_group 0 [ 188.280883][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.430826][ T8309] netlink: 24 bytes leftover after parsing attributes in process `syz.1.837'. [ 188.446899][ T8311] overlayfs: missing 'lowerdir' [ 188.598346][ T8130] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.796500][ T5885] usb 3-1: USB disconnect, device number 4 [ 188.958662][ T8329] netlink: 44 bytes leftover after parsing attributes in process `syz.0.843'. [ 188.992248][ T8329] netlink: 8 bytes leftover after parsing attributes in process `syz.0.843'. [ 189.197181][ T8336] netlink: 8 bytes leftover after parsing attributes in process `syz.2.845'. [ 189.440607][ T8130] veth0_vlan: entered promiscuous mode [ 189.455437][ T8345] overlayfs: missing 'lowerdir' [ 189.525086][ T8130] veth1_vlan: entered promiscuous mode [ 189.708801][ T8130] veth0_macvtap: entered promiscuous mode [ 189.743074][ T8130] veth1_macvtap: entered promiscuous mode [ 189.972455][ T8353] team0: Mode changed to "loadbalance" [ 190.041538][ T8130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 190.075385][ T8130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.085330][ T8130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 190.099325][ T8130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.110383][ T8130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 190.125750][ T8130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.138550][ T8130] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 190.187592][ T8130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 190.221501][ T8130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.241085][ T8369] loop5: detected capacity change from 0 to 128 [ 190.258395][ T8130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 190.261878][ T8371] netlink: 8 bytes leftover after parsing attributes in process `syz.2.858'. [ 190.270880][ T8130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.321272][ T8130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 190.334865][ T8130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.378376][ T8130] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.447271][ T8130] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.484483][ T8130] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.519792][ T8130] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.541449][ T8130] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.838346][ T997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.860679][ T997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.929081][ T8385] netlink: 16 bytes leftover after parsing attributes in process `syz.2.864'. [ 191.186599][ T834] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 191.193033][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.245472][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.257165][ T5819] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 191.332553][ T7522] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 191.376110][ T834] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 191.394409][ T8396] netlink: 8 bytes leftover after parsing attributes in process `syz.5.869'. [ 191.451547][ T7522] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 191.538211][ T7522] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 191.733653][ T5819] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 191.743575][ T8404] netlink: 24 bytes leftover after parsing attributes in process `syz.2.873'. [ 191.809044][ T7522] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 191.863439][ T23] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 191.950090][ T5819] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 192.406145][ T8391] netlink: 'syz.1.867': attribute type 29 has an invalid length. [ 192.423920][ T8391] netlink: 'syz.1.867': attribute type 29 has an invalid length. [ 192.643819][ T8428] netlink: 8 bytes leftover after parsing attributes in process `syz.5.881'. [ 192.875813][ T8433] capability: warning: `syz.5.882' uses 32-bit capabilities (legacy support in use) [ 192.992639][ T8430] syz.5.882 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 193.404216][ T8446] random: crng reseeded on system resumption [ 193.488400][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 193.488418][ T29] audit: type=1326 audit(1740264914.322:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.6.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb37df8d169 code=0x7ffc0000 [ 193.556523][ T29] audit: type=1326 audit(1740264914.331:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.6.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb37df8d169 code=0x7ffc0000 [ 193.603748][ T29] audit: type=1326 audit(1740264914.340:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.6.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb37df8d169 code=0x7ffc0000 [ 193.649895][ T29] audit: type=1326 audit(1740264914.340:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.6.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb37df8d169 code=0x7ffc0000 [ 193.711454][ T29] audit: type=1326 audit(1740264914.340:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.6.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb37df8d169 code=0x7ffc0000 [ 193.791894][ T29] audit: type=1326 audit(1740264914.340:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.6.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb37df8d169 code=0x7ffc0000 [ 193.848271][ T29] audit: type=1326 audit(1740264914.340:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.6.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb37df8d169 code=0x7ffc0000 [ 193.902366][ T29] audit: type=1326 audit(1740264914.340:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.6.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fb37df8d169 code=0x7ffc0000 [ 193.971141][ T29] audit: type=1326 audit(1740264914.377:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.6.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb37df8d169 code=0x7ffc0000 [ 194.000273][ T8390] syz.1.867: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 194.018538][ T29] audit: type=1326 audit(1740264914.377:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8444 comm="syz.6.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb37df8d169 code=0x7ffc0000 [ 194.019753][ T8390] CPU: 1 UID: 0 PID: 8390 Comm: syz.1.867 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 194.019779][ T8390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 194.019790][ T8390] Call Trace: [ 194.019797][ T8390] [ 194.019804][ T8390] dump_stack_lvl+0x241/0x360 [ 194.019849][ T8390] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.019868][ T8390] ? __pfx__printk+0x10/0x10 [ 194.019894][ T8390] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 194.019917][ T8390] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 194.019943][ T8390] warn_alloc+0x278/0x410 [ 194.019972][ T8390] ? __pfx_warn_alloc+0x10/0x10 [ 194.020003][ T8390] ? hash_netiface_create+0x356/0x1040 [ 194.020025][ T8390] ? __get_vm_area_node+0x1c8/0x2d0 [ 194.020056][ T8390] ? __get_vm_area_node+0x25c/0x2d0 [ 194.020084][ T8390] __vmalloc_node_range_noprof+0x62f/0x1380 [ 194.020147][ T8390] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 194.020169][ T8390] ? hash_netiface_create+0x356/0x1040 [ 194.020188][ T8390] ? __get_vm_area_node+0x1c8/0x2d0 [ 194.020204][ T8390] ? __get_vm_area_node+0x25c/0x2d0 [ 194.020227][ T8390] __vmalloc_node_range_noprof+0x53a/0x1380 [ 194.020247][ T8390] ? hash_netiface_create+0x356/0x1040 [ 194.020310][ T8390] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 194.020329][ T8390] ? __kasan_kmalloc_large+0x1a/0xa0 [ 194.020356][ T8390] ? rcu_is_watching+0x15/0xb0 [ 194.020375][ T8390] ? hash_netiface_create+0x356/0x1040 [ 194.020398][ T8390] __kvmalloc_node_noprof+0x398/0x580 [ 194.020415][ T8390] ? hash_netiface_create+0x356/0x1040 [ 194.020436][ T8390] ? __kmalloc_cache_noprof+0x243/0x390 [ 194.020457][ T8390] ? hash_netiface_create+0x2fa/0x1040 [ 194.020484][ T8390] hash_netiface_create+0x356/0x1040 [ 194.020524][ T8390] ? __pfx_hash_netiface_create+0x10/0x10 [ 194.020547][ T8390] ip_set_create+0xa78/0x1960 [ 194.020574][ T8390] ? ip_set_create+0x48a/0x1960 [ 194.020603][ T8390] ? __pfx_ip_set_create+0x10/0x10 [ 194.020674][ T8390] ? nfnetlink_rcv_msg+0x225/0x1180 [ 194.020698][ T8390] nfnetlink_rcv_msg+0xbec/0x1180 [ 194.020719][ T8390] ? nfnetlink_rcv_msg+0x225/0x1180 [ 194.020773][ T8390] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 194.020792][ T8390] ? stack_trace_save+0x118/0x1d0 [ 194.020865][ T8390] ? dev_hard_start_xmit+0x27a/0x7d0 [ 194.020887][ T8390] ? __dev_queue_xmit+0x1b73/0x3f40 [ 194.020901][ T8390] ? __netlink_deliver_tap+0x561/0x7f0 [ 194.020917][ T8390] ? netlink_deliver_tap+0x19d/0x1b0 [ 194.020933][ T8390] ? netlink_unicast+0x7c4/0x990 [ 194.020954][ T8390] ? netlink_sendmsg+0x8b3/0xca0 [ 194.020970][ T8390] ? __sock_sendmsg+0x221/0x270 [ 194.020987][ T8390] ? ____sys_sendmsg+0x524/0x860 [ 194.021008][ T8390] ? __sys_sendmsg+0x269/0x350 [ 194.021053][ T8390] netlink_rcv_skb+0x206/0x480 [ 194.021074][ T8390] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 194.021099][ T8390] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 194.021139][ T8390] ? apparmor_capable+0x13b/0x1b0 [ 194.021162][ T8390] ? bpf_lsm_capable+0x9/0x10 [ 194.021177][ T8390] ? security_capable+0x7e/0x2d0 [ 194.021210][ T8390] nfnetlink_rcv+0x297/0x2ab0 [ 194.021240][ T8390] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 194.021271][ T8390] ? __dev_queue_xmit+0x2f4/0x3f40 [ 194.021292][ T8390] ? __dev_queue_xmit+0x1775/0x3f40 [ 194.021307][ T8390] ? kasan_save_track+0x51/0x80 [ 194.021336][ T8390] ? ____sys_sendmsg+0x524/0x860 [ 194.021365][ T8390] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 194.021386][ T8390] ? __dev_queue_xmit+0x2f4/0x3f40 [ 194.021409][ T8390] ? __pfx___dev_queue_xmit+0x10/0x10 [ 194.021453][ T8390] ? ref_tracker_free+0x643/0x7e0 [ 194.021473][ T8390] ? __asan_memcpy+0x40/0x70 [ 194.021492][ T8390] ? __pfx_ref_tracker_free+0x10/0x10 [ 194.021508][ T8390] ? __skb_clone+0x5c/0x6c0 [ 194.021548][ T8390] ? netlink_deliver_tap+0x2e/0x1b0 [ 194.021563][ T8390] ? skb_clone+0x240/0x390 [ 194.021580][ T8390] ? __pfx_lock_release+0x10/0x10 [ 194.021607][ T8390] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 194.021642][ T8390] ? netlink_deliver_tap+0x2e/0x1b0 [ 194.021664][ T8390] netlink_unicast+0x7f6/0x990 [ 194.021703][ T8390] ? __pfx_netlink_unicast+0x10/0x10 [ 194.021724][ T8390] ? __virt_addr_valid+0x45f/0x530 [ 194.021743][ T8390] ? __phys_addr_symbol+0x2f/0x70 [ 194.021759][ T8390] ? __check_object_size+0x475/0x720 [ 194.021791][ T8390] netlink_sendmsg+0x8b3/0xca0 [ 194.021834][ T8390] ? __pfx_netlink_sendmsg+0x10/0x10 [ 194.021858][ T8390] ? aa_sock_msg_perm+0xf3/0x1d0 [ 194.021891][ T8390] ? __pfx_netlink_sendmsg+0x10/0x10 [ 194.021908][ T8390] __sock_sendmsg+0x221/0x270 [ 194.021933][ T8390] ____sys_sendmsg+0x524/0x860 [ 194.021971][ T8390] ? __pfx_____sys_sendmsg+0x10/0x10 [ 194.021993][ T8390] ? __fget_files+0x2a/0x410 [ 194.022016][ T8390] ? __fget_files+0x2a/0x410 [ 194.022047][ T8390] __sys_sendmsg+0x269/0x350 [ 194.022080][ T8390] ? __pfx___sys_sendmsg+0x10/0x10 [ 194.022171][ T8390] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 194.022198][ T8390] ? do_syscall_64+0x100/0x230 [ 194.022226][ T8390] ? do_syscall_64+0xb6/0x230 [ 194.022253][ T8390] do_syscall_64+0xf3/0x230 [ 194.022276][ T8390] ? clear_bhb_loop+0x45/0xa0 [ 194.022302][ T8390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.022323][ T8390] RIP: 0033:0x7f2f8d58d169 [ 194.022344][ T8390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.022359][ T8390] RSP: 002b:00007f2f8e44a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 194.022376][ T8390] RAX: ffffffffffffffda RBX: 00007f2f8d7a5fa0 RCX: 00007f2f8d58d169 [ 194.022389][ T8390] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000003 [ 194.022399][ T8390] RBP: 00007f2f8d60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 194.022410][ T8390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 194.022420][ T8390] R13: 0000000000000000 R14: 00007f2f8d7a5fa0 R15: 00007ffc537eb628 [ 194.022456][ T8390] [ 194.022463][ T8390] Mem-Info: [ 194.329781][ T8390] active_anon:8500 inactive_anon:0 isolated_anon:0 [ 194.329781][ T8390] active_file:754 inactive_file:46768 isolated_file:0 [ 194.329781][ T8390] unevictable:768 dirty:142 writeback:0 [ 194.329781][ T8390] slab_reclaimable:10370 slab_unreclaimable:102701 [ 194.329781][ T8390] mapped:32940 shmem:4422 pagetables:859 [ 194.329781][ T8390] sec_pagetables:0 bounce:0 [ 194.329781][ T8390] kernel_misc_reclaimable:0 [ 194.329781][ T8390] free:1288596 free_pcp:1979 free_cma:0 [ 194.723320][ T8390] Node 0 active_anon:34260kB inactive_anon:0kB active_file:3016kB inactive_file:186996kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131644kB dirty:648kB writeback:0kB shmem:16664kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11016kB pagetables:3708kB sec_pagetables:0kB all_unreclaimable? no [ 194.737593][ T8453] loop0: detected capacity change from 0 to 1024 [ 194.795478][ T8390] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 194.829758][ T8390] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 194.873634][ T8390] lowmem_reserve[]: 0 2489 2490 0 0 [ 194.880981][ T8390] Node 0 DMA32 free:1230600kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:34620kB inactive_anon:0kB active_file:3016kB inactive_file:186672kB unevictable:1536kB writepending:644kB present:3129332kB managed:2549508kB mlocked:0kB bounce:0kB free_pcp:7164kB local_pcp:6284kB free_cma:0kB [ 194.912883][ T8390] lowmem_reserve[]: 0 0 0 0 0 [ 194.915025][ T8453] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.917710][ T8390] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:324kB unevictable:0kB writepending:4kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 194.966953][ T8390] lowmem_reserve[]: 0 0 0 0 0 [ 194.979814][ T8390] Node 1 Normal free:3909436kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:128kB local_pcp:0kB free_cma:0kB [ 195.010571][ T8390] lowmem_reserve[]: 0 0 0 0 0 [ 195.015437][ T8390] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 195.029826][ T8390] Node 0 DMA32: 39*4kB (UE) 4*8kB (UME) 15*16kB (UME) 4*32kB (ME) 4*64kB (ME) 6*128kB (M) 5*256kB (UM) 4*512kB (UM) 2*1024kB (UE) 5*2048kB (UME) 296*4096kB (M) = 1229612kB [ 195.051095][ T8390] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 195.063918][ T8390] Node 1 Normal: 221*4kB (UE) 53*8kB (UME) 38*16kB (UME) 194*32kB (UME) 100*64kB (UME) 35*128kB (UME) 13*256kB (UM) 8*512kB (UM) 4*1024kB (UME) 4*2048kB (UE) 945*4096kB (M) = 3909436kB [ 195.083740][ T8390] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 195.093776][ T8390] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 195.119199][ T8390] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 195.137104][ T8390] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 195.147274][ T8390] 52072 total pagecache pages [ 195.150559][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.165973][ T8390] 0 pages in swap cache [ 195.178749][ T8390] Free swap = 124748kB [ 195.185451][ T8390] Total swap = 124996kB [ 195.194018][ T8390] 2097051 pages RAM [ 195.202750][ T8390] 0 pages HighMem/MovableOnly [ 195.214419][ T8390] 427952 pages reserved [ 195.221053][ T8390] 0 pages cma reserved [ 195.345710][ T8471] loop0: detected capacity change from 0 to 128 [ 195.366300][ T8471] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 196.327991][ T8493] ieee802154 phy0 wpan0: encryption failed: -22 [ 196.739525][ T8504] block device autoloading is deprecated and will be removed. [ 197.531431][ T8519] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 197.551497][ T5819] IPVS: starting estimator thread 0... [ 197.617605][ T8523] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5) [ 197.624174][ T8523] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 197.660560][ T8522] IPVS: using max 29 ests per chain, 69600 per kthread [ 197.671927][ T8523] vhci_hcd vhci_hcd.0: Device attached [ 197.679572][ T8524] vhci_hcd: connection closed [ 197.688282][ T12] vhci_hcd: stop threads [ 197.699239][ T12] vhci_hcd: release socket [ 197.710499][ T12] vhci_hcd: disconnect device [ 198.577077][ T8545] loop5: detected capacity change from 0 to 1024 [ 198.611546][ T8545] EXT4-fs: Ignoring removed nobh option [ 198.629125][ T8545] EXT4-fs: Ignoring removed bh option [ 198.662357][ T8545] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 198.716251][ T8547] netlink: 44 bytes leftover after parsing attributes in process `syz.6.928'. [ 198.859532][ T6107] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.396623][ T8561] loop5: detected capacity change from 0 to 512 [ 199.397534][ T8561] EXT4-fs: Ignoring removed nobh option [ 199.436264][ T8561] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 199.500891][ T8564] loop2: detected capacity change from 0 to 512 [ 199.523589][ T8564] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 199.576252][ T8564] EXT4-fs (loop2): 1 truncate cleaned up [ 199.601027][ T8564] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.633633][ T8561] EXT4-fs error (device loop5): ext4_do_update_inode:5173: inode #3: comm syz.5.934: corrupted inode contents [ 199.721674][ T8561] EXT4-fs (loop5): Remounting filesystem read-only [ 199.773404][ T8571] netlink: 28 bytes leftover after parsing attributes in process `syz.1.937'. [ 199.805253][ T8571] netlink: 28 bytes leftover after parsing attributes in process `syz.1.937'. [ 199.831711][ T8561] __quota_error: 96 callbacks suppressed [ 199.831732][ T8561] Quota error (device loop5): write_blk: dquota write failed [ 199.851311][ T8561] Quota error (device loop5): qtree_write_dquot: Error -5 occurred while creating quota [ 199.862857][ T8561] EXT4-fs (loop5): 1 truncate cleaned up [ 199.877010][ T8561] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.967246][ T8561] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.179757][ T6107] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.447750][ T8584] netlink: 8 bytes leftover after parsing attributes in process `syz.5.940'. [ 200.485796][ T8584] netlink: 12 bytes leftover after parsing attributes in process `syz.5.940'. [ 200.986503][ T5819] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 201.168634][ T5819] usb 7-1: Using ep0 maxpacket: 8 [ 201.197399][ T5819] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 201.235482][ T5819] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 201.276547][ T5819] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 201.298187][ T5819] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 201.306101][ T8615] netlink: 8 bytes leftover after parsing attributes in process `syz.5.956'. [ 201.317271][ T5819] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 201.322903][ T8615] netlink: 12 bytes leftover after parsing attributes in process `syz.5.956'. [ 201.340534][ T5819] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 201.361057][ T5819] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.427029][ T5819] usbtmc 7-1:16.0: probe with driver usbtmc failed with error -22 [ 201.459788][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 201.466737][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 201.514676][ T8620] loop1: detected capacity change from 0 to 1024 [ 201.573302][ T8620] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 202.084584][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.284953][ T8637] netlink: 76 bytes leftover after parsing attributes in process `syz.0.962'. [ 202.881642][ T8648] netlink: 8 bytes leftover after parsing attributes in process `syz.1.968'. [ 202.908149][ T8648] netlink: 12 bytes leftover after parsing attributes in process `syz.1.968'. [ 203.295786][ T8660] loop5: detected capacity change from 0 to 512 [ 203.349875][ T8660] EXT4-fs (loop5): too many log groups per flexible block group [ 203.391611][ T8660] EXT4-fs (loop5): failed to initialize mballoc (-12) [ 203.411643][ T8660] EXT4-fs (loop5): mount failed [ 203.755926][ T29] audit: type=1326 audit(1740264923.820:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8672 comm="syz.5.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 203.809643][ T29] audit: type=1326 audit(1740264923.838:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8672 comm="syz.5.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 203.856956][ T29] audit: type=1326 audit(1740264923.838:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8672 comm="syz.5.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 203.919336][ T8673] serio: Serial port ptm0 [ 203.932238][ T29] audit: type=1326 audit(1740264923.847:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8672 comm="syz.5.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 204.019666][ T29] audit: type=1326 audit(1740264923.847:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8672 comm="syz.5.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 204.060859][ T974] usb 7-1: USB disconnect, device number 2 [ 204.076232][ T29] audit: type=1326 audit(1740264923.847:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8672 comm="syz.5.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 204.252053][ T8682] netlink: 8 bytes leftover after parsing attributes in process `syz.6.981'. [ 204.324443][ T29] audit: type=1326 audit(1740264923.847:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8672 comm="syz.5.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 204.347566][ T29] audit: type=1326 audit(1740264923.847:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8672 comm="syz.5.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 205.235741][ T8559] warn_alloc: 5 callbacks suppressed [ 205.235761][ T8559] syz.2.933: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 205.337144][ T8559] CPU: 1 UID: 0 PID: 8559 Comm: syz.2.933 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 205.337170][ T8559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 205.337181][ T8559] Call Trace: [ 205.337189][ T8559] [ 205.337197][ T8559] dump_stack_lvl+0x241/0x360 [ 205.337229][ T8559] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.337250][ T8559] ? __pfx__printk+0x10/0x10 [ 205.337276][ T8559] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 205.337300][ T8559] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 205.337327][ T8559] warn_alloc+0x278/0x410 [ 205.337358][ T8559] ? __pfx_warn_alloc+0x10/0x10 [ 205.337391][ T8559] ? hash_netiface_create+0x356/0x1040 [ 205.337413][ T8559] ? __get_vm_area_node+0x1c8/0x2d0 [ 205.337430][ T8559] ? __get_vm_area_node+0x25c/0x2d0 [ 205.337458][ T8559] __vmalloc_node_range_noprof+0x62f/0x1380 [ 205.337525][ T8559] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 205.337547][ T8559] ? hash_netiface_create+0x356/0x1040 [ 205.337567][ T8559] ? __get_vm_area_node+0x1c8/0x2d0 [ 205.337584][ T8559] ? __get_vm_area_node+0x25c/0x2d0 [ 205.337622][ T8559] __vmalloc_node_range_noprof+0x53a/0x1380 [ 205.337643][ T8559] ? hash_netiface_create+0x356/0x1040 [ 205.337712][ T8559] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 205.337732][ T8559] ? __kasan_kmalloc_large+0x1a/0xa0 [ 205.337765][ T8559] ? rcu_is_watching+0x15/0xb0 [ 205.337786][ T8559] ? hash_netiface_create+0x356/0x1040 [ 205.337810][ T8559] __kvmalloc_node_noprof+0x398/0x580 [ 205.337829][ T8559] ? hash_netiface_create+0x356/0x1040 [ 205.337851][ T8559] ? __kmalloc_cache_noprof+0x243/0x390 [ 205.337873][ T8559] ? hash_netiface_create+0x2fa/0x1040 [ 205.337903][ T8559] hash_netiface_create+0x356/0x1040 [ 205.337945][ T8559] ? __pfx_hash_netiface_create+0x10/0x10 [ 205.337970][ T8559] ip_set_create+0xa78/0x1960 [ 205.338000][ T8559] ? ip_set_create+0x48a/0x1960 [ 205.338032][ T8559] ? __pfx_ip_set_create+0x10/0x10 [ 205.338109][ T8559] ? nfnetlink_rcv_msg+0x225/0x1180 [ 205.338132][ T8559] nfnetlink_rcv_msg+0xbec/0x1180 [ 205.338155][ T8559] ? nfnetlink_rcv_msg+0x225/0x1180 [ 205.338218][ T8559] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 205.338239][ T8559] ? stack_trace_save+0x118/0x1d0 [ 205.338301][ T8559] ? dev_hard_start_xmit+0x27a/0x7d0 [ 205.338344][ T8559] ? __dev_queue_xmit+0x1b73/0x3f40 [ 205.338360][ T8559] ? __netlink_deliver_tap+0x561/0x7f0 [ 205.338376][ T8559] ? netlink_deliver_tap+0x19d/0x1b0 [ 205.338393][ T8559] ? netlink_unicast+0x7c4/0x990 [ 205.338414][ T8559] ? netlink_sendmsg+0x8b3/0xca0 [ 205.338431][ T8559] ? __sock_sendmsg+0x221/0x270 [ 205.338449][ T8559] ? ____sys_sendmsg+0x524/0x860 [ 205.338470][ T8559] ? __sys_sendmsg+0x269/0x350 [ 205.338518][ T8559] netlink_rcv_skb+0x206/0x480 [ 205.338540][ T8559] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 205.338566][ T8559] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 205.338610][ T8559] ? apparmor_capable+0x13b/0x1b0 [ 205.338634][ T8559] ? bpf_lsm_capable+0x9/0x10 [ 205.338649][ T8559] ? security_capable+0x7e/0x2d0 [ 205.338684][ T8559] nfnetlink_rcv+0x297/0x2ab0 [ 205.338716][ T8559] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 205.338749][ T8559] ? __dev_queue_xmit+0x2f4/0x3f40 [ 205.338776][ T8559] ? __dev_queue_xmit+0x1775/0x3f40 [ 205.338793][ T8559] ? kasan_save_track+0x51/0x80 [ 205.338823][ T8559] ? ____sys_sendmsg+0x524/0x860 [ 205.338851][ T8559] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 205.338872][ T8559] ? __dev_queue_xmit+0x2f4/0x3f40 [ 205.338897][ T8559] ? __pfx___dev_queue_xmit+0x10/0x10 [ 205.338944][ T8559] ? ref_tracker_free+0x643/0x7e0 [ 205.338965][ T8559] ? __asan_memcpy+0x40/0x70 [ 205.338985][ T8559] ? __pfx_ref_tracker_free+0x10/0x10 [ 205.339002][ T8559] ? __skb_clone+0x5c/0x6c0 [ 205.339045][ T8559] ? netlink_deliver_tap+0x2e/0x1b0 [ 205.339062][ T8559] ? skb_clone+0x240/0x390 [ 205.339079][ T8559] ? __pfx_lock_release+0x10/0x10 [ 205.339106][ T8559] ? __netlink_deliver_tap+0x7b0/0x7f0 [ 205.339144][ T8559] ? netlink_deliver_tap+0x2e/0x1b0 [ 205.339168][ T8559] netlink_unicast+0x7f6/0x990 [ 205.339208][ T8559] ? __pfx_netlink_unicast+0x10/0x10 [ 205.339229][ T8559] ? __virt_addr_valid+0x45f/0x530 [ 205.339249][ T8559] ? __phys_addr_symbol+0x2f/0x70 [ 205.339265][ T8559] ? __check_object_size+0x475/0x720 [ 205.339298][ T8559] netlink_sendmsg+0x8b3/0xca0 [ 205.339338][ T8559] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.339364][ T8559] ? aa_sock_msg_perm+0xf3/0x1d0 [ 205.339399][ T8559] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.339416][ T8559] __sock_sendmsg+0x221/0x270 [ 205.339443][ T8559] ____sys_sendmsg+0x524/0x860 [ 205.339483][ T8559] ? __pfx_____sys_sendmsg+0x10/0x10 [ 205.339505][ T8559] ? __fget_files+0x2a/0x410 [ 205.339530][ T8559] ? __fget_files+0x2a/0x410 [ 205.339559][ T8559] __sys_sendmsg+0x269/0x350 [ 205.339591][ T8559] ? __pfx___sys_sendmsg+0x10/0x10 [ 205.339676][ T8559] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 205.339702][ T8559] ? do_syscall_64+0x100/0x230 [ 205.339730][ T8559] ? do_syscall_64+0xb6/0x230 [ 205.339765][ T8559] do_syscall_64+0xf3/0x230 [ 205.339789][ T8559] ? clear_bhb_loop+0x45/0xa0 [ 205.339817][ T8559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.339839][ T8559] RIP: 0033:0x7f7f6098d169 [ 205.339855][ T8559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.339871][ T8559] RSP: 002b:00007f7f61813038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 205.339891][ T8559] RAX: ffffffffffffffda RBX: 00007f7f60ba5fa0 RCX: 00007f7f6098d169 [ 205.339904][ T8559] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000006 [ 205.339915][ T8559] RBP: 00007f7f60a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 205.339926][ T8559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.339937][ T8559] R13: 0000000000000000 R14: 00007f7f60ba5fa0 R15: 00007ffe827a4038 [ 205.339976][ T8559] [ 205.910913][ T8559] Mem-Info: [ 205.914074][ T8559] active_anon:4272 inactive_anon:0 isolated_anon:0 [ 205.914074][ T8559] active_file:770 inactive_file:46794 isolated_file:0 [ 205.914074][ T8559] unevictable:768 dirty:224 writeback:0 [ 205.914074][ T8559] slab_reclaimable:10391 slab_unreclaimable:102798 [ 205.914074][ T8559] mapped:28682 shmem:1643 pagetables:794 [ 205.914074][ T8559] sec_pagetables:0 bounce:0 [ 205.914074][ T8559] kernel_misc_reclaimable:0 [ 205.914074][ T8559] free:1295874 free_pcp:369 free_cma:0 [ 205.961673][ T8559] Node 0 active_anon:17088kB inactive_anon:0kB active_file:3080kB inactive_file:187100kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:114728kB dirty:896kB writeback:0kB shmem:5036kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10840kB pagetables:3176kB sec_pagetables:0kB all_unreclaimable? no [ 205.995410][ T8559] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 206.019023][ T8709] netlink: 8 bytes leftover after parsing attributes in process `syz.1.993'. [ 206.026203][ T8559] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 206.062360][ T8559] lowmem_reserve[]: 0 2489 2490 0 0 [ 206.067692][ T8559] Node 0 DMA32 free:1258608kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:17148kB inactive_anon:0kB active_file:3080kB inactive_file:186776kB unevictable:1536kB writepending:892kB present:3129332kB managed:2549508kB mlocked:0kB bounce:0kB free_pcp:1004kB local_pcp:900kB free_cma:0kB [ 206.097982][ T8559] lowmem_reserve[]: 0 0 0 0 0 [ 206.102828][ T8559] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:324kB unevictable:0kB writepending:4kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 206.129808][ T8559] lowmem_reserve[]: 0 0 0 0 0 [ 206.134901][ T8559] Node 1 Normal free:3909436kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:128kB local_pcp:0kB free_cma:0kB [ 206.164607][ T8559] lowmem_reserve[]: 0 0 0 0 0 [ 206.169599][ T8559] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 206.182833][ T8559] Node 0 DMA32: 159*4kB (UME) 224*8kB (UME) 191*16kB (UME) 141*32kB (UME) 80*64kB (UME) 57*128kB (UME) 107*256kB (UME) 28*512kB (UME) 4*1024kB (UM) 5*2048kB (UME) 288*4096kB (M) = 1258124kB [ 206.201991][ T8559] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 206.213821][ T8559] Node 1 Normal: 221*4kB (UE) 53*8kB (UME) 38*16kB (UME) 194*32kB (UME) 100*64kB (UME) 35*128kB (UME) 13*256kB (UM) 8*512kB (UM) 4*1024kB (UME) 4*2048kB (UE) 945*4096kB (M) = 3909436kB [ 206.234846][ T8559] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 206.244466][ T8559] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 206.254358][ T8559] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 206.264821][ T8559] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 206.274337][ T8559] 49207 total pagecache pages [ 206.279598][ T8559] 0 pages in swap cache [ 206.284261][ T8559] Free swap = 124748kB [ 206.288449][ T8559] Total swap = 124996kB [ 206.292620][ T8559] 2097051 pages RAM [ 206.296535][ T8559] 0 pages HighMem/MovableOnly [ 206.301220][ T8559] 427952 pages reserved [ 206.306818][ T8559] 0 pages cma reserved [ 206.750843][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.878810][ T8725] netlink: 'syz.2.998': attribute type 10 has an invalid length. [ 206.895140][ T8725] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.917020][ T8725] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 207.188688][ T8728] loop1: detected capacity change from 0 to 512 [ 207.220558][ T8728] EXT4-fs: Ignoring removed mblk_io_submit option [ 207.234485][ T8731] loop5: detected capacity change from 0 to 512 [ 207.249447][ T8728] EXT4-fs: Ignoring removed oldalloc option [ 207.274915][ T8731] EXT4-fs: Ignoring removed bh option [ 207.294227][ T8731] ext2: Unknown parameter 'context' [ 207.300213][ T8728] EXT4-fs error (device loop1): ext4_xattr_inode_iget:436: comm syz.1.1000: Parent and EA inode have the same ino 15 [ 207.356442][ T8728] EXT4-fs error (device loop1): ext4_xattr_inode_iget:436: comm syz.1.1000: Parent and EA inode have the same ino 15 [ 207.391440][ T8728] EXT4-fs (loop1): 1 orphan inode deleted [ 207.415222][ T8728] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 207.651388][ T52] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 207.654812][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.683093][ T8740] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1005'. [ 208.329099][ T8755] netlink: 'syz.2.1012': attribute type 10 has an invalid length. [ 208.479099][ T52] usb 1-1: Using ep0 maxpacket: 8 [ 208.500938][ T52] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 208.526144][ T52] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 208.536232][ T52] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 208.569507][ T52] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 208.579421][ T52] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 208.612837][ T52] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 208.622037][ T52] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.719129][ T52] usb 1-1: can't set config #16, error -71 [ 208.741243][ T52] usb 1-1: USB disconnect, device number 3 [ 208.921521][ T8771] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96 [ 209.172201][ T8785] netlink: 'syz.0.1024': attribute type 3 has an invalid length. [ 209.285218][ T8792] netlink: 'syz.6.1025': attribute type 10 has an invalid length. [ 209.357346][ T8792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.394639][ T8792] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 209.783062][ T7522] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 209.946173][ T7522] usb 6-1: Using ep0 maxpacket: 8 [ 209.953708][ T7522] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 210.000381][ T7522] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 210.010844][ T7522] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 210.022703][ T7522] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 210.037035][ T7522] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 210.059530][ T7522] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.153095][ T8807] loop2: detected capacity change from 0 to 512 [ 210.328126][ T7522] usb 6-1: usb_control_msg returned -32 [ 210.335060][ T7522] usbtmc 6-1:16.0: can't read capabilities [ 210.370655][ T7522] usb 6-1: USB disconnect, device number 5 [ 210.514282][ T8821] loop1: detected capacity change from 0 to 512 [ 210.584285][ T8821] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 210.669854][ T8821] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.773512][ T8821] EXT4-fs error (device loop1): ext4_do_update_inode:5173: inode #2: comm syz.1.1039: corrupted inode contents [ 210.827326][ T8821] EXT4-fs error (device loop1): ext4_dirty_inode:6061: inode #2: comm syz.1.1039: mark_inode_dirty error [ 210.872930][ T8821] EXT4-fs error (device loop1): ext4_do_update_inode:5173: inode #2: comm syz.1.1039: corrupted inode contents [ 211.038217][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.067880][ T8842] loop5: detected capacity change from 0 to 512 [ 211.262765][ T8851] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1051'. [ 211.283342][ T8851] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1051'. [ 211.340377][ T8851] netlink: 'syz.1.1051': attribute type 1 has an invalid length. [ 211.435190][ T8857] 9pnet_fd: Insufficient options for proto=fd [ 211.592653][ T29] kauditd_printk_skb: 29 callbacks suppressed [ 211.592671][ T29] audit: type=1326 audit(1740264931.056:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 211.703576][ T29] audit: type=1326 audit(1740264931.056:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 211.787319][ T29] audit: type=1326 audit(1740264931.093:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 211.863200][ T29] audit: type=1326 audit(1740264931.093:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 211.893786][ T8875] loop2: detected capacity change from 0 to 512 [ 211.940611][ T29] audit: type=1326 audit(1740264931.093:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 212.006471][ T29] audit: type=1326 audit(1740264931.093:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 212.070079][ T29] audit: type=1326 audit(1740264931.093:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 212.106623][ T29] audit: type=1326 audit(1740264931.093:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 212.132177][ T8879] netlink: 14 bytes leftover after parsing attributes in process `+}[@'. [ 212.152023][ T29] audit: type=1326 audit(1740264931.093:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 212.183417][ T29] audit: type=1326 audit(1740264931.093:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8864 comm="syz.0.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86cd38d169 code=0x7ffc0000 [ 212.245769][ T8890] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1070'. [ 212.551701][ T5884] usb 3-1: [UEAGLE-ATM] firmware is not available [ 212.562652][ T5970] usb 3-1: [UEAGLE-ATM] firmware is not available [ 212.646587][ T8905] loop5: detected capacity change from 0 to 7 [ 212.653300][ T8905] buffer_io_error: 18 callbacks suppressed [ 212.653317][ T8905] Buffer I/O error on dev loop5, logical block 0, async page read [ 212.694276][ T8905] Buffer I/O error on dev loop5, logical block 0, async page read [ 212.706082][ T8905] Buffer I/O error on dev loop5, logical block 0, async page read [ 212.718336][ T8905] Buffer I/O error on dev loop5, logical block 0, async page read [ 212.746691][ T8905] Buffer I/O error on dev loop5, logical block 0, async page read [ 212.756802][ T8905] Buffer I/O error on dev loop5, logical block 0, async page read [ 212.770041][ T8905] Buffer I/O error on dev loop5, logical block 0, async page read [ 212.781892][ T8905] ldm_validate_partition_table(): Disk read failed. [ 212.795531][ T8905] Buffer I/O error on dev loop5, logical block 0, async page read [ 212.803728][ T8905] Buffer I/O error on dev loop5, logical block 0, async page read [ 212.822791][ T8905] Buffer I/O error on dev loop5, logical block 0, async page read [ 212.833148][ T8905] Dev loop5: unable to read RDB block 0 [ 212.849970][ T8905] loop5: unable to read partition table [ 212.858490][ T8905] loop5: partition table beyond EOD, truncated [ 212.872606][ T8905] loop_reread_partitions: partition scan of loop5 (被xڬdƤݡ [ 212.872606][ T8905] ) failed (rc=-5) [ 213.215032][ T8925] netlink: 'syz.1.1085': attribute type 4 has an invalid length. [ 213.260934][ T8925] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1085'. [ 213.350587][ T8925] : renamed from bond0 (while UP) [ 213.642166][ T8931] netlink: 'syz.6.1087': attribute type 3 has an invalid length. [ 213.684468][ T8940] netlink: 'syz.1.1090': attribute type 10 has an invalid length. [ 215.870728][ T8940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 215.880557][ T8940] : (slave batadv0): Enslaving as an active interface with an up link [ 216.003305][ T8955] netlink: 'syz.1.1095': attribute type 13 has an invalid length. [ 216.225898][ T8965] IPv6: NLM_F_CREATE should be specified when creating new route [ 216.349470][ T8972] netlink: 'syz.6.1105': attribute type 10 has an invalid length. [ 216.438594][ T8975] smc: net device bond0 applied user defined pnetid SYZ0 [ 216.466950][ T8975] smc: net device bond0 erased user defined pnetid SYZ0 [ 216.516271][ T8978] loop5: detected capacity change from 0 to 512 [ 217.341596][ T9008] veth3: entered promiscuous mode [ 217.496364][ T9012] loop5: detected capacity change from 0 to 512 [ 217.659926][ T9021] warn_alloc: 1 callbacks suppressed [ 217.659946][ T9021] syz.2.1124: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 217.680910][ T9021] CPU: 0 UID: 0 PID: 9021 Comm: syz.2.1124 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 217.680933][ T9021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 217.680944][ T9021] Call Trace: [ 217.680956][ T9021] [ 217.680963][ T9021] dump_stack_lvl+0x241/0x360 [ 217.680992][ T9021] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.681011][ T9021] ? __pfx__printk+0x10/0x10 [ 217.681038][ T9021] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 217.681062][ T9021] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 217.681091][ T9021] warn_alloc+0x278/0x410 [ 217.681117][ T9021] ? __vmalloc_node_range_noprof+0x106/0x1380 [ 217.681140][ T9021] ? __pfx_warn_alloc+0x10/0x10 [ 217.681163][ T9021] ? kasan_save_track+0x3f/0x80 [ 217.681181][ T9021] ? __kasan_kmalloc+0x98/0xb0 [ 217.681204][ T9021] ? xsk_setsockopt+0x4b4/0x830 [ 217.681221][ T9021] ? do_sock_setsockopt+0x3af/0x720 [ 217.681242][ T9021] ? __x64_sys_setsockopt+0x1ee/0x280 [ 217.681264][ T9021] ? do_syscall_64+0xf3/0x230 [ 217.681286][ T9021] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.681325][ T9021] __vmalloc_node_range_noprof+0x126/0x1380 [ 217.681401][ T9021] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 217.681430][ T9021] ? __kasan_kmalloc+0x98/0xb0 [ 217.681462][ T9021] vmalloc_user_noprof+0x74/0x80 [ 217.681483][ T9021] ? xskq_create+0xb6/0x170 [ 217.681501][ T9021] xskq_create+0xb6/0x170 [ 217.681525][ T9021] xsk_init_queue+0xa1/0x100 [ 217.681550][ T9021] xsk_setsockopt+0x4b4/0x830 [ 217.681575][ T9021] ? __pfx_xsk_setsockopt+0x10/0x10 [ 217.681596][ T9021] ? __pfx_aa_sk_perm+0x10/0x10 [ 217.681623][ T9021] ? aa_sock_opt_perm+0xfd/0x1b0 [ 217.681661][ T9021] ? __pfx_xsk_setsockopt+0x10/0x10 [ 217.681679][ T9021] do_sock_setsockopt+0x3af/0x720 [ 217.681714][ T9021] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 217.681748][ T9021] ? __fget_files+0x395/0x410 [ 217.681765][ T9021] ? __fget_files+0x2a/0x410 [ 217.681798][ T9021] __x64_sys_setsockopt+0x1ee/0x280 [ 217.681835][ T9021] do_syscall_64+0xf3/0x230 [ 217.681859][ T9021] ? clear_bhb_loop+0x45/0xa0 [ 217.681886][ T9021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.681908][ T9021] RIP: 0033:0x7f7f6098d169 [ 217.681925][ T9021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.681940][ T9021] RSP: 002b:00007f7f617f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 217.681959][ T9021] RAX: ffffffffffffffda RBX: 00007f7f60ba6080 RCX: 00007f7f6098d169 [ 217.681972][ T9021] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000005 [ 217.681981][ T9021] RBP: 00007f7f60a0e2a0 R08: 0000000000000004 R09: 0000000000000000 [ 217.681992][ T9021] R10: 0000400000000000 R11: 0000000000000246 R12: 0000000000000000 [ 217.682002][ T9021] R13: 0000000000000000 R14: 00007f7f60ba6080 R15: 00007ffe827a4038 [ 217.682037][ T9021] [ 217.962633][ T9021] Mem-Info: [ 217.965815][ T9021] active_anon:4176 inactive_anon:0 isolated_anon:0 [ 217.965815][ T9021] active_file:770 inactive_file:46794 isolated_file:0 [ 217.965815][ T9021] unevictable:768 dirty:124 writeback:0 [ 217.965815][ T9021] slab_reclaimable:10628 slab_unreclaimable:102280 [ 217.965815][ T9021] mapped:28660 shmem:1567 pagetables:706 [ 217.965815][ T9021] sec_pagetables:0 bounce:0 [ 217.965815][ T9021] kernel_misc_reclaimable:0 [ 217.965815][ T9021] free:1327899 free_pcp:1635 free_cma:0 [ 218.011061][ T9021] Node 0 active_anon:16704kB inactive_anon:0kB active_file:3080kB inactive_file:187100kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:114640kB dirty:496kB writeback:0kB shmem:4732kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10868kB pagetables:2924kB sec_pagetables:0kB all_unreclaimable? no [ 218.044980][ T9021] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 218.075177][ T9021] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 218.104524][ T9021] lowmem_reserve[]: 0 2489 2490 0 0 [ 218.109827][ T9021] Node 0 DMA32 free:1386324kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:16764kB inactive_anon:0kB active_file:3080kB inactive_file:186776kB unevictable:1536kB writepending:496kB present:3129332kB managed:2549508kB mlocked:0kB bounce:0kB free_pcp:6384kB local_pcp:792kB free_cma:0kB [ 218.141244][ T9021] lowmem_reserve[]: 0 0 0 0 0 [ 218.146067][ T9021] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:324kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 218.172828][ T9021] lowmem_reserve[]: 0 0 0 0 0 [ 218.177582][ T9021] Node 1 Normal free:3909436kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:144kB local_pcp:144kB free_cma:0kB [ 218.206833][ T9021] lowmem_reserve[]: 0 0 0 0 0 [ 218.211618][ T9021] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 218.224544][ T9021] Node 0 DMA32: 239*4kB (UM) 801*8kB (UME) 774*16kB (UME) 1022*32kB (UME) 560*64kB (UME) 264*128kB (UME) 164*256kB (UM) 47*512kB (UME) 8*1024kB (UME) 5*2048kB (UM) 288*4096kB (M) = 1386212kB [ 218.243572][ T9021] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 218.255158][ T9021] Node 1 Normal: 221*4kB (UE) 53*8kB (UME) 38*16kB (UME) 194*32kB (UME) 100*64kB (UME) 35*128kB (UME) 13*256kB (UM) 8*512kB (UM) 4*1024kB (UME) 4*2048kB (UE) 945*4096kB (M) = 3909436kB [ 218.273702][ T9021] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 218.283432][ T9021] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 218.292815][ T9021] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 218.302833][ T9021] Node 1 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 218.312196][ T9021] 49131 total pagecache pages [ 218.316893][ T9021] 0 pages in swap cache [ 218.321131][ T9021] Free swap = 124752kB [ 218.325307][ T9021] Total swap = 124996kB [ 218.329483][ T9021] 2097051 pages RAM [ 218.333374][ T9021] 0 pages HighMem/MovableOnly [ 218.338066][ T9021] 427952 pages reserved [ 218.342286][ T9021] 0 pages cma reserved [ 218.439259][ T9032] loop1: detected capacity change from 0 to 2048 [ 218.557405][ T9032] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 218.580567][ T9032] ext4 filesystem being mounted at /222/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.639066][ T9032] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1126: bg 0: block 345: padding at end of block bitmap is not set [ 218.668982][ T6161] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 32768 with max blocks 1 with error 28 [ 218.736748][ T6161] EXT4-fs (loop1): This should not happen!! Data will be lost [ 218.736748][ T6161] [ 218.779705][ T6161] EXT4-fs (loop1): Total free blocks count 0 [ 218.785770][ T6161] EXT4-fs (loop1): Free/Dirty block details [ 218.819296][ T6161] EXT4-fs (loop1): free_blocks=0 [ 218.824374][ T6161] EXT4-fs (loop1): dirty_blocks=16 [ 218.862897][ T6161] EXT4-fs (loop1): Block reservation details [ 218.872818][ T6161] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 218.926961][ T29] kauditd_printk_skb: 80 callbacks suppressed [ 218.926981][ T29] audit: type=1326 audit(1740264937.821:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.5.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 218.968001][ T9053] loop2: detected capacity change from 0 to 512 [ 219.014819][ T29] audit: type=1326 audit(1740264937.821:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.5.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 219.075095][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.100720][ T29] audit: type=1326 audit(1740264937.849:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.5.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 219.214637][ T29] audit: type=1326 audit(1740264937.849:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.5.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 219.279554][ T29] audit: type=1326 audit(1740264937.849:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.5.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 219.357991][ T29] audit: type=1326 audit(1740264937.868:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.5.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 219.463412][ T29] audit: type=1326 audit(1740264937.868:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.5.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 219.547163][ T29] audit: type=1326 audit(1740264937.941:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.5.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 219.614362][ T9069] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1145'. [ 219.652942][ T29] audit: type=1326 audit(1740264937.941:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.5.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f787a18d169 code=0x7ffc0000 [ 219.710621][ T29] audit: type=1326 audit(1740264937.941:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9052 comm="syz.5.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f787a18bad0 code=0x7ffc0000 [ 219.959383][ T9085] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1152'. [ 220.279187][ T9093] loop1: detected capacity change from 0 to 512 [ 220.300004][ T9093] EXT4-fs: Ignoring removed orlov option [ 220.468051][ T9093] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.486803][ T9093] ext4 filesystem being mounted at /226/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 220.587262][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.198946][ T5819] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 222.383142][ T5819] usb 6-1: Using ep0 maxpacket: 8 [ 222.393367][ T5819] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 222.416899][ T5819] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 222.443242][ T5819] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 222.469946][ T5819] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 222.492730][ T5819] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 222.513129][ T5819] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.755623][ T5819] usb 6-1: usb_control_msg returned -32 [ 222.761281][ T5819] usbtmc 6-1:16.0: can't read capabilities [ 222.821168][ T5819] usb 6-1: USB disconnect, device number 6 [ 223.169242][ T9142] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1173'. [ 223.857443][ T9162] loop1: detected capacity change from 0 to 2048 [ 223.917818][ T9162] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 223.948914][ T9162] ext4 filesystem being mounted at /234/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 224.054829][ T9162] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1181: bg 0: block 345: padding at end of block bitmap is not set [ 224.092978][ T9162] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 1 with error 117 [ 224.124662][ T9162] EXT4-fs (loop1): This should not happen!! Data will be lost [ 224.124662][ T9162] [ 224.309845][ T12] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 32768 with max blocks 1 with error 28 [ 224.331689][ T12] EXT4-fs (loop1): This should not happen!! Data will be lost [ 224.331689][ T12] [ 224.353422][ T12] EXT4-fs (loop1): Total free blocks count 0 [ 224.362102][ T12] EXT4-fs (loop1): Free/Dirty block details [ 224.375282][ T12] EXT4-fs (loop1): free_blocks=0 [ 224.382990][ T12] EXT4-fs (loop1): dirty_blocks=16 [ 224.393941][ T12] EXT4-fs (loop1): Block reservation details [ 225.130370][ T9199] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 225.397229][ T9204] process 'syz.1.1197' launched './file0' with NULL argv: empty string added [ 225.519430][ T9208] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1200'. [ 225.683359][ T9212] netlink: 'syz.2.1202': attribute type 16 has an invalid length. [ 225.763766][ T9212] netlink: 'syz.2.1202': attribute type 1 has an invalid length. [ 225.774114][ T9212] netlink: 64030 bytes leftover after parsing attributes in process `syz.2.1202'. [ 225.879866][ T834] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 225.921471][ T834] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 226.164365][ T5884] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 226.256347][ T9230] loop1: detected capacity change from 0 to 2048 [ 226.341430][ T9230] loop1: p3 p4 < > [ 226.381153][ T5884] usb 6-1: Using ep0 maxpacket: 16 [ 226.425384][ T9230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1209'. [ 226.462736][ T5884] usb 6-1: config 0 has no interfaces? [ 226.484106][ T5884] usb 6-1: New USB device found, idVendor=056a, idProduct=0029, bcdDevice= 0.00 [ 226.515449][ T5884] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.557777][ T5884] usb 6-1: config 0 descriptor?? [ 226.787455][ T9239] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.837811][ T5970] usb 6-1: USB disconnect, device number 7 [ 226.931003][ T9251] [ 226.934059][ T9251] ============================= [ 226.939008][ T9251] WARNING: suspicious RCU usage [ 226.943902][ T9251] 6.14.0-rc3-next-20250218-syzkaller #0 Not tainted [ 226.950747][ T9251] ----------------------------- [ 226.955708][ T9251] fs/kernfs/mount.c:243 suspicious rcu_dereference_check() usage! [ 226.963529][ T9251] [ 226.963529][ T9251] other info that might help us debug this: [ 226.963529][ T9251] [ 226.974031][ T9251] [ 226.974031][ T9251] rcu_scheduler_active = 2, debug_locks = 1 [ 226.982217][ T9251] 3 locks held by syz.0.1217/9251: [ 226.987533][ T9251] #0: ffff8880575c3870 (&fc->uapi_mutex){+.+.}-{4:4}, at: __se_sys_fsconfig+0x9b2/0xf60 [ 226.997524][ T9251] #1: ffff88803438e0e0 (&type->s_umount_key#56){++++}-{4:4}, at: super_lock+0x196/0x400 [ 227.007539][ T9251] #2: ffff88801bef7148 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_node_dentry+0xc3/0x2d0 [ 227.017884][ T9251] [ 227.017884][ T9251] stack backtrace: [ 227.024188][ T9251] CPU: 1 UID: 0 PID: 9251 Comm: syz.0.1217 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 227.024212][ T9251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 227.024223][ T9251] Call Trace: [ 227.024230][ T9251] [ 227.024237][ T9251] dump_stack_lvl+0x241/0x360 [ 227.024268][ T9251] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.024289][ T9251] ? __pfx__printk+0x10/0x10 [ 227.024303][ T9251] ? do_raw_spin_lock+0x14f/0x370 [ 227.024351][ T9251] lockdep_rcu_suspicious+0x226/0x340 [ 227.024376][ T9251] kernfs_node_dentry+0x24b/0x2d0 [ 227.024406][ T9251] cgroup_do_get_tree+0x248/0x390 [ 227.024433][ T9251] cgroup_get_tree+0xbb/0x230 [ 227.024457][ T9251] vfs_get_tree+0x90/0x2b0 [ 227.024485][ T9251] vfs_cmd_create+0xa0/0x1f0 [ 227.024502][ T9251] ? __se_sys_fsconfig+0xa29/0xf60 [ 227.024524][ T9251] __se_sys_fsconfig+0xa33/0xf60 [ 227.024556][ T9251] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 227.024573][ T9251] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 227.024600][ T9251] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 227.024634][ T9251] ? do_syscall_64+0x100/0x230 [ 227.024662][ T9251] ? __x64_sys_fsconfig+0x20/0xc0 [ 227.024686][ T9251] do_syscall_64+0xf3/0x230 [ 227.024707][ T9251] ? clear_bhb_loop+0x45/0xa0 [ 227.024732][ T9251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.024753][ T9251] RIP: 0033:0x7f86cd38d169 [ 227.024770][ T9251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.024784][ T9251] RSP: 002b:00007f86ce12e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 227.024801][ T9251] RAX: ffffffffffffffda RBX: 00007f86cd5a5fa0 RCX: 00007f86cd38d169 [ 227.024814][ T9251] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 227.024824][ T9251] RBP: 00007f86cd40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 227.024835][ T9251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 227.024843][ T9251] R13: 0000000000000000 R14: 00007f86cd5a5fa0 R15: 00007ffc82ed3f38 [ 227.024883][ T9251] [ 227.249354][ T9251] [ 227.251733][ T9251] ============================================ [ 227.257888][ T9251] WARNING: possible recursive locking detected [ 227.264053][ T9251] 6.14.0-rc3-next-20250218-syzkaller #0 Not tainted [ 227.270656][ T9251] -------------------------------------------- [ 227.276816][ T9251] syz.0.1217/9251 is trying to acquire lock: [ 227.282800][ T9251] ffff88801bef7148 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_dop_revalidate+0xa2/0x5d0 [ 227.292817][ T9251] [ 227.292817][ T9251] but task is already holding lock: [ 227.300183][ T9251] ffff88801bef7148 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_node_dentry+0xc3/0x2d0 [ 227.309942][ T9251] [ 227.309942][ T9251] other info that might help us debug this: [ 227.317990][ T9251] Possible unsafe locking scenario: [ 227.317990][ T9251] [ 227.325431][ T9251] CPU0 [ 227.328695][ T9251] ---- [ 227.331958][ T9251] lock(&root->kernfs_rwsem); [ 227.336714][ T9251] lock(&root->kernfs_rwsem); [ 227.341469][ T9251] [ 227.341469][ T9251] *** DEADLOCK *** [ 227.341469][ T9251] [ 227.349594][ T9251] May be due to missing lock nesting notation [ 227.349594][ T9251] [ 227.357897][ T9251] 3 locks held by syz.0.1217/9251: [ 227.362992][ T9251] #0: ffff8880575c3870 (&fc->uapi_mutex){+.+.}-{4:4}, at: __se_sys_fsconfig+0x9b2/0xf60 [ 227.372825][ T9251] #1: ffff88803438e0e0 (&type->s_umount_key#56){++++}-{4:4}, at: super_lock+0x196/0x400 [ 227.382664][ T9251] #2: ffff88801bef7148 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_node_dentry+0xc3/0x2d0 [ 227.392863][ T9251] [ 227.392863][ T9251] stack backtrace: [ 227.398741][ T9251] CPU: 1 UID: 0 PID: 9251 Comm: syz.0.1217 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 227.398757][ T9251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 227.398766][ T9251] Call Trace: [ 227.398774][ T9251] [ 227.398781][ T9251] dump_stack_lvl+0x241/0x360 [ 227.398800][ T9251] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.398814][ T9251] ? __pfx__printk+0x10/0x10 [ 227.398828][ T9251] ? lockdep_unlock+0x16a/0x300 [ 227.398852][ T9251] print_deadlock_bug+0x483/0x620 [ 227.398870][ T9251] validate_chain+0x15e2/0x5920 [ 227.398892][ T9251] ? validate_chain+0x15c0/0x5920 [ 227.398907][ T9251] ? __pfx_validate_chain+0x10/0x10 [ 227.398930][ T9251] ? __pfx_validate_chain+0x10/0x10 [ 227.398943][ T9251] ? __lock_acquire+0x1397/0x2100 [ 227.398962][ T9251] ? __pfx_validate_chain+0x10/0x10 [ 227.398979][ T9251] ? mark_lock+0x9a/0x360 [ 227.398992][ T9251] __lock_acquire+0x1397/0x2100 [ 227.399017][ T9251] lock_acquire+0x1ed/0x550 [ 227.399034][ T9251] ? kernfs_dop_revalidate+0xa2/0x5d0 [ 227.399052][ T9251] ? __pfx_lock_acquire+0x10/0x10 [ 227.399071][ T9251] ? __pfx___might_resched+0x10/0x10 [ 227.399093][ T9251] down_read+0xb1/0xa40 [ 227.399111][ T9251] ? kernfs_dop_revalidate+0xa2/0x5d0 [ 227.399125][ T9251] ? __pfx_lock_acquire+0x10/0x10 [ 227.399143][ T9251] ? kernfs_root+0x1c/0x230 [ 227.399155][ T9251] ? __pfx_down_read+0x10/0x10 [ 227.399177][ T9251] ? kernfs_root+0x1c/0x230 [ 227.399191][ T9251] kernfs_dop_revalidate+0xa2/0x5d0 [ 227.399210][ T9251] lookup_one_unlocked+0x23b/0x2d0 [ 227.399227][ T9251] ? __pfx_lookup_one_unlocked+0x10/0x10 [ 227.399241][ T9251] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 227.399259][ T9251] ? nbcon_cpu_emergency_exit+0x6e/0xd0 [ 227.399272][ T9251] ? nbcon_cpu_emergency_exit+0x77/0xd0 [ 227.399288][ T9251] lookup_positive_unlocked+0x2b/0xb0 [ 227.399304][ T9251] kernfs_node_dentry+0x139/0x2d0 [ 227.399323][ T9251] cgroup_do_get_tree+0x248/0x390 [ 227.399339][ T9251] cgroup_get_tree+0xbb/0x230 [ 227.399401][ T9251] vfs_get_tree+0x90/0x2b0 [ 227.399418][ T9251] vfs_cmd_create+0xa0/0x1f0 [ 227.399433][ T9251] ? __se_sys_fsconfig+0xa29/0xf60 [ 227.399448][ T9251] __se_sys_fsconfig+0xa33/0xf60 [ 227.399467][ T9251] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 227.399482][ T9251] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 227.399503][ T9251] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 227.399522][ T9251] ? do_syscall_64+0x100/0x230 [ 227.399541][ T9251] ? __x64_sys_fsconfig+0x20/0xc0 [ 227.399556][ T9251] do_syscall_64+0xf3/0x230 [ 227.399573][ T9251] ? clear_bhb_loop+0x45/0xa0 [ 227.399591][ T9251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.399608][ T9251] RIP: 0033:0x7f86cd38d169 [ 227.399621][ T9251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.399632][ T9251] RSP: 002b:00007f86ce12e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 227.399646][ T9251] RAX: ffffffffffffffda RBX: 00007f86cd5a5fa0 RCX: 00007f86cd38d169 [ 227.399656][ T9251] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 227.399664][ T9251] RBP: 00007f86cd40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 227.399673][ T9251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 227.399681][ T9251] R13: 0000000000000000 R14: 00007f86cd5a5fa0 R15: 00007ffc82ed3f38 [ 227.399698][ T9251] [ 227.739501][ T9255] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1217'. [ 227.760612][ T9255] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 227.768224][ T9255] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 227.775806][ T9255] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 227.783367][ T9255] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 227.805282][ T9239] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.884782][ T9239] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.986668][ T9239] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.087643][ T9239] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.099086][ T9239] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.110586][ T9239] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 228.125380][ T9239] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0