last executing test programs: 6.207853656s ago: executing program 2 (id=611): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) pipe2(&(0x7f0000001cc0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@uname={'uname', 0x3d, '\xd0\xae\xde\xc1\xaa \xff\xd8\x1d\x1b\xf8\x93)!|\xb0X\xa3\x96\xed\xa2\xab@\xa2m\x93\xdd\b<\x00t\xdc\xabl\xab!\xae\x16\xc4\xcd\xf9{\xdc5_;A\xd2{eC\x014\\\xb3\xc4\xce\xc3yS2-\x01\xbe\xaarW\x96O\xd3\x0f\xe2\xd7/\x17\x1d\xa7.8\x9f8-\xea<\x8d\x91\x90j\xea\xd5\xd5\xae\xcc\xc0\x97\xef\x10\x92\xea\x98|+\x00\x00\x00\x00\x00\x00\x00\x00'}}]}}) 5.841682578s ago: executing program 2 (id=617): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000640)=@mangle={'mangle\x00', 0x64, 0x6, 0x4f8, 0x490, 0x390, 0xd0, 0xd0, 0x490, 0x608, 0x608, 0x1a0, 0x608, 0x608, 0x8000000, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'erspan0\x00', {}, {}, 0x0, 0x0, 0x0, 0x52}, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0x33}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28}}, {{@ipv6={@local, @mcast1, [], [], 'lo\x00', 'vlan1\x00'}, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x558) 4.48946567s ago: executing program 2 (id=620): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@enum64={0x4, 0x2, 0x0, 0x13, 0x1, 0x1, [{0x4, 0x1, 0x3fffffff}, {0x1, 0x10005, 0x5}]}]}, {0x0, [0x61, 0x5f, 0x2e, 0x2e]}}, &(0x7f0000000f40)=""/4089, 0x42, 0xff9, 0x1}, 0x28) 4.107300005s ago: executing program 2 (id=623): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_dev$sg(0x0, 0x0, 0x800) syz_io_uring_setup(0x4e2, 0x0, 0x0, &(0x7f0000000300)) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRESHEX=r0], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r5, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) r6 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r6, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0x4001, @empty}, 0x10, 0x0}, 0x30006041) close(r6) 2.902945306s ago: executing program 0 (id=631): bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="06000000040000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x37e2f4aba9289b81, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$ITER_CREATE(0x21, 0x0, 0x0) recvfrom$unix(r0, &(0x7f0000000800)=""/18, 0x12, 0x40000000, &(0x7f0000000840)=@file={0x0, './file0\x00'}, 0x6e) r1 = socket$netlink(0x10, 0x3, 0x0) add_key(0x0, &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)='n', 0x1, 0xfffffffffffffffe) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x3}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00) keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="656e633d721ff08346ff65c66c2a8388617720686173683d726d643136302d67656e657269630000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000a139b83686c9c817440a82d76a67c4db7cd5c4efd8a454e2d46be48d3dab0fd826ab402073b4e8bdeb087f4deb3515e8e4fa949ef74f92292160ba45632a87ba66eb7ab18ee8598d4f4a85299026f437918c778fa9e5c4b4937aa0a37258fc1df39950f58ff691877b37443a220c6f9c95a2c1808a4c7d66b9d97e0eca11cb1b61a765ef0e71c76c39e92e27ef4f9489b957136117aff1bfda1d8c1bdcb3ee1fef278a91375cacf7f452a3db3f73cd47c1a4ecc7a722e123de0e3bf27785def3c8b7eeb7fa414b6243e905f06aa4057fee1abf202721c8bcd89546c6beaba10e3cfbedcce195df3a960c63e3a1129185b97ddf74994288ccaa55b0f2895df02f957b55e66e6510583d53298a4581c0a6c336daa373b4289451d1149014b21baa7384103595827c22cf14a5b3f87c7df1e6f8b5b9b4d36c45a2e12652ed9b9608e64bf2ffb82d15750ad9e47d0597af2f8d2b9de413d574191373ddfc480ac8358eed"], &(0x7f0000000080)="31b480050add6beeab85af1a9ba8c56508c993796f", &(0x7f0000000180)=""/171) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ptrace(0x10, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) socket(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = socket$inet6(0xa, 0x3, 0x5) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x62], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c) connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000000)={0x0, 'geneve0\x00', {0x2}}) 2.287841077s ago: executing program 0 (id=635): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) getdents(0xffffffffffffffff, 0x0, 0x0) 2.245219709s ago: executing program 4 (id=636): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c69666163"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 2.067406376s ago: executing program 0 (id=638): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$packet(0x11, 0x2, 0x300) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff9ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcd0cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b24df41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b318e2ec0e1a00897a74a0091ff110026e6d2ef831ab7ea0c34f17efd36ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0cb82d2789cb132b8667c21476619f28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e1019c12a73748b049604fa72c64ed858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6e97180aabc18cae2ed4b4390af9a9ceafd07ed00b0000002cab154ad029a119ca3c972780870014601c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f4b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f19afc91b47683db01a469398685211bbae0e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bde792c88c5b8dcdcc22ee17476d738992533ac2a9b5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffffd7917f23837a6b24db0e067345560942fa629fbef2461c96a08707671315c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e48455b588b90dfae158b94f50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859ac8e3c177b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2498d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d4a3e1a9e90d76c1993e0799d4894ee7f8249dc1e342892129369ee1b85afa1a5be5f6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90501b0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355b17402a500587b603306a5af8d867d80a07f10b854b1c8c768c001496fa99ce5b5040be9194123e918914a71ad5a8521fb956dbc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c6775e19f0b7e70803000000b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989172a1bcd1e30280bc5867dd4e27b6ef206660090bb2164474cef378f97ca33fccf363361dcdba10c1547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f5874c24411d415b6b085fb73a2d7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aa0000000000000000532ff181c985f54b7ae20aa5e63055b4d6a36fa98a44e379d2bccf977c3e88538f406b598307c9912fb097601f3f88a2ea6fd1f9320cfe7f09aed4d1e72d26e5c7a93854c8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eafeffffffffffffff000000070000000000000000000000005333c6199c12dcd92689192727a7267c47cf897853d160100b39b613faefe16bd91fc105dddd77ab929b95032d3717fa9fbdc2bdc0e98ae2c3f23a6131e2879f0484ee3bfe30b92dd493be66c2242f8184733b80ba28e824910844df31f3d4bb2f89049c5f6d63956995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99a40b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc1758763f0000009c927da38d83314480b15e23eb8c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab602000000000000000000113a3065a478d1de98be3a66f6fbf68f2f5693050fa56db62e2f99cf916059ee36cdad078fc88d17cbde37a2270f90a60afe8548d4c579b09c333382c6e7a316ac03aa23d379836b96173a5541fa96c27e7fb6d2585d828aa330f3438d8487912bb7742be1502e706644f7a937451beb7a5f6ca3ef21e8cb8f841af6d54334d82a8b816b6daccf0c66162f897623ee325d714f9f10636a7573582ff31c7f9c6f767c806ef4af486cc19a5355bdc814cb5557c6fa6404179c865980b0815b907a7f268e97828c196f5ac033d395a217b4e1e45663023a0292003c36a3b7461fc2c8566e0f3f693bfacae26aa2b7d17962989ccb943633c080aacc9b7d311c251686fc66aa80bf41a5bf6cd72d5aa995820fb318fad61a79a61d0a969fd6018ac9f131fe02fe31d565723cbf9b63841e21417fc29a3e7a03886d80566ae001861799a4aad91c72139e681ced8625b675dfbd6d458d4b2d9e6d565430248172ad942cdb41639f4113896827c8806e049218cd1eef89d6b9b14dd707da40705c07f878263ff9b71ccf28ec50178c7aac83bef7bd10459e2f2e267f82bafd5b4c7b481ea5e4bcb6cfe05e2ac3e17c1f8f12ddf5b6770ce0da8cb3aba3a935a6b737b6d3ebf2c715dcc11c5759bd0acdecf333f2b77c52fb2251336bbd92f73ad1a30bb9162bd9d699c49d824b827f3e7c1096354946e09922db25904c83262c6dcb87457e4abefa0e9dcb17d79c173895b74aae2ed4419662690a16494e7b27d0d2688c69b4be3d21b783195f6a5e5dc5c07c73f0d0f0670db10ac9ef5b8295ff88df734e3c6ab8555c0390f962cbf559bce9c42e1034dba78997b2877b485d9d4ae2fcd3e757b84319879d0337785773c940af6e57d162f4606d101def01199325c8676a32e26303560271b720216d95e0013265a45b02bd2414bebda89b7b5e71e70e0000000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) read(0xffffffffffffffff, 0x0, 0x0) listen(r2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r4 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x1, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) r6 = accept(r1, 0x0, 0x0) syz_socket_connect_nvme_tcp() openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x410000, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000040)='kfree\x00', r7}, 0x18) syz_clone3(&(0x7f0000000000)={0x285002400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x46) fallocate(0xffffffffffffffff, 0x3, 0x1, 0x8000c62) sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x21, 0x5, 0x2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xfe, 0x10000000, &(0x7f0000000100)="b9ff03006044238cb89e14f088a81bff88a800008100630677fbac141442e934a0a662079f4b4dfe87e5feca6aab845013f288a81a3908020b098da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x6, &(0x7f0000000000), &(0x7f00000002c0)}, 0xe) 1.974782708s ago: executing program 2 (id=639): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$packet(0x11, 0x3, 0x300) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) socket$packet(0x11, 0xa, 0x300) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0xb}, 0x94) socket$packet(0x11, 0xa, 0x300) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x3c, 0x4a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x6e80}, [@nested={0x28, 0x1, 0x0, 0x1, [@nested={0x21, 0x8c, 0x0, 0x1, [@generic="1a04268ff9f83d024ce7787f973b78e4b833420b5e7c4fc460e6d27382"]}]}]}, 0x3c}}, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000080)=0x454a, 0x4) bind$inet(r2, 0x0, 0x0) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{}, &(0x7f00000003c0), &(0x7f0000000400)=r4}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r5, 0x0, 0xfffffffffffffffd}, 0x18) 1.910674972s ago: executing program 4 (id=641): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kfree\x00', r0}, 0x18) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) lsm_set_self_attr(0x69, 0x0, 0x20, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00') acct(&(0x7f00000001c0)='./file0\x00') socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) lsm_get_self_attr(0x66, 0x0, &(0x7f0000000240), 0x1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r2, 0x9c3fa077fa966179, 0x70bd2b, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002f00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r6, 0x5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000700)=r4}, 0x20) sendmsg$inet(r3, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r7, 0x0, 0x4}, 0x18) socket$nl_route(0x10, 0x3, 0x0) 1.839364382s ago: executing program 1 (id=642): openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fcntl$notify(r1, 0x402, 0x21) close(r1) 1.681810891s ago: executing program 1 (id=644): r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb3a}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) r3 = fsmount(r0, 0x0, 0x0) fchdir(r3) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x50, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") 1.07117557s ago: executing program 4 (id=645): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000006ae92348efe838461ea38b8092504b339de5657b3be7a88f339390d5374ebe962fc3d8aad1f48779313fedbf3c907eea777e09c75f176f5ed088ea41e1de482b8577e79c023454705cefbd4292f4e0064737faf52e65a0d3d3dc883fc857573516e380e0792a8e8c6414cd4e3e7b4f559d89e6f53296742e2bbd9c47b98f7ef7373588d9769ad755b72925fa26000000000000000007286ee56c0a19606a884af13e53ad889c63a8e8917a0ebf9587cbc84d1ba0758fbb3992da2b07344be87661d05d50e38bede6ae953b1ccf86bbbc5fd36ea4a9aa65000000000000000000000058869a48d396c1b244fb3cd2b00fc4285a5ae7b3373545a4c6da2593d5efed367be0ed62ffaa190d8a0ab3e1b203f4aa61042e8e925479b59d4f58e5ba8f1d5771589f6de75872256a4ddaf34d61de8bd4551e20821c1b523499b5fef1d47c4d06a5e15aa65a63e20334242bae0152d0c7c0911bd434d76b5d0aac645f0d1dd9be5ae8fd919abe4879442f825507f3c25c7ff573179a453bea09f4a8ca6932808984733e970490758530dd4ce2897f8b9525d324de478ba542df05eaf44d6c73bcb02f4dc6c16a6f5ac5b8d36cad677f682a124d52634f54b10747f15c04447e339fd21cd5d7cf7e090f737902"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYRESHEX, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x57f9, &(0x7f0000000400)={0x0, 0x5dfc, 0x80, 0x0, 0xbd7f5fff}, &(0x7f0000000040)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_MKDIRAT={0x25, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000037c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x1}) io_uring_enter(r2, 0x5535, 0x3acd, 0x22, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r1}, 0x8) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000071004c000000000095000300"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r5}, 0x8) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00'}, 0x10) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r9 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r9, 0x89e0, &(0x7f00000009c0)={r9}) 1.063281621s ago: executing program 0 (id=646): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) r1 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x4000000000000006, 0x1, 0x7, 0x9}) mq_getsetattr(r1, &(0x7f0000000100)={0x800, 0x4, 0x9, 0x20000000000009a}, 0x0) 929.825414ms ago: executing program 3 (id=647): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000eb0626f500000000000800000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94) 853.975212ms ago: executing program 2 (id=648): fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x78) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = msgget$private(0x0, 0xfffffffffffffffd) msgrcv(r2, 0x0, 0x0, 0x1, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6000000000142c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0600ffff"], 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x20, 0x3, &(0x7f0000000780)=ANY=[@ANYRES8], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r3, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff6, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x7000000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61122800000000006113380000000000bf1000000000000025000200091b00003d200000000000008701000000000000bc26000000000000bf67000000000000150300000ee600f0670200000300000015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700006b3128fe1f75000000000000bf540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3590ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sk_msg}, 0x48) msgsnd(r2, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x8, 0x0) r5 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01) setreuid(0x0, 0xee00) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="390000fa461a6683ec19d3e48489bffa5602001300111200000f0000ff3f210000001700000000e0da89", 0x2a}], 0x1) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f00000001c0)=ANY=[@ANYRES64=r5]) msgrcv(r2, &(0x7f0000000640)={0x0, ""/262}, 0x10e, 0x3, 0x0) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7, 0xf83, 0x6}, 0x1c) socket$xdp(0x2c, 0x3, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed180e, &(0x7f0000000500)={[{@jqfmt_vfsold}, {@orlov}, {@debug}, {@noload}, {@nombcache}, {@errors_continue}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}], [{@appraise_type}]}, 0xfa, 0x487, &(0x7f0000000f00)="$eJzs3c9vFFUcAPDvbLulgNiK+AOEUEUj8UdLyw85eNFowkETEz1gPNW2kEqhhtZECFH0gEdD4t34F3g1nvRi1IsmXvVuSIjhAurBNbMzQ0u7019sd1v280lm+97M7L73nZm382be7jaAjjWQPiQR90XE7xHRl2XvXGEg+3PrxqWxv29cGkuiVnvzr6S+3s0bl8aKVYvnbc8ytVqe39Kg3CvvRIxOTU2cz/NDs2ffH5q5cPH5ybOjpydOT5wbOX78yOF9PcdGjjYlzjSum3s+mt67+8TbV18fO3n13Z+SSmRxx4I4mmUg27oNPdXswtpsx7x00p0+9ua5/b/MLWl0JNBOXRGR7q5qvf33RVdsvb2sL179tK2VA9ZVrVarLfGufLkG3MOSaHcNgPYoTvTp9W8xtajrsSFcfym7AErjvpVP2ZLuqGSJ/dUF17fNNBARJy//82U6xTrdhwAAmO+7tP/zXKP+XyUezhI96cP9+RhKf0Q8EBE7I+LBiNgVEQ9F1Nd9JCIeXWX5C0dIFvd/KtfWHNwKpP2/F/OxrTv7f5Vilf6uPLejHn81OTU5NXEo3yYHo7rl1GQyMbxEGd+/8tvnZcvm9//SKS2/6Avm9bjWveAG3fjo7OjdxDzf9U8i9nQ3ij+pjwtEPq63OyL2rLGMyWe6S5ctH/8Syl92xWpfRTyd7f/LsSD+QlI6Pjn8wrGRo0O9MTVxaKg4Khb7+dcrb5SVf1fxN0G6/7c1PP5vx9+f9EbMXLh4pj5eO7P6Mq788VnpNc0qj/8TO/Ljvyd5qz6jJ1/w4ejs7PnhiJ7ktcXzR+ZercgX66fxHzzQuP3vjLkt8VhE7I2IfflL78/r/nhEPBERB5aI/8eXn3xv9fG3Zqw0jX98uf0f8/f/6hNdZ374dvn4eyOibP8fqacO5nNW8v630grezbYDAACAzSL7DHxSGZxLJ4OD2Wf4d8W2ytT0zOyzp6Y/ODeefVa+P6qV4k5X37z7ocP5veEiP7Igfzi/b/xF19Z6fnBsemq83cFDh9u+qP1XKmn7T/3Z1e7aAeuuCeNowCal/UPn0v6hMyXLtv9qy+oCtJ7zP3SuRu3/49K1B79Z18oALeX8D51rqfb/9R258l4BsDk5/0Pn0v6hI5V+N75SLPov/6XAtX33v1WJf/NabpT63PuJqGyIaqw1Ufx7go1Sn/JE94p/zKIsUV3czGt9WfjpnC0Nn9XOdyUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDm+T8AAP//H1vmFQ==") munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r6 = open(&(0x7f0000000100)='./file0\x00', 0x10081, 0x5) getdents(r6, &(0x7f0000001fc0)=""/184, 0xb8) 832.422272ms ago: executing program 4 (id=649): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r4, 0x0, 0xfffffffffffffffd}, 0x18) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x24, 0x2a, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0x10}, {}, {0xa, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x40098}, 0x0) 773.968987ms ago: executing program 0 (id=650): io_setup(0x8504, &(0x7f0000000380)=0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = eventfd(0x3) io_submit(r0, 0x2, &(0x7f0000000c40)=[&(0x7f0000000a00)={0x0, 0x0, 0x0, 0x5, 0x2, r1, &(0x7f0000000940), 0x0, 0x9, 0x0, 0x5, r2}, 0x0]) 619.924505ms ago: executing program 1 (id=651): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@empty, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x21}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3e, 0x1c, 0x0, 0xe000, 0x2, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e21, 0x8}}}}}, 0x0) 606.658549ms ago: executing program 3 (id=652): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x5c, 0x2, 0x6, 0x301, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 456.667646ms ago: executing program 3 (id=653): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x48) getdents(r0, 0x0, 0x0) 404.426066ms ago: executing program 1 (id=654): socket$kcm(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x814) 398.342347ms ago: executing program 0 (id=655): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x401, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$key(0xf, 0x3, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$key(r1, &(0x7f0000000440)={0x900, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x2, 0xa, 0xfc, 0x0, 0x2, 0x0, 0x70bd28, 0x25dfdbfe}, 0x10}}, 0x40408c0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) r3 = socket$qrtr(0x2a, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$qrtr(r3, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) move_pages(r0, 0x4, &(0x7f0000000000)=[&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil], &(0x7f00000001c0)=[0x3, 0x7, 0x80000001, 0x75], &(0x7f0000000240)=[0x0], 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x20, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0xffffffff}, 0x50) syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={r5, 0x0, 0x0}, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'syztnl1\x00', &(0x7f00000005c0)={'syztnl1\x00', 0x0, 0x2f, 0x67, 0x40, 0xd, 0x8, @loopback, @private0={0xfc, 0x0, '\x00', 0x1}, 0x10, 0x8, 0x1, 0x6}}) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000640)={'bridge_slave_0\x00'}) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6001, 0x1) r7 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r8 = dup2(r7, r7) ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f0000000380)={'\x00', 0x40, 0xa, 0x80000001, 0x40000000, 0x5}) ioctl$BLKTRACETEARDOWN(r8, 0x1276, 0x0) syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, 0x0}) 325.658834ms ago: executing program 4 (id=656): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0xfffffffffffffccc, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) fgetxattr(r2, &(0x7f0000000000)=ANY=[], 0x0, 0x0) 291.207971ms ago: executing program 3 (id=657): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000000)={0x80, 0x1, 0x301, 0x0, 0x0, 0x101, 0x0}) 218.934583ms ago: executing program 1 (id=658): r0 = socket$rds(0x15, 0x5, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r2}, 0x10) bind$rds(r0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x10, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@mask_cswp={0x58, 0x114, 0x9, {{0x9, 0x7}, &(0x7f0000000000)=0x3d, 0x0, 0x0, 0xe3, 0x100, 0xf, 0x24, 0x9}}], 0x58, 0x20000000}, 0x0) 187.723616ms ago: executing program 3 (id=659): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000500)=[{{&(0x7f0000000000)={0x2, 0x0, @private=0xa010102}, 0x10, 0x0}}], 0x1, 0x4008811) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) 143.135442ms ago: executing program 4 (id=660): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000007c0)={[{@nodioread_nolock}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x3}}]}, 0x1, 0x46f, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==") 56.375194ms ago: executing program 3 (id=661): r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x4, 0x4) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x6048800) 0s ago: executing program 1 (id=662): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28) kernel console output (not intermixed with test programs): 199.555728][ T6774] syz.1.184: attempt to access beyond end of device [ 199.555728][ T6774] loop1: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 199.570028][ T6774] syz.1.184: attempt to access beyond end of device [ 199.570028][ T6774] loop1: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 199.585266][ T6774] erofs (device loop1): read error -5 @ 0 of nid 36 [ 199.639139][ T6774] syz.1.184: attempt to access beyond end of device [ 199.639139][ T6774] loop1: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 199.654116][ T6774] syz.1.184: attempt to access beyond end of device [ 199.654116][ T6774] loop1: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 199.669475][ T6774] erofs (device loop1): read error -5 @ 0 of nid 36 [ 199.721853][ T6774] syz.1.184: attempt to access beyond end of device [ 199.721853][ T6774] loop1: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 199.737014][ T6774] syz.1.184: attempt to access beyond end of device [ 199.737014][ T6774] loop1: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 199.752260][ T6774] erofs (device loop1): read error -5 @ 0 of nid 36 [ 200.188015][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 200.210605][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.215961][ T6775] bridge0: port 3(gretap0) entered blocking state [ 200.247324][ T6775] bridge0: port 3(gretap0) entered disabled state [ 200.260282][ T6775] gretap0: entered allmulticast mode [ 200.288372][ T6775] gretap0: entered promiscuous mode [ 200.346185][ T6775] bridge0: port 3(gretap0) entered blocking state [ 200.353491][ T6775] bridge0: port 3(gretap0) entered forwarding state [ 200.530822][ T6773] loop4: detected capacity change from 0 to 512 [ 200.757459][ T6773] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.799944][ T6773] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 201.553201][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.497043][ T5827] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 202.695816][ T6786] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 202.918570][ T6793] netlink: 'syz.0.191': attribute type 10 has an invalid length. [ 202.970232][ T6793] team0: Device veth1_macvtap failed to register rx_handler [ 203.135867][ T6796] loop3: detected capacity change from 0 to 256 [ 203.223419][ T6796] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 203.614756][ T6802] netlink: 32 bytes leftover after parsing attributes in process `syz.4.193'. [ 203.623741][ T6802] netlink: 32 bytes leftover after parsing attributes in process `syz.4.193'. [ 207.663050][ T6820] loop4: detected capacity change from 0 to 512 [ 207.743068][ T6820] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.779085][ T6820] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 207.806489][ T6818] loop0: detected capacity change from 0 to 32768 [ 207.911122][ T6818] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.197 (6818) [ 208.444165][ T6818] BTRFS info (device loop0): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 208.469208][ T6818] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 208.747466][ T6837] loop2: detected capacity change from 0 to 128 [ 208.856616][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.884952][ T6818] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 210.248737][ T6818] BTRFS error (device loop0): open_ctree failed: -12 [ 214.400426][ T6860] loop0: detected capacity change from 0 to 16 [ 214.466923][ T6860] erofs (device loop0): mounted with root inode @ nid 36. [ 214.727178][ T6858] netlink: 32 bytes leftover after parsing attributes in process `syz.4.205'. [ 214.736235][ T6858] netlink: 32 bytes leftover after parsing attributes in process `syz.4.205'. [ 214.849729][ T6866] syz.0.203: attempt to access beyond end of device [ 214.849729][ T6866] loop0: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 214.864711][ T6866] syz.0.203: attempt to access beyond end of device [ 214.864711][ T6866] loop0: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 214.879636][ T6866] erofs (device loop0): read error -5 @ 0 of nid 36 [ 214.928225][ T6866] syz.0.203: attempt to access beyond end of device [ 214.928225][ T6866] loop0: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 214.943482][ T6866] syz.0.203: attempt to access beyond end of device [ 214.943482][ T6866] loop0: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 214.958696][ T6866] erofs (device loop0): read error -5 @ 0 of nid 36 [ 215.001704][ T6866] syz.0.203: attempt to access beyond end of device [ 215.001704][ T6866] loop0: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 215.016542][ T6866] syz.0.203: attempt to access beyond end of device [ 215.016542][ T6866] loop0: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 215.031573][ T6866] erofs (device loop0): read error -5 @ 0 of nid 36 [ 215.907834][ T6868] loop1: detected capacity change from 0 to 8 [ 215.925994][ T6868] SQUASHFS error: Failed to read block 0x4de: -5 [ 215.933491][ T6868] SQUASHFS error: Failed to read block 0x4de: -5 [ 215.969973][ T31] audit: type=1800 audit(1764976088.577:13): pid=6868 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.202" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 216.026889][ T6867] netlink: 'syz.2.206': attribute type 10 has an invalid length. [ 216.141349][ T6867] team0: Device veth1_macvtap failed to register rx_handler [ 218.590932][ T6885] loop2: detected capacity change from 0 to 512 [ 219.000885][ T6888] loop4: detected capacity change from 0 to 256 [ 219.498032][ T6888] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 219.908843][ T6885] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.290721][ T6885] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 221.305245][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.477211][ T6899] loop0: detected capacity change from 0 to 8 [ 221.489271][ T6899] SQUASHFS error: Failed to read block 0x4de: -5 [ 221.495979][ T6899] SQUASHFS error: Failed to read block 0x4de: -5 [ 221.502852][ T31] audit: type=1800 audit(1764976094.137:14): pid=6899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.212" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 222.882456][ T6909] loop2: detected capacity change from 0 to 8 [ 222.932619][ T6909] SQUASHFS error: Failed to read block 0x4de: -5 [ 222.941599][ T6909] SQUASHFS error: Failed to read block 0x4de: -5 [ 222.970185][ T31] audit: type=1800 audit(1764976095.587:15): pid=6909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.214" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 224.711297][ T6919] loop1: detected capacity change from 0 to 16 [ 224.788932][ T6919] erofs (device loop1): mounted with root inode @ nid 36. [ 224.812025][ T6917] netlink: 32 bytes leftover after parsing attributes in process `syz.3.218'. [ 224.821131][ T6917] netlink: 32 bytes leftover after parsing attributes in process `syz.3.218'. [ 225.197646][ T6925] syz.1.219: attempt to access beyond end of device [ 225.197646][ T6925] loop1: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 225.212811][ T6925] syz.1.219: attempt to access beyond end of device [ 225.212811][ T6925] loop1: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 225.228013][ T6925] erofs (device loop1): read error -5 @ 0 of nid 36 [ 225.277411][ T6925] syz.1.219: attempt to access beyond end of device [ 225.277411][ T6925] loop1: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 225.292416][ T6925] syz.1.219: attempt to access beyond end of device [ 225.292416][ T6925] loop1: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 225.307406][ T6925] erofs (device loop1): read error -5 @ 0 of nid 36 [ 225.350024][ T6925] syz.1.219: attempt to access beyond end of device [ 225.350024][ T6925] loop1: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 225.364973][ T6925] syz.1.219: attempt to access beyond end of device [ 225.364973][ T6925] loop1: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 225.379996][ T6925] erofs (device loop1): read error -5 @ 0 of nid 36 [ 226.044610][ T6927] netlink: 'syz.2.220': attribute type 10 has an invalid length. [ 226.075432][ T6927] team0: Device veth1_macvtap failed to register rx_handler [ 226.267865][ T6928] serio: Serial port ttyS3 [ 226.823320][ T6933] loop4: detected capacity change from 0 to 16 [ 226.834213][ T6932] loop3: detected capacity change from 0 to 512 [ 226.898311][ T6933] erofs (device loop4): mounted with root inode @ nid 36. [ 226.923244][ T6932] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.138793][ T6932] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 228.205227][ T6939] syz.4.222: attempt to access beyond end of device [ 228.205227][ T6939] loop4: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 228.220696][ T6939] syz.4.222: attempt to access beyond end of device [ 228.220696][ T6939] loop4: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 228.237159][ T6939] erofs (device loop4): read error -5 @ 0 of nid 36 [ 228.258066][ T6939] syz.4.222: attempt to access beyond end of device [ 228.258066][ T6939] loop4: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 228.274104][ T6939] syz.4.222: attempt to access beyond end of device [ 228.274104][ T6939] loop4: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 228.292332][ T6939] erofs (device loop4): read error -5 @ 0 of nid 36 [ 228.308767][ T6939] erofs (device loop4): read error -5 @ 0 of nid 36 [ 228.930489][ T6947] netlink: 'syz.1.225': attribute type 10 has an invalid length. [ 228.956013][ T5830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.088818][ T6955] loop4: detected capacity change from 0 to 8 [ 229.109842][ T6955] SQUASHFS error: Failed to read block 0x4de: -5 [ 229.116889][ T6955] SQUASHFS error: Failed to read block 0x4de: -5 [ 229.136832][ T31] audit: type=1800 audit(1764976101.757:16): pid=6955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.226" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 229.208577][ T6319] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 229.329164][ T6958] loop3: detected capacity change from 0 to 128 [ 232.468846][ T6319] usb 3-1: device descriptor read/all, error -71 [ 233.686407][ T6971] loop3: detected capacity change from 0 to 256 [ 233.751402][ T6971] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 233.778886][ T6975] netlink: 20 bytes leftover after parsing attributes in process `syz.1.234'. [ 234.050185][ T6981] FAULT_INJECTION: forcing a failure. [ 234.050185][ T6981] name failslab, interval 1, probability 0, space 0, times 0 [ 234.069080][ T6981] CPU: 1 UID: 0 PID: 6981 Comm: syz.2.236 Not tainted syzkaller #0 PREEMPT(full) [ 234.069108][ T6981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 234.069121][ T6981] Call Trace: [ 234.069128][ T6981] [ 234.069137][ T6981] dump_stack_lvl+0x189/0x250 [ 234.069165][ T6981] ? __pfx____ratelimit+0x10/0x10 [ 234.069195][ T6981] ? __pfx_dump_stack_lvl+0x10/0x10 [ 234.069220][ T6981] ? __pfx__printk+0x10/0x10 [ 234.069265][ T6981] should_fail_ex+0x414/0x560 [ 234.069297][ T6981] should_failslab+0xa8/0x100 [ 234.069325][ T6981] __kmalloc_cache_noprof+0x84/0x700 [ 234.069345][ T6981] ? __sctp_v6_cmp_addr+0x1e6/0x510 [ 234.069371][ T6981] ? sctp_add_bind_addr+0x8c/0x370 [ 234.069399][ T6981] sctp_add_bind_addr+0x8c/0x370 [ 234.069428][ T6981] sctp_copy_local_addr_list+0x30b/0x4e0 [ 234.069456][ T6981] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 234.069480][ T6981] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 234.069507][ T6981] ? sctp_v6_is_any+0x64/0x80 [ 234.069534][ T6981] ? sctp_copy_one_addr+0x93/0x360 [ 234.069561][ T6981] sctp_bind_addr_copy+0xb3/0x3c0 [ 234.069586][ T6981] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 234.069610][ T6981] sctp_connect_new_asoc+0x2e0/0x690 [ 234.069645][ T6981] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 234.069673][ T6981] ? __local_bh_enable_ip+0x12d/0x1c0 [ 234.069703][ T6981] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 234.069725][ T6981] ? security_sctp_bind_connect+0x7e/0x2e0 [ 234.069758][ T6981] sctp_sendmsg+0x155c/0x2840 [ 234.069801][ T6981] ? __pfx_sctp_sendmsg+0x10/0x10 [ 234.069852][ T6981] ? __pfx_aa_sk_perm+0x10/0x10 [ 234.069875][ T6981] ? sock_rps_record_flow+0x19/0x410 [ 234.069911][ T6981] ? inet_sendmsg+0x2f4/0x370 [ 234.069939][ T6981] sock_sendmsg_nosec+0x128/0x1d0 [ 234.069970][ T6981] __sys_sendto+0x3ce/0x540 [ 234.070005][ T6981] ? __pfx___sys_sendto+0x10/0x10 [ 234.070038][ T6981] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 234.070074][ T6981] ? __fget_files+0x3a0/0x420 [ 234.070113][ T6981] ? ksys_write+0x22a/0x250 [ 234.070136][ T6981] ? __pfx_ksys_write+0x10/0x10 [ 234.070160][ T6981] __x64_sys_sendto+0xde/0x100 [ 234.070196][ T6981] do_syscall_64+0xfa/0xf80 [ 234.070217][ T6981] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.070237][ T6981] ? clear_bhb_loop+0x60/0xb0 [ 234.070262][ T6981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.070282][ T6981] RIP: 0033:0x7fa0bbd8f749 [ 234.070301][ T6981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.070317][ T6981] RSP: 002b:00007fa0bcb9f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 234.070339][ T6981] RAX: ffffffffffffffda RBX: 00007fa0bbfe5fa0 RCX: 00007fa0bbd8f749 [ 234.070354][ T6981] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004 [ 234.070366][ T6981] RBP: 00007fa0bcb9f090 R08: 0000200000000080 R09: 000000000000001c [ 234.070380][ T6981] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 234.070391][ T6981] R13: 00007fa0bbfe6038 R14: 00007fa0bbfe5fa0 R15: 00007fff02ddbab8 [ 234.070426][ T6981] [ 234.390870][ T6965] loop0: detected capacity change from 0 to 32768 [ 234.400526][ T6965] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.230 (6965) [ 234.418040][ T6965] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 234.428570][ T6965] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 234.461151][ T6986] loop2: detected capacity change from 0 to 512 [ 234.564568][ T6986] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 234.616678][ T6965] BTRFS info (device loop0): enabling ssd optimizations [ 234.625576][ T6965] BTRFS info (device loop0): turning on flush-on-commit [ 234.632725][ T6965] BTRFS info (device loop0): turning on async discard [ 234.639917][ T6965] BTRFS info (device loop0): enabling free space tree [ 234.646764][ T6965] BTRFS info (device loop0): force zlib compression, level 3 [ 234.654276][ T6965] BTRFS info (device loop0): max_inline set to 4096 [ 234.678189][ T6965] BTRFS error (device loop0): balance: mixed groups data and metadata options must be the same [ 234.707282][ T6986] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 234.870175][ T5827] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 235.211794][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.451454][ T7014] loop4: detected capacity change from 0 to 8 [ 235.884428][ T7014] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.891240][ T7014] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.902640][ T31] audit: type=1800 audit(1764976108.527:17): pid=7014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.239" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 237.065321][ T7024] loop2: detected capacity change from 0 to 64 [ 238.921426][ T7032] binder: 7031:7032 ioctl c0306201 0 returned -14 [ 239.266401][ T7035] loop2: detected capacity change from 0 to 128 [ 239.675748][ T7045] loop0: detected capacity change from 0 to 512 [ 239.770671][ T7045] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.847553][ T7045] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 241.523554][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.857685][ T7058] bridge0: port 3(gretap0) entered blocking state [ 241.877004][ T7058] bridge0: port 3(gretap0) entered disabled state [ 241.892845][ T7058] gretap0: entered allmulticast mode [ 241.934480][ T7058] gretap0: entered promiscuous mode [ 241.950934][ T7058] bridge0: port 3(gretap0) entered blocking state [ 241.957781][ T7058] bridge0: port 3(gretap0) entered forwarding state [ 243.549218][ T7062] loop0: detected capacity change from 0 to 4096 [ 243.601311][ T7062] ntfs3: Unknown parameter 'K¶ŠàHâ' [ 244.488969][ T7071] loop0: detected capacity change from 0 to 16 [ 244.525404][ T7073] loop4: detected capacity change from 0 to 16 [ 244.532320][ T7071] erofs (device loop0): mounted with root inode @ nid 36. [ 244.652321][ T7079] 9p: Bad value for 'rfdno' [ 244.675604][ T7073] erofs (device loop4): mounted with root inode @ nid 36. [ 244.945121][ T7083] bio_check_eod: 2 callbacks suppressed [ 244.945141][ T7083] syz.0.261: attempt to access beyond end of device [ 244.945141][ T7083] loop0: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 244.964689][ T7083] syz.0.261: attempt to access beyond end of device [ 244.964689][ T7083] loop0: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 244.978747][ T7083] erofs (device loop0): read error -5 @ 0 of nid 36 [ 244.989849][ T7083] syz.0.261: attempt to access beyond end of device [ 244.989849][ T7083] loop0: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 245.004347][ T7083] syz.0.261: attempt to access beyond end of device [ 245.004347][ T7083] loop0: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 245.024164][ T7083] erofs (device loop0): read error -5 @ 0 of nid 36 [ 248.728583][ T5871] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 248.854800][ T7096] random: crng reseeded on system resumption [ 249.191554][ T5871] usb 2-1: Using ep0 maxpacket: 32 [ 249.202515][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 249.385442][ T7096] loop4: detected capacity change from 0 to 1024 [ 249.425111][ T7096] EXT4-fs: Ignoring removed i_version option [ 249.439246][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 249.443896][ T7096] EXT4-fs: inline encryption not supported [ 249.473028][ T7096] EXT4-fs (loop4): Test dummy encryption mode enabled [ 249.478602][ T5871] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 251.047879][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.064731][ T5871] usb 2-1: config 0 descriptor?? [ 251.224356][ T7108] loop2: detected capacity change from 0 to 128 [ 252.171128][ T7110] loop3: detected capacity change from 0 to 1024 [ 252.178411][ T7110] EXT4-fs: Ignoring removed i_version option [ 252.184507][ T7110] EXT4-fs: inline encryption not supported [ 252.424953][ T7110] EXT4-fs (loop3): Test dummy encryption mode enabled [ 252.571749][ T7096] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.030643][ T5871] usb 2-1: can't set config #0, error -71 [ 253.599350][ T7110] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.777945][ T5871] usb 2-1: USB disconnect, device number 5 [ 253.830158][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.227140][ T7110] EXT4-fs: Can't set or change test_dummy_encryption on remount [ 254.353255][ T7112] openvswitch: netlink: Unknown key attributes 2 [ 254.627343][ T5830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.435715][ T7120] loop3: detected capacity change from 0 to 4096 [ 255.556852][ T7126] loop4: detected capacity change from 0 to 16 [ 255.606036][ T7126] erofs (device loop4): mounted with root inode @ nid 36. [ 256.077569][ T7131] syz.4.277: attempt to access beyond end of device [ 256.077569][ T7131] loop4: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 256.091539][ T7131] syz.4.277: attempt to access beyond end of device [ 256.091539][ T7131] loop4: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 256.105567][ T7131] erofs (device loop4): read error -5 @ 0 of nid 36 [ 256.114605][ T7131] syz.4.277: attempt to access beyond end of device [ 256.114605][ T7131] loop4: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 256.131174][ T7131] syz.4.277: attempt to access beyond end of device [ 256.131174][ T7131] loop4: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 256.148265][ T7131] erofs (device loop4): read error -5 @ 0 of nid 36 [ 256.588717][ T7131] syz.4.277: attempt to access beyond end of device [ 256.588717][ T7131] loop4: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 256.604364][ T7131] syz.4.277: attempt to access beyond end of device [ 256.604364][ T7131] loop4: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 256.628463][ T7131] erofs (device loop4): read error -5 @ 0 of nid 36 [ 256.753530][ T7134] loop1: detected capacity change from 0 to 8 [ 256.976989][ T7132] SQUASHFS error: Failed to read block 0x4de: -5 [ 256.983778][ T7132] SQUASHFS error: Failed to read block 0x4de: -5 [ 256.993725][ T31] audit: type=1800 audit(1764976129.627:18): pid=7132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.278" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 257.297320][ T7136] loop3: detected capacity change from 0 to 1024 [ 257.427397][ T7139] bridge0: port 3(gretap0) entered blocking state [ 257.442281][ T7139] bridge0: port 3(gretap0) entered disabled state [ 257.452324][ T7139] gretap0: entered allmulticast mode [ 257.472243][ T7139] gretap0: entered promiscuous mode [ 257.481313][ T7139] bridge0: port 3(gretap0) entered blocking state [ 257.488241][ T7139] bridge0: port 3(gretap0) entered forwarding state [ 257.853846][ T7136] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 257.910226][ T7136] EXT4-fs error (device loop3): ext4_map_blocks:825: inode #3: block 1: comm syz.3.279: lblock 1 mapped to illegal pblock 1 (length 1) [ 259.153485][ T7136] Quota error (device loop3): write_blk: dquota write failed [ 259.170809][ T7150] loop0: detected capacity change from 0 to 8 [ 259.198641][ T7150] SQUASHFS error: Failed to read block 0x4de: -5 [ 259.206166][ T7150] SQUASHFS error: Failed to read block 0x4de: -5 [ 259.470284][ T31] audit: type=1800 audit(1764976131.847:19): pid=7150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.271" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 259.503628][ T7136] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 260.315273][ T7136] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.279: Failed to acquire dquot type 0 [ 260.344967][ T7152] loop2: detected capacity change from 0 to 128 [ 261.015868][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.403988][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.655528][ T7136] EXT4-fs error (device loop3): ext4_free_blocks:6728: comm syz.3.279: Freeing blocks not in datazone - block = 0, count = 4096 [ 261.857260][ T7136] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.279: Invalid inode bitmap blk 0 in block_group 0 [ 261.922697][ T6072] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:17: lblock 1 mapped to illegal pblock 1 (length 1) [ 262.135620][ T7136] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem [ 262.144587][ T6072] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 262.197729][ T6072] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:17: Failed to release dquot type 0 [ 262.224100][ T7136] EXT4-fs (loop3): 1 orphan inode deleted [ 262.271602][ T7136] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 262.628800][ T5871] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 262.824927][ T5871] usb 5-1: Using ep0 maxpacket: 32 [ 262.835779][ T5830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.861320][ T5871] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 262.909525][ T5871] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 262.978583][ T5871] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 262.982974][ T7161] loop0: detected capacity change from 0 to 512 [ 262.987671][ T5871] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.083684][ T7161] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 263.108907][ T7161] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 263.172238][ T5871] usb 5-1: config 0 descriptor?? [ 263.210632][ T5871] hub 5-1:0.0: USB hub found [ 263.266807][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.620285][ T5871] hub 5-1:0.0: config failed, can't read hub descriptor (err -22) [ 263.928698][ T5871] usbhid 5-1:0.0: can't add hid device: -71 [ 263.934863][ T5871] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 263.958109][ T7177] loop1: detected capacity change from 0 to 16 [ 263.999534][ T5871] usb 5-1: USB disconnect, device number 7 [ 264.188700][ T7177] erofs (device loop1): mounted with root inode @ nid 36. [ 264.296225][ T7180] fuse: Bad value for 'fd' [ 265.293725][ T7186] syz.1.290: attempt to access beyond end of device [ 265.293725][ T7186] loop1: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 265.309282][ T7186] syz.1.290: attempt to access beyond end of device [ 265.309282][ T7186] loop1: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 265.324555][ T7186] erofs (device loop1): read error -5 @ 0 of nid 36 [ 265.349464][ T7186] syz.1.290: attempt to access beyond end of device [ 265.349464][ T7186] loop1: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 265.364809][ T7186] syz.1.290: attempt to access beyond end of device [ 265.364809][ T7186] loop1: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 265.380084][ T7186] erofs (device loop1): read error -5 @ 0 of nid 36 [ 265.874710][ T7188] loop3: detected capacity change from 0 to 128 [ 268.270857][ T7196] wlan0 speed is unknown, defaulting to 1000 [ 268.277371][ T7196] wlan0 speed is unknown, defaulting to 1000 [ 268.443235][ T7196] wlan0 speed is unknown, defaulting to 1000 [ 268.482275][ T7200] loop4: detected capacity change from 0 to 64 [ 268.526115][ T7200] hfs: inconsistency in B*Tree (1,0,1,0,3) [ 268.545692][ T7196] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 268.554409][ T7200] hfs: get root inode failed [ 269.274054][ T7202] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 269.280939][ T7202] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 269.306338][ T7202] vhci_hcd vhci_hcd.0: Device attached [ 269.467896][ T7204] vhci_hcd: connection closed [ 269.588775][ T6036] vhci_hcd vhci_hcd.4: stop threads [ 269.619716][ T6036] vhci_hcd vhci_hcd.4: release socket [ 269.640910][ T7196] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 269.650020][ T6036] vhci_hcd vhci_hcd.4: disconnect device [ 269.682253][ T7209] loop2: detected capacity change from 0 to 512 [ 269.733602][ T7196] wlan0 speed is unknown, defaulting to 1000 [ 269.755391][ T7196] wlan0 speed is unknown, defaulting to 1000 [ 269.755904][ T7209] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 269.764130][ T7196] wlan0 speed is unknown, defaulting to 1000 [ 269.782527][ T7196] wlan0 speed is unknown, defaulting to 1000 [ 269.795416][ T7196] wlan0 speed is unknown, defaulting to 1000 [ 269.937046][ T7209] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.038739][ T7222] loop3: detected capacity change from 0 to 16 [ 270.161256][ T7222] erofs (device loop3): mounted with root inode @ nid 36. [ 270.404251][ T6014] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 270.492781][ T7225] syz.3.304: attempt to access beyond end of device [ 270.492781][ T7225] loop3: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 270.506938][ T7225] syz.3.304: attempt to access beyond end of device [ 270.506938][ T7225] loop3: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 270.521306][ T7225] erofs (device loop3): read error -5 @ 0 of nid 36 [ 270.535766][ T7225] syz.3.304: attempt to access beyond end of device [ 270.535766][ T7225] loop3: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 270.550216][ T7225] syz.3.304: attempt to access beyond end of device [ 270.550216][ T7225] loop3: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 270.564683][ T7225] erofs (device loop3): read error -5 @ 0 of nid 36 [ 272.300344][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 272.835818][ T7230] sg_write: process 172 (syz.4.307) changed security contexts after opening file descriptor, this is not allowed. [ 272.928790][ T6014] usb 1-1: Using ep0 maxpacket: 32 [ 272.954902][ T6014] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 273.148525][ T6014] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 273.249520][ T7236] loop3: detected capacity change from 0 to 8 [ 273.322721][ T7236] SQUASHFS error: Failed to read block 0x4de: -5 [ 273.331774][ T7236] SQUASHFS error: Failed to read block 0x4de: -5 [ 273.358317][ T31] audit: type=1800 audit(1764976145.977:20): pid=7236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.306" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 273.855448][ T6014] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 273.920339][ T6014] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.961383][ T6014] usb 1-1: config 0 descriptor?? [ 274.228752][ T6014] usb 1-1: can't set config #0, error -71 [ 274.245870][ T6014] usb 1-1: USB disconnect, device number 5 [ 277.188684][ T7228] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 277.368887][ T7228] usb 5-1: Using ep0 maxpacket: 16 [ 277.438041][ T7228] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 277.510471][ T7228] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.655888][ T7228] usb 5-1: Product: syz [ 277.855802][ T7228] usb 5-1: Manufacturer: syz [ 277.931201][ T7228] usb 5-1: SerialNumber: syz [ 278.269557][ T7262] loop0: detected capacity change from 0 to 512 [ 278.359647][ T7265] loop1: detected capacity change from 0 to 8 [ 279.258762][ T7265] SQUASHFS error: Failed to read block 0x4de: -5 [ 279.265838][ T7265] SQUASHFS error: Failed to read block 0x4de: -5 [ 279.278570][ T31] audit: type=1800 audit(1764976151.907:21): pid=7265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.315" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 281.092211][ T7274] loop2: detected capacity change from 0 to 8 [ 281.137214][ T7274] SQUASHFS error: Failed to read block 0x4de: -5 [ 281.146027][ T7274] SQUASHFS error: Failed to read block 0x4de: -5 [ 281.174813][ T31] audit: type=1800 audit(1764976153.787:22): pid=7274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.319" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 281.696064][ T7276] random: crng reseeded on system resumption [ 281.851765][ T7276] loop0: detected capacity change from 0 to 1024 [ 281.859535][ T7276] EXT4-fs: Ignoring removed i_version option [ 281.866105][ T7276] EXT4-fs: inline encryption not supported [ 281.878724][ T7276] EXT4-fs (loop0): Test dummy encryption mode enabled [ 281.895964][ T7276] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 281.977895][ T7276] EXT4-fs: Can't set or change test_dummy_encryption on remount [ 282.264592][ T7282] ubi: mtd0 is already attached to ubi31 [ 282.452753][ T7285] openvswitch: netlink: Unknown key attributes 2 [ 283.343932][ T7228] r8152-cfgselector 5-1: Unknown version 0x0000 [ 283.434469][ T7228] r8152-cfgselector 5-1: config 0 descriptor?? [ 283.532258][ T7228] r8152-cfgselector 5-1: can't set config #0, error -32 [ 283.760933][ T7283] loop1: detected capacity change from 0 to 8 [ 283.770459][ T7286] Unrecognized hibernate image header format! [ 283.776570][ T7286] PM: hibernation: Image mismatch: architecture specific data [ 283.871025][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.918995][ T7283] SQUASHFS error: Failed to read block 0x4de: -5 [ 283.925669][ T7283] SQUASHFS error: Failed to read block 0x4de: -5 [ 283.949201][ T31] audit: type=1800 audit(1764976156.567:23): pid=7283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.322" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 284.182759][ T7293] loop0: detected capacity change from 0 to 512 [ 284.351948][ T7293] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 284.369585][ T7293] ext4 filesystem being mounted at /63/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 285.001872][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 285.167693][ T7305] loop1: detected capacity change from 0 to 512 [ 285.241864][ T7305] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 285.319407][ T7305] ext4 filesystem being mounted at /69/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 285.334623][ T7228] r8152-cfgselector 5-1: USB disconnect, device number 8 [ 285.790797][ T7311] loop4: detected capacity change from 0 to 16 [ 285.993555][ T7311] erofs (device loop4): mounted with root inode @ nid 36. [ 286.027134][ T7314] loop3: detected capacity change from 0 to 512 [ 286.244540][ T7315] syz.4.329: attempt to access beyond end of device [ 286.244540][ T7315] loop4: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 286.258581][ T7315] syz.4.329: attempt to access beyond end of device [ 286.258581][ T7315] loop4: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 286.262354][ T7314] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 286.272553][ T7315] erofs (device loop4): read error -5 @ 0 of nid 36 [ 286.294642][ T7315] syz.4.329: attempt to access beyond end of device [ 286.294642][ T7315] loop4: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 286.308694][ T7315] syz.4.329: attempt to access beyond end of device [ 286.308694][ T7315] loop4: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 286.322482][ T7315] erofs (device loop4): read error -5 @ 0 of nid 36 [ 286.331166][ T7315] syz.4.329: attempt to access beyond end of device [ 286.331166][ T7315] loop4: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 286.345346][ T7315] syz.4.329: attempt to access beyond end of device [ 286.345346][ T7315] loop4: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 286.359125][ T7315] erofs (device loop4): read error -5 @ 0 of nid 36 [ 286.383917][ T7314] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 286.576871][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.146056][ T7321] loop4: detected capacity change from 0 to 128 [ 287.243485][ T7321] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 287.281490][ T7301] loop2: detected capacity change from 0 to 32768 [ 287.460449][ T7321] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 287.472433][ T7301] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/loop2": -EINTR [ 287.565385][ T7331] loop1: detected capacity change from 0 to 8 [ 287.620094][ T7331] SQUASHFS error: Failed to read block 0x4de: -5 [ 287.628164][ T7331] SQUASHFS error: Failed to read block 0x4de: -5 [ 287.650770][ T31] audit: type=1800 audit(1764976160.267:24): pid=7331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.332" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 287.966943][ T7318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 288.057466][ T5830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.214671][ T7318] bond0: (slave rose0): Enslaving as an active interface with an up link [ 288.572912][ T7339] ubi: mtd0 is already attached to ubi31 [ 289.115531][ T5836] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 289.402222][ T7346] random: crng reseeded on system resumption [ 289.557423][ T7346] loop3: detected capacity change from 0 to 1024 [ 289.565050][ T7346] EXT4-fs: Ignoring removed i_version option [ 289.571492][ T7346] EXT4-fs: inline encryption not supported [ 289.578303][ T7346] EXT4-fs (loop3): Test dummy encryption mode enabled [ 289.593206][ T7346] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 289.708785][ T7346] EXT4-fs: Can't set or change test_dummy_encryption on remount [ 290.201437][ T7348] loop0: detected capacity change from 0 to 4096 [ 290.325915][ T7359] loop1: detected capacity change from 0 to 8 [ 290.340456][ T7359] SQUASHFS error: Failed to read block 0x4de: -5 [ 290.347181][ T7359] SQUASHFS error: Failed to read block 0x4de: -5 [ 290.357461][ T31] audit: type=1800 audit(1764976162.987:25): pid=7359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.339" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 290.386410][ T7360] Unrecognized hibernate image header format! [ 290.392632][ T7360] PM: hibernation: Image mismatch: architecture specific data [ 290.438834][ T7360] openvswitch: netlink: Unknown key attributes 2 [ 290.576911][ T7365] bridge0: port 3(gretap0) entered blocking state [ 290.648629][ T7365] bridge0: port 3(gretap0) entered disabled state [ 290.722677][ T7365] gretap0: entered allmulticast mode [ 290.787092][ T7365] gretap0: entered promiscuous mode [ 290.805757][ T7371] loop0: detected capacity change from 0 to 16 [ 290.831124][ T7371] erofs (device loop0): mounted with root inode @ nid 36. [ 290.849826][ T7365] bridge0: port 3(gretap0) entered blocking state [ 290.856411][ T7365] bridge0: port 3(gretap0) entered forwarding state [ 291.114479][ T7372] syz.0.342: attempt to access beyond end of device [ 291.114479][ T7372] loop0: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 291.130142][ T7372] syz.0.342: attempt to access beyond end of device [ 291.130142][ T7372] loop0: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 291.144176][ T7372] erofs (device loop0): read error -5 @ 0 of nid 36 [ 291.153994][ T7372] syz.0.342: attempt to access beyond end of device [ 291.153994][ T7372] loop0: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 291.168282][ T7372] syz.0.342: attempt to access beyond end of device [ 291.168282][ T7372] loop0: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 291.183070][ T7372] erofs (device loop0): read error -5 @ 0 of nid 36 [ 291.193147][ T7372] erofs (device loop0): read error -5 @ 0 of nid 36 [ 291.561940][ T7377] loop2: detected capacity change from 0 to 512 [ 291.753942][ T7377] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 291.828851][ T7377] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 293.510786][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.582151][ T7402] ubi: mtd0 is already attached to ubi31 [ 295.205031][ T5830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.363347][ T7424] loop1: detected capacity change from 0 to 8 [ 295.383441][ T7426] loop2: detected capacity change from 0 to 16 [ 295.424805][ T7424] SQUASHFS error: Failed to read block 0x26067d: -5 [ 295.455859][ T7426] erofs (device loop2): mounted with root inode @ nid 36. [ 295.484296][ T7424] SQUASHFS error: Unable to read metadata cache entry [26067d] [ 295.678947][ T7424] SQUASHFS error: Unable to read directory block [26067d:ffff] [ 295.696059][ T7430] bio_check_eod: 2 callbacks suppressed [ 295.696075][ T7430] syz.2.354: attempt to access beyond end of device [ 295.696075][ T7430] loop2: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 295.716160][ T7430] syz.2.354: attempt to access beyond end of device [ 295.716160][ T7430] loop2: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 295.730141][ T7430] erofs (device loop2): read error -5 @ 0 of nid 36 [ 295.739702][ T7430] syz.2.354: attempt to access beyond end of device [ 295.739702][ T7430] loop2: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 295.753640][ T7430] syz.2.354: attempt to access beyond end of device [ 295.753640][ T7430] loop2: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 295.768743][ T7430] erofs (device loop2): read error -5 @ 0 of nid 36 [ 295.778966][ T7430] syz.2.354: attempt to access beyond end of device [ 295.778966][ T7430] loop2: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 295.793263][ T7430] syz.2.354: attempt to access beyond end of device [ 295.793263][ T7430] loop2: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 295.808035][ T7430] erofs (device loop2): read error -5 @ 0 of nid 36 [ 295.856370][ T7433] loop0: detected capacity change from 0 to 64 [ 295.881089][ T7428] loop3: detected capacity change from 0 to 4096 [ 296.718352][ T7440] macvlan2: entered promiscuous mode [ 296.888728][ T7448] loop4: detected capacity change from 0 to 512 [ 296.936685][ T7451] ubi: mtd0 is already attached to ubi31 [ 296.943804][ T7448] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 296.987127][ T7448] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 297.389677][ T7456] netlink: 28 bytes leftover after parsing attributes in process `syz.2.360'. [ 297.409162][ T7456] netlink: 28 bytes leftover after parsing attributes in process `syz.2.360'. [ 298.388842][ T7468] loop1: detected capacity change from 0 to 128 [ 298.397878][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.469324][ T7468] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 298.542696][ T7468] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 298.622711][ T7473] loop3: detected capacity change from 0 to 16 [ 298.810019][ T7473] erofs (device loop3): mounted with root inode @ nid 36. [ 298.857055][ T5889] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 298.906051][ T7479] loop2: detected capacity change from 0 to 8 [ 299.915651][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 299.926656][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 300.553959][ T7481] syz.3.366: attempt to access beyond end of device [ 300.553959][ T7481] loop3: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 300.567972][ T7481] syz.3.366: attempt to access beyond end of device [ 300.567972][ T7481] loop3: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 300.582039][ T7481] erofs (device loop3): read error -5 @ 0 of nid 36 [ 300.592046][ T7481] syz.3.366: attempt to access beyond end of device [ 300.592046][ T7481] loop3: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 300.606242][ T7481] syz.3.366: attempt to access beyond end of device [ 300.606242][ T7481] loop3: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 300.620303][ T7481] erofs (device loop3): read error -5 @ 0 of nid 36 [ 300.631683][ T7481] erofs (device loop3): read error -5 @ 0 of nid 36 [ 300.657202][ T7479] SQUASHFS error: Failed to read block 0x4de: -5 [ 300.664544][ T7479] SQUASHFS error: Failed to read block 0x4de: -5 [ 300.672160][ T31] audit: type=1800 audit(1764976173.307:26): pid=7479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.364" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 300.836839][ T5889] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 300.857587][ T5889] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 300.869569][ T5889] usb 1-1: Manufacturer: syz [ 300.877216][ T5889] usb 1-1: config 0 descriptor?? [ 301.154737][ T7487] loop4: detected capacity change from 0 to 256 [ 302.428349][ T5889] uclogic 0003:256C:006D.0002: interface is invalid, ignoring [ 302.551328][ T7495] random: crng reseeded on system resumption [ 302.659204][ T7495] loop1: detected capacity change from 0 to 1024 [ 302.666613][ T7495] EXT4-fs: Ignoring removed i_version option [ 302.672849][ T7495] EXT4-fs: inline encryption not supported [ 302.681017][ T7495] EXT4-fs (loop1): Test dummy encryption mode enabled [ 302.693253][ T5871] usb 1-1: USB disconnect, device number 6 [ 302.729255][ T7495] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 302.872831][ T7499] loop3: detected capacity change from 0 to 128 [ 302.905854][ T7495] EXT4-fs: Can't set or change test_dummy_encryption on remount [ 303.054161][ T7499] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 303.113813][ T7499] ext4 filesystem being mounted at /71/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 303.162231][ T6893] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 303.333439][ T7506] Unrecognized hibernate image header format! [ 303.339731][ T7506] PM: hibernation: Image mismatch: architecture specific data [ 303.349217][ T7506] openvswitch: netlink: Unknown key attributes 2 [ 303.444530][ T6893] usb 5-1: config 201 has an invalid interface number: 249 but max is 0 [ 303.605765][ T6893] usb 5-1: config 201 has no interface number 0 [ 303.638165][ T6893] usb 5-1: config 201 interface 249 has no altsetting 0 [ 303.681770][ T6893] usb 5-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df [ 303.725978][ T6893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.755754][ T6893] usb 5-1: Product: syz [ 303.783754][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.795613][ T6893] usb 5-1: Manufacturer: syz [ 303.835110][ T6893] usb 5-1: SerialNumber: syz [ 303.848086][ T7510] loop0: detected capacity change from 0 to 4096 [ 303.977185][ T5830] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 304.066030][ T7514] loop1: detected capacity change from 0 to 512 [ 304.139464][ T6893] ath6kl: Failed to submit usb control message: -71 [ 304.152808][ T7514] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 304.206411][ T6893] ath6kl: unable to send the bmi data to the device: -71 [ 304.295273][ T6893] ath6kl: Unable to send get target info: -71 [ 304.364697][ T7514] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 304.803002][ T6893] ath6kl: Failed to init ath6kl core: -71 [ 304.809605][ T6893] ath6kl_usb 5-1:201.249: probe with driver ath6kl_usb failed with error -71 [ 304.822252][ T6893] usb 5-1: USB disconnect, device number 9 [ 305.572978][ T7528] loop3: detected capacity change from 0 to 512 [ 305.613780][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 305.637875][ T7528] EXT4-fs (loop3): required journal recovery suppressed and not mounted read-only [ 305.715882][ T7531] FAULT_INJECTION: forcing a failure. [ 305.715882][ T7531] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 305.730322][ T7531] CPU: 0 UID: 0 PID: 7531 Comm: syz.4.378 Not tainted syzkaller #0 PREEMPT(full) [ 305.730350][ T7531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 305.730373][ T7531] Call Trace: [ 305.730382][ T7531] [ 305.730391][ T7531] dump_stack_lvl+0x189/0x250 [ 305.730422][ T7531] ? __pfx____ratelimit+0x10/0x10 [ 305.730454][ T7531] ? __pfx_dump_stack_lvl+0x10/0x10 [ 305.730479][ T7531] ? __pfx__printk+0x10/0x10 [ 305.730523][ T7531] should_fail_ex+0x414/0x560 [ 305.730557][ T7531] _copy_from_user+0x2d/0xb0 [ 305.730579][ T7531] vmemdup_user+0x5e/0xd0 [ 305.730604][ T7531] map_get_next_key+0x1c3/0x630 [ 305.730637][ T7531] ? bpf_lsm_bpf+0x9/0x20 [ 305.730660][ T7531] ? security_bpf+0x7e/0x300 [ 305.730694][ T7531] __sys_bpf+0x63d/0x860 [ 305.730725][ T7531] ? __pfx___sys_bpf+0x10/0x10 [ 305.730778][ T7531] ? ksys_write+0x22a/0x250 [ 305.730801][ T7531] ? __pfx_ksys_write+0x10/0x10 [ 305.730829][ T7531] __x64_sys_bpf+0x7c/0x90 [ 305.730856][ T7531] do_syscall_64+0xfa/0xf80 [ 305.730877][ T7531] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.730898][ T7531] ? clear_bhb_loop+0x60/0xb0 [ 305.730923][ T7531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.730944][ T7531] RIP: 0033:0x7fca1738f749 [ 305.730962][ T7531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.730980][ T7531] RSP: 002b:00007fca1826d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 305.731003][ T7531] RAX: ffffffffffffffda RBX: 00007fca175e6090 RCX: 00007fca1738f749 [ 305.731018][ T7531] RDX: 0000000000000020 RSI: 0000200000000000 RDI: 0000000000000004 [ 305.731032][ T7531] RBP: 00007fca1826d090 R08: 0000000000000000 R09: 0000000000000000 [ 305.731045][ T7531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.731057][ T7531] R13: 00007fca175e6128 R14: 00007fca175e6090 R15: 00007ffc17f8a348 [ 305.731091][ T7531] [ 306.011984][ T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 306.228611][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 306.280923][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x2 has invalid maxpacket 198, setting to 64 [ 306.407080][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 306.501006][ T10] usb 1-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 306.543914][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.570571][ T7534] loop1: detected capacity change from 0 to 512 [ 306.597440][ T10] usb 1-1: Product: syz [ 306.602289][ T10] usb 1-1: Manufacturer: syz [ 306.607160][ T10] usb 1-1: SerialNumber: syz [ 306.640200][ T10] usb 1-1: config 0 descriptor?? [ 306.674165][ T7534] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 306.684830][ T10] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 found [ 306.740954][ T7536] syz.4.381 uses obsolete (PF_INET,SOCK_PACKET) [ 306.773572][ T7534] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 306.817160][ T7536] netlink: 48 bytes leftover after parsing attributes in process `syz.4.381'. [ 306.921645][ T7524] loop0: detected capacity change from 0 to 1024 [ 306.933858][ T7524] EXT4-fs: Ignoring removed nomblk_io_submit option [ 307.441525][ T7524] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 307.463475][ T7524] System zones: 0-1, 3-36 [ 307.500229][ T7524] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 307.575543][ T10] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 now disconnected [ 307.603697][ T10] snd_usb_toneport 1-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 307.678730][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 307.805749][ T7548] loop4: detected capacity change from 0 to 512 [ 307.820846][ T5916] usb 1-1: USB disconnect, device number 7 [ 307.851202][ T7548] EXT4-fs: Ignoring removed nobh option [ 307.898884][ T7548] ext4: Unknown parameter 'uid' [ 308.037613][ T31] audit: type=1326 audit(1764976180.667:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7546 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 308.259406][ T31] audit: type=1326 audit(1764976180.717:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7546 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=327 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 308.331479][ T31] audit: type=1326 audit(1764976180.717:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7546 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 308.358762][ T31] audit: type=1326 audit(1764976180.717:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7546 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 308.382703][ T31] audit: type=1326 audit(1764976180.717:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7546 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 308.617196][ T31] audit: type=1326 audit(1764976180.727:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7546 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 308.685021][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 308.710917][ T31] audit: type=1326 audit(1764976180.727:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7546 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 308.711973][ T7561] loop4: detected capacity change from 0 to 8 [ 308.846042][ T31] audit: type=1326 audit(1764976180.727:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7546 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 308.868831][ T31] audit: type=1326 audit(1764976180.727:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7546 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 308.892407][ T31] audit: type=1326 audit(1764976180.737:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7546 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 309.291122][ T7561] unable to read id index table [ 309.786343][ T7570] syz_tun: entered allmulticast mode [ 310.397169][ T7576] loop3: detected capacity change from 0 to 512 [ 310.446786][ T7579] loop1: detected capacity change from 0 to 8 [ 310.459441][ T7579] SQUASHFS error: Failed to read block 0x4de: -5 [ 310.466030][ T7579] SQUASHFS error: Failed to read block 0x4de: -5 [ 310.949963][ T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 310.981430][ T7576] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 311.140000][ T7576] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 311.157978][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 311.246075][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 311.286004][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 311.807252][ T7593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 311.840211][ T7593] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 311.869691][ T24] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 311.896578][ T5830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 311.916005][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.004727][ T24] usb 1-1: config 0 descriptor?? [ 312.038812][ T5871] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 312.440781][ T5871] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 312.493633][ T5871] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 312.542290][ T7607] loop3: detected capacity change from 0 to 164 [ 312.577112][ T5871] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 312.587859][ T5871] usb 2-1: config 1 has no interface number 1 [ 312.595710][ T5871] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 313.462980][ T24] usbhid 1-1:0.0: can't add hid device: -71 [ 313.468741][ T5871] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 313.478496][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.487919][ T5871] usb 2-1: Product: syz [ 313.495813][ T5871] usb 2-1: Manufacturer: syz [ 313.501891][ T5871] usb 2-1: SerialNumber: syz [ 314.443794][ T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 314.465410][ T24] usb 1-1: USB disconnect, device number 8 [ 315.442745][ T5871] usb 2-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0 [ 315.469218][ T5871] usb 2-1: MIDIStreaming interface descriptor not found [ 315.508098][ T7612] loop3: detected capacity change from 0 to 16 [ 315.545193][ T7612] erofs (device loop3): mounted with root inode @ nid 36. [ 315.779102][ T6893] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 315.874747][ T7624] bio_check_eod: 2 callbacks suppressed [ 315.874790][ T7624] syz.3.397: attempt to access beyond end of device [ 315.874790][ T7624] loop3: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 315.895324][ T7624] syz.3.397: attempt to access beyond end of device [ 315.895324][ T7624] loop3: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 315.910238][ T7624] erofs (device loop3): read error -5 @ 0 of nid 36 [ 315.957593][ T7624] syz.3.397: attempt to access beyond end of device [ 315.957593][ T7624] loop3: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 315.972530][ T7624] syz.3.397: attempt to access beyond end of device [ 315.972530][ T7624] loop3: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 315.987857][ T7624] erofs (device loop3): read error -5 @ 0 of nid 36 [ 316.031913][ T7624] syz.3.397: attempt to access beyond end of device [ 316.031913][ T7624] loop3: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 316.046884][ T7624] syz.3.397: attempt to access beyond end of device [ 316.046884][ T7624] loop3: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 316.062067][ T7624] erofs (device loop3): read error -5 @ 0 of nid 36 [ 316.428770][ T5871] usb 2-1: USB disconnect, device number 6 [ 316.612591][ T7113] udevd[7113]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 316.700797][ T6893] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.755329][ T6893] usb 1-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 317.013080][ T6893] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 317.149479][ T6893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.270787][ T6893] usb 1-1: Product: syz [ 317.396037][ T5871] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 317.403684][ T6893] usb 1-1: Manufacturer: syz [ 317.403709][ T6893] usb 1-1: SerialNumber: syz [ 317.834493][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.901201][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.908286][ T6893] cdc_ncm 1-1:1.0: skipping garbage [ 317.949882][ T6893] cdc_ncm 1-1:1.0: NCM or ECM functional descriptors missing [ 317.965347][ T5871] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 318.224714][ T6893] cdc_ncm 1-1:1.0: bind() failure [ 318.244003][ T6893] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 318.256595][ T7635] loop3: detected capacity change from 0 to 8 [ 318.279509][ T5871] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 318.288144][ T5871] usb 2-1: Manufacturer: syz [ 318.289439][ T7635] SQUASHFS error: Failed to read block 0x4de: -5 [ 318.299677][ T7635] SQUASHFS error: Failed to read block 0x4de: -5 [ 318.302664][ T5871] usb 2-1: config 0 descriptor?? [ 318.320486][ T31] kauditd_printk_skb: 24 callbacks suppressed [ 318.320505][ T31] audit: type=1800 audit(1764976190.947:61): pid=7635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.403" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 318.554015][ T6893] cdc_ncm 1-1:1.1: bind() failure [ 318.897378][ T7639] loop1: detected capacity change from 0 to 512 [ 319.049935][ T7639] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 319.071205][ T7640] loop2: detected capacity change from 0 to 512 [ 319.163940][ T7639] ext4 filesystem being mounted at /83/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 319.212720][ T7640] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 319.235794][ T7617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 319.299924][ T7617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 319.327564][ T7158] usb 1-1: USB disconnect, device number 9 [ 319.429243][ T7640] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 319.650365][ T7617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 319.676175][ T7652] loop0: detected capacity change from 0 to 2048 [ 319.691105][ T7652] EXT4-fs: Ignoring removed bh option [ 319.847384][ T7617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 319.918214][ T7652] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 320.403857][ T5871] usbhid 2-1:0.0: can't add hid device: -71 [ 320.454415][ T5871] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 320.469304][ T5871] usb 2-1: USB disconnect, device number 7 [ 320.547063][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 320.703807][ T1140] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 320.732258][ T1140] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 434 with error 28 [ 320.747133][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 320.785457][ T1140] EXT4-fs (loop0): This should not happen!! Data will be lost [ 320.785457][ T1140] [ 320.953742][ T1140] EXT4-fs (loop0): Total free blocks count 0 [ 320.966616][ T1140] EXT4-fs (loop0): Free/Dirty block details [ 320.982796][ T1140] EXT4-fs (loop0): free_blocks=2415919104 [ 320.992466][ T1140] EXT4-fs (loop0): dirty_blocks=448 [ 320.997707][ T1140] EXT4-fs (loop0): Block reservation details [ 321.021815][ T7667] mmap: syz.1.411 (7667) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 321.033888][ T1140] EXT4-fs (loop0): i_reserved_data_blocks=28 [ 321.192010][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 321.481570][ T7673] netlink: 'syz.2.413': attribute type 1 has an invalid length. [ 322.459963][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.466461][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.607192][ T7683] loop3: detected capacity change from 0 to 8 [ 322.641716][ T7683] SQUASHFS error: Failed to read block 0x4de: -5 [ 322.648603][ T7683] SQUASHFS error: Failed to read block 0x4de: -5 [ 322.661991][ T31] audit: type=1800 audit(1764976195.287:62): pid=7683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.415" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 322.779904][ T7686] loop1: detected capacity change from 0 to 2048 [ 322.839437][ T7686] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 323.030800][ T7694] loop2: detected capacity change from 0 to 16 [ 323.052045][ T7691] loop4: detected capacity change from 0 to 512 [ 323.069437][ T7694] erofs (device loop2): mounted with root inode @ nid 36. [ 323.350401][ T7691] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 324.046336][ T7691] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 324.067903][ T7702] syz.2.419: attempt to access beyond end of device [ 324.067903][ T7702] loop2: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 324.081953][ T7702] syz.2.419: attempt to access beyond end of device [ 324.081953][ T7702] loop2: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 324.095838][ T7702] erofs (device loop2): read error -5 @ 0 of nid 36 [ 324.105390][ T7702] syz.2.419: attempt to access beyond end of device [ 324.105390][ T7702] loop2: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 324.120138][ T7702] syz.2.419: attempt to access beyond end of device [ 324.120138][ T7702] loop2: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 324.134359][ T7702] erofs (device loop2): read error -5 @ 0 of nid 36 [ 324.144763][ T7702] syz.2.419: attempt to access beyond end of device [ 324.144763][ T7702] loop2: rw=0, sector=301990144, nr_sectors = 257 limit=16 [ 324.158825][ T7702] syz.2.419: attempt to access beyond end of device [ 324.158825][ T7702] loop2: rw=0, sector=301990400, nr_sectors = 1 limit=16 [ 324.173345][ T7702] erofs (device loop2): read error -5 @ 0 of nid 36 [ 325.140882][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 325.269483][ T7716] loop2: detected capacity change from 0 to 512 [ 325.329759][ T7719] FAULT_INJECTION: forcing a failure. [ 325.329759][ T7719] name failslab, interval 1, probability 0, space 0, times 0 [ 325.417620][ T7716] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 325.430537][ T7719] CPU: 1 UID: 0 PID: 7719 Comm: syz.1.425 Not tainted syzkaller #0 PREEMPT(full) [ 325.430560][ T7719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 325.430571][ T7719] Call Trace: [ 325.430580][ T7719] [ 325.430596][ T7719] dump_stack_lvl+0x189/0x250 [ 325.430622][ T7719] ? __pfx____ratelimit+0x10/0x10 [ 325.430648][ T7719] ? __pfx_dump_stack_lvl+0x10/0x10 [ 325.430668][ T7719] ? __pfx__printk+0x10/0x10 [ 325.430695][ T7719] ? __pfx___might_resched+0x10/0x10 [ 325.430716][ T7719] ? fs_reclaim_acquire+0x7d/0x100 [ 325.430738][ T7719] should_fail_ex+0x414/0x560 [ 325.430764][ T7719] should_failslab+0xa8/0x100 [ 325.430786][ T7719] kmem_cache_alloc_node_noprof+0x8c/0x720 [ 325.430814][ T7719] ? __alloc_skb+0x255/0x430 [ 325.430837][ T7719] ? napi_skb_cache_get+0x4a5/0x780 [ 325.430865][ T7719] ? napi_skb_cache_get+0x151/0x780 [ 325.430893][ T7719] __alloc_skb+0x255/0x430 [ 325.430921][ T7719] ? __pfx___alloc_skb+0x10/0x10 [ 325.430947][ T7719] ? netlink_autobind+0xdb/0x300 [ 325.430966][ T7719] ? netlink_autobind+0x2c2/0x300 [ 325.430989][ T7719] netlink_sendmsg+0x5c6/0xb30 [ 325.431032][ T7719] ? aa_sk_perm+0x15f/0x920 [ 325.431054][ T7719] ? __pfx_netlink_sendmsg+0x10/0x10 [ 325.431075][ T7719] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 325.431102][ T7719] ? __pfx_netlink_sendmsg+0x10/0x10 [ 325.431119][ T7719] sock_sendmsg_nosec+0x18f/0x1d0 [ 325.431144][ T7719] ____sys_sendmsg+0x577/0x880 [ 325.431167][ T7719] ? __pfx_____sys_sendmsg+0x10/0x10 [ 325.431191][ T7719] ? import_iovec+0x74/0xa0 [ 325.431210][ T7719] ___sys_sendmsg+0x21f/0x2a0 [ 325.431229][ T7719] ? __pfx____sys_sendmsg+0x10/0x10 [ 325.431251][ T7719] ? rcu_read_lock_any_held+0xb3/0x120 [ 325.431305][ T7719] ? __fget_files+0x2a/0x420 [ 325.431325][ T7719] ? __fget_files+0x3a0/0x420 [ 325.431355][ T7719] __x64_sys_sendmsg+0x19b/0x260 [ 325.431374][ T7719] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 325.431399][ T7719] ? __pfx_ksys_write+0x10/0x10 [ 325.431419][ T7719] ? do_syscall_64+0xbe/0xf80 [ 325.431438][ T7719] do_syscall_64+0xfa/0xf80 [ 325.431454][ T7719] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.431470][ T7719] ? clear_bhb_loop+0x60/0xb0 [ 325.431490][ T7719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.431506][ T7719] RIP: 0033:0x7fe1b838f749 [ 325.431521][ T7719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.431535][ T7719] RSP: 002b:00007fe1b92c4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 325.431554][ T7719] RAX: ffffffffffffffda RBX: 00007fe1b85e5fa0 RCX: 00007fe1b838f749 [ 325.431566][ T7719] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003 [ 325.431577][ T7719] RBP: 00007fe1b92c4090 R08: 0000000000000000 R09: 0000000000000000 [ 325.431587][ T7719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 325.431597][ T7719] R13: 00007fe1b85e6038 R14: 00007fe1b85e5fa0 R15: 00007ffcee298a08 [ 325.431624][ T7719] [ 325.741309][ T7716] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 325.920727][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 326.308777][ T7228] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 327.308536][ T7228] usb 3-1: Using ep0 maxpacket: 32 [ 327.347137][ T7228] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 327.387433][ T7228] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 327.418013][ T7228] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid maxpacket 8960, setting to 1024 [ 327.482000][ T7228] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 327.528657][ T7228] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 328.269408][ T7228] usb 3-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 328.278940][ T7228] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.287330][ T7228] usb 3-1: Product: syz [ 328.291937][ T7228] usb 3-1: Manufacturer: syz [ 328.296574][ T7228] usb 3-1: SerialNumber: syz [ 328.309362][ T7228] usb 3-1: config 0 descriptor?? [ 328.674005][ T7743] loop0: detected capacity change from 0 to 8 [ 328.688324][ T7743] SQUASHFS error: Failed to read block 0x4de: -5 [ 328.695214][ T7743] SQUASHFS error: Failed to read block 0x4de: -5 [ 328.702045][ T31] audit: type=1800 audit(1764976201.337:63): pid=7743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.431" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 329.597264][ T7729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 329.676423][ T7729] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 329.881377][ T7749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.427'. [ 329.891286][ T7749] netlink: 12 bytes leftover after parsing attributes in process `syz.2.427'. [ 329.929422][ T7749] netlink: 16 bytes leftover after parsing attributes in process `syz.2.427'. [ 330.028971][ T7228] iforce 3-1:0.0: usb_submit_urb failed: -110 [ 330.074222][ T7228] input input6: Device does not respond to id packet M [ 330.083495][ T7228] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 330.089683][ T7228] input input6: Device does not respond to id packet P [ 330.110005][ T7228] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 330.116187][ T7228] input input6: Device does not respond to id packet B [ 330.130728][ T7228] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 330.137157][ T7228] input input6: Device does not respond to id packet N [ 330.151420][ T7228] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 330.168981][ T7228] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 330.184160][ T7752] loop0: detected capacity change from 0 to 2048 [ 330.191096][ T7228] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 330.197565][ T7228] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 330.213493][ T7228] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input6 [ 330.265961][ T7752] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 330.497316][ T7754] loop4: detected capacity change from 0 to 256 [ 330.563165][ T7756] kernel read not supported for file / œÏüÔ¢W)ëS“§Ç-ë (pid: 7756 comm: syz.1.435) [ 330.599921][ T7754] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 330.629177][ T31] audit: type=1800 audit(1764976203.267:64): pid=7756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.435" name=20019CCFFCD4A25729EB5393A7C72DEB dev="mqueue" ino=16587 res=0 errno=0 [ 330.652978][ T7756] syzkaller0: entered promiscuous mode [ 330.662630][ T7756] syzkaller0: entered allmulticast mode [ 331.845582][ T7762] loop3: detected capacity change from 0 to 512 [ 332.072369][ T7756] loop1: detected capacity change from 0 to 131072 [ 332.099329][ T7756] F2FS-fs (loop1): Test dummy encryption mode enabled [ 332.116442][ T7756] F2FS-fs (loop1): invalid crc value [ 332.223819][ T5871] usb 3-1: USB disconnect, device number 7 [ 332.286605][ T7756] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 332.323830][ T7756] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 332.475354][ T7762] EXT4-fs error (device loop3): ext4_iget_extra_inode:5073: inode #15: comm syz.3.437: corrupted in-inode xattr: invalid ea_ino [ 332.605136][ T7762] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.437: couldn't read orphan inode 15 (err -117) [ 332.620145][ T7762] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 332.635174][ T7756] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 332.728036][ T7756] tipc: Started in network mode [ 332.733052][ T7756] tipc: Node identity 0a350bfbbfd6, cluster identity 4711 [ 332.740535][ T7756] tipc: Enabled bearer , priority 0 [ 332.754703][ T7773] FAULT_INJECTION: forcing a failure. [ 332.754703][ T7773] name failslab, interval 1, probability 0, space 0, times 0 [ 332.789050][ T7755] tipc: Resetting bearer [ 332.794992][ T7773] CPU: 0 UID: 0 PID: 7773 Comm: syz.3.437 Not tainted syzkaller #0 PREEMPT(full) [ 332.795012][ T7773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 332.795021][ T7773] Call Trace: [ 332.795028][ T7773] [ 332.795035][ T7773] dump_stack_lvl+0x189/0x250 [ 332.795058][ T7773] ? __pfx____ratelimit+0x10/0x10 [ 332.795081][ T7773] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.795099][ T7773] ? __pfx__printk+0x10/0x10 [ 332.795123][ T7773] ? __pfx___might_resched+0x10/0x10 [ 332.795140][ T7773] ? fs_reclaim_acquire+0x7d/0x100 [ 332.795160][ T7773] should_fail_ex+0x414/0x560 [ 332.795184][ T7773] should_failslab+0xa8/0x100 [ 332.795205][ T7773] kmem_cache_alloc_noprof+0x88/0x710 [ 332.795228][ T7773] ? ksys_write+0x22a/0x250 [ 332.795242][ T7773] ? getname_flags+0xb8/0x540 [ 332.795263][ T7773] getname_flags+0xb8/0x540 [ 332.795284][ T7773] __x64_sys_rename+0x5d/0x90 [ 332.795303][ T7773] do_syscall_64+0xfa/0xf80 [ 332.795317][ T7773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.795332][ T7773] ? clear_bhb_loop+0x60/0xb0 [ 332.795350][ T7773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.795364][ T7773] RIP: 0033:0x7f06a2b8f749 [ 332.795378][ T7773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.795391][ T7773] RSP: 002b:00007f06a3a6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 332.795407][ T7773] RAX: ffffffffffffffda RBX: 00007f06a2de6090 RCX: 00007f06a2b8f749 [ 332.795418][ T7773] RDX: 0000000000000000 RSI: 0000200000001480 RDI: 0000200000001380 [ 332.795427][ T7773] RBP: 00007f06a3a6f090 R08: 0000000000000000 R09: 0000000000000000 [ 332.795436][ T7773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 332.795445][ T7773] R13: 00007f06a2de6128 R14: 00007f06a2de6090 R15: 00007fffc476a5f8 [ 332.795469][ T7773] [ 333.261779][ T5830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 333.457869][ T7755] tipc: Disabling bearer [ 333.593331][ T31] audit: type=1804 audit(1764976206.217:65): pid=7782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.440" name="/newroot/85/file0" dev="tmpfs" ino=491 res=1 errno=0 [ 333.614955][ T6014] IPVS: starting estimator thread 0... [ 333.779695][ T7783] IPVS: using max 39 ests per chain, 93600 per kthread [ 334.760498][ T7794] fuse: Bad value for 'fd' [ 335.197118][ T7807] loop0: detected capacity change from 0 to 128 [ 335.198644][ T6893] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 335.608680][ T6893] usb 3-1: Using ep0 maxpacket: 32 [ 335.714624][ T6893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 335.957459][ T6893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 336.138539][ T6893] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 336.214500][ T6893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.249545][ T6893] usb 3-1: config 0 descriptor?? [ 336.268162][ T6893] hub 3-1:0.0: USB hub found [ 336.520142][ T6893] hub 3-1:0.0: 1 port detected [ 337.331193][ T7815] loop0: detected capacity change from 0 to 64 [ 337.462406][ T6014] usb 3-1: USB disconnect, device number 8 [ 337.469518][ T6893] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 341.544467][ T7848] loop1: detected capacity change from 0 to 512 [ 341.784908][ T7848] EXT4-fs error (device loop1): ext4_iget_extra_inode:5073: inode #15: comm syz.1.461: corrupted in-inode xattr: invalid ea_ino [ 341.802349][ T7850] loop0: detected capacity change from 0 to 64 [ 341.936889][ T7848] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.461: couldn't read orphan inode 15 (err -117) [ 341.995728][ T7848] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 342.091122][ T7848] FAULT_INJECTION: forcing a failure. [ 342.091122][ T7848] name failslab, interval 1, probability 0, space 0, times 0 [ 342.178032][ T7848] CPU: 1 UID: 0 PID: 7848 Comm: syz.1.461 Not tainted syzkaller #0 PREEMPT(full) [ 342.178062][ T7848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 342.178076][ T7848] Call Trace: [ 342.178084][ T7848] [ 342.178093][ T7848] dump_stack_lvl+0x189/0x250 [ 342.178123][ T7848] ? __pfx____ratelimit+0x10/0x10 [ 342.178153][ T7848] ? __pfx_dump_stack_lvl+0x10/0x10 [ 342.178178][ T7848] ? __pfx__printk+0x10/0x10 [ 342.178211][ T7848] ? __pfx___might_resched+0x10/0x10 [ 342.178235][ T7848] ? fs_reclaim_acquire+0x7d/0x100 [ 342.178264][ T7848] should_fail_ex+0x414/0x560 [ 342.178296][ T7848] should_failslab+0xa8/0x100 [ 342.178324][ T7848] kmem_cache_alloc_noprof+0x88/0x710 [ 342.178356][ T7848] ? ksys_write+0x22a/0x250 [ 342.178375][ T7848] ? getname_flags+0xb8/0x540 [ 342.178407][ T7848] getname_flags+0xb8/0x540 [ 342.178436][ T7848] __x64_sys_rename+0x5d/0x90 [ 342.178461][ T7848] do_syscall_64+0xfa/0xf80 [ 342.178482][ T7848] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.178504][ T7848] ? clear_bhb_loop+0x60/0xb0 [ 342.178529][ T7848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.178549][ T7848] RIP: 0033:0x7fe1b838f749 [ 342.178566][ T7848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 342.178584][ T7848] RSP: 002b:00007fe1b92c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 342.178608][ T7848] RAX: ffffffffffffffda RBX: 00007fe1b85e5fa0 RCX: 00007fe1b838f749 [ 342.178623][ T7848] RDX: 0000000000000000 RSI: 0000200000001480 RDI: 0000200000001380 [ 342.178636][ T7848] RBP: 00007fe1b92c4090 R08: 0000000000000000 R09: 0000000000000000 [ 342.178650][ T7848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 342.178662][ T7848] R13: 00007fe1b85e6038 R14: 00007fe1b85e5fa0 R15: 00007ffcee298a08 [ 342.178695][ T7848] [ 342.703930][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 343.141661][ T7866] loop1: detected capacity change from 0 to 128 [ 343.199497][ T7866] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 343.271128][ T7862] loop3: detected capacity change from 0 to 128 [ 343.278267][ T7866] ext4 filesystem being mounted at /92/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 343.504235][ T7868] xt_CT: You must specify a L4 protocol and not use inversions on it [ 343.838712][ T10] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 343.963546][ T5826] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 344.008570][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 344.016401][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 344.028924][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 344.044081][ T10] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 344.061300][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.094949][ T10] usb 5-1: config 0 descriptor?? [ 344.103748][ T10] hub 5-1:0.0: USB hub found [ 344.302779][ T10] hub 5-1:0.0: 1 port detected [ 344.491889][ T6014] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 344.788532][ T6014] usb 2-1: Using ep0 maxpacket: 32 [ 344.798091][ T6014] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 344.819505][ T6014] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 345.591991][ T6014] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 345.617292][ T6014] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.657311][ T6014] usb 2-1: config 0 descriptor?? [ 345.673740][ T6014] hub 2-1:0.0: USB hub found [ 345.775405][ T7228] usb 5-1: USB disconnect, device number 10 [ 345.782346][ T10] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 345.878178][ T6014] hub 2-1:0.0: config failed, can't read hub descriptor (err -90) [ 345.971765][ T7878] loop0: detected capacity change from 0 to 4096 [ 346.381124][ T6014] hid-generic 0003:046D:C31C.0003: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.1-1/input0 [ 346.901149][ T7887] overlay: filesystem on ./bus not supported as upperdir [ 346.909520][ T6014] usb 2-1: USB disconnect, device number 8 [ 347.260428][ T5889] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 347.299026][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 347.428717][ T5889] usb 1-1: device descriptor read/64, error -32 [ 347.545124][ T7889] fido_id[7889]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 347.748765][ T5889] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 347.873151][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 348.043570][ T5889] usb 1-1: device descriptor read/64, error -32 [ 348.280041][ T5889] usb usb1-port1: attempt power cycle [ 348.695059][ T5889] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 348.699876][ T7228] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 348.711695][ T7898] loop1: detected capacity change from 0 to 64 [ 348.812377][ T5889] usb 1-1: Using ep0 maxpacket: 32 [ 348.820086][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 348.878466][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 348.924015][ T5889] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 348.938348][ T7228] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 349.021890][ T5889] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.212796][ T6014] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 349.326705][ T7908] loop1: detected capacity change from 0 to 8 [ 350.225541][ T7908] SQUASHFS error: Failed to read block 0x4de: -5 [ 350.232791][ T7908] SQUASHFS error: Failed to read block 0x4de: -5 [ 350.251164][ T5889] usb 1-1: config 0 descriptor?? [ 350.277522][ T31] audit: type=1800 audit(1764976222.877:66): pid=7908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.478" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 350.299145][ T7228] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 350.538831][ T6014] usb 3-1: Using ep0 maxpacket: 32 [ 350.726010][ T6014] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 350.778586][ T6014] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 350.850421][ T6014] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 350.853110][ T5889] usb 1-1: can't set config #0, error -71 [ 350.908670][ T7228] usb 4-1: string descriptor 0 read error: -71 [ 350.915492][ T7228] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 350.941720][ T5889] usb 1-1: USB disconnect, device number 12 [ 350.958059][ T6014] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.971201][ T7228] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 351.154548][ T6014] usb 3-1: config 0 descriptor?? [ 351.163787][ T7228] usb 4-1: config 0 descriptor?? [ 351.172085][ T7228] usb 4-1: can't set config #0, error -71 [ 352.147619][ T7917] loop1: detected capacity change from 0 to 8 [ 352.148706][ T7228] usb 4-1: USB disconnect, device number 4 [ 352.164770][ T7917] SQUASHFS error: Failed to read block 0x4de: -5 [ 352.171841][ T7917] SQUASHFS error: Failed to read block 0x4de: -5 [ 352.178711][ T31] audit: type=1800 audit(1764976224.817:67): pid=7917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.480" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 352.203633][ T6014] hub 3-1:0.0: USB hub found [ 352.214615][ T6014] hub 3-1:0.0: 1 port detected [ 352.598777][ T7228] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 352.614062][ T5969] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 352.798514][ T5969] usb 1-1: Using ep0 maxpacket: 16 [ 352.806847][ T7228] usb 4-1: config 201 has an invalid interface number: 249 but max is 0 [ 352.827699][ T5969] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 352.841574][ T7228] usb 4-1: config 201 has no interface number 0 [ 352.847974][ T7228] usb 4-1: config 201 interface 249 has no altsetting 0 [ 352.864415][ T5969] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 352.890523][ T6014] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 352.891611][ T5889] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 352.930047][ T7228] usb 4-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df [ 352.952465][ T5969] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 352.976808][ T7228] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.997032][ T5969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.013170][ T7228] usb 4-1: Product: syz [ 353.023660][ T5969] usb 1-1: Product: syz [ 353.028741][ T7228] usb 4-1: Manufacturer: syz [ 353.033632][ T7228] usb 4-1: SerialNumber: syz [ 353.039115][ T5969] usb 1-1: Manufacturer: syz [ 353.044911][ T5969] usb 1-1: SerialNumber: syz [ 353.151936][ T5889] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 353.164813][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.227423][ T5889] usb 2-1: config 0 descriptor?? [ 353.299241][ T5969] usb 1-1: 0:2 : does not exist [ 353.352733][ T5969] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 353.385699][ T7228] ath6kl: Failed to submit usb control message: -71 [ 353.432699][ T7228] ath6kl: unable to send the bmi data to the device: -71 [ 353.454676][ T7228] ath6kl: Unable to send get target info: -71 [ 353.507287][ T7228] ath6kl: Failed to init ath6kl core: -71 [ 353.529691][ T5969] usb 1-1: USB disconnect, device number 13 [ 353.543439][ T7228] ath6kl_usb 4-1:201.249: probe with driver ath6kl_usb failed with error -71 [ 353.606337][ T7228] usb 4-1: USB disconnect, device number 5 [ 353.714262][ T6174] udevd[6174]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 353.746293][ T7920] usb 3-1: USB disconnect, device number 9 [ 354.185554][ T5889] pegasus 2-1:0.0: probe with driver pegasus failed with error -121 [ 354.200075][ T7920] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 354.273942][ T7935] ubi: mtd0 is already attached to ubi31 [ 354.391293][ T7920] usb 3-1: config 201 has an invalid interface number: 249 but max is 0 [ 354.410285][ T7920] usb 3-1: config 201 has no interface number 0 [ 354.423067][ T7920] usb 3-1: config 201 interface 249 has no altsetting 0 [ 354.439808][ T7920] usb 3-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df [ 354.452954][ T7920] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.464091][ T7920] usb 3-1: Product: syz [ 354.469979][ T7920] usb 3-1: Manufacturer: syz [ 354.477794][ T7920] usb 3-1: SerialNumber: syz [ 354.735622][ T7920] ath6kl: Failed to submit usb control message: -71 [ 354.750893][ T7920] ath6kl: unable to send the bmi data to the device: -71 [ 354.762844][ T7920] ath6kl: Unable to send get target info: -71 [ 354.786773][ T7920] ath6kl: Failed to init ath6kl core: -71 [ 354.800737][ T7920] ath6kl_usb 3-1:201.249: probe with driver ath6kl_usb failed with error -71 [ 354.833423][ T7920] usb 3-1: USB disconnect, device number 10 [ 354.870266][ T7939] loop3: detected capacity change from 0 to 64 [ 355.960084][ T7953] loop4: detected capacity change from 0 to 64 [ 356.668781][ T7955] loop3: detected capacity change from 0 to 64 [ 357.055805][ T7920] usb 2-1: USB disconnect, device number 9 [ 358.358489][ T7920] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 359.455769][ T7964] loop4: detected capacity change from 0 to 8 [ 359.462869][ T7964] squashfs: Unknown parameter '' [ 359.478689][ T7920] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 359.498572][ T7920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.522133][ T7920] usb 2-1: config 0 descriptor?? [ 359.536542][ T7920] cp210x 2-1:0.0: cp210x converter detected [ 359.794136][ T7969] loop3: detected capacity change from 0 to 128 [ 359.883527][ T7969] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 359.927004][ T7969] ext4 filesystem being mounted at /96/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 360.028548][ T7228] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 360.337905][ T7920] cp210x 2-1:0.0: failed to get vendor val 0x370c size 73: -32 [ 360.347882][ T7920] cp210x 2-1:0.0: GPIO initialisation failed: -32 [ 360.360681][ T7228] usb 3-1: config 201 has an invalid interface number: 249 but max is 0 [ 360.376322][ T7228] usb 3-1: config 201 has no interface number 0 [ 360.385656][ T7920] usb 2-1: cp210x converter now attached to ttyUSB0 [ 360.397159][ T7228] usb 3-1: config 201 interface 249 has no altsetting 0 [ 360.419733][ T7228] usb 3-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df [ 360.582378][ T7228] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.813658][ T7228] usb 3-1: Product: syz [ 360.917809][ T7228] usb 3-1: Manufacturer: syz [ 361.073800][ T7228] usb 3-1: SerialNumber: syz [ 361.120853][ T7978] ip6gre1: entered allmulticast mode [ 361.175134][ T5830] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 361.349995][ T7228] ath6kl: Failed to submit usb control message: -71 [ 361.374277][ T7228] ath6kl: unable to send the bmi data to the device: -71 [ 361.401410][ T7228] ath6kl: Unable to send get target info: -71 [ 361.432486][ T7228] ath6kl: Failed to init ath6kl core: -71 [ 361.458974][ T7228] ath6kl_usb 3-1:201.249: probe with driver ath6kl_usb failed with error -71 [ 361.523799][ T7985] loop0: detected capacity change from 0 to 8 [ 361.536453][ T7985] SQUASHFS error: Failed to read block 0x4de: -5 [ 361.543829][ T7985] SQUASHFS error: Failed to read block 0x4de: -5 [ 361.846512][ T7228] usb 3-1: USB disconnect, device number 11 [ 361.858846][ T31] audit: type=1800 audit(1764976234.187:68): pid=7985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.501" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 362.277274][ T7228] usb 2-1: USB disconnect, device number 10 [ 362.405181][ T7228] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 362.456466][ T7228] cp210x 2-1:0.0: device disconnected [ 364.143616][ T8013] ubi: mtd0 is already attached to ubi31 [ 367.382907][ T8014] loop0: detected capacity change from 0 to 32768 [ 367.396053][ T8014] gfs2: Unknown parameter ' Éaû„’û ¢b&ÏŽV¨Ûà>‘IAwOVHÜåÊ‘¦#' [ 369.256545][ T8020] loop4: detected capacity change from 0 to 2048 [ 369.422947][ T6094] loop4: p1 p3 p4 [ 369.422947][ T6094] p1: [ 369.438810][ T8027] bridge0: port 3(gretap0) entered blocking state [ 369.445549][ T8027] bridge0: port 3(gretap0) entered disabled state [ 369.452492][ T8027] gretap0: entered allmulticast mode [ 369.459342][ T8027] gretap0: entered promiscuous mode [ 369.465061][ T8027] bridge0: port 3(gretap0) entered blocking state [ 369.471768][ T8027] bridge0: port 3(gretap0) entered forwarding state [ 369.511220][ T6094] loop4: p4 size 589824 extends beyond EOD, truncated [ 369.589880][ T8031] syz_tun: entered allmulticast mode [ 369.623574][ T8035] loop3: detected capacity change from 0 to 8 [ 369.643446][ T8035] SQUASHFS error: Failed to read block 0xe000000000001ea: -5 [ 369.827195][ T8035] unable to read xattr id index table [ 370.078909][ T5969] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 370.110767][ T8032] loop0: detected capacity change from 0 to 2048 [ 370.207716][ T8032] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 370.262289][ T8020] loop4: p1 p3 p4 [ 370.262289][ T8020] p1: [ 370.290996][ T8032] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 370.320712][ T5969] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 370.370769][ T5969] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 370.404046][ T5969] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 370.445047][ T8028] netlink: 32 bytes leftover after parsing attributes in process `syz.4.512'. [ 370.470651][ T5969] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 370.506902][ T5969] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.514390][ T8020] loop4: p4 size 589824 extends beyond EOD, truncated [ 370.658194][ T5969] usb 2-1: config 0 descriptor?? [ 371.062962][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 371.095964][ T5969] usbhid 2-1:0.0: can't add hid device: -71 [ 371.120193][ T5969] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 371.309360][ T5969] usb 2-1: USB disconnect, device number 11 [ 371.872200][ T8048] FAULT_INJECTION: forcing a failure. [ 371.872200][ T8048] name failslab, interval 1, probability 0, space 0, times 0 [ 371.885611][ T8048] CPU: 1 UID: 0 PID: 8048 Comm: syz.0.519 Not tainted syzkaller #0 PREEMPT(full) [ 371.885632][ T8048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 371.885645][ T8048] Call Trace: [ 371.885651][ T8048] [ 371.885658][ T8048] dump_stack_lvl+0x189/0x250 [ 371.885682][ T8048] ? __pfx____ratelimit+0x10/0x10 [ 371.885705][ T8048] ? __pfx_dump_stack_lvl+0x10/0x10 [ 371.885723][ T8048] ? __pfx__printk+0x10/0x10 [ 371.885749][ T8048] ? __pfx___might_resched+0x10/0x10 [ 371.885764][ T8048] ? fs_reclaim_acquire+0x7d/0x100 [ 371.885784][ T8048] should_fail_ex+0x414/0x560 [ 371.885806][ T8048] should_failslab+0xa8/0x100 [ 371.885825][ T8048] __kmalloc_node_noprof+0xe7/0x820 [ 371.885841][ T8048] ? crypto_create_tfm_node+0x83/0x3f0 [ 371.885867][ T8048] crypto_create_tfm_node+0x83/0x3f0 [ 371.885893][ T8048] crypto_alloc_tfm_node+0x172/0x3f0 [ 371.885923][ T8048] alg_bind+0x2fa/0x570 [ 371.885950][ T8048] __sys_bind+0x2c6/0x3e0 [ 371.886001][ T8048] ? __pfx___sys_bind+0x10/0x10 [ 371.886030][ T8048] ? __pfx_ksys_write+0x10/0x10 [ 371.886049][ T8048] __x64_sys_bind+0x7a/0x90 [ 371.886074][ T8048] do_syscall_64+0xfa/0xf80 [ 371.886088][ T8048] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.886103][ T8048] ? clear_bhb_loop+0x60/0xb0 [ 371.886120][ T8048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.886137][ T8048] RIP: 0033:0x7f87bf18f749 [ 371.886153][ T8048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 371.886165][ T8048] RSP: 002b:00007f87bffd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 371.886181][ T8048] RAX: ffffffffffffffda RBX: 00007f87bf3e5fa0 RCX: 00007f87bf18f749 [ 371.886192][ T8048] RDX: 0000000000000058 RSI: 0000200000000000 RDI: 0000000000000009 [ 371.886201][ T8048] RBP: 00007f87bffd5090 R08: 0000000000000000 R09: 0000000000000000 [ 371.886210][ T8048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 371.886219][ T8048] R13: 00007f87bf3e6038 R14: 00007f87bf3e5fa0 R15: 00007fffb191a518 [ 371.886242][ T8048] [ 372.292007][ T6174] udevd[6174]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 372.310668][ T7776] udevd[7776]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory [ 372.475116][ T6094] udevd[6094]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 372.491718][ T5846] udevd[5846]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 373.513932][ T8059] netlink: 'syz.2.521': attribute type 10 has an invalid length. [ 373.612737][ T8063] loop4: detected capacity change from 0 to 8 [ 374.014916][ T8059] team0: Device veth1_macvtap failed to register rx_handler [ 374.067460][ T8061] SQUASHFS error: Failed to read block 0x4de: -5 [ 374.074180][ T8061] SQUASHFS error: Failed to read block 0x4de: -5 [ 374.092988][ T31] audit: type=1800 audit(1764976246.717:69): pid=8061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.523" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 374.324548][ T5846] udevd[5846]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 374.335599][ T8065] loop0: detected capacity change from 0 to 512 [ 374.340189][ T7776] udevd[7776]: inotify_add_watch(7, /dev/loop4p5, 10) failed: No such file or directory [ 374.349818][ T6174] udevd[6174]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 374.379075][ T6094] udevd[6094]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 374.407959][ T8065] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 374.423962][ T8065] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 374.496662][ T8071] gtp0: entered promiscuous mode [ 374.501770][ T8071] gtp0: entered allmulticast mode [ 375.737319][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 376.068534][ T7158] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 376.182577][ T8084] loop0: detected capacity change from 0 to 4096 [ 376.245054][ T7158] usb 5-1: Using ep0 maxpacket: 16 [ 376.291570][ T7158] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 52599, setting to 1024 [ 376.318644][ T7158] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1024 [ 376.361036][ T7158] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 376.432684][ T7158] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.435070][ T8087] ubi: mtd0 is already attached to ubi31 [ 376.488565][ T7158] usb 5-1: Product: syz [ 376.594556][ T7158] usb 5-1: Manufacturer: syz [ 376.910653][ T7158] usb 5-1: SerialNumber: syz [ 376.929721][ T7158] usb 5-1: config 0 descriptor?? [ 376.936341][ T8082] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 376.984154][ T7158] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 377.018639][ T7158] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 378.301309][ T7158] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 378.522378][ T8108] syz_tun: entered allmulticast mode [ 378.773683][ T5969] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 379.401873][ T5969] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 379.423065][ T5969] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 379.433510][ T5969] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 379.465973][ T5969] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 379.489567][ T5969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.549401][ T5969] usb 4-1: config 0 descriptor?? [ 379.704039][ T7158] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 379.735901][ T7158] em28xx 5-1:0.0: board has no eeprom [ 379.847946][ T7158] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 379.887591][ T7158] em28xx 5-1:0.0: dvb set to bulk mode. [ 379.902635][ T978] em28xx 5-1:0.0: Binding DVB extension [ 379.950334][ T7158] usb 5-1: USB disconnect, device number 11 [ 379.991344][ T7158] em28xx 5-1:0.0: Disconnecting em28xx [ 379.999581][ T5969] usbhid 4-1:0.0: can't add hid device: -71 [ 380.005895][ T5969] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 380.248756][ T5969] usb 4-1: USB disconnect, device number 6 [ 380.974908][ T978] em28xx 5-1:0.0: Registering input extension [ 380.982974][ T7158] em28xx 5-1:0.0: Closing input extension [ 381.223614][ T8127] netlink: 'syz.2.541': attribute type 2 has an invalid length. [ 381.232241][ T8127] netlink: 'syz.2.541': attribute type 9 has an invalid length. [ 381.240418][ T8127] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.541'. [ 381.552774][ T8130] ubi: mtd0 is already attached to ubi31 [ 383.950405][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.423965][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.168303][ T7158] em28xx 5-1:0.0: Freeing device [ 385.296165][ T8139] loop1: detected capacity change from 0 to 1024 [ 385.316528][ T8139] EXT4-fs: Ignoring removed orlov option [ 385.356211][ T31] audit: type=1326 audit(1764976257.977:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8137 comm="syz.3.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a2b8f749 code=0x7ffc0000 [ 385.404810][ T31] audit: type=1326 audit(1764976257.987:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8137 comm="syz.3.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7f06a2b8f749 code=0x7ffc0000 [ 385.442460][ T31] audit: type=1326 audit(1764976257.987:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8137 comm="syz.3.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a2b8f749 code=0x7ffc0000 [ 385.500056][ T31] audit: type=1326 audit(1764976257.987:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8137 comm="syz.3.545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06a2b8f749 code=0x7ffc0000 [ 385.524343][ T8145] netlink: 'syz.0.546': attribute type 13 has an invalid length. [ 385.539687][ T8139] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 385.628417][ T8145] bridge0: port 3(gretap0) entered disabled state [ 385.673797][ T31] audit: type=1326 audit(1764976258.307:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8135 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 385.710449][ T8149] loop3: detected capacity change from 0 to 128 [ 385.753737][ T8149] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 385.789898][ T31] audit: type=1326 audit(1764976258.307:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8135 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 385.873432][ T8149] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 385.878618][ T31] audit: type=1326 audit(1764976258.307:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8135 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 386.024499][ T8141] loop4: detected capacity change from 0 to 128 [ 386.048580][ T31] audit: type=1326 audit(1764976258.347:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8135 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 386.089990][ T8141] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615ÿÿÿÿ' [ 386.161821][ T62] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 386.173932][ T31] audit: type=1326 audit(1764976258.347:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8135 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 386.201557][ T8141] netlink: 12 bytes leftover after parsing attributes in process `syz.4.547'. [ 386.225754][ T31] audit: type=1326 audit(1764976258.347:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8135 comm="syz.1.544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 386.391223][ T8145] bridge0: port 2(bridge_slave_1) entered disabled state [ 386.399098][ T8145] bridge0: port 1(bridge_slave_0) entered disabled state [ 386.421930][ T8153] netlink: 56 bytes leftover after parsing attributes in process `syz.3.550'. [ 386.595202][ T8156] netlink: 4 bytes leftover after parsing attributes in process `syz.3.551'. [ 386.650849][ T8156] hub 9-0:1.0: USB hub found [ 386.673102][ T8156] hub 9-0:1.0: 1 port detected [ 386.703103][ T8157] netlink: 32 bytes leftover after parsing attributes in process `syz.3.551'. [ 386.742904][ T8145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 386.769053][ T8145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 386.771339][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 387.350850][ T8165] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 387.379706][ T30] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.526997][ T30] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.563118][ T30] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.612158][ T30] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.630551][ T8175] sg_write: data in/out 49276/1 bytes for SCSI command 0x1c-- guessing data in; [ 387.630551][ T8175] program syz.0.558 not setting count and/or reply_len properly [ 389.289132][ T8188] wlan0 speed is unknown, defaulting to 1000 [ 390.114889][ T8196] loop4: detected capacity change from 0 to 1024 [ 390.232488][ T8196] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 390.638965][ T8196] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4215: comm syz.4.565: Allocating blocks 497-513 which overlap fs metadata [ 390.754951][ T8216] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0 [ 390.765521][ T8215] IPVS: stopping master sync thread 8216 ... [ 390.845001][ T8196] EXT4-fs (loop4): pa ffff888069f87740: logic 0, phys. 321, len 12 [ 390.853994][ T8196] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5466: group 0, free 2, pa_free 3 [ 390.924495][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 391.158342][ T8231] loop4: detected capacity change from 0 to 512 [ 391.216947][ T8231] EXT4-fs: Ignoring removed nomblk_io_submit option [ 391.335635][ T8236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.578'. [ 391.380449][ T8231] EXT4-fs error (device loop4): __ext4_iget:5426: inode #11: block 1: comm syz.4.574: invalid block [ 391.395275][ T8231] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.574: couldn't read orphan inode 11 (err -117) [ 391.430333][ T8231] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 391.614420][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 391.827749][ T8247] loop3: detected capacity change from 0 to 1024 [ 391.854352][ T8247] EXT4-fs: Ignoring removed nomblk_io_submit option [ 391.900488][ T8247] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 391.977514][ T8247] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 392.733332][ T8274] netlink: 7 bytes leftover after parsing attributes in process `syz.2.593'. [ 392.757843][ T8274] netlink: 7 bytes leftover after parsing attributes in process `syz.2.593'. [ 392.793629][ T8262] loop0: detected capacity change from 0 to 128 [ 392.881155][ T8262] syz.0.587: attempt to access beyond end of device [ 392.881155][ T8262] loop0: rw=2049, sector=154, nr_sectors = 6 limit=128 [ 392.886271][ T8262] syz.0.587: attempt to access beyond end of device [ 392.886271][ T8262] loop0: rw=8390657, sector=158, nr_sectors = 2 limit=128 [ 392.886529][ T8262] Buffer I/O error on dev loop0, logical block 79, lost async page write [ 392.886587][ T8262] syz.0.587: attempt to access beyond end of device [ 392.886587][ T8262] loop0: rw=8390657, sector=160, nr_sectors = 2 limit=128 [ 392.886613][ T8262] Buffer I/O error on dev loop0, logical block 80, lost async page write [ 392.887493][ T8262] syz.0.587: attempt to access beyond end of device [ 392.887493][ T8262] loop0: rw=2049, sector=162, nr_sectors = 6 limit=128 [ 392.911083][ T8262] syz.0.587: attempt to access beyond end of device [ 392.911083][ T8262] loop0: rw=8390657, sector=166, nr_sectors = 2 limit=128 [ 392.911124][ T8262] Buffer I/O error on dev loop0, logical block 83, lost async page write [ 392.911150][ T8262] syz.0.587: attempt to access beyond end of device [ 392.911150][ T8262] loop0: rw=8390657, sector=168, nr_sectors = 2 limit=128 [ 392.911176][ T8262] Buffer I/O error on dev loop0, logical block 84, lost async page write [ 392.911836][ T8262] syz.0.587: attempt to access beyond end of device [ 392.911836][ T8262] loop0: rw=2049, sector=186, nr_sectors = 6 limit=128 [ 392.914154][ T8262] syz.0.587: attempt to access beyond end of device [ 392.914154][ T8262] loop0: rw=8390657, sector=190, nr_sectors = 2 limit=128 [ 392.914189][ T8262] Buffer I/O error on dev loop0, logical block 95, lost async page write [ 392.914215][ T8262] syz.0.587: attempt to access beyond end of device [ 392.914215][ T8262] loop0: rw=8390657, sector=192, nr_sectors = 2 limit=128 [ 392.914241][ T8262] Buffer I/O error on dev loop0, logical block 96, lost async page write [ 392.914780][ T8262] syz.0.587: attempt to access beyond end of device [ 392.914780][ T8262] loop0: rw=2049, sector=194, nr_sectors = 6 limit=128 [ 392.918983][ T8262] Buffer I/O error on dev loop0, logical block 99, lost async page write [ 392.919018][ T8262] Buffer I/O error on dev loop0, logical block 100, lost async page write [ 392.921942][ T8262] Buffer I/O error on dev loop0, logical block 111, lost async page write [ 392.921978][ T8262] Buffer I/O error on dev loop0, logical block 112, lost async page write [ 393.165164][ T8283] loop3: detected capacity change from 0 to 1024 [ 393.166177][ T8283] EXT4-fs: Ignoring removed orlov option [ 393.214823][ T8283] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 393.272692][ T8287] bridge0: port 4(batadv1) entered blocking state [ 393.495515][ T8287] bridge0: port 4(batadv1) entered disabled state [ 393.502643][ T8287] batadv1: entered allmulticast mode [ 393.512149][ T8287] batadv1: entered promiscuous mode [ 393.589077][ T31] kauditd_printk_skb: 51 callbacks suppressed [ 393.589097][ T31] audit: type=1800 audit(1764976266.227:131): pid=8282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.596" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 393.721971][ T31] audit: type=1804 audit(1764976266.247:132): pid=8282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.596" name="/newroot/121/bus/bus" dev="loop3" ino=18 res=1 errno=0 [ 393.778765][ T6072] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 393.788331][ T6072] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 394.080301][ T5830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 394.788852][ T8329] loop3: detected capacity change from 0 to 512 [ 394.821221][ T8329] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 394.864232][ T8329] EXT4-fs (loop3): orphan cleanup on readonly fs [ 394.938129][ T8331] loop1: detected capacity change from 0 to 512 [ 395.151599][ T8331] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 395.165974][ T8331] ext4 filesystem being mounted at /115/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 395.815746][ T8329] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated! [ 395.849151][ T8329] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 395.865518][ T31] audit: type=1326 audit(1764976268.497:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8335 comm="syz.4.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 395.936832][ T8329] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.615: Failed to acquire dquot type 1 [ 396.053613][ T8329] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.615: bg 0: block 40: padding at end of block bitmap is not set [ 396.090169][ T31] audit: type=1326 audit(1764976268.497:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8335 comm="syz.4.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 396.194980][ T8329] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 396.245335][ T31] audit: type=1326 audit(1764976268.497:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8335 comm="syz.4.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 396.290381][ T8329] EXT4-fs (loop3): 1 truncate cleaned up [ 396.451725][ T31] audit: type=1326 audit(1764976268.537:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8335 comm="syz.4.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 396.630147][ T31] audit: type=1326 audit(1764976268.537:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8335 comm="syz.4.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 396.689096][ T8348] netlink: 'syz.4.622': attribute type 1 has an invalid length. [ 396.771757][ T31] audit: type=1326 audit(1764976268.537:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8335 comm="syz.4.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca1738f749 code=0x7ffc0000 [ 396.775173][ T8329] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 396.816899][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 396.886612][ T8353] loop0: detected capacity change from 0 to 512 [ 396.981415][ T8350] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 397.001496][ T8353] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 397.054136][ T8350] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.069990][ T5830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 397.099228][ T8353] EXT4-fs (loop0): mount failed [ 397.418256][ T8350] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 397.447695][ T8366] loop0: detected capacity change from 0 to 512 [ 397.463303][ T8350] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.496260][ T8366] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.629: inode has both inline data and extents flags [ 397.558659][ T8366] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.629: couldn't read orphan inode 15 (err -117) [ 397.606900][ T8366] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 397.653097][ T8350] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 397.664102][ T8350] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.682125][ T8366] EXT4-fs warning (device loop0): ext4_block_to_path:107: block 1057052516 > max in inode 18 [ 397.743697][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 397.792006][ T8350] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 397.806702][ T8350] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.885612][ T8376] netlink: 'syz.0.631': attribute type 13 has an invalid length. [ 397.900256][ T8376] xt_hashlimit: size too large, truncated to 1048576 [ 398.083375][ T1140] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 398.111726][ T1140] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.242079][ T180] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 398.250682][ T180] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.305611][ T180] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 398.322527][ T8384] loop3: detected capacity change from 0 to 512 [ 398.355041][ T180] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.381251][ T8384] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 398.442139][ T4242] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 398.473633][ T4242] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.608242][ T31] kauditd_printk_skb: 277 callbacks suppressed [ 398.608263][ T31] audit: type=1326 audit(1764976271.227:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8389 comm="syz.1.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 398.777292][ T31] audit: type=1326 audit(1764976271.227:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8389 comm="syz.1.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 398.888333][ T8403] netlink: 32 bytes leftover after parsing attributes in process `syz.2.639'. [ 398.897685][ T31] audit: type=1326 audit(1764976271.227:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8389 comm="syz.1.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 399.000854][ T31] audit: type=1326 audit(1764976271.227:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8389 comm="syz.1.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 399.118499][ T31] audit: type=1326 audit(1764976271.237:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8389 comm="syz.1.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 399.154265][ T31] audit: type=1326 audit(1764976271.237:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8389 comm="syz.1.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 399.179270][ T31] audit: type=1326 audit(1764976271.237:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8389 comm="syz.1.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 399.203073][ T31] audit: type=1326 audit(1764976271.277:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8389 comm="syz.1.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 399.226710][ T31] audit: type=1326 audit(1764976271.277:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8389 comm="syz.1.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 399.274082][ T31] audit: type=1326 audit(1764976271.277:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8389 comm="syz.1.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=244 compat=0 ip=0x7fe1b838f749 code=0x7ffc0000 [ 399.462751][ T8408] netlink: 68 bytes leftover after parsing attributes in process `syz.3.643'. [ 399.481223][ T8401] syz.4.641 (8401) used greatest stack depth: 15136 bytes left [ 399.511989][ T8411] loop1: detected capacity change from 0 to 512 [ 399.615659][ T8411] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 399.693707][ T8411] ext4 filesystem being mounted at /file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 399.775626][ T8411] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 400.067883][ T8428] program syz.2.648 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 400.119677][ T5197] udevd[5197]: worker [6094] terminated by signal 33 (Unknown signal 33) [ 400.159296][ T5197] udevd[5197]: worker [6094] failed while handling '/devices/virtual/block/loop1' [ 400.512516][ T8447] atomic_op ffff888025021998 conn xmit_atomic 0000000000000000 [ 400.601719][ T5197] udevd[5197]: worker [6174] terminated by signal 33 (Unknown signal 33) [ 400.639872][ T5197] udevd[5197]: worker [6174] failed while handling '/devices/virtual/block/loop3' [ 400.668861][ T8455] loop4: detected capacity change from 0 to 512 [ 400.763245][ T8455] [ 400.765665][ T8455] ====================================================== [ 400.772706][ T8455] WARNING: possible circular locking dependency detected [ 400.779854][ T8455] syzkaller #0 Not tainted [ 400.784271][ T8455] ------------------------------------------------------ [ 400.791289][ T8455] syz.4.660/8455 is trying to acquire lock: [ 400.797182][ T8455] ffff8880779ceb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1ca/0x350 [ 400.807287][ T8455] [ 400.807287][ T8455] but task is already holding lock: [ 400.814692][ T8455] ffff88802faa8610 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x26f/0xe60 [ 400.823892][ T8455] [ 400.823892][ T8455] which lock already depends on the new lock. [ 400.823892][ T8455] [ 400.834574][ T8455] [ 400.834574][ T8455] the existing dependency chain (in reverse order) is: [ 400.844753][ T8455] [ 400.844753][ T8455] -> #1 (sb_internal){.+.+}-{0:0}: [ 400.852092][ T8455] percpu_down_read_internal+0x48/0x1c0 [ 400.858192][ T8455] ext4_evict_inode+0x26f/0xe60 [ 400.863578][ T8455] evict+0x5f4/0xae0 [ 400.868003][ T8455] ext4_ext_migrate+0xd23/0x1010 [ 400.873495][ T8455] ext4_ioctl+0x204a/0x4760 [ 400.878536][ T8455] __se_sys_ioctl+0xfc/0x170 [ 400.883681][ T8455] do_syscall_64+0xfa/0xf80 [ 400.888915][ T8455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.895436][ T8455] [ 400.895436][ T8455] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 400.903877][ T8455] __lock_acquire+0x15a6/0x2cf0 [ 400.909264][ T8455] lock_acquire+0x117/0x340 [ 400.914403][ T8455] percpu_down_read_internal+0x48/0x1c0 [ 400.920484][ T8455] ext4_writepages+0x1ca/0x350 [ 400.925781][ T8455] do_writepages+0x32e/0x550 [ 400.930904][ T8455] __writeback_single_inode+0x133/0x1240 [ 400.937070][ T8455] writeback_single_inode+0x493/0xc70 [ 400.947405][ T8455] write_inode_now+0x160/0x1d0 [ 400.952728][ T8455] iput+0xa77/0x1030 [ 400.957156][ T8455] ext4_xattr_block_set+0x1fce/0x2ac0 [ 400.963071][ T8455] ext4_expand_extra_isize_ea+0x12da/0x1ea0 [ 400.969496][ T8455] __ext4_expand_extra_isize+0x30d/0x400 [ 400.975833][ T8455] __ext4_mark_inode_dirty+0x45c/0x6e0 [ 400.981854][ T8455] ext4_evict_inode+0x79c/0xe60 [ 400.987234][ T8455] evict+0x5f4/0xae0 [ 400.991675][ T8455] ext4_orphan_cleanup+0xc20/0x1460 [ 400.997417][ T8455] ext4_fill_super+0x58a1/0x6160 [ 401.002977][ T8455] get_tree_bdev_flags+0x40e/0x4d0 [ 401.008674][ T8455] vfs_get_tree+0x92/0x2a0 [ 401.013635][ T8455] do_new_mount+0x302/0xa10 [ 401.018762][ T8455] __se_sys_mount+0x313/0x410 [ 401.023976][ T8455] do_syscall_64+0xfa/0xf80 [ 401.029281][ T8455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.035724][ T8455] [ 401.035724][ T8455] other info that might help us debug this: [ 401.035724][ T8455] [ 401.045979][ T8455] Possible unsafe locking scenario: [ 401.045979][ T8455] [ 401.053444][ T8455] CPU0 CPU1 [ 401.059124][ T8455] ---- ---- [ 401.064505][ T8455] rlock(sb_internal); [ 401.068689][ T8455] lock(&sbi->s_writepages_rwsem); [ 401.076879][ T8455] lock(sb_internal); [ 401.083584][ T8455] rlock(&sbi->s_writepages_rwsem); [ 401.088890][ T8455] [ 401.088890][ T8455] *** DEADLOCK *** [ 401.088890][ T8455] [ 401.097034][ T8455] 3 locks held by syz.4.660/8455: [ 401.102144][ T8455] #0: ffff88802faa80e0 (&type->s_umount_key#29/1){+.+.}-{4:4}, at: alloc_super+0x28c/0xaa0 [ 401.112287][ T8455] #1: ffff88802faa8610 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x26f/0xe60 [ 401.121801][ T8455] #2: ffff88805864b0e8 (&ei->xattr_sem){++++}-{4:4}, at: __ext4_mark_inode_dirty+0x3db/0x6e0 [ 401.132190][ T8455] [ 401.132190][ T8455] stack backtrace: [ 401.138260][ T8455] CPU: 0 UID: 0 PID: 8455 Comm: syz.4.660 Not tainted syzkaller #0 PREEMPT(full) [ 401.138281][ T8455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 401.138292][ T8455] Call Trace: [ 401.138301][ T8455] [ 401.138311][ T8455] dump_stack_lvl+0x189/0x250 [ 401.138336][ T8455] ? __pfx_dump_stack_lvl+0x10/0x10 [ 401.138357][ T8455] ? __pfx__printk+0x10/0x10 [ 401.138385][ T8455] ? print_lock_name+0xde/0x100 [ 401.138412][ T8455] print_circular_bug+0x2e2/0x300 [ 401.138435][ T8455] check_noncircular+0x12e/0x150 [ 401.138459][ T8455] __lock_acquire+0x15a6/0x2cf0 [ 401.138478][ T8455] ? __lock_acquire+0x6b6/0x2cf0 [ 401.138502][ T8455] ? ext4_writepages+0x1ca/0x350 [ 401.138518][ T8455] lock_acquire+0x117/0x340 [ 401.138534][ T8455] ? ext4_writepages+0x1ca/0x350 [ 401.138556][ T8455] percpu_down_read_internal+0x48/0x1c0 [ 401.138572][ T8455] ? ext4_writepages+0x1ca/0x350 [ 401.138588][ T8455] ext4_writepages+0x1ca/0x350 [ 401.138604][ T8455] ? is_bpf_text_address+0x26/0x2b0 [ 401.138621][ T8455] ? __pfx_ext4_writepages+0x10/0x10 [ 401.138645][ T8455] ? do_raw_spin_unlock+0x122/0x240 [ 401.138674][ T8455] ? __pfx_ext4_writepages+0x10/0x10 [ 401.138690][ T8455] do_writepages+0x32e/0x550 [ 401.138720][ T8455] __writeback_single_inode+0x133/0x1240 [ 401.138740][ T8455] ? do_raw_spin_unlock+0x122/0x240 [ 401.138765][ T8455] writeback_single_inode+0x493/0xc70 [ 401.138784][ T8455] write_inode_now+0x160/0x1d0 [ 401.138799][ T8455] ? __pfx_write_inode_now+0x10/0x10 [ 401.138833][ T8455] ? do_raw_spin_unlock+0x122/0x240 [ 401.138858][ T8455] iput+0xa77/0x1030 [ 401.138883][ T8455] ext4_xattr_block_set+0x1fce/0x2ac0 [ 401.138926][ T8455] ? __pfx_ext4_xattr_block_set+0x10/0x10 [ 401.138953][ T8455] ? ext4_xattr_block_find+0x2d4/0x350 [ 401.138980][ T8455] ext4_expand_extra_isize_ea+0x12da/0x1ea0 [ 401.139013][ T8455] __ext4_expand_extra_isize+0x30d/0x400 [ 401.139032][ T8455] __ext4_mark_inode_dirty+0x45c/0x6e0 [ 401.139057][ T8455] ext4_evict_inode+0x79c/0xe60 [ 401.139082][ T8455] ? __pfx_ext4_evict_inode+0x10/0x10 [ 401.139103][ T8455] ? do_raw_spin_unlock+0x122/0x240 [ 401.139125][ T8455] ? __pfx_ext4_evict_inode+0x10/0x10 [ 401.139145][ T8455] evict+0x5f4/0xae0 [ 401.139163][ T8455] ? __pfx_evict+0x10/0x10 [ 401.139179][ T8455] ? _raw_spin_unlock+0x28/0x50 [ 401.139202][ T8455] ? iput+0xcc6/0x1030 [ 401.139226][ T8455] ext4_orphan_cleanup+0xc20/0x1460 [ 401.139253][ T8455] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 401.139274][ T8455] ? ext4_register_li_request+0x259/0x720 [ 401.139295][ T8455] ? errseq_check_and_advance+0x66/0x120 [ 401.139315][ T8455] ext4_fill_super+0x58a1/0x6160 [ 401.139342][ T8455] ? __pfx_ext4_fill_super+0x10/0x10 [ 401.139359][ T8455] ? snprintf+0xda/0x120 [ 401.139380][ T8455] ? __pfx_snprintf+0x10/0x10 [ 401.139398][ T8455] ? set_blocksize+0x21e/0x500 [ 401.139418][ T8455] ? sb_set_blocksize+0x155/0x240 [ 401.139435][ T8455] ? setup_bdev_super+0x4c1/0x5b0 [ 401.139452][ T8455] get_tree_bdev_flags+0x40e/0x4d0 [ 401.139469][ T8455] ? __pfx_ext4_fill_super+0x10/0x10 [ 401.139485][ T8455] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 401.139506][ T8455] vfs_get_tree+0x92/0x2a0 [ 401.139523][ T8455] do_new_mount+0x302/0xa10 [ 401.139542][ T8455] ? apparmor_capable+0x137/0x1a0 [ 401.139565][ T8455] ? __pfx_do_new_mount+0x10/0x10 [ 401.139585][ T8455] ? ns_capable+0x8a/0xf0 [ 401.139602][ T8455] ? kmem_cache_free+0x197/0x620 [ 401.139624][ T8455] __se_sys_mount+0x313/0x410 [ 401.139653][ T8455] ? __pfx___se_sys_mount+0x10/0x10 [ 401.139675][ T8455] ? do_syscall_64+0xbe/0xf80 [ 401.139689][ T8455] ? __x64_sys_mount+0x20/0xc0 [ 401.139710][ T8455] do_syscall_64+0xfa/0xf80 [ 401.139726][ T8455] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.139742][ T8455] ? clear_bhb_loop+0x60/0xb0 [ 401.139760][ T8455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.139777][ T8455] RIP: 0033:0x7fca17390eea [ 401.139793][ T8455] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 401.139809][ T8455] RSP: 002b:00007fca1828de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 401.139828][ T8455] RAX: ffffffffffffffda RBX: 00007fca1828def0 RCX: 00007fca17390eea [ 401.139841][ T8455] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fca1828deb0 [ 401.139853][ T8455] RBP: 0000200000000180 R08: 00007fca1828def0 R09: 0000000000800700 [ 401.139865][ T8455] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 401.139877][ T8455] R13: 00007fca1828deb0 R14: 000000000000046f R15: 000000000000002c [ 401.139897][ T8455] [ 401.608101][ T8454] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.648855][ T8455] ------------[ cut here ]------------ [ 401.654407][ T8455] EA inode 11 i_nlink=2 [ 401.654438][ T8455] WARNING: fs/ext4/xattr.c:1058 at 0x0, CPU#0: syz.4.660/8455 [ 401.666750][ T8455] Modules linked in: [ 401.672174][ T8455] CPU: 0 UID: 0 PID: 8455 Comm: syz.4.660 Not tainted syzkaller #0 PREEMPT(full) [ 401.681716][ T8455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 401.692200][ T8455] RIP: 0010:ext4_xattr_inode_update_ref+0x4dc/0x570 [ 401.698983][ T8455] Code: 74 08 4c 89 ef e8 14 83 9a ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 bd fe ff ff e8 c0 c7 cd 08 44 89 [ 401.718685][ T8455] RSP: 0018:ffffc9001b9cf100 EFLAGS: 00010246 [ 401.724832][ T8455] RAX: 0000000000000000 RBX: 1ffff1100b0c9a31 RCX: dffffc0000000000 [ 401.733081][ T8455] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff8f8880f0 [ 401.741193][ T8455] RBP: ffffc9001b9cf1f8 R08: ffff88805864d18f R09: 1ffff1100b0c9a31 [ 401.749345][ T8455] R10: dffffc0000000000 R11: ffffed100b0c9a32 R12: ffffffff8f8880f0 [ 401.757968][ T8455] R13: 000000000000000b R14: 1ffff1100b0c99fc R15: ffff88805864cfe0 [ 401.766125][ T8455] FS: 00007fca1828e6c0(0000) GS:ffff888125e37000(0000) knlGS:0000000000000000 [ 401.775185][ T8455] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 401.782086][ T8455] CR2: 00007fe1b85b7198 CR3: 0000000078dd4000 CR4: 00000000003526f0 [ 401.790133][ T8455] Call Trace: [ 401.793522][ T8455] [ 401.796459][ T8455] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 401.802430][ T8455] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 401.809033][ T8455] ? ext4_xattr_inode_iget+0x3d2/0x5f0 [ 401.814538][ T8455] ext4_xattr_set_entry+0xabb/0x1e20 [ 401.819951][ T8455] ext4_xattr_ibody_set+0x254/0x6a0 [ 401.825193][ T8455] ext4_expand_extra_isize_ea+0x13ad/0x1ea0 [ 401.831197][ T8455] __ext4_expand_extra_isize+0x30d/0x400 [ 401.836867][ T8455] __ext4_mark_inode_dirty+0x45c/0x6e0 [ 401.842426][ T8455] ext4_evict_inode+0x79c/0xe60 [ 401.847466][ T8455] ? __pfx_ext4_evict_inode+0x10/0x10 [ 401.853005][ T8455] ? do_raw_spin_unlock+0x122/0x240 [ 401.858249][ T8455] ? __pfx_ext4_evict_inode+0x10/0x10 [ 401.863714][ T8455] evict+0x5f4/0xae0 [ 401.867921][ T8455] ? __pfx_evict+0x10/0x10 [ 401.872418][ T8455] ? _raw_spin_unlock+0x28/0x50 [ 401.877367][ T8455] ? iput+0xcc6/0x1030 [ 401.881634][ T8455] ext4_orphan_cleanup+0xc20/0x1460 [ 401.886968][ T8455] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 401.892720][ T8455] ? ext4_register_li_request+0x259/0x720 [ 401.898525][ T8455] ? errseq_check_and_advance+0x66/0x120 [ 401.904337][ T8455] ext4_fill_super+0x58a1/0x6160 [ 401.909394][ T8455] ? __pfx_ext4_fill_super+0x10/0x10 [ 401.914718][ T8455] ? snprintf+0xda/0x120 [ 401.919241][ T8455] ? __pfx_snprintf+0x10/0x10 [ 401.923957][ T8455] ? set_blocksize+0x21e/0x500 [ 401.928901][ T8455] ? sb_set_blocksize+0x155/0x240 [ 401.933999][ T8455] ? setup_bdev_super+0x4c1/0x5b0 [ 401.939225][ T8455] get_tree_bdev_flags+0x40e/0x4d0 [ 401.944384][ T8455] ? __pfx_ext4_fill_super+0x10/0x10 [ 401.949751][ T8455] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 401.955532][ T8455] vfs_get_tree+0x92/0x2a0 [ 401.960143][ T8455] do_new_mount+0x302/0xa10 [ 401.964789][ T8455] ? apparmor_capable+0x137/0x1a0 [ 401.970218][ T8455] ? __pfx_do_new_mount+0x10/0x10 [ 401.975553][ T8455] ? ns_capable+0x8a/0xf0 [ 401.980263][ T8455] ? kmem_cache_free+0x197/0x620 [ 401.985327][ T8455] __se_sys_mount+0x313/0x410 [ 401.990087][ T8455] ? __pfx___se_sys_mount+0x10/0x10 [ 401.995498][ T8455] ? do_syscall_64+0xbe/0xf80 [ 402.000312][ T8455] ? __x64_sys_mount+0x20/0xc0 [ 402.005113][ T8455] do_syscall_64+0xfa/0xf80 [ 402.009767][ T8455] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.015877][ T8455] ? clear_bhb_loop+0x60/0xb0 [ 402.020936][ T8455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.026958][ T8455] RIP: 0033:0x7fca17390eea [ 402.031484][ T8455] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 402.052786][ T8455] RSP: 002b:00007fca1828de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 402.063126][ T8455] RAX: ffffffffffffffda RBX: 00007fca1828def0 RCX: 00007fca17390eea [ 402.071630][ T8455] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fca1828deb0 [ 402.080044][ T8455] RBP: 0000200000000180 R08: 00007fca1828def0 R09: 0000000000800700 [ 402.088257][ T8455] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 402.096434][ T8455] R13: 00007fca1828deb0 R14: 000000000000046f R15: 000000000000002c [ 402.104598][ T8455] [ 402.107674][ T8455] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 402.114998][ T8455] CPU: 0 UID: 0 PID: 8455 Comm: syz.4.660 Not tainted syzkaller #0 PREEMPT(full) [ 402.124221][ T8455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 402.134640][ T8455] Call Trace: [ 402.138020][ T8455] [ 402.141007][ T8455] dump_stack_lvl+0x99/0x250 [ 402.145673][ T8455] ? __asan_memcpy+0x40/0x70 [ 402.150361][ T8455] ? __pfx_dump_stack_lvl+0x10/0x10 [ 402.155598][ T8455] ? __pfx__printk+0x10/0x10 [ 402.160250][ T8455] vpanic+0x237/0x6d0 [ 402.164255][ T8455] ? __pfx_vpanic+0x10/0x10 [ 402.168867][ T8455] ? is_bpf_text_address+0x292/0x2b0 [ 402.174163][ T8455] ? is_bpf_text_address+0x26/0x2b0 [ 402.179809][ T8455] panic+0xb9/0xc0 [ 402.183556][ T8455] ? __pfx_panic+0x10/0x10 [ 402.188002][ T8455] __warn+0x317/0x4b0 [ 402.192009][ T8455] __report_bug+0x288/0x500 [ 402.196542][ T8455] ? __pfx___report_bug+0x10/0x10 [ 402.201669][ T8455] ? __ext4_get_inode_loc+0x69a/0x1040 [ 402.207529][ T8455] ? ext4_fc_track_inode+0x133/0xb20 [ 402.213290][ T8455] ? ext4_xattr_inode_update_ref+0xae/0x570 [ 402.219467][ T8455] ? set_normalized_timespec64+0xf0/0x1a0 [ 402.225202][ T8455] ? __ext4_journal_get_write_access+0x84/0x570 [ 402.231468][ T8455] report_bug_entry+0x16a/0x220 [ 402.236352][ T8455] ? ext4_xattr_inode_update_ref+0x4dc/0x570 [ 402.242369][ T8455] ? ext4_xattr_inode_update_ref+0x4e1/0x570 [ 402.249354][ T8455] handle_bug+0xca/0x200 [ 402.253819][ T8455] exc_invalid_op+0x1a/0x50 [ 402.258621][ T8455] asm_exc_invalid_op+0x1a/0x20 [ 402.263695][ T8455] RIP: 0010:ext4_xattr_inode_update_ref+0x4dc/0x570 [ 402.270301][ T8455] Code: 74 08 4c 89 ef e8 14 83 9a ff 4d 8b 6d 00 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 75 77 41 8b 17 4c 89 e7 4c 89 ee <67> 48 0f b9 3a 4c 8b 6c 24 28 e9 bd fe ff ff e8 c0 c7 cd 08 44 89 [ 402.290275][ T8455] RSP: 0018:ffffc9001b9cf100 EFLAGS: 00010246 [ 402.296953][ T8455] RAX: 0000000000000000 RBX: 1ffff1100b0c9a31 RCX: dffffc0000000000 [ 402.304943][ T8455] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff8f8880f0 [ 402.312925][ T8455] RBP: ffffc9001b9cf1f8 R08: ffff88805864d18f R09: 1ffff1100b0c9a31 [ 402.320928][ T8455] R10: dffffc0000000000 R11: ffffed100b0c9a32 R12: ffffffff8f8880f0 [ 402.328995][ T8455] R13: 000000000000000b R14: 1ffff1100b0c99fc R15: ffff88805864cfe0 [ 402.336993][ T8455] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 402.342825][ T8455] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 402.349268][ T8455] ? ext4_xattr_inode_iget+0x3d2/0x5f0 [ 402.354998][ T8455] ext4_xattr_set_entry+0xabb/0x1e20 [ 402.360320][ T8455] ext4_xattr_ibody_set+0x254/0x6a0 [ 402.365637][ T8455] ext4_expand_extra_isize_ea+0x13ad/0x1ea0 [ 402.371574][ T8455] __ext4_expand_extra_isize+0x30d/0x400 [ 402.377405][ T8455] __ext4_mark_inode_dirty+0x45c/0x6e0 [ 402.382922][ T8455] ext4_evict_inode+0x79c/0xe60 [ 402.387801][ T8455] ? __pfx_ext4_evict_inode+0x10/0x10 [ 402.393434][ T8455] ? do_raw_spin_unlock+0x122/0x240 [ 402.398651][ T8455] ? __pfx_ext4_evict_inode+0x10/0x10 [ 402.404128][ T8455] evict+0x5f4/0xae0 [ 402.408152][ T8455] ? __pfx_evict+0x10/0x10 [ 402.412675][ T8455] ? _raw_spin_unlock+0x28/0x50 [ 402.417638][ T8455] ? iput+0xcc6/0x1030 [ 402.421843][ T8455] ext4_orphan_cleanup+0xc20/0x1460 [ 402.427193][ T8455] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 402.432852][ T8455] ? ext4_register_li_request+0x259/0x720 [ 402.438602][ T8455] ? errseq_check_and_advance+0x66/0x120 [ 402.444248][ T8455] ext4_fill_super+0x58a1/0x6160 [ 402.449210][ T8455] ? __pfx_ext4_fill_super+0x10/0x10 [ 402.454505][ T8455] ? snprintf+0xda/0x120 [ 402.458767][ T8455] ? __pfx_snprintf+0x10/0x10 [ 402.463460][ T8455] ? set_blocksize+0x21e/0x500 [ 402.468245][ T8455] ? sb_set_blocksize+0x155/0x240 [ 402.473484][ T8455] ? setup_bdev_super+0x4c1/0x5b0 [ 402.478538][ T8455] get_tree_bdev_flags+0x40e/0x4d0 [ 402.483672][ T8455] ? __pfx_ext4_fill_super+0x10/0x10 [ 402.489049][ T8455] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 402.494705][ T8455] vfs_get_tree+0x92/0x2a0 [ 402.499141][ T8455] do_new_mount+0x302/0xa10 [ 402.503663][ T8455] ? apparmor_capable+0x137/0x1a0 [ 402.508706][ T8455] ? __pfx_do_new_mount+0x10/0x10 [ 402.513775][ T8455] ? ns_capable+0x8a/0xf0 [ 402.518243][ T8455] ? kmem_cache_free+0x197/0x620 [ 402.523640][ T8455] __se_sys_mount+0x313/0x410 [ 402.528344][ T8455] ? __pfx___se_sys_mount+0x10/0x10 [ 402.533654][ T8455] ? do_syscall_64+0xbe/0xf80 [ 402.538541][ T8455] ? __x64_sys_mount+0x20/0xc0 [ 402.543409][ T8455] do_syscall_64+0xfa/0xf80 [ 402.548096][ T8455] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.554179][ T8455] ? clear_bhb_loop+0x60/0xb0 [ 402.558895][ T8455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.564807][ T8455] RIP: 0033:0x7fca17390eea [ 402.569234][ T8455] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 402.589024][ T8455] RSP: 002b:00007fca1828de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 402.597449][ T8455] RAX: ffffffffffffffda RBX: 00007fca1828def0 RCX: 00007fca17390eea [ 402.605623][ T8455] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fca1828deb0 [ 402.614021][ T8455] RBP: 0000200000000180 R08: 00007fca1828def0 R09: 0000000000800700 [ 402.622105][ T8455] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 402.630821][ T8455] R13: 00007fca1828deb0 R14: 000000000000046f R15: 000000000000002c [ 402.638908][ T8455] [ 402.642315][ T8455] Kernel Offset: disabled [ 402.646756][ T8455] Rebooting in 86400 seconds..