last executing test programs: 3.174584982s ago: executing program 0 (id=2086): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31000000000900010073797a3100000000340008800c00024000000000000080010c00024000000000000000040c00014000000000000000000c00014000000000000000014c000480080002404c82f47c080001400000000008000140000000010800014000000003080002404f32945f080001400000000308000140000000020800024019885f270800"], 0x25c}}, 0x0) 3.141434945s ago: executing program 0 (id=2087): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r5 = open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102) write$bt_hci(r5, &(0x7f00000001c0)={0x1, @pin_code_neg_reply={{0x40e, 0x6}, {@none}}}, 0xa) 3.106005808s ago: executing program 0 (id=2090): r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d) socket(0xb, 0x80000, 0x0) (fail_nth: 3) 2.253518067s ago: executing program 0 (id=2097): ustat(0x1, &(0x7f0000000000)) r0 = socket(0x10, 0x3, 0x6) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000300)={0x0, 0x5, {0xff, @usage=0x3, 0x0, 0x4, 0x3, 0x401, 0x7, 0x3, 0xca, @struct={0xb6, 0xfff}, 0x2, 0x1, [0x9, 0x2, 0x7, 0x9, 0x6003, 0x2]}, {0x100, @struct={0x5, 0x1000}, 0x0, 0x9, 0x5, 0x7ff, 0x7, 0x9, 0x8, @usage=0xff, 0x8, 0x20, [0xd420, 0x2, 0xa5, 0x1, 0x7d62, 0xffffffffffffffff]}, {0x2, @usage=0x6, 0x0, 0x3ff, 0xb1, 0x7, 0xac97, 0x7f, 0x8, @usage=0xfff, 0x0, 0x8, [0xc18, 0x9, 0x5f, 0x8, 0xb, 0x3]}, {0xfffffffffffffff8, 0xffffffffffffff0e, 0x1}}) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000700)={r1, 0x6, 0x1, [0x80000001, 0x329a, 0x8000, 0x8, 0x3d3147c3], [0x8, 0x0, 0x1ff, 0x5, 0x8, 0xa6, 0x7fffffff, 0x1, 0x8, 0x8, 0x8000000000000001, 0x6467, 0xd, 0x1, 0xfffffffffffffff8, 0x4, 0x9, 0x8, 0xffff, 0x1, 0x1800000000000000, 0x3, 0xe, 0x5, 0x4, 0xfff, 0x0, 0x3252, 0xfffffffffffffffa, 0x2, 0x7, 0x3, 0xa6, 0x0, 0x3, 0xa, 0x5, 0x1d, 0x5, 0x6, 0x9, 0x5, 0xf, 0xfffffffffffffffe, 0xffffffffffffff67, 0xfffffffffffffffe, 0x1, 0x8353, 0x6, 0x800, 0xffffffff, 0x64cb, 0x7, 0x8, 0x56, 0x2, 0x0, 0x5, 0x10000000, 0x8, 0x100000001, 0x8, 0x2, 0xffc, 0x8, 0x9, 0x6, 0x6, 0x5, 0x8, 0x3, 0x2, 0x7b9, 0x9, 0x83, 0x1, 0x7f, 0x7, 0x1, 0x9, 0x800, 0x6a8000, 0x8000000000000000, 0xfff, 0x100000001, 0x80, 0x8000000000000001, 0xb766, 0x3, 0x6, 0x8, 0x7, 0x7, 0x8, 0x5, 0x6, 0x7, 0x8000000000000000, 0xffffffffffffffaf, 0xad2, 0x5, 0x8, 0x1000, 0x0, 0x5, 0xf, 0x7fffffff, 0x35f6, 0x8, 0x2, 0x2, 0x0, 0x10001, 0x200, 0xffffffff7fffffff, 0x6, 0x18000, 0x6, 0x1, 0x2, 0x800]}) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x8, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x2}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000340)={0x5, 0x90, 0x1, 'queue0\x00', 0x3}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x40505330, &(0x7f0000000ec0)={0x800100, 0xfffffffd, 0x22, 0x100, 0x81, 0x5}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) recvmsg$can_bcm(r0, &(0x7f0000000280)={&(0x7f0000000180)=@nl=@unspec, 0x80, &(0x7f0000000240)=[{&(0x7f0000000200)=""/19, 0x13}], 0x1, &(0x7f0000000f40)=""/4096, 0x1000}, 0x40010002) sendmsg$TIPC_NL_BEARER_DISABLE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x18, r6, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x40080) listen(r4, 0x5) accept(r4, &(0x7f0000000080)=@can, 0x0) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r7, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) sendto(0xffffffffffffffff, 0x0, 0x0, 0x20000000, 0x0, 0x0) ioctl$sock_bt_hci(r2, 0x400448e6, 0x0) ioctl$sock_bt_hci(r2, 0x400448e7, &(0x7f0000000080)) 1.424898505s ago: executing program 0 (id=2115): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup(r2) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x4, 0x0, 0x0) 1.424441414s ago: executing program 4 (id=2116): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffff", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x13, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) unshare(0x2c020400) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000001480), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x100) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 1.395546517s ago: executing program 4 (id=2119): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x64, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x9a1, 0x2, 0x2, 0x4, 0x7}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r1}, 0x38) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x38}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe0}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r4, 0x0, 0x4}, 0x18) r5 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r5, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, 0x0, 0x0) setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, &(0x7f00000008c0)=[{{0x3, 0x1, 0x1, 0x1}, {0x0, 0x1}}], 0x8) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x34, 0x0, 0x8, 0x5, 0x0, 0x0, {0x2, 0x0, 0x9}, [@CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4048000) 1.372620498s ago: executing program 2 (id=2120): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r5 = open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102) write$bt_hci(r5, &(0x7f00000001c0)={0x1, @pin_code_neg_reply={{0x40e, 0x6}, {@none}}}, 0xa) 1.35357451s ago: executing program 4 (id=2122): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r1 = syz_io_uring_setup(0x5c2, 0x0, 0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x38, 0x3, r0, 0x0, 0x0, 0x0, 0x40000023, 0x1, {0x2}}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r3}, &(0x7f0000000800), &(0x7f0000000840)=r4}, 0x20) openat$ptmx(0xffffffffffffff9c, 0x0, 0x200480, 0x0) rt_sigsuspend(0x0, 0x0) io_uring_enter(r1, 0x6e2, 0x600, 0x1, 0x0, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, &(0x7f00000001c0)=0x20000, 0x4) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYRESOCT=0x0, @ANYBLOB="0d2efb1546400e0b627d1e5d8644b8747a297c8fc6020d24f50d4c53fcf32d1a272c5f377839f602d73507b715277fb40ee23eccfeb030464e818e711fe59bc6a278ec0be6bc2db162a8f8f4fed096d2d2dcdfc5fab8cdbae78bda983a99b13a5e6c66abccac88fc0526de196d4d374a21aa3f97148a58282d444cd24f5ab2b9c4e20e7b6559553d0b96d18beb6767d38e1e7653c94c30274b98f4c64029defc94f9396a5487d90b18e8197e4394c39c01a0a299436faf69a4c36ea515b3c1c3da8042a94b47ff90546fd6e00644c0c085bd61cdb565f1b48851ff3a61786d4cbdb46142c42eb399ee78"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18000000002cf74f6d000000000000001811000073fd36fa770f7e2a4ed6699c0940c0c2b1db8a7f705c581d8eea6068abfae50652e11a3bcb36625ff7a57f3950c7780a656a8390a0cb0d2dc9636632760a3a6152157543539b8688997b507ae1d3b79c7739349488de6fc01dfae250f9862a48cb7d924527dba3c0e39e393d09bd8060558c19fc0fb91969168f8ce4579a045d819e1340607228a193f4dcf91f18d19e49485c5501948540821a627ba38fec22631c22e2", @ANYRES32=r9, @ANYRES64=r9], 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x20000000000002cf, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x41000, 0x0, '\x00', r8, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r10}, 0x18) setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4) bind$xdp(r6, &(0x7f00000002c0)={0x2c, 0x4, r8}, 0x10) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYRESOCT, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r8, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) readv(r5, &(0x7f0000000280)=[{&(0x7f0000000740)=""/170, 0xaa}, {&(0x7f00000008c0)=""/248, 0xf8}], 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000400)='kyber_throttled\x00', r11}, 0x18) 1.298139735s ago: executing program 2 (id=2124): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SCAN(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0) syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f00000000c0)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP") r4 = syz_open_dev$usbfs(0x0, 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e008104df635e731a5bfcd942f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd4f6cfdfe756bc00d08e36655c00"}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f00000008c0)='ext4_sync_file_enter\x00', r5, 0x0, 0xfffffffffffffffd}, 0x18) r6 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r6, &(0x7f0000000180)={0x28, 0x0, 0x0, @local}, 0x10) connect$vsock_stream(r6, &(0x7f0000000780)={0x28, 0x0, 0xffffffff, @host}, 0x10) socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x7}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_emit_ethernet(0x4f, &(0x7f0000000a80)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6c2d0100001984"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8}, 0x94) socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000840)=@assoc_value={0x0}, &(0x7f0000000880)=0x17) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000000)={r8}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f0000000700)={r8, 0x5, 0x1, 0x7}, &(0x7f0000000740)=0x10) ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f00000006c0)={0x2, 0xf, 0x4, 0x1, 0x0, 0x5, 0x0}) r9 = open(&(0x7f0000000140)='./file1\x00', 0x64042, 0x169) pwritev(r9, &(0x7f0000000080)=[{&(0x7f0000000800)="59fdd4", 0xfdef}], 0x1, 0x8, 0x365) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000400)=@o_path={0x0, r0}, 0x18) 1.282936276s ago: executing program 4 (id=2125): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102) 1.254106348s ago: executing program 4 (id=2126): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRESHEX=0x0], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYRES64, @ANYRESOCT=r1, @ANYRESHEX=r3], &(0x7f0000000340)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0xf, '\x00', 0x0, @fallback=0x27, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000008}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000480)='netfs_read\x00', r4, 0x0, 0x6b4d}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x200000000000003e, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000940), 0x81000, 0x0) ioctl$PTP_SYS_OFFSET(r5, 0x43403d05, 0x0) r6 = socket$netlink(0x10, 0x3, 0x4) writev(r6, &(0x7f0000000240), 0x0) ioprio_set$pid(0x6, 0x0, 0x2004) syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') r7 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e22, @remote}, 0x10) ioprio_set$pid(0x1, 0x0, 0x4007) r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1800d252dbe47dc21a000000000000000000000000000085000000ae00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4c, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000380)='mr_dereg\x00', r10, 0x0, 0x6}, 0x18) sendmsg$NFT_BATCH(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f68737200000000140001"], 0xfc}}, 0x20000004) sendfile(r8, 0xffffffffffffffff, 0x0, 0x20000023896) ioctl$TIOCVHANGUP(r8, 0x5437, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r12 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r12, 0x29, 0x49, &(0x7f0000000000)=0x7e, 0x4) sendmsg$tipc(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb", 0x1}], 0x1}, 0x0) 1.067313423s ago: executing program 3 (id=2128): creat(&(0x7f00000000c0)='./file0\x00', 0x48) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r0 = dup(0xffffffffffffffff) write$P9_RLERRORu(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r1}, &(0x7f0000000800), &(0x7f0000000840)}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102) 1.036659855s ago: executing program 3 (id=2129): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fedbdf252c000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20048881}, 0x2000c800) 1.005283338s ago: executing program 3 (id=2130): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) 896.253667ms ago: executing program 3 (id=2131): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1202, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000600)=0x2) poll(&(0x7f0000000580)=[{r0, 0x12}], 0x1, 0xe8) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x37e2f4aba9289b81, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r3}}, 0x10) close(r2) 881.412388ms ago: executing program 2 (id=2132): openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) r0 = syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000100), 0x1, 0x599, &(0x7f0000000540)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=") r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x2200, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="5c6d75113132db"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) io_uring_setup(0x2987, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3, 0x0, 0x100000}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000008000000000000000000085"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) sync_file_range(r2, 0xb, 0x3c55, 0x0) sync() sync() mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x1fffff, 0x1, 0x11, 0xffffffffffffffff, 0x0) syz_clone(0x630051c0, 0x0, 0x22, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x88002, 0x0) pwritev(r4, &(0x7f00000000c0)=[{0x0, 0x4f}, {&(0x7f0000000140)="de", 0x1}], 0x2, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000000, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 529.817577ms ago: executing program 1 (id=2133): creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102) 515.572018ms ago: executing program 0 (id=2134): getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', r0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x4, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x3, 0x40) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10) syz_usb_disconnect(r2) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) mq_unlink(0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r6}, 0x38) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = socket$unix(0x1, 0x1, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r9, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f00000000c0)=0xc) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{}, &(0x7f0000000400), &(0x7f0000000680)}, 0x20) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000002c0)={0x0, 0x0}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000600)={r12, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000340)='\x00'}, 0x30) r13 = eventfd(0x939) r14 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000005c0), 0x8000, 0x0) io_submit(0x0, 0x4, &(0x7f0000001800)=[&(0x7f00000003c0)={0x0, 0x0, 0x0, 0x6, 0x7, r6, &(0x7f0000000380)="ac5acb31a79e43f4aab89a29758bf1b2b90a7a64", 0x14, 0x7f, 0x0, 0x1}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x5, 0x8001, r5, &(0x7f0000000680)="bfc4279b3f804dea921f5a3c72a4b39e65025194c9a4c05185f09fbe90d520486c79e53422d3174018df42df4da1669bf4ce0eaae9d195b61af4c53cbbd3068d8d03ba0a94d3089bd9492098ba06f26ab156cc58b40aae512475c227c3480b6047bbb045f43eef5f0faa774d4de56680a990255805fab499ad718012a93bbc4a6af47fb0c8cf041bda4d33844ec5e9eac62a3f591a3248ee", 0x98, 0x1, 0x0, 0x1}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x5, 0x7, r7, &(0x7f0000000740)="fe4b20efdb8d5c1f54fd9ced8e35cc8c6c8edcc0907be91fc663fb126adf0bdd51fe347108802435ff7b57f90e933a468e4a5a9afd7877168f4e5b17de4cfcaca5e35100fc2b168fd39f15a5da04e2e8a8bb0f7b11bbc4b7c42d54d0a7971112b23a11cad1c0649c54f35cc1fc103fc96e68c07ac6b139163f05224808c096347fcf62fd431e845bd91a6f8cd15c30ce8e13bf96a4cc55d7fbd3476be955dddeb9976003f6a9c8d369d352ec7eec43b55c6ac7860c3310afb081f5dd183e49f5ee7722112c401874fe28c9643b93b69f7db865427819a3be0de099382c676eafa6a3d7585437377a7bffcce66a238377b266812df99d7d5964d3984a793b752fd7207675e3a12cbe3977634c977a316d1a368eff1c50cfdae4ecd141de6949032d9d605a05277cfaaac1a657211af664d07a67685c85c01173e58c7c1f609c7f32debd7fe5fadd6efe837361a40a0698d9e0e6ad362c3200e28352fa94f090d1511935f14e0daabb7daafedc38a1a5c3afbf8775941cc29b77d1e9309c58a9dbccf9c614990d44b3ac2599b1ca4078a2890ad8cb1db25985013b3f521d8921269001efbb8c189947fd49441279cb9b6f9f483c72840cd52b05fa16cbfc968c45a9dc91e2e701203afae72e7851e5223b2270ab28f7a7d68895d1360edd68704a5edf51f8e3918e6ca2045bf4fe486157281abf3c438870b895710a6e805050e5e11a1e9e79b0950e3f7d34a366d85b3c22429576e26e99e6b04372537bebddc9ab8f45c1b9732280ce5c2e397e7a05a23f6d758e293aaa4b0627f3c48872b1c6cc5d02ef92bae4770c1a0613a33a23569ce6fd6b9ca924d1fc8b020c03eb3f05e3f9cfc23b924c87fe7f71e030607cfc5f2ddac56d372d701f79bd69bc437ff7c2e43090f5b951c216cfcbf7c3d79f38262694c48c1123d401073d77fdc7ed1d86db0bd5f734422c2416e119560072c9e1a07c007751cf5e755219ecaa8bde4da9b0130e33e9a9291e61bb13dc3b5ffbad6a575894201860401c303739e719a20a846def467b02afa2045d086a0d37ff5d1e76f5c538698a40ea6f454adc271aee891db5e60c5bd98ce75e885ac306ac50a9a12ad1895f458f345b4ce2afce49b34454c1b7fbe2980e7aa8ade6328a5a8210d2bddb5d312f6067955ba0ed29ab4517c5cac660b5264ad30e5de80ce9642d4d8bfb8d0f14484ba564804e1869fb76135ce00cc8675d495fd8998734585a3c72f8ec130a6d3073cfc1504a7964aa9ac087dfece932d731c5d0de83b2a74f71294c8d15b6cbc4a8a34beb576057d117e3a679be6a8022577469e282045fc6fe6d884101293525b076117509e7d2c3e21692ca0e210d4c09732f528e4f4e8d0c3025a72af58520fa0791586c85172cf4747ef165d8d3c485d9cdfa78b18aa2ace2508ba2a00103ebe1577b918c33c8004cda030e5e8067d485fce810e54bc7632bfba2c2bb3761d4a2b35a1ee609af89e18c882cf2c45a2dbeadac3104ebf0b95f6d4b688d84776945898516577ce93ad309b54f69cad433bc5c94a4024452c60554095236194a9854418eae38f1cb7e4beb04ac221d53c67f48ca59a9558b3d0c893f4fa6af18a1bbb2548564fe04e98134b25f358b3b8da2093fca4f1ba417104fb119973538ff25895851347974ad7419de48f92dd7deaeb6ef257ab6f3b8144f4222e23c7cae59816ccdc20943c0cd30c4d44eb033a4225741d686e432f1bcdcff023c912cc6c6dceb950d4710723dc11b617bb79befc6fe552f0bbe3d5288380a0289add5cbc351cbc165cf107eb7b747c0e5cc2519cdfaae7b045515697c4d5154ddbcf5b9ed72a673ef32f477763a2e8c6be455c290b58f967ee1b619e03a20a9445204765df5e7934aa6f675274fb4c76b3c267cc64df4934d56d908b1c9ceeeb8f40bbea301a670cc1d33dce3bb3a15ae0fa531f6dc9c52b4e441752076bd8e0c68ad8821cc2b7a28f308d091cd403a313ebe93496899870fbe8015bc3f0f109165eca323fdaa2df4fb61bcddda1511cebd7f0c0d8271643b99a7c2386fa7ed5c42797c432e05078e762d0614f55c0b8a4085dc86f308a0251c45b6b9ba43ce417e24026572a2ba3b307ef3789cc9e93413c3f196a4609e3d5db93abecbd7d12c40603e3bb156b586ddd521f902f67582ac044934a5d3cf212ccd7e07f9b970f50a7d9c2b4204954ec7382cfb475c726229c568e93f00f6c27c3f259d1e6424118bdf5c54e82115aeaad62a98d1a0f97c08d8de44586d981eed53d9c5b2f154c86e2807d341df80c7165626e2b4d72d6e20c890ba8b128cbb93805ed7867df64c0fe447e551fb825b646d2301a8a2b05266956b35cefd2f6619ac683ddc36cdbea9a7041dcf7ef003f9f9531e728e79da6599a8ffb7a2ac7146c16711e62d4c2b1956d44e9b31a9560618f3ae3d1bc90bb008f8c40d88ae5d1ab33990534402bba3e1418fdb786c9f2a06c7ea6c19795a7d0cc60ca53df2d6e0488e422ab5601f6d12e87beff59518b10a2d539d14d1ff031e0ef52ad7d16c7a95ea703b25d9b1ff5a5ecba07395d964ed9baecbcd072128ae9ff46c198b7980b9f409fb4998048ef08b45d5d50e3dd2ef7ce7b87fe0dcad7ba55aa9172dd3ecfd5f63a2d429a651d49c2f0f19d3672e6c0a910d73d621ee88f50281bde4d6dc7fd2743409b4e963dab60261ff01bfb00bf6980612e8daa1d274fd75e87964127d4e5d2151e70357ddf2601c6148d65c8ed3b7f1a3a10ae5256e521262cc46dd01aa1ded60476de6233ca9a6276ecaa523a5224cfcdb5cd14b4cb0eaeee58e977b38696ccb2732b8382ac5ef88b0a265ea4407d18e754079372baa2862882b203fc206f97cabdf46202fc3b6d231ed389c2569583b841e9e791f6bed53302ebf74439dfa8a7113787f613dfa3265479a81a9dfcd47b01936dbe151d34199b21f1aa655f29a0f86462b1311972754bbf8733190d2e57dacc87f8630a673136bf60cad47be8aac203cecb757b15f9e0aa90ef661591856d5aa9b084203df3b0034ad73034a7e68e09e8bb33807170bac0e097b19d0a76bdeafccc3f60358c17efed6a815fd2a2374b9fe265c1e8a97243b3d1520fd1aceefdb36214aceb5803629355486a8466c1033edf9af329329e29c04e45ff41ace673576dec8bc32e3014a03fa2b9f4248eb4019309eab6c494afcbb7ce00c1c1d8ec7236ef8c31feec94ece27213e9f4c1fe87e55fa2919668125735d359572571078ee20e665634478af9fae0c96a4679d7472c7bb9c96a93746b32280b8c496211c71446fc5a98f7ffad311fc24cf0253fb786bbcca40e1c3b8e605136f6cf48c920c38b84f89fe350487b55b463204eabeb0fb76263b8cc57624604a5c8f89b03f4ae1e12e82cb18a0937f328633c956300867a9b598b89feed05b3ed1529f918e3d7f1f5292918b650312766269abface3b1198cb1195946d7bbd6194de06d1f05f59d0744b5e84219aa0b8f427c020c477653164a21daea234c661f97f675a9829f07b6c166906626f781869a8043242eb7940c7bdf2940d419c003e881ce9bdb416a68725d15bc84a199d32f31f756bb9848b5a0cf64a58228519c5dfa9324456d0675df55f4482cf914b96dce03d34b598c60ed42de99b55c2fa08720038e8c123b1a9822541b27e1c8e4be0f64e59463634f7764bf5693fdbe28a9a107c8b2622941f526c01027bedfe901a4b3aadc1d0ee8b807736d129f00e97cb50a364de1be8c957694c39b9c15ad5cda20130a188db1394c9659949734c79374c0032115a3beb4e4ad7ba94254ed8e0d9e6bda24f1647a64e8afe9793e45ce0157379556cb80cdf7d8ca11bc37beb41ff42bda7b60a2f1256079218fcf9d14bfd6bbcccb968109fa3525b163811df625f05e54b61f79278c27810dd8949bfd487b3fe05e27d98893cf06bb556992b61fdd6e8e41034301f490d98dd6a16b700e3fbab8c045341da422080aca92d6031f0dd1f3d0602fa87d8fc48662f8565644415b4127d55f9f1d677ed9681613c515d40511960cf1ef3cc21fd2f5f29aa696ebd72c83ff954e63f9ac391611981d7b9f8fae0214bad85d3917560b08271e72bc429cda83652cff826d6803687b2ff69c5162b9ab87e738eb0ff5b397a1e6beebe7274104e85a313c439ab46971b7c8a48789dce247bcc1203bdbfa895bacd6d6bf2f65a9ea045dc5211b4f3da1760cad42474cb92f398a4f4b101661f0a74f13e8d9f89e58cfb2bf69b114a832d9aa12d7423766f01c83f9122b75409647ff4ee43656bb38a2403277b2354ecb36bce56ef109eae8f2e1da96c2817eb783133ee3541b485808fa36aa839965f3e7821a77311bd69f55e89e554460ea2acc88c88060fb97319638e3a6cc17f982e699786012e534412eb86e3b98997bfea593b1af568bfe7f4f04f946c16cd911dcadeda77f65399054a3197bc48ab27f92b0afe4fca477e400dc9566106ab465e51255f79c294b60a7fb9947c987a3ff9b337518639dd433aa4b5412f1ce9855b15ba4805a8a908c4d0987d03158dd1322cf8166e9a31ee77e8cd147eabbe38b006071b2dc3e4e61f177bae7c02c38aa568042eb3405d95e95de5ddad725c3becad7522df157b9d795561c53f0e5dc4ba7a9bd33fce5e61be4ca0fa2648052dea3d65b190927cb25ad8ae02be0e08b0ccc8de48ab5bc8aa8d0cbabec42fa4022c7773f095ec4be498d6973583a43367aa3be3dd742c79ce0998b0e5fb8c57ee050ccd71d467074bebdbdc9e18f50b3e6cb61d958be3abebcd4edcf1990f23c220e82f23fe069df0063efde872d72d859201c589667c499573486ab14465760c59e908293c56cd4206190a12bd908c11aba266da72f6178ea8e0f7a62afdf9b79056f3896be609fc3707c5b3708e4594eecad22c1044a1fdef036a5b0f652f0fa9eb25f3f68fe6df734a7943752f2d2f20dbca31e9d6f937b6173e512eb289758a0e2d1a5a4df8db09780ee439e7ec7ba7da6ce796f06400408c199b7086a6784045c214710ef3da2ed0505ebaceddbffa58a958a7eb311cf8362bc0b7b1e91f11979d03bd77edbb4331016cc02a4eaf771eb601901fd1d7dfc3cc3346cd2860024c685701eb9c7b97482ad39c5095bc6ef9fa11d7401b9170ee0357c16ce2beaa3b0c0da52a913a19ebf8481ab0fb9bf354d66464b38b1d80a9a9a62109366bfdb3a9389a24e53ff3fd2ebff8520823d4e5720e39f5c9e6a6945476d33d28ba7b42286809c53b2a7a2fc4b030c1bce410cb70e9f12acdfeec869c32c93d20625ecca44a2364dda748209b27a4ba8c293ab3ea74be3e0e27ec3da1db4920768b80463a43f37d8c04b66facbae9a8f28229c260b35338913380bfba3d00236d47906223719040f929d1d90a1db1fe58d9a5395b30afa3fc6ac2fce5ce0978068dc50273d71b8cd1503373e4a7c27a3c8e8715c650431a0cd719290faede1c663a5cec4095170bbc4a2d41890c41a392e2da9d20a826604d5bc83743501ba27e80f9d4aa8aa353f3766a1ff1c266ca1caf878984b7686dd51f47d4aabd78beb3271367446b51af9723f417de2c4a5471e1a6e1911d6514f3eed8a4e22a4b50410d2fa15747764041b4c282336c6cdf7b957098d8b44cb4b0087856205dc05483ddcc40ee6fef8e1bd43cea6f0f09f6c2b26424560bc66df951f0b3d1df8d1bc6e51343dc26ca8c801440f7505f6bd531222ee720ad390a0c35e4ad16d6b7e35f82d91d4bcb995d34c83b46722acb46", 0x1000, 0xff7, 0x0, 0x0, r13}, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x3, 0x5, r2, &(0x7f0000001740)="c5125a4bf0c69db52f219d3bf61650270d4996cb970e15c8d4d7867b0cfcd746ddf993e81cd3289cb192b6193a7b2b1895fd1ef96178d8a22c5276d570ebac95dfa8734fe92d46248c412e5529195149406ae7c66d2a46c968d58b228777e7c04a25f973b4732e0f39920901908a3702787e", 0x72, 0x9, 0x0, 0x1, r14}]) setreuid(r9, r11) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7, 0x0, 0x3}, 0x18) r15 = syz_open_dev$loop(&(0x7f0000000040), 0x59c0ffb3, 0x48100) ioctl$BLKTRACESETUP(r15, 0xc0481273, &(0x7f0000000080)={'\x00', 0x8, 0x7, 0x4, 0x9, 0x7fffffffffffffff, 0xffffffffffffffff}) ioctl$BLKTRACETEARDOWN(r15, 0x1276, 0x0) 515.024298ms ago: executing program 1 (id=2135): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r5 = open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102) write$bt_hci(r5, &(0x7f00000001c0)={0x1, @pin_code_neg_reply={{0x40e, 0x6}, {@none}}}, 0xa) 426.252895ms ago: executing program 1 (id=2136): creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r0 = dup(0xffffffffffffffff) write$P9_RLERRORu(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102) 425.759185ms ago: executing program 3 (id=2137): r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x80001, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0xfe, 0x0, 0x7ffc0002}]}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000000100000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x18) sendfile(r1, r0, 0x0, 0x3ffff) (fail_nth: 2) 123.94472ms ago: executing program 3 (id=2138): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0xfc, 0x0, 0x7ffc0002}]}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="9eff0100", @ANYRES16=r1, @ANYBLOB="31830000000000000000190000000c0001800800030001000000"], 0x20}, 0x1, 0x0, 0x0, 0x841}, 0x0) r2 = bpf$MAP_CREATE(0x0, 0x0, 0xffffffffffffff89) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000019240)=@IORING_OP_CLOSE={0x13, 0x4e, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r3}}) io_uring_enter(0xffffffffffffffff, 0x92, 0x1, 0x0, 0x0, 0x0) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$setregs(0xd, r4, 0x0, &(0x7f00000003c0)) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000194c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001", @ANYRES8=r2, @ANYRES64=r2], 0x7c}}, 0x4004944) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(0xffffffffffffffff, &(0x7f0000019480)={&(0x7f0000019200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000019440)={&(0x7f0000019680)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="1000253d7000ffdbdf2545000000080001007063690011000200303030303a30303a31302e300000000008008e00000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000007008e00000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e0001000000080001007063690011000200303030303a30303a31302e300000000008008e0003000000080001007063690011000200303030303a30303a31302e300000000008008e0001000000080001007063690011000200303030303a30303a31302e300000000008008e0003000000", @ANYRES16=r6, @ANYRESHEX=r6], 0x144}, 0x1, 0x0, 0x0, 0x880}, 0x20008845) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYRESDEC=r3], 0x64}, 0x1, 0x0, 0x0, 0x8080}, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x9) r7 = gettid() r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) read$ptp(r8, 0x0, 0x0) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x4, @tid=r7}, &(0x7f0000bbdffc)) r9 = syz_clone(0x150180080, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x0) syz_open_procfs(r9, &(0x7f0000000000)='map_files\x00') mq_notify(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x16, 0x0, @tid=r4}) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r8, &(0x7f0000019800)=""/102400, 0x19000, 0x2) ptrace$PTRACE_SETSIGMASK(0x420b, r9, 0x8, &(0x7f0000000080)={[0x9]}) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x5512, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, r2, 0x12) socket$inet6_sctp(0xa, 0x5, 0x84) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) 116.09272ms ago: executing program 2 (id=2139): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffff", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x13, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) unshare(0x2c020400) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000001480), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x100) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 103.407761ms ago: executing program 1 (id=2140): creat(&(0x7f00000000c0)='./file0\x00', 0x48) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r0 = dup(0xffffffffffffffff) write$P9_RLERRORu(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r1}, &(0x7f0000000800), &(0x7f0000000840)}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102) 74.259774ms ago: executing program 4 (id=2141): socket$nl_route(0x10, 0x3, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0xa) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15) pipe2$9p(&(0x7f0000000000), 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20082, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6}) ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000c40)={0x0, 0xfe72}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 43.513406ms ago: executing program 1 (id=2142): open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) (fail_nth: 2) 20.036938ms ago: executing program 2 (id=2143): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x14, r3, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}}, 0x14}}, 0x0) 19.435138ms ago: executing program 1 (id=2144): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup(r2) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x4, 0x0, 0x0) 0s ago: executing program 2 (id=2145): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYRESHEX, @ANYRESDEC, @ANYRESDEC, @ANYBLOB="f3a384840fccc7a49ed51d2404f05924d580f5bce1695cb5b900ab0ac5bb7b79563bf6f7e0f5fb440a5ce6f1844567430c5eb3160a568272f3373cf4a6a2ed03b913db544eedb43f2633b34e386d260dd74be0f7e244332afe5ef7583a7f724996b49dc443804b5c9fa3c81ed6ac9fb607006395042b913b057c713272"], 0x48) (async) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="e5065243000005080000827498e8ff0000c1c13422cf5e6a4dda2e65b15e68efa1740baff42eaca1874ed86f12b652f3c0458d1fe7312ed410bfde636b589934e7884f6069a437a495531b2a63abb35d6e73ce8c352801ecc59f0a20841faa51fac875bfa549500af7839edbaa312b465dab844b98e2efc30e77ca6cb32d2ff6cdc8b8ac3a69ce8baca157ecea77ca9ed62177378baca77d6ee451c7b7e47c2ed43baeeeaef67adf618c214ba106ce1dd2da883f60dfee51269d1a1ce6d66d7e48094596bbb16b1400000000000000000000000000000000006d553b76826f0be7d984750ba7cb41f5cf5b02d0ee95962908373b09b25a3140c9338c4695cd5509ac5868e584c08bdca77703d30385e9c4b21e6bb3fc6db2478e80edeacade8c3daa74ea9e56bccf9244ebc53899f49a8e3948f8b4a7fd979fa7e1633cea96ae9e3b79c9c6447329a848255c970d92821d32c255b9ccdceaa6f30533ca0960462dde2eeca7a0761233fdad334184beb4252e675586950b6c1a271d0a2c7bc3f6e7fd7c"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x40010) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) (async) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xf, 0x10, &(0x7f0000000800)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0xffffbff8, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000001c0)='kfree\x00', r4}, 0x18) (async) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1000010000000000000000000000000018110000", @ANYRESHEX=r4, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) socket$inet6(0xa, 0x1, 0x0) (async) rt_sigaction(0x14, &(0x7f00000002c0)={&(0x7f0000000240)="f7149443300726662e66dec4c462818e7f0041d28800000000816e07f9000000260f4e9e874b00008f89f890c60f0d505b3e67410ff539", 0x0, &(0x7f0000000280)="0f01fcc4e2112eb700000000c4612d6a55b766420f383ab035000000460faac403995c1000c482592e4221c403e57e370cc4827d32334723ac1800800000", {[0x40]}}, &(0x7f0000000400)={&(0x7f0000000340)="f3acc402e5905cd086c4a14b7c5f862ef242ad47d8ef660fd26f7440f8c4e18ddd5435e966666f363e67440fe28289228cdb", 0x0, &(0x7f00000003c0)="42750bc46291f7a20e000000c48279222fdcf3c4e1f1dfdd419dc4a2658cac05a60500006666470f3a0c59e1003ef240deee473dce000000"}, 0x8, &(0x7f0000000580)) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='kmem_cache_free\x00', r6, 0x0, 0x6}, 0x18) (async, rerun: 32) r7 = socket$packet(0x11, 0x3, 0x300) (rerun: 32) ioctl$sock_SIOCGIFINDEX(r7, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00', 0x0}) bind$packet(r7, &(0x7f0000000080)={0x11, 0x1a, r8, 0x1, 0x1, 0x6, @broadcast}, 0x14) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x7fff}, 0x18) (async) r9 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r9, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xff, 0x7ffc1ffd}]}) (async) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESOCT=r9], &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r10}, 0x10) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="00000100000000000000000000005ea96d1300004e67ed521d3b9ddecdabd87eb0528adc276cf9d2dcde55ecabe7d4d6d33accd5d992d8e5a25fe8ccf090b0b1e0f5a4550901544bb1a10488c7dadc329c5718c281c5f7244ac6c27d8b25c8a53b71f914348e3f7a0e23c90ee658a2311de67acabed6e951f69664079a12c2ab82712cba5732f84a48bc5178b22d5e8d6a", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r12}, &(0x7f0000000a00), &(0x7f0000000a40)=r11}, 0x20) (async) add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) (async) add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) kernel console output (not intermixed with test programs): dump_stack+0x15/0x1b [ 87.174980][ T7068] should_fail_ex+0x265/0x280 [ 87.175003][ T7068] ? alloc_fs_context+0x44/0x4e0 [ 87.175153][ T7068] should_failslab+0x8c/0xb0 [ 87.175180][ T7068] __kmalloc_cache_noprof+0x4c/0x320 [ 87.175243][ T7068] alloc_fs_context+0x44/0x4e0 [ 87.175323][ T7068] ? security_capable+0x83/0x90 [ 87.175349][ T7068] fs_context_for_reconfigure+0x42/0x50 [ 87.175374][ T7068] path_mount+0x9ec/0xb20 [ 87.175398][ T7068] ? user_path_at+0x109/0x130 [ 87.175433][ T7068] __se_sys_mount+0x28f/0x2e0 [ 87.175529][ T7068] ? fput+0x8f/0xc0 [ 87.175562][ T7068] __x64_sys_mount+0x67/0x80 [ 87.175658][ T7068] x64_sys_call+0x2b4d/0x2ff0 [ 87.175681][ T7068] do_syscall_64+0xd2/0x200 [ 87.175812][ T7068] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 87.175839][ T7068] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 87.175864][ T7068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.175921][ T7068] RIP: 0033:0x7effb6baebe9 [ 87.175937][ T7068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.175957][ T7068] RSP: 002b:00007effb5617038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 87.175978][ T7068] RAX: ffffffffffffffda RBX: 00007effb6dd5fa0 RCX: 00007effb6baebe9 [ 87.175992][ T7068] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000000 [ 87.176005][ T7068] RBP: 00007effb5617090 R08: 0000000000000000 R09: 0000000000000000 [ 87.176065][ T7068] R10: 0000000000000021 R11: 0000000000000246 R12: 0000000000000001 [ 87.176078][ T7068] R13: 00007effb6dd6038 R14: 00007effb6dd5fa0 R15: 00007ffcff04a128 [ 87.176105][ T7068] [ 87.179798][ T7090] 9pnet_fd: Insufficient options for proto=fd [ 87.196040][ T3300] EXT4-fs error (device loop4): __ext4_get_inode_loc:4861: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 87.196131][ T3300] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 87.196188][ T3300] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz-executor: mark_inode_dirty error [ 87.259807][ T7079] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.307243][ T7101] loop2: detected capacity change from 0 to 128 [ 87.307936][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.313178][ T7101] vfat: Unknown parameter 'ÿÿÿÿ' [ 87.320376][ T7089] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1291'. [ 87.425939][ T7104] lo speed is unknown, defaulting to 1000 [ 87.549494][ T7110] siw: device registration error -23 [ 87.596470][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.607549][ T7116] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7116 comm=syz.1.1304 [ 87.754474][ T7127] loop1: detected capacity change from 0 to 128 [ 87.767624][ T7127] vfat: Unknown parameter 'ÿÿÿÿ' [ 87.829544][ T7132] loop1: detected capacity change from 0 to 1024 [ 87.850719][ T7132] ext4 filesystem being mounted at /263/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 87.897059][ T7138] loop4: detected capacity change from 0 to 2048 [ 87.953626][ T7132] lo speed is unknown, defaulting to 1000 [ 88.104766][ T7152] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7152 comm=syz.1.1315 [ 88.151521][ T7156] loop0: detected capacity change from 0 to 1024 [ 88.188587][ T7156] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.1318: Allocating blocks 449-513 which overlap fs metadata [ 88.214674][ T7156] SELinux: Context @ is not valid (left unmapped). [ 88.219835][ T7162] lo speed is unknown, defaulting to 1000 [ 88.221703][ T7156] EXT4-fs (loop0): pa ffff8881072fb2a0: logic 48, phys. 177, len 21 [ 88.235167][ T7156] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 88.251128][ T7156] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1318'. [ 88.259568][ T7164] siw: device registration error -23 [ 88.340001][ T7166] loop2: detected capacity change from 0 to 128 [ 88.346731][ T7166] vfat: Unknown parameter 'ÿÿÿÿ' [ 88.647121][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 88.769309][ T7194] loop1: detected capacity change from 0 to 128 [ 88.784149][ T7194] vfat: Unknown parameter 'ÿÿÿÿ' [ 88.863899][ T7197] lo speed is unknown, defaulting to 1000 [ 88.894757][ T7200] siw: device registration error -23 [ 88.913770][ T7190] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 88.924673][ T7190] netlink: 8 bytes leftover after parsing attributes in process `+}[@'. [ 89.128358][ T7214] loop1: detected capacity change from 0 to 1024 [ 89.159242][ T7214] ext4 filesystem being mounted at /273/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.181748][ T7219] loop0: detected capacity change from 0 to 1024 [ 89.236565][ T7223] loop3: detected capacity change from 0 to 1024 [ 89.245531][ T7219] ext4 filesystem being mounted at /272/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.265075][ T7223] ext4 filesystem being mounted at /269/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.296575][ T7214] lo speed is unknown, defaulting to 1000 [ 89.316338][ T7219] lo speed is unknown, defaulting to 1000 [ 89.345080][ T7231] loop4: detected capacity change from 0 to 128 [ 89.356414][ T7223] lo speed is unknown, defaulting to 1000 [ 89.357015][ T7231] vfat: Unknown parameter 'ÿÿÿÿ' [ 89.540121][ T7244] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1348'. [ 89.676736][ T3408] net_ratelimit: 1 callbacks suppressed [ 89.676754][ T3408] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 89.753390][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 89.779557][ T7260] loop2: detected capacity change from 0 to 1024 [ 89.795327][ T7260] ext4 filesystem being mounted at /287/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.807524][ T29] kauditd_printk_skb: 629 callbacks suppressed [ 89.807540][ T29] audit: type=1326 audit(1755000845.008:10265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7259 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 89.846533][ T29] audit: type=1326 audit(1755000845.029:10266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7259 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 89.848593][ T7265] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1346'. [ 89.870112][ T29] audit: type=1326 audit(1755000845.029:10267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7259 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 89.902732][ T29] audit: type=1326 audit(1755000845.029:10268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7259 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 89.926537][ T29] audit: type=1326 audit(1755000845.029:10269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7259 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 89.950559][ T29] audit: type=1326 audit(1755000845.029:10270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7259 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 89.974211][ T29] audit: type=1326 audit(1755000845.029:10271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7259 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 89.975701][ T7270] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1357'. [ 89.997783][ T29] audit: type=1326 audit(1755000845.029:10272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7259 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 90.010627][ T7271] loop0: detected capacity change from 0 to 128 [ 90.030405][ T29] audit: type=1326 audit(1755000845.029:10273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7259 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 90.060262][ T29] audit: type=1326 audit(1755000845.029:10274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7259 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 90.084847][ T7271] vfat: Unknown parameter 'ÿÿÿÿ' [ 90.104235][ T7270] bond1: entered promiscuous mode [ 90.109319][ T7270] bond1: entered allmulticast mode [ 90.114919][ T7270] 8021q: adding VLAN 0 to HW filter on device bond1 [ 90.141089][ T7269] lo speed is unknown, defaulting to 1000 [ 90.249096][ T7287] siw: device registration error -23 [ 90.330243][ T7282] lo speed is unknown, defaulting to 1000 [ 90.550505][ T7304] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1369'. [ 90.621466][ T7304] bond1: entered promiscuous mode [ 90.626657][ T7304] bond1: entered allmulticast mode [ 90.662785][ T7304] 8021q: adding VLAN 0 to HW filter on device bond1 [ 90.715496][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.782460][ T7316] loop3: detected capacity change from 0 to 1024 [ 90.850271][ T7316] ext4 filesystem being mounted at /278/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.930777][ T7330] lo speed is unknown, defaulting to 1000 [ 90.985268][ T7316] lo speed is unknown, defaulting to 1000 [ 91.140788][ T7346] mmap: syz.3.1385 (7346) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 91.151143][ T7347] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1377'. [ 91.218360][ T7352] bond1: entered promiscuous mode [ 91.223477][ T7352] bond1: entered allmulticast mode [ 91.229035][ T7352] 8021q: adding VLAN 0 to HW filter on device bond1 [ 91.421437][ T7369] loop2: detected capacity change from 0 to 1024 [ 91.453822][ T7369] ext4 filesystem being mounted at /296/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.515122][ T7369] lo speed is unknown, defaulting to 1000 [ 91.579937][ T7384] loop1: detected capacity change from 0 to 128 [ 91.588409][ T7384] vfat: Unknown parameter '' [ 91.677373][ T36] hid-generic 0000:0003:0000.0010: unknown main item tag 0x0 [ 91.684863][ T36] hid-generic 0000:0003:0000.0010: unknown main item tag 0x0 [ 91.692962][ T7399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 91.701788][ T7399] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 91.713714][ T36] hid-generic 0000:0003:0000.0010: hidraw0: HID v0.03 Device [syz0] on syz0 [ 91.726121][ T7399] __nla_validate_parse: 1 callbacks suppressed [ 91.726138][ T7399] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1404'. [ 91.751910][ T7399] 9pnet_fd: Insufficient options for proto=fd [ 91.760279][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 91.779632][ T7400] fido_id[7400]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 91.815086][ T7406] pim6reg1: entered promiscuous mode [ 91.886060][ T7414] loop0: detected capacity change from 0 to 128 [ 91.892785][ T7414] vfat: Unknown parameter '' [ 91.933204][ T7419] loop0: detected capacity change from 0 to 1024 [ 91.954305][ T7419] ext4 filesystem being mounted at /284/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.040560][ T7419] lo speed is unknown, defaulting to 1000 [ 92.314370][ T7446] pim6reg1: entered promiscuous mode [ 92.341922][ T7448] loop2: detected capacity change from 0 to 1024 [ 92.363480][ T7448] EXT4-fs error (device loop2): ext4_xattr_inode_iget:437: inode #11: comm syz.2.1423: missing EA_INODE flag [ 92.376595][ T7448] EXT4-fs (loop2): Remounting filesystem read-only [ 92.422535][ T7453] loop2: detected capacity change from 0 to 128 [ 92.437283][ T7453] vfat: Unknown parameter '' [ 92.510228][ T7461] loop0: detected capacity change from 0 to 1024 [ 92.540886][ T7461] EXT4-fs error (device loop0): ext4_xattr_inode_iget:437: inode #11: comm syz.0.1428: missing EA_INODE flag [ 92.616991][ T7461] EXT4-fs (loop0): Remounting filesystem read-only [ 92.617027][ T7471] FAULT_INJECTION: forcing a failure. [ 92.617027][ T7471] name failslab, interval 1, probability 0, space 0, times 0 [ 92.636328][ T7471] CPU: 1 UID: 0 PID: 7471 Comm: syz.0.1428 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 92.636361][ T7471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 92.636375][ T7471] Call Trace: [ 92.636392][ T7471] [ 92.636400][ T7471] __dump_stack+0x1d/0x30 [ 92.636422][ T7471] dump_stack_lvl+0xe8/0x140 [ 92.636458][ T7471] dump_stack+0x15/0x1b [ 92.636477][ T7471] should_fail_ex+0x265/0x280 [ 92.636600][ T7471] should_failslab+0x8c/0xb0 [ 92.636624][ T7471] kmem_cache_alloc_noprof+0x50/0x310 [ 92.636728][ T7471] ? mb_cache_entry_create+0xf0/0x540 [ 92.636759][ T7471] ? check_xattrs+0x5e3/0x7d0 [ 92.636798][ T7471] mb_cache_entry_create+0xf0/0x540 [ 92.636951][ T7471] ext4_xattr_get+0x298/0x470 [ 92.636982][ T7471] ext4_xattr_security_get+0x32/0x40 [ 92.637008][ T7471] ? __pfx_ext4_xattr_security_get+0x10/0x10 [ 92.637035][ T7471] __vfs_getxattr+0x2ad/0x2c0 [ 92.637082][ T7471] cap_inode_need_killpriv+0x2e/0x50 [ 92.637120][ T7471] security_inode_need_killpriv+0x36/0x70 [ 92.637225][ T7471] file_remove_privs_flags+0x123/0x320 [ 92.637299][ T7471] ? selinux_file_open+0x2df/0x330 [ 92.637346][ T7471] ? __rcu_read_unlock+0x4f/0x70 [ 92.637369][ T7471] file_modified_flags+0x32/0x350 [ 92.637404][ T7471] file_modified+0x17/0x20 [ 92.637443][ T7471] ext4_buffered_write_iter+0x1d0/0x3c0 [ 92.637522][ T7471] ? ext4_file_write_iter+0xfe/0xf00 [ 92.637599][ T7471] ext4_file_write_iter+0x383/0xf00 [ 92.637631][ T7471] ? path_openat+0x1bf8/0x2170 [ 92.637649][ T7471] ? _parse_integer_limit+0x170/0x190 [ 92.637735][ T7471] do_iter_readv_writev+0x49c/0x540 [ 92.637760][ T7471] vfs_writev+0x2df/0x8b0 [ 92.637904][ T7471] __se_sys_pwritev2+0xfc/0x1c0 [ 92.637934][ T7471] __x64_sys_pwritev2+0x67/0x80 [ 92.637957][ T7471] x64_sys_call+0x2c55/0x2ff0 [ 92.637977][ T7471] do_syscall_64+0xd2/0x200 [ 92.638058][ T7471] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 92.638086][ T7471] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 92.638110][ T7471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.638130][ T7471] RIP: 0033:0x7fcbe4d0ebe9 [ 92.638221][ T7471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.638275][ T7471] RSP: 002b:00007fcbe3756038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 92.638299][ T7471] RAX: ffffffffffffffda RBX: 00007fcbe4f36090 RCX: 00007fcbe4d0ebe9 [ 92.638314][ T7471] RDX: 0000000000000001 RSI: 00002000000015c0 RDI: 0000000000000004 [ 92.638329][ T7471] RBP: 00007fcbe3756090 R08: 0000000000000000 R09: 00000000000000a0 [ 92.638344][ T7471] R10: 00000000000ffff7 R11: 0000000000000246 R12: 0000000000000001 [ 92.638358][ T7471] R13: 00007fcbe4f36128 R14: 00007fcbe4f36090 R15: 00007ffe6adbab68 [ 92.638379][ T7471] [ 92.917362][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 92.925539][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 92.961648][ T7475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.970735][ T3409] hid-generic 0000:0003:0000.0011: unknown main item tag 0x0 [ 92.978309][ T3409] hid-generic 0000:0003:0000.0011: unknown main item tag 0x0 [ 92.995481][ T7475] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 93.003933][ T3409] hid-generic 0000:0003:0000.0011: hidraw0: HID v0.03 Device [syz0] on syz0 [ 93.029151][ T7475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1433'. [ 93.040316][ T7475] 9pnet_fd: Insufficient options for proto=fd [ 93.050033][ T7478] fido_id[7478]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 93.058598][ T7481] pim6reg1: entered promiscuous mode [ 93.139230][ T7485] loop1: detected capacity change from 0 to 128 [ 93.145993][ T7485] vfat: Unknown parameter '' [ 93.306572][ T7501] FAULT_INJECTION: forcing a failure. [ 93.306572][ T7501] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 93.319793][ T7501] CPU: 0 UID: 0 PID: 7501 Comm: syz.2.1444 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 93.319825][ T7501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 93.319840][ T7501] Call Trace: [ 93.319892][ T7501] [ 93.319900][ T7501] __dump_stack+0x1d/0x30 [ 93.319922][ T7501] dump_stack_lvl+0xe8/0x140 [ 93.319940][ T7501] dump_stack+0x15/0x1b [ 93.319975][ T7501] should_fail_ex+0x265/0x280 [ 93.319997][ T7501] should_fail+0xb/0x20 [ 93.320016][ T7501] should_fail_usercopy+0x1a/0x20 [ 93.320113][ T7501] strncpy_from_user+0x25/0x230 [ 93.320154][ T7501] ? __fget_files+0x184/0x1c0 [ 93.320182][ T7501] __se_sys_add_key+0x86/0x350 [ 93.320206][ T7501] __x64_sys_add_key+0x67/0x80 [ 93.320289][ T7501] x64_sys_call+0x28c4/0x2ff0 [ 93.320309][ T7501] do_syscall_64+0xd2/0x200 [ 93.320405][ T7501] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 93.320429][ T7501] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 93.320456][ T7501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.320479][ T7501] RIP: 0033:0x7f28af05ebe9 [ 93.320494][ T7501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.320541][ T7501] RSP: 002b:00007f28adabf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 93.320562][ T7501] RAX: ffffffffffffffda RBX: 00007f28af285fa0 RCX: 00007f28af05ebe9 [ 93.320574][ T7501] RDX: 00002000000000c0 RSI: 0000000000000000 RDI: 0000200000000380 [ 93.320586][ T7501] RBP: 00007f28adabf090 R08: fffffffffffffffd R09: 0000000000000000 [ 93.320597][ T7501] R10: 000000000000001c R11: 0000000000000246 R12: 0000000000000001 [ 93.320609][ T7501] R13: 00007f28af286038 R14: 00007f28af285fa0 R15: 00007ffcd7732a88 [ 93.320626][ T7501] [ 93.540148][ T7505] loop4: detected capacity change from 0 to 764 [ 93.549571][ T7505] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 93.594709][ T7512] loop4: detected capacity change from 0 to 128 [ 93.604157][ T7512] vfat: Unknown parameter '' [ 93.636448][ T7514] pim6reg1: entered promiscuous mode [ 93.651106][ T7519] FAULT_INJECTION: forcing a failure. [ 93.651106][ T7519] name failslab, interval 1, probability 0, space 0, times 0 [ 93.664190][ T7519] CPU: 1 UID: 0 PID: 7519 Comm: syz.4.1451 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 93.664255][ T7519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 93.664269][ T7519] Call Trace: [ 93.664275][ T7519] [ 93.664283][ T7519] __dump_stack+0x1d/0x30 [ 93.664307][ T7519] dump_stack_lvl+0xe8/0x140 [ 93.664328][ T7519] dump_stack+0x15/0x1b [ 93.664346][ T7519] should_fail_ex+0x265/0x280 [ 93.664405][ T7519] should_failslab+0x8c/0xb0 [ 93.664429][ T7519] kmem_cache_alloc_noprof+0x50/0x310 [ 93.664460][ T7519] ? audit_log_start+0x365/0x6c0 [ 93.664520][ T7519] audit_log_start+0x365/0x6c0 [ 93.664557][ T7519] audit_seccomp+0x48/0x100 [ 93.664618][ T7519] ? __seccomp_filter+0x68c/0x10d0 [ 93.664649][ T7519] __seccomp_filter+0x69d/0x10d0 [ 93.664675][ T7519] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 93.664707][ T7519] ? vfs_write+0x7e8/0x960 [ 93.664732][ T7519] ? __rcu_read_unlock+0x4f/0x70 [ 93.664769][ T7519] ? __fget_files+0x184/0x1c0 [ 93.664837][ T7519] __secure_computing+0x82/0x150 [ 93.664866][ T7519] syscall_trace_enter+0xcf/0x1e0 [ 93.664892][ T7519] do_syscall_64+0xac/0x200 [ 93.664998][ T7519] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 93.665026][ T7519] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 93.665051][ T7519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.665071][ T7519] RIP: 0033:0x7effb6baebe9 [ 93.665086][ T7519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.665126][ T7519] RSP: 002b:00007effb5617038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 93.665146][ T7519] RAX: ffffffffffffffda RBX: 00007effb6dd5fa0 RCX: 00007effb6baebe9 [ 93.665160][ T7519] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000007 [ 93.665182][ T7519] RBP: 00007effb5617090 R08: 0000000000000101 R09: 0000000000000000 [ 93.665195][ T7519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.665208][ T7519] R13: 00007effb6dd6038 R14: 00007effb6dd5fa0 R15: 00007ffcff04a128 [ 93.665307][ T7519] [ 93.771357][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 93.922141][ T7534] loop3: detected capacity change from 0 to 128 [ 93.930128][ T7534] vfat: Unknown parameter 'ÿÿÿÿ18446744073709551615' [ 93.937399][ T7532] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.947263][ T7532] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.993560][ T2955] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 94.012041][ T7539] loop2: detected capacity change from 0 to 1024 [ 94.033725][ T7532] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 94.042964][ T7546] loop0: detected capacity change from 0 to 512 [ 94.043627][ T7532] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.062319][ T7539] ext4 filesystem being mounted at /312/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.062435][ T7546] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 94.098932][ T7546] EXT4-fs (loop0): failed to initialize system zone (-117) [ 94.132178][ T7546] EXT4-fs (loop0): mount failed [ 94.143085][ T7532] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 94.153019][ T7532] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.187389][ T7539] lo speed is unknown, defaulting to 1000 [ 94.251650][ T7532] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 94.261535][ T7532] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.320390][ T7561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 94.329475][ T1036] hid-generic 0000:0003:0000.0012: unknown main item tag 0x0 [ 94.331102][ T7561] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 94.336966][ T1036] hid-generic 0000:0003:0000.0012: unknown main item tag 0x0 [ 94.365031][ T38] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.365126][ T1036] hid-generic 0000:0003:0000.0012: hidraw0: HID v0.03 Device [syz0] on syz0 [ 94.373331][ T38] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.406298][ T7561] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1465'. [ 94.421827][ T7562] fido_id[7562]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 94.429847][ T7563] loop0: detected capacity change from 0 to 512 [ 94.442015][ T38] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.450299][ T38] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.460660][ T7561] 9pnet_fd: Insufficient options for proto=fd [ 94.478264][ T38] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.486682][ T38] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.499788][ T7563] EXT4-fs (loop0): too many log groups per flexible block group [ 94.507608][ T7563] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 94.520874][ T7563] EXT4-fs (loop0): mount failed [ 94.548126][ T38] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.556428][ T38] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.573088][ T1036] hid-generic 0000:0003:0000.0013: unknown main item tag 0x0 [ 94.580564][ T1036] hid-generic 0000:0003:0000.0013: unknown main item tag 0x0 [ 94.588964][ T7569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 94.603275][ T1036] hid-generic 0000:0003:0000.0013: hidraw0: HID v0.03 Device [syz0] on syz0 [ 94.616744][ T7569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 94.631729][ T7569] 9pnet_fd: Insufficient options for proto=fd [ 94.644597][ T7570] fido_id[7570]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 95.032367][ T1036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 95.040546][ T1036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 95.048912][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 95.108251][ T7582] FAULT_INJECTION: forcing a failure. [ 95.108251][ T7582] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 95.121503][ T7582] CPU: 0 UID: 0 PID: 7582 Comm: syz.3.1471 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 95.121599][ T7582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 95.121611][ T7582] Call Trace: [ 95.121616][ T7582] [ 95.121623][ T7582] __dump_stack+0x1d/0x30 [ 95.121645][ T7582] dump_stack_lvl+0xe8/0x140 [ 95.121665][ T7582] dump_stack+0x15/0x1b [ 95.121685][ T7582] should_fail_ex+0x265/0x280 [ 95.121754][ T7582] should_fail+0xb/0x20 [ 95.121774][ T7582] should_fail_usercopy+0x1a/0x20 [ 95.121799][ T7582] _copy_from_user+0x1c/0xb0 [ 95.121835][ T7582] get_timespec64+0x4c/0x100 [ 95.121883][ T7582] __x64_sys_recvmmsg+0xa3/0x170 [ 95.121970][ T7582] x64_sys_call+0x27a6/0x2ff0 [ 95.121992][ T7582] do_syscall_64+0xd2/0x200 [ 95.122015][ T7582] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 95.122134][ T7582] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 95.122160][ T7582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.122186][ T7582] RIP: 0033:0x7f6d7128ebe9 [ 95.122203][ T7582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.122291][ T7582] RSP: 002b:00007f6d6fcf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 95.122313][ T7582] RAX: ffffffffffffffda RBX: 00007f6d714b5fa0 RCX: 00007f6d7128ebe9 [ 95.122329][ T7582] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 95.122342][ T7582] RBP: 00007f6d6fcf7090 R08: 0000200000003700 R09: 0000000000000000 [ 95.122356][ T7582] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001 [ 95.122370][ T7582] R13: 00007f6d714b6038 R14: 00007f6d714b5fa0 R15: 00007ffd59e6c0b8 [ 95.122390][ T7582] [ 95.308392][ T29] kauditd_printk_skb: 657 callbacks suppressed [ 95.308406][ T29] audit: type=1326 audit(1755000850.511:10930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7585 comm="syz.0.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 95.338144][ T29] audit: type=1326 audit(1755000850.511:10931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7585 comm="syz.0.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 95.338240][ T7584] loop1: detected capacity change from 0 to 8192 [ 95.361761][ T29] audit: type=1326 audit(1755000850.511:10932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7585 comm="syz.0.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 95.370567][ T7587] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=7587 comm=syz.1.1472 [ 95.391579][ T29] audit: type=1326 audit(1755000850.511:10933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7585 comm="syz.0.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 95.391613][ T29] audit: type=1326 audit(1755000850.511:10934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7585 comm="syz.0.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 95.391640][ T29] audit: type=1326 audit(1755000850.511:10935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7585 comm="syz.0.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 95.474843][ T29] audit: type=1326 audit(1755000850.511:10936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7585 comm="syz.0.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 95.498363][ T29] audit: type=1326 audit(1755000850.511:10937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7585 comm="syz.0.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 95.522002][ T29] audit: type=1326 audit(1755000850.511:10938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7585 comm="syz.0.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 95.545502][ T29] audit: type=1326 audit(1755000850.511:10939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7585 comm="syz.0.1473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 95.593382][ T7594] loop3: detected capacity change from 0 to 512 [ 95.600510][ T7594] ext4: Unknown parameter 'fowner<00000000000000000000' [ 95.605030][ T4305] loop1: p3 p4 < > [ 95.615366][ T4305] loop1: p3 size 33554432 extends beyond EOD, truncated [ 95.637459][ T7584] loop1: p3 p4 < > [ 95.642411][ T7584] loop1: p3 size 33554432 extends beyond EOD, truncated [ 95.665297][ T7598] 9pnet_fd: Insufficient options for proto=fd [ 95.748735][ T4305] udevd[4305]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 95.759793][ T3519] udevd[3519]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 95.771071][ T7602] loop1: detected capacity change from 0 to 2048 [ 95.792055][ T7608] FAULT_INJECTION: forcing a failure. [ 95.792055][ T7608] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 95.793150][ T36] hid-generic 0000:0003:0000.0014: unknown main item tag 0x0 [ 95.805166][ T7608] CPU: 0 UID: 0 PID: 7608 Comm: syz.4.1483 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 95.805193][ T7608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 95.805248][ T7608] Call Trace: [ 95.805256][ T7608] [ 95.805265][ T7608] __dump_stack+0x1d/0x30 [ 95.805288][ T7608] dump_stack_lvl+0xe8/0x140 [ 95.805308][ T7608] dump_stack+0x15/0x1b [ 95.805358][ T7608] should_fail_ex+0x265/0x280 [ 95.805380][ T7608] should_fail+0xb/0x20 [ 95.805398][ T7608] should_fail_usercopy+0x1a/0x20 [ 95.805420][ T7608] _copy_from_user+0x1c/0xb0 [ 95.805447][ T7608] vt_ioctl+0x98f/0x1880 [ 95.805577][ T7608] tty_ioctl+0x7de/0xb80 [ 95.805605][ T7608] ? __pfx_tty_ioctl+0x10/0x10 [ 95.805668][ T7608] __se_sys_ioctl+0xcb/0x140 [ 95.805701][ T7608] __x64_sys_ioctl+0x43/0x50 [ 95.805731][ T7608] x64_sys_call+0x1816/0x2ff0 [ 95.805811][ T7608] do_syscall_64+0xd2/0x200 [ 95.805883][ T7608] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 95.805908][ T7608] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 95.805932][ T7608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.806024][ T7608] RIP: 0033:0x7effb6baebe9 [ 95.806100][ T7608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.806118][ T7608] RSP: 002b:00007effb5617038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 95.806139][ T7608] RAX: ffffffffffffffda RBX: 00007effb6dd5fa0 RCX: 00007effb6baebe9 [ 95.806170][ T7608] RDX: 0000200000000080 RSI: 0000000000004b72 RDI: 0000000000000003 [ 95.806183][ T7608] RBP: 00007effb5617090 R08: 0000000000000000 R09: 0000000000000000 [ 95.806195][ T7608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.806208][ T7608] R13: 00007effb6dd6038 R14: 00007effb6dd5fa0 R15: 00007ffcff04a128 [ 95.806227][ T7608] [ 95.817979][ T4305] udevd[4305]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 95.825194][ T36] hid-generic 0000:0003:0000.0014: unknown main item tag 0x0 [ 95.836506][ T3294] udevd[3294]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 95.852308][ T7610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 95.952532][ T7618] loop2: detected capacity change from 0 to 512 [ 95.956604][ T7610] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.978255][ T7618] ext4: Unknown parameter 'fowner<00000000000000000000' [ 95.979992][ T7621] EXT4-fs error (device loop1): ext4_find_extent:939: inode #2: comm syz.1.1481: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 95.993101][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 96.008321][ T36] hid-generic 0000:0003:0000.0014: hidraw0: HID v0.03 Device [syz0] on syz0 [ 96.090918][ T2955] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 96.097629][ T7602] EXT4-fs error (device loop1): ext4_find_extent:939: inode #2: comm syz.1.1481: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 96.125346][ T7610] 9pnet_fd: Insufficient options for proto=fd [ 96.150911][ T7626] loop4: detected capacity change from 0 to 1024 [ 96.184211][ T7626] ext4 filesystem being mounted at /262/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.199393][ T7631] 9pnet_fd: Insufficient options for proto=fd [ 96.226822][ T7635] FAULT_INJECTION: forcing a failure. [ 96.226822][ T7635] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.239977][ T7635] CPU: 0 UID: 0 PID: 7635 Comm: syz.0.1492 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 96.240073][ T7635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 96.240084][ T7635] Call Trace: [ 96.240092][ T7635] [ 96.240100][ T7635] __dump_stack+0x1d/0x30 [ 96.240207][ T7635] dump_stack_lvl+0xe8/0x140 [ 96.240230][ T7635] dump_stack+0x15/0x1b [ 96.240352][ T7635] should_fail_ex+0x265/0x280 [ 96.240370][ T7635] should_fail+0xb/0x20 [ 96.240444][ T7635] should_fail_usercopy+0x1a/0x20 [ 96.240464][ T7635] _copy_to_user+0x20/0xa0 [ 96.240488][ T7635] simple_read_from_buffer+0xb5/0x130 [ 96.240507][ T7635] proc_fail_nth_read+0x10e/0x150 [ 96.240531][ T7635] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 96.240594][ T7635] vfs_read+0x1a8/0x770 [ 96.240612][ T7635] ? __rcu_read_unlock+0x4f/0x70 [ 96.240669][ T7635] ? __fget_files+0x184/0x1c0 [ 96.240698][ T7635] ksys_read+0xda/0x1a0 [ 96.240717][ T7635] __x64_sys_read+0x40/0x50 [ 96.240757][ T7635] x64_sys_call+0x27bc/0x2ff0 [ 96.240782][ T7635] do_syscall_64+0xd2/0x200 [ 96.240855][ T7635] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 96.240876][ T7635] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 96.240897][ T7635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.240965][ T7635] RIP: 0033:0x7fcbe4d0d5fc [ 96.240979][ T7635] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 96.240995][ T7635] RSP: 002b:00007fcbe3777030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 96.241014][ T7635] RAX: ffffffffffffffda RBX: 00007fcbe4f35fa0 RCX: 00007fcbe4d0d5fc [ 96.241026][ T7635] RDX: 000000000000000f RSI: 00007fcbe37770a0 RDI: 0000000000000005 [ 96.241037][ T7635] RBP: 00007fcbe3777090 R08: 0000000000000000 R09: 0000000000000000 [ 96.241048][ T7635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.241059][ T7635] R13: 00007fcbe4f36038 R14: 00007fcbe4f35fa0 R15: 00007ffe6adbab68 [ 96.241154][ T7635] [ 96.468739][ T7640] lo speed is unknown, defaulting to 1000 [ 96.506457][ T7643] netlink: 'syz.1.1497': attribute type 3 has an invalid length. [ 96.527131][ T7643] loop1: detected capacity change from 0 to 1024 [ 96.551459][ T7643] ext4 filesystem being mounted at /315/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.581543][ T7643] usb usb1: check_ctrlrecip: process 7643 (syz.1.1497) requesting ep 01 but needs 81 [ 96.591478][ T7643] vhci_hcd: default hub control req: 020f v0004 i0001 l0 [ 96.602773][ T7643] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 1: comm syz.1.1497: lblock 1 mapped to illegal pblock 1 (length 15) [ 96.618053][ T7643] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 96.630548][ T7643] EXT4-fs (loop1): This should not happen!! Data will be lost [ 96.630548][ T7643] [ 96.856796][ T7653] netlink: 8 bytes leftover after parsing attributes in process `+}[@'. [ 96.914608][ T7680] loop1: detected capacity change from 0 to 128 [ 96.925887][ T7680] vfat: Unknown parameter 'ÿÿÿÿ18446744073709551615' [ 96.998908][ T7688] lo speed is unknown, defaulting to 1000 [ 97.011500][ T7688] lo speed is unknown, defaulting to 1000 [ 97.017461][ T7688] lo speed is unknown, defaulting to 1000 [ 97.035205][ T7688] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 97.062168][ T7688] lo speed is unknown, defaulting to 1000 [ 97.068958][ T7693] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 97.078921][ T10] hid-generic 0000:0003:0000.0015: unknown main item tag 0x0 [ 97.086471][ T10] hid-generic 0000:0003:0000.0015: unknown main item tag 0x0 [ 97.094677][ T7688] lo speed is unknown, defaulting to 1000 [ 97.100773][ T7693] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 97.108839][ T7688] lo speed is unknown, defaulting to 1000 [ 97.115371][ T10] hid-generic 0000:0003:0000.0015: hidraw0: HID v0.03 Device [syz0] on syz0 [ 97.125579][ T7688] lo speed is unknown, defaulting to 1000 [ 97.128361][ T3408] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 97.132141][ T7688] lo speed is unknown, defaulting to 1000 [ 97.159618][ T7693] 9pnet_fd: Insufficient options for proto=fd [ 97.195322][ T7700] fido_id[7700]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 97.356012][ T7723] loop2: detected capacity change from 0 to 128 [ 97.363392][ T7723] vfat: Unknown parameter 'ÿÿÿÿ18446744073709551615' [ 97.506433][ T7734] loop2: detected capacity change from 0 to 1024 [ 97.583351][ T7734] EXT4-fs mount: 86 callbacks suppressed [ 97.583368][ T7734] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 97.602558][ T7734] ext4 filesystem being mounted at /329/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.680054][ T7734] lo speed is unknown, defaulting to 1000 [ 97.686221][ T7734] lo speed is unknown, defaulting to 1000 [ 97.760610][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 98.056170][ T3408] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 98.129880][ T3408] hid-generic 0000:0000:0000.0016: hidraw0: HID v0.00 Device [syz1] on syz0 [ 98.167349][ T7760] loop2: detected capacity change from 0 to 1024 [ 98.213819][ T2955] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 98.396052][ T3408] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0 [ 98.416249][ T7769] loop0: detected capacity change from 0 to 1024 [ 98.424229][ T3408] hid-generic 0000:0000:0000.0017: hidraw0: HID v0.00 Device [syz1] on syz0 [ 98.456510][ T7771] fido_id[7771]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 98.483249][ T7775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 98.492791][ T3409] hid-generic 0000:0003:0000.0018: unknown main item tag 0x0 [ 98.500281][ T3409] hid-generic 0000:0003:0000.0018: unknown main item tag 0x0 [ 98.509264][ T7775] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 98.522941][ T3409] hid-generic 0000:0003:0000.0018: hidraw0: HID v0.03 Device [syz0] on syz0 [ 98.535707][ T7775] 9pnet_fd: Insufficient options for proto=fd [ 98.546593][ T7776] fido_id[7776]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 98.606169][ T7777] fido_id[7777]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 98.621110][ T7779] loop3: detected capacity change from 0 to 1024 [ 98.671301][ T7779] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 98.686032][ T7779] ext4 filesystem being mounted at /309/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.757768][ T7793] lo speed is unknown, defaulting to 1000 [ 98.772337][ T7793] lo speed is unknown, defaulting to 1000 [ 98.813288][ T7779] lo speed is unknown, defaulting to 1000 [ 98.820274][ T7779] lo speed is unknown, defaulting to 1000 [ 98.887391][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 98.918466][ T7807] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1551'. [ 98.989003][ T7812] loop1: detected capacity change from 0 to 512 [ 98.995764][ T7812] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 99.012707][ T7812] EXT4-fs (loop1): failed to initialize system zone (-117) [ 99.021648][ T7812] EXT4-fs (loop1): mount failed [ 99.028774][ T3409] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 99.041264][ T7814] loop3: detected capacity change from 0 to 2048 [ 99.092158][ T7814] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.255062][ T7824] loop1: detected capacity change from 0 to 512 [ 99.272026][ T2955] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 99.287149][ T7824] EXT4-fs (loop1): too many log groups per flexible block group [ 99.294993][ T7824] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 99.307037][ T7824] EXT4-fs (loop1): mount failed [ 99.360405][ T7834] 9pnet_fd: Insufficient options for proto=fd [ 99.508564][ T3409] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 99.853115][ T7847] lo speed is unknown, defaulting to 1000 [ 99.862908][ T7850] FAULT_INJECTION: forcing a failure. [ 99.862908][ T7850] name failslab, interval 1, probability 0, space 0, times 0 [ 99.875589][ T7850] CPU: 1 UID: 0 PID: 7850 Comm: syz.4.1575 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 99.875690][ T7850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 99.875701][ T7850] Call Trace: [ 99.875707][ T7850] [ 99.875714][ T7850] __dump_stack+0x1d/0x30 [ 99.875734][ T7850] dump_stack_lvl+0xe8/0x140 [ 99.875792][ T7850] dump_stack+0x15/0x1b [ 99.875807][ T7850] should_fail_ex+0x265/0x280 [ 99.875825][ T7850] ? __se_sys_memfd_create+0x1cc/0x590 [ 99.875844][ T7850] should_failslab+0x8c/0xb0 [ 99.875878][ T7850] __kmalloc_cache_noprof+0x4c/0x320 [ 99.875970][ T7850] ? fput+0x8f/0xc0 [ 99.875996][ T7850] __se_sys_memfd_create+0x1cc/0x590 [ 99.876025][ T7850] __x64_sys_memfd_create+0x31/0x40 [ 99.876043][ T7850] x64_sys_call+0x2abe/0x2ff0 [ 99.876062][ T7850] do_syscall_64+0xd2/0x200 [ 99.876095][ T7850] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 99.876117][ T7850] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 99.876202][ T7850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.876221][ T7850] RIP: 0033:0x7effb6baebe9 [ 99.876235][ T7850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.876252][ T7850] RSP: 002b:00007effb5616e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 99.876270][ T7850] RAX: ffffffffffffffda RBX: 000000000000072d RCX: 00007effb6baebe9 [ 99.876351][ T7850] RDX: 00007effb5616ef0 RSI: 0000000000000000 RDI: 00007effb6c327e8 [ 99.876362][ T7850] RBP: 00002000000014c0 R08: 00007effb5616bb7 R09: 00007effb5616e40 [ 99.876373][ T7850] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000100 [ 99.876384][ T7850] R13: 00007effb5616ef0 R14: 00007effb5616eb0 R15: 0000200000000200 [ 99.876400][ T7850] [ 99.883720][ T7847] lo speed is unknown, defaulting to 1000 [ 100.069267][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.186311][ T7857] loop2: detected capacity change from 0 to 1024 [ 100.221211][ T7857] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.235415][ T7863] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1580'. [ 100.255114][ T7863] loop3: detected capacity change from 0 to 2048 [ 100.278448][ T7857] ext4 filesystem being mounted at /341/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.289084][ T7863] EXT4-fs (loop3): failed to initialize system zone (-117) [ 100.299807][ T7857] usb usb1: check_ctrlrecip: process 7857 (+}[@) requesting ep 01 but needs 81 [ 100.319300][ T51] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 100.328732][ T3409] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 100.337835][ T3408] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 100.347737][ T7863] EXT4-fs (loop3): mount failed [ 100.348092][ T7857] vhci_hcd: default hub control req: 020f v0004 i0001 l0 [ 100.355639][ T7868] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm syz.2.1579: lblock 1 mapped to illegal pblock 1 (length 15) [ 100.403792][ T29] kauditd_printk_skb: 518 callbacks suppressed [ 100.403815][ T29] audit: type=1400 audit(1755000855.614:11458): avc: denied { read } for pid=7869 comm="syz.1.1581" dev="sockfs" ino=22348 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 100.409012][ T7870] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.454372][ T7868] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 100.466873][ T7868] EXT4-fs (loop2): This should not happen!! Data will be lost [ 100.466873][ T7868] [ 100.480471][ T7870] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.491172][ T7875] 9pnet_fd: Insufficient options for proto=fd [ 100.558611][ T7882] FAULT_INJECTION: forcing a failure. [ 100.558611][ T7882] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 100.571738][ T7882] CPU: 1 UID: 0 PID: 7882 Comm: syz.3.1587 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 100.571796][ T7882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 100.571808][ T7882] Call Trace: [ 100.571814][ T7882] [ 100.571820][ T7882] __dump_stack+0x1d/0x30 [ 100.571842][ T7882] dump_stack_lvl+0xe8/0x140 [ 100.571862][ T7882] dump_stack+0x15/0x1b [ 100.571878][ T7882] should_fail_ex+0x265/0x280 [ 100.571929][ T7882] should_fail+0xb/0x20 [ 100.571984][ T7882] should_fail_usercopy+0x1a/0x20 [ 100.572085][ T7882] _copy_from_user+0x1c/0xb0 [ 100.572115][ T7882] ___sys_sendmsg+0xc1/0x1d0 [ 100.572185][ T7882] __x64_sys_sendmsg+0xd4/0x160 [ 100.572214][ T7882] x64_sys_call+0x191e/0x2ff0 [ 100.572238][ T7882] do_syscall_64+0xd2/0x200 [ 100.572349][ T7882] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 100.572377][ T7882] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 100.572405][ T7882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.572475][ T7882] RIP: 0033:0x7f6d7128ebe9 [ 100.572493][ T7882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.572518][ T7882] RSP: 002b:00007f6d6fcf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.572542][ T7882] RAX: ffffffffffffffda RBX: 00007f6d714b5fa0 RCX: 00007f6d7128ebe9 [ 100.572557][ T7882] RDX: 0000000004000080 RSI: 00002000000002c0 RDI: 0000000000000004 [ 100.572613][ T7882] RBP: 00007f6d6fcf7090 R08: 0000000000000000 R09: 0000000000000000 [ 100.572627][ T7882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.572641][ T7882] R13: 00007f6d714b6038 R14: 00007f6d714b5fa0 R15: 00007ffd59e6c0b8 [ 100.572661][ T7882] [ 100.573597][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.647989][ T29] audit: type=1400 audit(1755000855.804:11459): avc: denied { ioctl } for pid=7869 comm="syz.1.1581" path="socket:[22349]" dev="sockfs" ino=22349 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 100.793413][ T7891] loop2: detected capacity change from 0 to 512 [ 100.839626][ T7891] ext4: Unknown parameter 'fowner<00000000000000000000' [ 100.850644][ T29] audit: type=1326 audit(1755000856.064:11460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7890 comm="syz.2.1588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 100.874340][ T29] audit: type=1326 audit(1755000856.064:11461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7890 comm="syz.2.1588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 100.897927][ T29] audit: type=1326 audit(1755000856.064:11462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7890 comm="syz.2.1588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 100.921604][ T29] audit: type=1326 audit(1755000856.064:11463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7890 comm="syz.2.1588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 100.945285][ T29] audit: type=1326 audit(1755000856.064:11464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7890 comm="syz.2.1588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 100.974416][ T7893] loop0: detected capacity change from 0 to 512 [ 100.984799][ T7893] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 101.005596][ T7893] EXT4-fs (loop0): failed to initialize system zone (-117) [ 101.005857][ T7897] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1590'. [ 101.012952][ T7893] EXT4-fs (loop0): mount failed [ 101.080153][ T7901] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1593'. [ 101.114702][ T7902] lo speed is unknown, defaulting to 1000 [ 101.123804][ T7902] lo speed is unknown, defaulting to 1000 [ 101.171892][ T7909] 9pnet_fd: Insufficient options for proto=fd [ 101.256564][ T7914] loop0: detected capacity change from 0 to 512 [ 101.309279][ T7914] EXT4-fs (loop0): too many log groups per flexible block group [ 101.316998][ T7914] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 101.325455][ T7914] EXT4-fs (loop0): mount failed [ 101.334316][ T7919] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1600'. [ 101.381858][ T7919] lo speed is unknown, defaulting to 1000 [ 101.390606][ T7919] lo speed is unknown, defaulting to 1000 [ 101.404049][ T7924] loop1: detected capacity change from 0 to 512 [ 101.493582][ T7929] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1602'. [ 101.499120][ T7924] EXT4-fs error (device loop1): ext4_xattr_inode_iget:442: comm syz.1.1600: error while reading EA inode 32 err=-116 [ 101.568311][ T7924] EXT4-fs (loop1): Remounting filesystem read-only [ 101.574920][ T7924] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 101.601579][ T7924] EXT4-fs (loop1): 1 orphan inode deleted [ 101.643458][ T7924] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.708141][ T7924] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.905883][ T7940] 9pnet_fd: Insufficient options for proto=fd [ 101.940800][ T29] audit: type=1326 audit(1755000857.155:11465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7943 comm="syz.3.1609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 101.964430][ T29] audit: type=1326 audit(1755000857.155:11466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7943 comm="syz.3.1609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 101.988061][ T29] audit: type=1326 audit(1755000857.155:11467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7943 comm="syz.3.1609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 102.044396][ T3409] IPVS: starting estimator thread 0... [ 102.048246][ T7951] loop2: detected capacity change from 0 to 1024 [ 102.058334][ T7946] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 102.068479][ T7952] loop1: detected capacity change from 0 to 128 [ 102.075067][ T7952] vfat: Unknown parameter '' [ 102.090585][ T7951] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 102.123987][ T7958] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1613'. [ 102.137210][ T7954] IPVS: using max 2496 ests per chain, 124800 per kthread [ 102.144478][ T7946] loop3: detected capacity change from 0 to 512 [ 102.153491][ T7951] ext4 filesystem being mounted at /347/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.170345][ T7953] lo speed is unknown, defaulting to 1000 [ 102.184315][ T7953] lo speed is unknown, defaulting to 1000 [ 102.184963][ T7946] EXT4-fs: inline encryption not supported [ 102.227304][ T7960] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1614'. [ 102.241221][ T7946] EXT4-fs error (device loop3): ext4_xattr_inode_iget:442: comm syz.3.1609: error while reading EA inode 32 err=-116 [ 102.256675][ T7960] hsr_slave_0: left promiscuous mode [ 102.263627][ T7946] EXT4-fs (loop3): Remounting filesystem read-only [ 102.270322][ T7946] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 102.282027][ T7960] hsr_slave_1: left promiscuous mode [ 102.289331][ T7946] EXT4-fs (loop3): 1 orphan inode deleted [ 102.316212][ T7946] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.329911][ T7946] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.350266][ T7966] lo speed is unknown, defaulting to 1000 [ 102.356413][ T7966] lo speed is unknown, defaulting to 1000 [ 102.495051][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 102.539125][ T7980] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.550105][ T51] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.558956][ T3409] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.568879][ T1036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.629613][ T7980] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.702091][ T7986] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.718580][ T7980] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.760467][ T7986] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.777467][ T7991] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1619'. [ 102.808530][ T7980] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.849312][ T7986] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.893014][ T51] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.904091][ T51] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.915800][ T57] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.927551][ T51] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.938387][ T7986] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.967229][ T7995] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1624'. [ 102.995956][ T57] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.998954][ T7997] 9pnet_fd: Insufficient options for proto=fd [ 103.013745][ T57] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.026416][ T57] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.043846][ T574] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.201337][ T7999] netlink: 8 bytes leftover after parsing attributes in process `+}[@'. [ 103.221321][ T8009] process 'syz.1.1630' launched '/dev/fd/8' with NULL argv: empty string added [ 103.487342][ T8021] loop0: detected capacity change from 0 to 512 [ 103.503632][ T8019] loop2: detected capacity change from 0 to 164 [ 103.522860][ T8021] ext4: Unknown parameter 'fowner<00000000000000000000' [ 103.622250][ T8035] loop2: detected capacity change from 0 to 128 [ 103.633988][ T8035] vfat: Unknown parameter '' [ 103.667961][ T36] hid-generic 0000:0003:0000.0019: unknown main item tag 0x0 [ 103.675430][ T36] hid-generic 0000:0003:0000.0019: unknown main item tag 0x0 [ 103.683578][ T8041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.716449][ T36] hid-generic 0000:0003:0000.0019: hidraw0: HID v0.03 Device [syz0] on syz0 [ 103.727889][ T8041] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.743482][ T8047] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1646'. [ 103.784324][ T8041] 9pnet_fd: Insufficient options for proto=fd [ 103.863627][ T8039] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.871920][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.882740][ T8039] netlink: 8 bytes leftover after parsing attributes in process `+}[@'. [ 103.959818][ T8064] loop3: detected capacity change from 0 to 512 [ 103.969567][ T8064] ext4: Unknown parameter 'fowner<00000000000000000000' [ 104.087571][ T8075] loop4: detected capacity change from 0 to 128 [ 104.094164][ T8075] vfat: Unknown parameter '' [ 104.312258][ T8092] FAULT_INJECTION: forcing a failure. [ 104.312258][ T8092] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 104.325608][ T8092] CPU: 1 UID: 0 PID: 8092 Comm: syz.0.1665 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 104.325641][ T8092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 104.325720][ T8092] Call Trace: [ 104.325725][ T8092] [ 104.325730][ T8092] __dump_stack+0x1d/0x30 [ 104.325746][ T8092] dump_stack_lvl+0xe8/0x140 [ 104.325759][ T8092] dump_stack+0x15/0x1b [ 104.325770][ T8092] should_fail_ex+0x265/0x280 [ 104.325793][ T8092] should_fail_alloc_page+0xf2/0x100 [ 104.325870][ T8092] __alloc_frozen_pages_noprof+0xff/0x360 [ 104.325909][ T8092] alloc_pages_mpol+0xb3/0x250 [ 104.325974][ T8092] alloc_pages_noprof+0x90/0x130 [ 104.326002][ T8092] pte_alloc_one+0x2d/0x120 [ 104.326080][ T8092] __pte_alloc+0x32/0x2b0 [ 104.326102][ T8092] handle_mm_fault+0x1c55/0x2c20 [ 104.326121][ T8092] ? check_vma_flags+0x2e1/0x340 [ 104.326185][ T8092] __get_user_pages+0x102e/0x1fa0 [ 104.326244][ T8092] __gup_longterm_locked+0x8f4/0xe60 [ 104.326260][ T8092] ? bpf_trace_run3+0x12c/0x1d0 [ 104.326274][ T8092] ? _raw_spin_unlock_irqrestore+0x2b/0x60 [ 104.326298][ T8092] ? __rcu_read_unlock+0x4f/0x70 [ 104.326387][ T8092] ? __perf_event_task_sched_in+0xa5b/0xac0 [ 104.326402][ T8092] gup_fast_fallback+0x1f5/0x1420 [ 104.326468][ T8092] ? __rcu_read_unlock+0x4f/0x70 [ 104.326495][ T8092] get_user_pages_fast+0x5f/0x90 [ 104.326518][ T8092] __se_sys_get_mempolicy+0x38e/0xd80 [ 104.326585][ T8092] __x64_sys_get_mempolicy+0x67/0x80 [ 104.326651][ T8092] x64_sys_call+0x2882/0x2ff0 [ 104.326764][ T8092] do_syscall_64+0xd2/0x200 [ 104.326787][ T8092] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 104.326872][ T8092] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 104.326887][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.326902][ T8092] RIP: 0033:0x7fcbe4d0ebe9 [ 104.326913][ T8092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.326925][ T8092] RSP: 002b:00007fcbe3777038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ef [ 104.327014][ T8092] RAX: ffffffffffffffda RBX: 00007fcbe4f35fa0 RCX: 00007fcbe4d0ebe9 [ 104.327022][ T8092] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 104.327035][ T8092] RBP: 00007fcbe3777090 R08: 0000000000000003 R09: 0000000000000000 [ 104.327044][ T8092] R10: 0000200000a88000 R11: 0000000000000246 R12: 0000000000000001 [ 104.327053][ T8092] R13: 00007fcbe4f36038 R14: 00007fcbe4f35fa0 R15: 00007ffe6adbab68 [ 104.327099][ T8092] [ 104.626355][ T574] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 104.638819][ T8100] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.730412][ T1036] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0 [ 104.738028][ T1036] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0 [ 104.746752][ T1036] hid-generic 0000:0003:0000.001A: hidraw0: HID v0.03 Device [syz0] on syz0 [ 104.756597][ T8111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.775119][ T8100] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.788188][ T8111] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.836689][ T1036] hid-generic 0000:0003:0000.001B: unknown main item tag 0x0 [ 104.844141][ T1036] hid-generic 0000:0003:0000.001B: unknown main item tag 0x0 [ 104.855460][ T8120] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.866035][ T8111] 9pnet_fd: Insufficient options for proto=fd [ 104.875452][ T8120] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.884934][ T8100] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.900739][ T1036] hid-generic 0000:0003:0000.001B: hidraw0: HID v0.03 Device [syz0] on syz0 [ 104.920236][ T8120] 9pnet_fd: Insufficient options for proto=fd [ 104.933604][ T8123] fido_id[8123]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 104.977148][ T8100] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.355198][ T8134] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1681'. [ 105.496980][ T29] kauditd_printk_skb: 807 callbacks suppressed [ 105.497074][ T29] audit: type=1326 audit(1755000860.716:12275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz.0.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 105.527031][ T29] audit: type=1326 audit(1755000860.716:12276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz.0.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 105.550550][ T29] audit: type=1326 audit(1755000860.716:12277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz.0.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 105.574117][ T29] audit: type=1326 audit(1755000860.716:12278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz.0.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 105.597772][ T29] audit: type=1326 audit(1755000860.716:12279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz.0.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 105.621239][ T29] audit: type=1326 audit(1755000860.716:12280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz.0.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 105.644837][ T29] audit: type=1326 audit(1755000860.716:12281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz.0.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 105.668316][ T29] audit: type=1326 audit(1755000860.716:12282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz.0.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 105.691798][ T29] audit: type=1326 audit(1755000860.716:12283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz.0.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 105.715347][ T29] audit: type=1326 audit(1755000860.716:12284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz.0.1684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbe4d0ebe9 code=0x7ffc0000 [ 105.739157][ T1036] net_ratelimit: 2 callbacks suppressed [ 105.739181][ T1036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.939847][ T8151] loop0: detected capacity change from 0 to 512 [ 105.946770][ T8151] ext4: Unknown parameter 'fowner<00000000000000000000' [ 106.057132][ T1036] hid-generic 0000:0003:0000.001C: unknown main item tag 0x0 [ 106.064580][ T1036] hid-generic 0000:0003:0000.001C: unknown main item tag 0x0 [ 106.072792][ T8157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 106.093531][ T8157] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 106.102372][ T1036] hid-generic 0000:0003:0000.001C: hidraw0: HID v0.03 Device [syz0] on syz0 [ 106.118918][ T8157] 9pnet_fd: Insufficient options for proto=fd [ 106.133086][ T8158] fido_id[8158]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 106.273656][ T8165] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1690'. [ 106.301752][ T8167] loop2: detected capacity change from 0 to 128 [ 106.309824][ T8167] vfat: Unknown parameter 'ÿÿÿÿ18446744073709551615' [ 106.503773][ T8179] loop4: detected capacity change from 0 to 512 [ 106.510716][ T8179] ext4: Unknown parameter 'fowner<00000000000000000000' [ 106.651592][ T8183] lo speed is unknown, defaulting to 1000 [ 106.657804][ T8183] lo speed is unknown, defaulting to 1000 [ 107.027420][ T8196] loop1: detected capacity change from 0 to 128 [ 107.047106][ T8196] vfat: Unknown parameter 'ÿÿÿÿ18446744073709551615' [ 107.127433][ T8202] loop0: detected capacity change from 0 to 1024 [ 107.137165][ T8202] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 107.149470][ T8202] ext4 filesystem being mounted at /341/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.203233][ T8207] loop1: detected capacity change from 0 to 512 [ 107.210446][ T8207] ext4: Unknown parameter 'fowner<00000000000000000000' [ 107.253401][ T1036] hid-generic 0000:0003:0000.001D: unknown main item tag 0x0 [ 107.253821][ T8202] lo speed is unknown, defaulting to 1000 [ 107.260913][ T1036] hid-generic 0000:0003:0000.001D: unknown main item tag 0x0 [ 107.261732][ T8209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 107.268459][ T8202] lo speed is unknown, defaulting to 1000 [ 107.294799][ T1036] hid-generic 0000:0003:0000.001D: hidraw0: HID v0.03 Device [syz0] on syz0 [ 107.307633][ T8209] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 107.315787][ T51] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.324081][ T51] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.367020][ T8209] 9pnet_fd: Insufficient options for proto=fd [ 107.378566][ T322] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.400624][ T51] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.433654][ T8220] loop3: detected capacity change from 0 to 1024 [ 107.455237][ T8220] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.490002][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 107.519914][ T8220] ext4 filesystem being mounted at /338/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.536500][ T8231] loop4: detected capacity change from 0 to 512 [ 107.551200][ T8231] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 107.562410][ T8220] usb usb1: check_ctrlrecip: process 8220 (+}[@) requesting ep 01 but needs 81 [ 107.574030][ T8220] vhci_hcd: default hub control req: 020f v0004 i0001 l0 [ 107.584829][ T8231] EXT4-fs (loop4): failed to initialize system zone (-117) [ 107.586741][ T8220] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15) [ 107.603357][ T8231] EXT4-fs (loop4): mount failed [ 107.610756][ T8220] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 107.623237][ T8220] EXT4-fs (loop3): This should not happen!! Data will be lost [ 107.623237][ T8220] [ 107.754518][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.785827][ T8244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.824617][ T38] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.833441][ T1036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.842227][ T3408] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.851146][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.889603][ T8250] loop4: detected capacity change from 0 to 512 [ 107.897923][ T8250] EXT4-fs (loop4): too many log groups per flexible block group [ 107.905676][ T8250] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 107.913723][ T8250] EXT4-fs (loop4): mount failed [ 108.099332][ T8267] loop2: detected capacity change from 0 to 1024 [ 108.133598][ T8267] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 108.145955][ T8267] ext4 filesystem being mounted at /370/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.305365][ T8267] lo speed is unknown, defaulting to 1000 [ 108.328837][ T8267] lo speed is unknown, defaulting to 1000 [ 108.505791][ T8277] 9pnet_virtio: no channels available for device syz [ 108.525144][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 108.778109][ T8283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 108.800580][ T8292] lo speed is unknown, defaulting to 1000 [ 108.808528][ T8292] lo speed is unknown, defaulting to 1000 [ 108.818163][ T8283] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.833801][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 108.863255][ T8283] 9pnet_fd: Insufficient options for proto=fd [ 108.878098][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 108.930250][ T8302] 9pnet_fd: Insufficient options for proto=fd [ 108.970893][ T8305] loop4: detected capacity change from 0 to 1024 [ 108.989350][ T8305] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 109.020146][ T8305] ext4 filesystem being mounted at /322/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.046163][ T8312] loop1: detected capacity change from 0 to 128 [ 109.054279][ T8312] vfat: Unknown parameter 'ÿÿÿÿ18446744073709551615' [ 109.141192][ T8305] lo speed is unknown, defaulting to 1000 [ 109.147805][ T8305] lo speed is unknown, defaulting to 1000 [ 109.245772][ T8330] loop2: detected capacity change from 0 to 1024 [ 109.271276][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 109.287368][ T8330] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.300091][ T8330] ext4 filesystem being mounted at /374/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.325272][ T8330] usb usb1: check_ctrlrecip: process 8330 (+}[@) requesting ep 01 but needs 81 [ 109.334442][ T8330] vhci_hcd: default hub control req: 020f v0004 i0001 l0 [ 109.345426][ T8330] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15) [ 109.375386][ T8330] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 109.387921][ T8330] EXT4-fs (loop2): This should not happen!! Data will be lost [ 109.387921][ T8330] [ 109.449513][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.461867][ T8343] loop3: detected capacity change from 0 to 512 [ 109.491026][ T8343] ext4: Unknown parameter 'fowner<00000000000000000000' [ 109.584892][ T8349] loop3: detected capacity change from 0 to 1024 [ 109.736169][ T8360] 9pnet_virtio: no channels available for device syz [ 109.925315][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.034769][ T8349] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 110.047127][ T8349] ext4 filesystem being mounted at /344/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.071981][ T10] hid-generic 0000:0003:0000.001E: unknown main item tag 0x0 [ 110.079449][ T10] hid-generic 0000:0003:0000.001E: unknown main item tag 0x0 [ 110.095612][ T8371] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.115775][ T10] hid-generic 0000:0003:0000.001E: hidraw0: HID v0.03 Device [syz0] on syz0 [ 110.154865][ T8371] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.202685][ T8371] 9pnet_fd: Insufficient options for proto=fd [ 110.206383][ T8349] lo speed is unknown, defaulting to 1000 [ 110.249525][ T8349] lo speed is unknown, defaulting to 1000 [ 110.435418][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 110.618875][ T29] kauditd_printk_skb: 432 callbacks suppressed [ 110.618889][ T29] audit: type=1326 audit(1755000865.829:12717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8394 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb6baebe9 code=0x7ffc0000 [ 110.648910][ T29] audit: type=1326 audit(1755000865.829:12718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8394 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb6baebe9 code=0x7ffc0000 [ 110.673126][ T29] audit: type=1326 audit(1755000865.889:12719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8394 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7effb6baebe9 code=0x7ffc0000 [ 110.696711][ T29] audit: type=1326 audit(1755000865.889:12720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8394 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb6baebe9 code=0x7ffc0000 [ 110.720302][ T29] audit: type=1326 audit(1755000865.889:12721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8394 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb6baebe9 code=0x7ffc0000 [ 110.744099][ T29] audit: type=1326 audit(1755000865.939:12722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8394 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effb6baebe9 code=0x7ffc0000 [ 110.767719][ T29] audit: type=1326 audit(1755000865.939:12723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8394 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb6baebe9 code=0x7ffc0000 [ 110.791263][ T29] audit: type=1326 audit(1755000865.939:12724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8394 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effb6baebe9 code=0x7ffc0000 [ 110.814900][ T29] audit: type=1326 audit(1755000865.939:12725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8394 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb6baebe9 code=0x7ffc0000 [ 110.838392][ T29] audit: type=1326 audit(1755000865.939:12726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8394 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effb6baebe9 code=0x7ffc0000 [ 110.907329][ T8387] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.915745][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.944908][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.956029][ T8387] netlink: 8 bytes leftover after parsing attributes in process `+}[@'. [ 111.101123][ T8413] lo speed is unknown, defaulting to 1000 [ 111.145470][ T8413] lo speed is unknown, defaulting to 1000 [ 111.160327][ T8420] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1786'. [ 111.219093][ T1036] hid-generic 0000:0003:0000.001F: unknown main item tag 0x0 [ 111.226586][ T1036] hid-generic 0000:0003:0000.001F: unknown main item tag 0x0 [ 111.235610][ T8426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.253709][ T1036] hid-generic 0000:0003:0000.001F: hidraw0: HID v0.03 Device [syz0] on syz0 [ 111.272331][ T8426] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.307597][ T8426] 9pnet_fd: Insufficient options for proto=fd [ 111.320867][ T8430] fido_id[8430]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 111.385547][ T8433] loop3: detected capacity change from 0 to 512 [ 111.393420][ T8433] ext4: Unknown parameter 'fowner<00000000000000000000' [ 111.649630][ T8447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1793'. [ 111.692648][ T8439] netlink: 8 bytes leftover after parsing attributes in process `+}[@'. [ 111.743517][ T8453] 9pnet_fd: Insufficient options for proto=fd [ 111.785818][ T8459] loop4: detected capacity change from 0 to 512 [ 111.792952][ T8459] ext4: Unknown parameter 'fowner<00000000000000000000' [ 111.874579][ T8463] lo speed is unknown, defaulting to 1000 [ 111.880616][ T8463] lo speed is unknown, defaulting to 1000 [ 111.894786][ T8472] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1807'. [ 111.903945][ T3409] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 111.984198][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 112.120347][ T8482] 9pnet_fd: Insufficient options for proto=fd [ 112.155783][ T8485] 9pnet_virtio: no channels available for device syz [ 112.257856][ T8490] loop0: detected capacity change from 0 to 128 [ 112.272604][ T8490] vfat: Unknown parameter '' [ 112.325182][ T3409] hid-generic 0000:0003:0000.0020: unknown main item tag 0x0 [ 112.332692][ T3409] hid-generic 0000:0003:0000.0020: unknown main item tag 0x0 [ 112.340502][ T8495] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.361978][ T8495] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.370520][ T3409] hid-generic 0000:0003:0000.0020: hidraw0: HID v0.03 Device [syz0] on syz0 [ 112.409340][ T8495] 9pnet_fd: Insufficient options for proto=fd [ 112.743016][ T8513] 9pnet_fd: Insufficient options for proto=fd [ 112.889266][ T8524] loop0: detected capacity change from 0 to 128 [ 112.908103][ T8524] vfat: Unknown parameter '' [ 113.017639][ T8528] loop4: detected capacity change from 0 to 2048 [ 113.033829][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.041992][ T8522] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.050377][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.061145][ T8528] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.084914][ T8522] netlink: 8 bytes leftover after parsing attributes in process `+}[@'. [ 113.104174][ T8534] loop2: detected capacity change from 0 to 512 [ 113.111009][ T8534] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 113.123018][ T8534] EXT4-fs (loop2): failed to initialize system zone (-117) [ 113.130292][ T8534] EXT4-fs (loop2): mount failed [ 113.244820][ T8542] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 113.257351][ T8542] loop1: detected capacity change from 0 to 1024 [ 113.284742][ T8542] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.308659][ T8542] ext4 filesystem being mounted at /371/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.324329][ T8542] usb usb1: check_ctrlrecip: process 8542 (+}[@) requesting ep 01 but needs 81 [ 113.333535][ T8542] vhci_hcd: default hub control req: 020f v0004 i0001 l0 [ 113.345074][ T8542] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15) [ 113.398413][ T8554] loop3: detected capacity change from 0 to 128 [ 113.419908][ T8554] vfat: Unknown parameter 'ÿÿÿÿ18446744073709551615' [ 113.431606][ T8542] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 113.444084][ T8542] EXT4-fs (loop1): This should not happen!! Data will be lost [ 113.444084][ T8542] [ 113.462926][ T8549] loop2: detected capacity change from 0 to 512 [ 113.492083][ T8549] EXT4-fs (loop2): too many log groups per flexible block group [ 113.499854][ T8549] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 113.509340][ T8549] EXT4-fs (loop2): mount failed [ 113.513526][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.574305][ T8566] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.583721][ T1036] hid-generic 0000:0003:0000.0021: unknown main item tag 0x0 [ 113.591124][ T1036] hid-generic 0000:0003:0000.0021: unknown main item tag 0x0 [ 113.602410][ T8567] loop3: detected capacity change from 0 to 128 [ 113.617428][ T1036] hid-generic 0000:0003:0000.0021: hidraw0: HID v0.03 Device [syz0] on syz0 [ 113.637945][ T8567] vfat: Unknown parameter '' [ 113.647063][ T8566] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.689267][ T8566] 9pnet_fd: Insufficient options for proto=fd [ 113.846738][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.927368][ T8582] 9pnet_fd: Insufficient options for proto=fd [ 113.969740][ T8584] loop3: detected capacity change from 0 to 1024 [ 113.987344][ T8586] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 114.009224][ T8586] loop0: detected capacity change from 0 to 1024 [ 114.017404][ T8584] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 114.063712][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 114.080489][ T8586] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.094494][ T8584] ext4 filesystem being mounted at /363/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 114.105727][ T8586] ext4 filesystem being mounted at /377/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 114.120038][ T8586] usb usb1: check_ctrlrecip: process 8586 (+}[@) requesting ep 01 but needs 81 [ 114.129253][ T8586] vhci_hcd: default hub control req: 020f v0004 i0001 l0 [ 114.140109][ T8586] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15) [ 114.154317][ T8586] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 114.166803][ T8586] EXT4-fs (loop0): This should not happen!! Data will be lost [ 114.166803][ T8586] [ 114.184780][ T8598] loop4: detected capacity change from 0 to 128 [ 114.191643][ T8598] vfat: Unknown parameter '' [ 114.221390][ T3409] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 114.242734][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.263521][ T8584] lo speed is unknown, defaulting to 1000 [ 114.269528][ T8584] lo speed is unknown, defaulting to 1000 [ 114.385830][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 114.467351][ T23] hid-generic 0000:0003:0000.0022: unknown main item tag 0x0 [ 114.474847][ T23] hid-generic 0000:0003:0000.0022: unknown main item tag 0x0 [ 114.483485][ T8622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.499729][ T8622] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.516896][ T23] hid-generic 0000:0003:0000.0022: hidraw0: HID v0.03 Device [syz0] on syz0 [ 114.544071][ T8622] 9pnet_fd: Insufficient options for proto=fd [ 114.583638][ T8624] fido_id[8624]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 114.623800][ T8629] lo speed is unknown, defaulting to 1000 [ 114.629863][ T8629] lo speed is unknown, defaulting to 1000 [ 114.666187][ T8633] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1869'. [ 114.901181][ T8644] loop4: detected capacity change from 0 to 128 [ 114.908416][ T8644] vfat: Unknown parameter 'ÿÿÿÿ18446744073709551615' [ 115.046311][ T8655] 9pnet_virtio: no channels available for device syz [ 115.473920][ T8676] loop1: detected capacity change from 0 to 128 [ 115.498577][ T8676] vfat: Unknown parameter 'ÿÿÿÿ18446744073709551615' [ 115.620700][ T8686] loop1: detected capacity change from 0 to 1024 [ 115.635338][ T8686] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 115.647539][ T8686] ext4 filesystem being mounted at /384/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.659349][ T29] kauditd_printk_skb: 415 callbacks suppressed [ 115.659367][ T29] audit: type=1326 audit(1755000870.881:13142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8685 comm="syz.1.1894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72b00ebe9 code=0x7ffc0000 [ 115.689104][ T29] audit: type=1326 audit(1755000870.881:13143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8685 comm="syz.1.1894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72b00ebe9 code=0x7ffc0000 [ 115.712792][ T29] audit: type=1326 audit(1755000870.891:13144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8685 comm="syz.1.1894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff72b00ebe9 code=0x7ffc0000 [ 115.736312][ T29] audit: type=1326 audit(1755000870.891:13145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8685 comm="syz.1.1894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72b00ebe9 code=0x7ffc0000 [ 115.759830][ T29] audit: type=1326 audit(1755000870.891:13146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8685 comm="syz.1.1894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff72b00ebe9 code=0x7ffc0000 [ 115.783368][ T29] audit: type=1326 audit(1755000870.891:13147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8685 comm="syz.1.1894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72b00ebe9 code=0x7ffc0000 [ 115.806999][ T29] audit: type=1326 audit(1755000870.891:13148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8685 comm="syz.1.1894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff72b00ebe9 code=0x7ffc0000 [ 115.820564][ T8695] loop0: detected capacity change from 0 to 1024 [ 115.830536][ T29] audit: type=1326 audit(1755000870.891:13149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8685 comm="syz.1.1894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72b00ebe9 code=0x7ffc0000 [ 115.860356][ T29] audit: type=1326 audit(1755000870.891:13150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8685 comm="syz.1.1894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff72b00ebe9 code=0x7ffc0000 [ 115.865277][ T8694] lo speed is unknown, defaulting to 1000 [ 115.884157][ T29] audit: type=1326 audit(1755000870.891:13151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8685 comm="syz.1.1894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72b00ebe9 code=0x7ffc0000 [ 115.916726][ T8694] lo speed is unknown, defaulting to 1000 [ 115.974693][ T8695] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 115.990519][ T8695] ext4 filesystem being mounted at /382/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.045172][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 116.115230][ T8690] lo speed is unknown, defaulting to 1000 [ 116.123581][ T8713] loop1: detected capacity change from 0 to 128 [ 116.131067][ T8713] vfat: Unknown parameter 'ÿÿÿÿ18446744073709551615' [ 116.142094][ T23] net_ratelimit: 2 callbacks suppressed [ 116.142111][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 116.151703][ T8690] lo speed is unknown, defaulting to 1000 [ 116.347664][ T8729] loop2: detected capacity change from 0 to 1024 [ 116.360799][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 116.382888][ T8729] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.415744][ T8729] ext4 filesystem being mounted at /406/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.470544][ T8729] usb usb1: check_ctrlrecip: process 8729 (+}[@) requesting ep 01 but needs 81 [ 116.500073][ T8729] vhci_hcd: default hub control req: 020f v0004 i0001 l0 [ 116.512680][ T8729] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15) [ 116.564987][ T8729] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 116.577499][ T8729] EXT4-fs (loop2): This should not happen!! Data will be lost [ 116.577499][ T8729] [ 116.618370][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.716430][ T8759] loop3: detected capacity change from 0 to 1024 [ 116.740405][ T8761] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1910'. [ 116.757219][ T8759] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 116.769461][ T8759] ext4 filesystem being mounted at /376/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.826181][ T8759] lo speed is unknown, defaulting to 1000 [ 116.832331][ T8759] lo speed is unknown, defaulting to 1000 [ 116.907729][ T8775] 9pnet_fd: Insufficient options for proto=fd [ 116.943135][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 116.952350][ T8779] loop4: detected capacity change from 0 to 1024 [ 116.970962][ T8779] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.983364][ T8779] ext4 filesystem being mounted at /361/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.997205][ T8779] usb usb1: check_ctrlrecip: process 8779 (+}[@) requesting ep 01 but needs 81 [ 117.006268][ T8779] vhci_hcd: default hub control req: 020f v0004 i0001 l0 [ 117.016966][ T8779] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15) [ 117.031119][ T8779] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 117.043637][ T8779] EXT4-fs (loop4): This should not happen!! Data will be lost [ 117.043637][ T8779] [ 117.069400][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.181971][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 117.239121][ T8803] 9pnet_fd: Insufficient options for proto=fd [ 117.280563][ T8809] loop2: detected capacity change from 0 to 1024 [ 117.297363][ T8809] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 117.317486][ T8809] ext4 filesystem being mounted at /412/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 117.393374][ T8809] lo speed is unknown, defaulting to 1000 [ 117.415133][ T8809] lo speed is unknown, defaulting to 1000 [ 117.601088][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 117.993528][ T1036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 118.070742][ T8851] loop0: detected capacity change from 0 to 512 [ 118.108915][ T8851] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 118.120963][ T8851] EXT4-fs (loop0): failed to initialize system zone (-117) [ 118.128228][ T8851] EXT4-fs (loop0): mount failed [ 118.237165][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 118.327971][ T8869] lo speed is unknown, defaulting to 1000 [ 118.335732][ T8869] lo speed is unknown, defaulting to 1000 [ 118.419232][ T8876] loop0: detected capacity change from 0 to 512 [ 118.468177][ T8876] EXT4-fs (loop0): too many log groups per flexible block group [ 118.475949][ T8876] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 118.489056][ T8876] EXT4-fs (loop0): mount failed [ 118.547112][ T8888] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1961'. [ 119.260768][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 119.274449][ T8911] loop4: detected capacity change from 0 to 1024 [ 119.323549][ T8911] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 119.362357][ T8911] ext4 filesystem being mounted at /368/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 119.542536][ T8911] lo speed is unknown, defaulting to 1000 [ 119.549957][ T8911] lo speed is unknown, defaulting to 1000 [ 119.616091][ T8925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1978'. [ 119.695707][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 120.158114][ T8959] loop3: detected capacity change from 0 to 1024 [ 120.164949][ T8959] /dev/loop3: Can't open blockdev [ 120.263986][ T8959] lo speed is unknown, defaulting to 1000 [ 120.292925][ T8959] lo speed is unknown, defaulting to 1000 [ 120.301105][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.740755][ T29] kauditd_printk_skb: 490 callbacks suppressed [ 120.740772][ T29] audit: type=1326 audit(1755000875.964:13642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9001 comm="syz.3.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 120.786781][ T29] audit: type=1326 audit(1755000875.994:13643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9001 comm="syz.3.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 120.810501][ T29] audit: type=1326 audit(1755000875.994:13644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9001 comm="syz.3.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 120.833956][ T29] audit: type=1326 audit(1755000875.994:13645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9001 comm="syz.3.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 120.857666][ T29] audit: type=1326 audit(1755000875.994:13646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9001 comm="syz.3.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 120.860821][ T9007] loop1: detected capacity change from 0 to 1024 [ 120.881210][ T29] audit: type=1326 audit(1755000875.994:13647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9001 comm="syz.3.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 120.881320][ T29] audit: type=1326 audit(1755000875.994:13648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9001 comm="syz.3.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 120.894007][ T9012] 9pnet_virtio: no channels available for device syz [ 120.911194][ T29] audit: type=1326 audit(1755000875.994:13649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9001 comm="syz.3.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 120.955231][ T9007] /dev/loop1: Can't open blockdev [ 120.964893][ T29] audit: type=1326 audit(1755000875.994:13650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9001 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 120.964926][ T29] audit: type=1326 audit(1755000875.994:13651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9001 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6d7128ebe9 code=0x7ffc0000 [ 121.023197][ T3409] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 121.051242][ T9007] usb usb1: check_ctrlrecip: process 9007 (+}[@) requesting ep 01 but needs 81 [ 121.097603][ T9007] vhci_hcd: default hub control req: 020f v0004 i0001 l0 [ 121.349846][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 121.636064][ T9052] loop1: detected capacity change from 0 to 1024 [ 121.683647][ T9052] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 121.707288][ T9052] ext4 filesystem being mounted at /427/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 121.717843][ T9057] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 121.825046][ T9052] lo speed is unknown, defaulting to 1000 [ 121.855714][ T9052] lo speed is unknown, defaulting to 1000 [ 121.964253][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 122.080057][ T9080] loop1: detected capacity change from 0 to 1024 [ 122.098844][ T9080] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 122.111880][ T9080] ext4 filesystem being mounted at /429/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.173262][ T9080] lo speed is unknown, defaulting to 1000 [ 122.180229][ T9080] lo speed is unknown, defaulting to 1000 [ 122.258833][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 122.378731][ T3408] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 122.655301][ T9117] 9pnet_virtio: no channels available for device syz [ 122.715052][ T9118] sch_tbf: burst 3298 is lower than device lo mtu (11337746) ! [ 122.731186][ T9118] netlink: 268 bytes leftover after parsing attributes in process `syz.0.2052'. [ 122.740375][ T9118] unsupported nla_type 65024 [ 123.076616][ T9121] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 123.084995][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 123.139955][ T9135] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2054'. [ 123.219148][ T9150] 9pnet_fd: Insufficient options for proto=fd [ 123.418927][ T3408] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 123.436404][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 123.445307][ T9167] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2058'. [ 123.495052][ T9173] loop1: detected capacity change from 0 to 1024 [ 123.518914][ T9173] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.536190][ T9173] ext4 filesystem being mounted at /437/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.551089][ T9173] usb usb1: check_ctrlrecip: process 9173 (+}[@) requesting ep 01 but needs 81 [ 123.560384][ T9173] vhci_hcd: default hub control req: 020f v0004 i0001 l0 [ 123.570402][ T9173] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15) [ 123.584273][ T9173] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 123.596836][ T9173] EXT4-fs (loop1): This should not happen!! Data will be lost [ 123.596836][ T9173] [ 123.616718][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.776225][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 123.816232][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 123.829628][ T9194] : renamed from bond0 (while UP) [ 123.880107][ T9201] netlink: 264 bytes leftover after parsing attributes in process `syz.0.2086'. [ 123.932842][ T9207] 9pnet_fd: Insufficient options for proto=fd [ 123.942113][ T9209] FAULT_INJECTION: forcing a failure. [ 123.942113][ T9209] name failslab, interval 1, probability 0, space 0, times 0 [ 123.954887][ T9209] CPU: 1 UID: 0 PID: 9209 Comm: syz.1.2089 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 123.954929][ T9209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 123.954941][ T9209] Call Trace: [ 123.954947][ T9209] [ 123.954957][ T9209] __dump_stack+0x1d/0x30 [ 123.954982][ T9209] dump_stack_lvl+0xe8/0x140 [ 123.955005][ T9209] dump_stack+0x15/0x1b [ 123.955024][ T9209] should_fail_ex+0x265/0x280 [ 123.955091][ T9209] should_failslab+0x8c/0xb0 [ 123.955119][ T9209] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 123.955147][ T9209] ? sidtab_sid2str_get+0xa0/0x130 [ 123.955168][ T9209] kmemdup_noprof+0x2b/0x70 [ 123.955268][ T9209] sidtab_sid2str_get+0xa0/0x130 [ 123.955360][ T9209] security_sid_to_context_core+0x1eb/0x2e0 [ 123.955380][ T9209] security_sid_to_context+0x27/0x40 [ 123.955398][ T9209] selinux_lsmprop_to_secctx+0x67/0xf0 [ 123.955455][ T9209] security_lsmprop_to_secctx+0x43/0x80 [ 123.955485][ T9209] audit_log_task_context+0x77/0x190 [ 123.955522][ T9209] audit_log_task+0xf4/0x250 [ 123.955636][ T9209] audit_seccomp+0x61/0x100 [ 123.955659][ T9209] ? __seccomp_filter+0x68c/0x10d0 [ 123.955741][ T9209] __seccomp_filter+0x69d/0x10d0 [ 123.955766][ T9209] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 123.955943][ T9209] ? vfs_write+0x7e8/0x960 [ 123.955967][ T9209] ? __rcu_read_unlock+0x4f/0x70 [ 123.955991][ T9209] ? __fget_files+0x184/0x1c0 [ 123.956027][ T9209] __secure_computing+0x82/0x150 [ 123.956076][ T9209] syscall_trace_enter+0xcf/0x1e0 [ 123.956103][ T9209] do_syscall_64+0xac/0x200 [ 123.956199][ T9209] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 123.956260][ T9209] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 123.956284][ T9209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.956306][ T9209] RIP: 0033:0x7ff72b00ebe9 [ 123.956373][ T9209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.956392][ T9209] RSP: 002b:00007ff729a6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 123.956411][ T9209] RAX: ffffffffffffffda RBX: 00007ff72b235fa0 RCX: 00007ff72b00ebe9 [ 123.956424][ T9209] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000200000001c40 [ 123.956436][ T9209] RBP: 00007ff729a6f090 R08: 0000000000000000 R09: 0000000000000000 [ 123.956448][ T9209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.956463][ T9209] R13: 00007ff72b236038 R14: 00007ff72b235fa0 R15: 00007fff654176a8 [ 123.956550][ T9209] [ 124.203113][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 124.230099][ T9214] FAULT_INJECTION: forcing a failure. [ 124.230099][ T9214] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 124.243315][ T9214] CPU: 0 UID: 0 PID: 9214 Comm: syz.1.2092 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 124.243346][ T9214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 124.243357][ T9214] Call Trace: [ 124.243364][ T9214] [ 124.243371][ T9214] __dump_stack+0x1d/0x30 [ 124.243391][ T9214] dump_stack_lvl+0xe8/0x140 [ 124.243471][ T9214] dump_stack+0x15/0x1b [ 124.243486][ T9214] should_fail_ex+0x265/0x280 [ 124.243527][ T9214] should_fail+0xb/0x20 [ 124.243544][ T9214] should_fail_usercopy+0x1a/0x20 [ 124.243564][ T9214] _copy_from_user+0x1c/0xb0 [ 124.243588][ T9214] ucma_set_option+0x54/0x7f0 [ 124.243623][ T9214] ? _parse_integer+0x27/0x40 [ 124.243640][ T9214] ? kstrtoull+0x111/0x140 [ 124.243657][ T9214] ? kstrtouint+0x76/0xc0 [ 124.243674][ T9214] ? kstrtouint_from_user+0x9f/0xf0 [ 124.243692][ T9214] ? should_fail_ex+0xdb/0x280 [ 124.243728][ T9214] ucma_write+0x1b3/0x250 [ 124.243747][ T9214] ? __pfx_ucma_write+0x10/0x10 [ 124.243764][ T9214] vfs_write+0x269/0x960 [ 124.243808][ T9214] ? __rcu_read_unlock+0x4f/0x70 [ 124.243826][ T9214] ? __fget_files+0x184/0x1c0 [ 124.243863][ T9214] ksys_write+0xda/0x1a0 [ 124.243887][ T9214] __x64_sys_write+0x40/0x50 [ 124.243907][ T9214] x64_sys_call+0x27fe/0x2ff0 [ 124.243932][ T9214] do_syscall_64+0xd2/0x200 [ 124.243955][ T9214] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 124.244050][ T9214] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 124.244071][ T9214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.244095][ T9214] RIP: 0033:0x7ff72b00ebe9 [ 124.244110][ T9214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.244125][ T9214] RSP: 002b:00007ff729a6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 124.244143][ T9214] RAX: ffffffffffffffda RBX: 00007ff72b235fa0 RCX: 00007ff72b00ebe9 [ 124.244208][ T9214] RDX: 0000000000000020 RSI: 0000200000000580 RDI: 0000000000000006 [ 124.244219][ T9214] RBP: 00007ff729a6f090 R08: 0000000000000000 R09: 0000000000000000 [ 124.244230][ T9214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.244240][ T9214] R13: 00007ff72b236038 R14: 00007ff72b235fa0 R15: 00007fff654176a8 [ 124.244332][ T9214] [ 124.480539][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 124.494773][ T9218] FAULT_INJECTION: forcing a failure. [ 124.494773][ T9218] name failslab, interval 1, probability 0, space 0, times 0 [ 124.507537][ T9218] CPU: 0 UID: 0 PID: 9218 Comm: syz.0.2090 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 124.507569][ T9218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 124.507582][ T9218] Call Trace: [ 124.507590][ T9218] [ 124.507599][ T9218] __dump_stack+0x1d/0x30 [ 124.507624][ T9218] dump_stack_lvl+0xe8/0x140 [ 124.507646][ T9218] dump_stack+0x15/0x1b [ 124.507702][ T9218] should_fail_ex+0x265/0x280 [ 124.507797][ T9218] ? __request_module+0x1c4/0x3e0 [ 124.507817][ T9218] should_failslab+0x8c/0xb0 [ 124.507888][ T9218] ? __sock_create+0x284/0x5b0 [ 124.507912][ T9218] __kmalloc_cache_noprof+0x4c/0x320 [ 124.507938][ T9218] ? __sock_create+0x284/0x5b0 [ 124.507961][ T9218] __request_module+0x1c4/0x3e0 [ 124.508056][ T9218] __sock_create+0x284/0x5b0 [ 124.508143][ T9218] __sys_socket+0xb0/0x180 [ 124.508168][ T9218] __x64_sys_socket+0x3f/0x50 [ 124.508192][ T9218] x64_sys_call+0x1147/0x2ff0 [ 124.508211][ T9218] do_syscall_64+0xd2/0x200 [ 124.508253][ T9218] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 124.508274][ T9218] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 124.508295][ T9218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.508315][ T9218] RIP: 0033:0x7fcbe4d0ebe9 [ 124.508329][ T9218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.508481][ T9218] RSP: 002b:00007fcbe3777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 124.508500][ T9218] RAX: ffffffffffffffda RBX: 00007fcbe4f35fa0 RCX: 00007fcbe4d0ebe9 [ 124.508511][ T9218] RDX: 0000000000000000 RSI: 0000000000080000 RDI: 000000000000000b [ 124.508523][ T9218] RBP: 00007fcbe3777090 R08: 0000000000000000 R09: 0000000000000000 [ 124.508533][ T9218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.508597][ T9218] R13: 00007fcbe4f36038 R14: 00007fcbe4f35fa0 R15: 00007ffe6adbab68 [ 124.508657][ T9218] [ 124.893260][ T9246] FAULT_INJECTION: forcing a failure. [ 124.893260][ T9246] name failslab, interval 1, probability 0, space 0, times 0 [ 124.906079][ T9246] CPU: 0 UID: 0 PID: 9246 Comm: syz.1.2104 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 124.906111][ T9246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 124.906123][ T9246] Call Trace: [ 124.906130][ T9246] [ 124.906138][ T9246] __dump_stack+0x1d/0x30 [ 124.906161][ T9246] dump_stack_lvl+0xe8/0x140 [ 124.906254][ T9246] dump_stack+0x15/0x1b [ 124.906271][ T9246] should_fail_ex+0x265/0x280 [ 124.906291][ T9246] should_failslab+0x8c/0xb0 [ 124.906390][ T9246] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 124.906437][ T9246] ? shmem_alloc_inode+0x34/0x50 [ 124.906459][ T9246] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 124.906504][ T9246] shmem_alloc_inode+0x34/0x50 [ 124.906606][ T9246] alloc_inode+0x3d/0x170 [ 124.906630][ T9246] new_inode+0x1d/0xe0 [ 124.906657][ T9246] shmem_get_inode+0x244/0x750 [ 124.906731][ T9246] __shmem_file_setup+0x113/0x210 [ 124.906778][ T9246] shmem_file_setup+0x3b/0x50 [ 124.906838][ T9246] __se_sys_memfd_create+0x2c3/0x590 [ 124.906858][ T9246] __x64_sys_memfd_create+0x31/0x40 [ 124.906881][ T9246] x64_sys_call+0x2abe/0x2ff0 [ 124.906955][ T9246] do_syscall_64+0xd2/0x200 [ 124.906978][ T9246] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 124.907000][ T9246] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 124.907090][ T9246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.907110][ T9246] RIP: 0033:0x7ff72b00ebe9 [ 124.907125][ T9246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.907160][ T9246] RSP: 002b:00007ff729a6ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 124.907181][ T9246] RAX: ffffffffffffffda RBX: 00000000000007f7 RCX: 00007ff72b00ebe9 [ 124.907193][ T9246] RDX: 00007ff729a6eef0 RSI: 0000000000000000 RDI: 00007ff72b0927e8 [ 124.907206][ T9246] RBP: 0000200000001580 R08: 00007ff729a6ebb7 R09: 00007ff729a6ee40 [ 124.907221][ T9246] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000180 [ 124.907234][ T9246] R13: 00007ff729a6eef0 R14: 00007ff729a6eeb0 R15: 00002000000001c0 [ 124.907277][ T9246] [ 124.914416][ T9244] loop3: detected capacity change from 0 to 764 [ 124.973584][ T9248] 9pnet_virtio: no channels available for device syz [ 125.139077][ T9244] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 125.269031][ T9260] FAULT_INJECTION: forcing a failure. [ 125.269031][ T9260] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 125.282300][ T9260] CPU: 0 UID: 0 PID: 9260 Comm: syz.3.2109 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 125.282334][ T9260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 125.282348][ T9260] Call Trace: [ 125.282356][ T9260] [ 125.282365][ T9260] __dump_stack+0x1d/0x30 [ 125.282458][ T9260] dump_stack_lvl+0xe8/0x140 [ 125.282481][ T9260] dump_stack+0x15/0x1b [ 125.282557][ T9260] should_fail_ex+0x265/0x280 [ 125.282582][ T9260] should_fail+0xb/0x20 [ 125.282618][ T9260] should_fail_usercopy+0x1a/0x20 [ 125.282643][ T9260] _copy_from_user+0x1c/0xb0 [ 125.282671][ T9260] vmemdup_user+0x59/0xd0 [ 125.282748][ T9260] path_setxattrat+0x1b6/0x310 [ 125.282784][ T9260] __x64_sys_lsetxattr+0x71/0x90 [ 125.282853][ T9260] x64_sys_call+0x2877/0x2ff0 [ 125.282874][ T9260] do_syscall_64+0xd2/0x200 [ 125.282901][ T9260] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 125.282973][ T9260] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 125.283052][ T9260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.283073][ T9260] RIP: 0033:0x7f6d7128ebe9 [ 125.283091][ T9260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.283112][ T9260] RSP: 002b:00007f6d6fcf7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 125.283136][ T9260] RAX: ffffffffffffffda RBX: 00007f6d714b5fa0 RCX: 00007f6d7128ebe9 [ 125.283164][ T9260] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000000 [ 125.283175][ T9260] RBP: 00007f6d6fcf7090 R08: 0000000000000000 R09: 0000000000000000 [ 125.283190][ T9260] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000001 [ 125.283205][ T9260] R13: 00007f6d714b6038 R14: 00007f6d714b5fa0 R15: 00007ffd59e6c0b8 [ 125.283226][ T9260] [ 125.569413][ T9266] 9pnet_fd: Insufficient options for proto=fd [ 125.726412][ T9293] FAULT_INJECTION: forcing a failure. [ 125.726412][ T9293] name fail_futex, interval 1, probability 0, space 0, times 1 [ 125.739375][ T9293] CPU: 0 UID: 0 PID: 9293 Comm: syz.3.2123 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 125.739406][ T9293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 125.739418][ T9293] Call Trace: [ 125.739494][ T9293] [ 125.739500][ T9293] __dump_stack+0x1d/0x30 [ 125.739573][ T9293] dump_stack_lvl+0xe8/0x140 [ 125.739593][ T9293] dump_stack+0x15/0x1b [ 125.739609][ T9293] should_fail_ex+0x265/0x280 [ 125.739653][ T9293] should_fail+0xb/0x20 [ 125.739669][ T9293] get_futex_key+0x130/0xbd0 [ 125.739818][ T9293] ? __rcu_read_unlock+0x4f/0x70 [ 125.739841][ T9293] futex_wait_multiple_setup+0xca/0x500 [ 125.739931][ T9293] futex_wait_multiple+0xb2/0x2d0 [ 125.740023][ T9293] __se_sys_futex_waitv+0x169/0x1c0 [ 125.740047][ T9293] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 125.740075][ T9293] __x64_sys_futex_waitv+0x67/0x80 [ 125.740099][ T9293] x64_sys_call+0x2cc3/0x2ff0 [ 125.740146][ T9293] do_syscall_64+0xd2/0x200 [ 125.740169][ T9293] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 125.740190][ T9293] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 125.740267][ T9293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.740332][ T9293] RIP: 0033:0x7f6d7128ebe9 [ 125.740346][ T9293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.740363][ T9293] RSP: 002b:00007f6d6fcf7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c1 [ 125.740381][ T9293] RAX: ffffffffffffffda RBX: 00007f6d714b5fa0 RCX: 00007f6d7128ebe9 [ 125.740396][ T9293] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000002500 [ 125.740465][ T9293] RBP: 00007f6d6fcf7090 R08: 0000000000000001 R09: 0000000000000000 [ 125.740477][ T9293] R10: 0000200000003080 R11: 0000000000000246 R12: 0000000000000001 [ 125.740488][ T9293] R13: 00007f6d714b6038 R14: 00007f6d714b5fa0 R15: 00007ffd59e6c0b8 [ 125.740504][ T9293] [ 125.948351][ T9297] loop3: detected capacity change from 0 to 128 [ 125.954866][ T9297] vfat: Unknown parameter 'ÿÿÿÿ18446744073709551615' [ 125.963265][ T9297] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2127'. [ 125.995112][ T9301] 9pnet_fd: Insufficient options for proto=fd [ 126.015375][ T9303] netlink: '+}[@': attribute type 3 has an invalid length. [ 126.024511][ T9305] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2129'. [ 126.038153][ T9303] loop2: detected capacity change from 0 to 1024 [ 126.078120][ T9303] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.101447][ T9303] ext4 filesystem being mounted at /440/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.116492][ T9303] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15) [ 126.131108][ T9303] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 126.143572][ T9303] EXT4-fs (loop2): This should not happen!! Data will be lost [ 126.143572][ T9303] [ 126.169454][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.208874][ T9316] loop2: detected capacity change from 0 to 1024 [ 126.229487][ T9316] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 126.241650][ T9316] ext4 filesystem being mounted at /441/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.253948][ T29] kauditd_printk_skb: 410 callbacks suppressed [ 126.253963][ T29] audit: type=1326 audit(1755000881.467:14061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9315 comm="syz.2.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 126.294683][ T29] audit: type=1326 audit(1755000881.507:14062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9315 comm="syz.2.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 126.318281][ T29] audit: type=1326 audit(1755000881.507:14063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9315 comm="syz.2.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 126.341932][ T29] audit: type=1326 audit(1755000881.507:14064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9315 comm="syz.2.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 126.365535][ T29] audit: type=1326 audit(1755000881.507:14065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9315 comm="syz.2.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 126.389115][ T29] audit: type=1326 audit(1755000881.507:14066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9315 comm="syz.2.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 126.412658][ T29] audit: type=1326 audit(1755000881.507:14067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9315 comm="syz.2.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 126.436523][ T29] audit: type=1326 audit(1755000881.507:14068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9315 comm="syz.2.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 126.460195][ T29] audit: type=1326 audit(1755000881.507:14069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9315 comm="syz.2.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 126.483746][ T29] audit: type=1326 audit(1755000881.507:14070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9315 comm="syz.2.2132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f28af05ebe9 code=0x7ffc0000 [ 126.549295][ T9316] lo speed is unknown, defaulting to 1000 [ 126.555166][ T23] net_ratelimit: 1 callbacks suppressed [ 126.555181][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 126.571179][ T9316] lo speed is unknown, defaulting to 1000 [ 126.629597][ T9328] FAULT_INJECTION: forcing a failure. [ 126.629597][ T9328] name failslab, interval 1, probability 0, space 0, times 0 [ 126.642321][ T9328] CPU: 0 UID: 0 PID: 9328 Comm: syz.3.2137 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 126.642354][ T9328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 126.642367][ T9328] Call Trace: [ 126.642419][ T9328] [ 126.642426][ T9328] __dump_stack+0x1d/0x30 [ 126.642447][ T9328] dump_stack_lvl+0xe8/0x140 [ 126.642518][ T9328] dump_stack+0x15/0x1b [ 126.642536][ T9328] should_fail_ex+0x265/0x280 [ 126.642599][ T9328] should_failslab+0x8c/0xb0 [ 126.642621][ T9328] kmem_cache_alloc_node_noprof+0x57/0x320 [ 126.642720][ T9328] ? __alloc_skb+0x101/0x320 [ 126.642808][ T9328] __alloc_skb+0x101/0x320 [ 126.642950][ T9328] ? audit_log_start+0x365/0x6c0 [ 126.642980][ T9328] audit_log_start+0x380/0x6c0 [ 126.643073][ T9328] audit_seccomp+0x48/0x100 [ 126.643098][ T9328] ? __seccomp_filter+0x68c/0x10d0 [ 126.643121][ T9328] __seccomp_filter+0x69d/0x10d0 [ 126.643145][ T9328] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 126.643177][ T9328] ? vfs_write+0x7e8/0x960 [ 126.643199][ T9328] ? __rcu_read_unlock+0x4f/0x70 [ 126.643222][ T9328] ? __fget_files+0x184/0x1c0 [ 126.643323][ T9328] __secure_computing+0x82/0x150 [ 126.643410][ T9328] syscall_trace_enter+0xcf/0x1e0 [ 126.643433][ T9328] do_syscall_64+0xac/0x200 [ 126.643463][ T9328] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 126.643488][ T9328] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 126.643558][ T9328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.643581][ T9328] RIP: 0033:0x7f6d7128ebe9 [ 126.643599][ T9328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.643618][ T9328] RSP: 002b:00007f6d6fcf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 126.643640][ T9328] RAX: ffffffffffffffda RBX: 00007f6d714b5fa0 RCX: 00007f6d7128ebe9 [ 126.643654][ T9328] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 126.643667][ T9328] RBP: 00007f6d6fcf7090 R08: 0000000000000000 R09: 0000000000000000 [ 126.643714][ T9328] R10: 000000000003ffff R11: 0000000000000246 R12: 0000000000000001 [ 126.643728][ T9328] R13: 00007f6d714b6038 R14: 00007f6d714b5fa0 R15: 00007ffd59e6c0b8 [ 126.643819][ T9328] [ 126.915966][ T9333] 9pnet_fd: Insufficient options for proto=fd [ 126.933744][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 126.976601][ T9335] 9pnet_fd: Insufficient options for proto=fd [ 127.056699][ T9351] ================================================================== [ 127.064832][ T9351] BUG: KCSAN: data-race in call_rcu / mas_state_walk [ 127.071529][ T9351] [ 127.073847][ T9351] write to 0xffff8881055b6f08 of 8 bytes by task 9348 on cpu 0: [ 127.081472][ T9351] call_rcu+0x51/0x3f0 [ 127.085567][ T9351] mas_wmb_replace+0xc6a/0x14a0 [ 127.090414][ T9351] mas_wr_store_entry+0x1773/0x2b50 [ 127.095614][ T9351] mas_store_prealloc+0x74d/0x9e0 [ 127.100648][ T9351] vma_iter_store_new+0x1c5/0x200 [ 127.105669][ T9351] vma_complete+0x125/0x580 [ 127.110164][ T9351] __split_vma+0x5d9/0x650 [ 127.114588][ T9351] vma_modify+0x3f2/0xc80 [ 127.118932][ T9351] vma_modify_flags+0x101/0x130 [ 127.123774][ T9351] mprotect_fixup+0x2cc/0x570 [ 127.128444][ T9351] do_mprotect_pkey+0x6d6/0x980 [ 127.133317][ T9351] __x64_sys_mprotect+0x48/0x60 [ 127.138164][ T9351] x64_sys_call+0x274e/0x2ff0 [ 127.142850][ T9351] do_syscall_64+0xd2/0x200 [ 127.147346][ T9351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.153236][ T9351] [ 127.155557][ T9351] read to 0xffff8881055b6f08 of 8 bytes by task 9351 on cpu 1: [ 127.163088][ T9351] mas_state_walk+0x28f/0x650 [ 127.167759][ T9351] mas_walk+0x60/0x150 [ 127.171817][ T9351] lock_vma_under_rcu+0x8d/0x160 [ 127.176753][ T9351] do_user_addr_fault+0x233/0x1090 [ 127.181860][ T9351] exc_page_fault+0x62/0xa0 [ 127.186356][ T9351] asm_exc_page_fault+0x26/0x30 [ 127.191199][ T9351] [ 127.193527][ T9351] value changed: 0x00007f28ada7efff -> 0xffff8881055b6708 [ 127.200620][ T9351] [ 127.202931][ T9351] Reported by Kernel Concurrency Sanitizer on: [ 127.209076][ T9351] CPU: 1 UID: 0 PID: 9351 Comm: syz.2.2145 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(voluntary) [ 127.221492][ T9351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 127.231628][ T9351] ================================================================== [ 127.254553][ T3409] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 127.576188][ T3408] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.615617][ T2955] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 129.664885][ T2955] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 130.292991][ T3409] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 130.694240][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 131.734318][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 132.775437][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 133.331532][ T3409] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 133.411430][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 133.822800][ T3408] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 134.852653][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 135.892028][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.371359][ T3409] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.931622][ T3408] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog