last executing test programs: 6m19.203287027s ago: executing program 1 (id=173): unshare(0x6040480) r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, 0x0, 0x0) 6m19.027646539s ago: executing program 1 (id=174): setrlimit(0xc, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x400], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55f8, 0x4, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x4, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x7]}, 0x45c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_RENAME(r1, &(0x7f0000000940)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000000600009600000a"], 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x20005004) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0x8}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x6, 0x7, 0x7f, 0x5, 0x1, 0x6, 0x5f, 0x9, 0x15, 0xffff2d33, 0xff7fff01, 0x7, 0x5, 0x7, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x0, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x6, 0x6, 0x0, 0x6, 0x4, 0x8, 0x3ff, 0x7, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x8, 0x9, 0x8000012f, 0x8008, 0x5, 0xfffffff3, 0x129c32f6, 0xc8, 0x5, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0xfffffffe, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x40, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x204, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93790, 0x42, 0x3], [0x7, 0x408, 0x3ff, 0x5, 0xfffffffb, 0x100, 0x8, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x9, 0x0, 0x1f0, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x81, 0x4, 0x6d01, 0x6, 0x38, 0x200, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0xa9, 0x5, 0x6, 0xac4, 0xbf, 0xfffffffe, 0x3, 0x7ff, 0x92b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x7ff, 0x2009, 0x80a2ed, 0x2c4ad71a, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x0, 0x938, 0x6, 0x3, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x57, 0x4000005, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x150, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff002, 0x10000, 0x3, 0x7e, 0x3, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf41, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x7ff, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = socket(0x10, 0x2, 0x0) write(r2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x200000c, 0x30, r3, 0x4ee7000) rt_tgsigqueueinfo(0x0, 0x0, 0x7, &(0x7f00000002c0)={0x32, 0x0, 0x6}) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFADDR(r4, 0x891c, &(0x7f0000000080)={'wlan1\x00', {0x2, 0x4000, @empty=0xfe000000}}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="170928bd700000000000010000000500070000000000080009000100000008000a0000000000060002000100000008001700", @ANYRES32, @ANYBLOB="9a8ca7e28a60c4e34f0ccb76d11003a699b9122f6d952179919689056888090d37a8c1691de0d88bc9dbc61a4e2a3ef4439735c100001c00"/67], 0x3c}, 0x1, 0x620b}, 0x0) socket$kcm(0x2, 0x2, 0x73) 6m16.794925194s ago: executing program 1 (id=184): unshare(0x6040480) r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, 0x0, 0x0) 6m16.553217303s ago: executing program 1 (id=187): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001d40)=""/4078, 0xfee}, {&(0x7f0000000340)=""/141, 0x8d}, {&(0x7f0000002d40)=""/4116, 0x1005}, {&(0x7f0000000400)=""/6, 0x6}, {&(0x7f0000000440)=""/231, 0xe7}], 0x5}}], 0x3ffffbd, 0x0, 0x0) 6m5.311453608s ago: executing program 1 (id=220): openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000440)={0xfc, 0x1e, 0x1, 0x0, 0x0, "", [@nested={0xea, 0xe7, 0x0, 0x1, [@typed={0x9, 0x1, 0x0, 0x0, @binary="72dcce07c1"}, @generic, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe8101000000010000008b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29"]}]}, 0xfc}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="7a0af8ff75257075bf"], 0x0}, 0x94) syz_usb_connect(0x3, 0x2d, &(0x7f0000000100)={{0x12, 0x1, 0x141, 0xb9, 0xd0, 0xa1, 0x20, 0x403, 0xfa78, 0x4938, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x14, 0x2, 0x1, 0x38, 0x81, 0x3e, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}]}}]}}]}}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="03c900a4beef71a98b140258ad94ce715b732575666ef0b17a610d15c8b13f754df518ca9bf5c6dbb4fa31df49df9e17e9841a20f684570a86086f2376cda62b76ae61a60bd51e4ce2a633712254751ba4f0b2f935d0708751131c965f76fb193fe27f380eb07fc0d7cc5383ade42be3d67d7586663b5cf8cb3f5eb9777cff5491f6c0129ab154c3b0a767fb5a254218be268a067780e0b2e751a3b14357e8b61ee592d8532c1f8d"], 0xa8) 6m2.722802121s ago: executing program 1 (id=226): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001d40)=""/4078, 0xfee}, {&(0x7f0000000340)=""/141, 0x8d}, {&(0x7f0000002d40)=""/4116, 0x1005}, {&(0x7f0000000400)=""/6, 0x6}, {&(0x7f0000000440)=""/231, 0xe7}], 0x5}}], 0x3ffffbd, 0x0, 0x0) 5m47.588097091s ago: executing program 32 (id=226): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001d40)=""/4078, 0xfee}, {&(0x7f0000000340)=""/141, 0x8d}, {&(0x7f0000002d40)=""/4116, 0x1005}, {&(0x7f0000000400)=""/6, 0x6}, {&(0x7f0000000440)=""/231, 0xe7}], 0x5}}], 0x3ffffbd, 0x0, 0x0) 3m13.413553406s ago: executing program 0 (id=871): openat$tun(0xffffffffffffff9c, 0x0, 0x2241, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000b80), 0x204008, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) 3m13.325330387s ago: executing program 2 (id=873): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r0, 0x0) r1 = accept(r0, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x4, 0x4, 0xa4, 0x0, 0xffffffffffffffff, 0x7fffffff}, 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000300), &(0x7f0000000000)=@tcp6=r1, 0x1}, 0x20) recvmmsg(r1, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x12020, 0x0) getsockname$packet(r1, 0x0, &(0x7f00000001c0)) getpeername$netlink(r1, 0x0, 0x0) 3m13.174099081s ago: executing program 0 (id=876): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') syz_mount_image$fuse(0x0, &(0x7f0000000740)='./bus\x00', 0x283016, 0x0, 0x11, 0x0, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 3m13.045720772s ago: executing program 0 (id=879): bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0xc47, 0x3, 0x80, 0x82c, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x2, 0x2}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) close(0x3) 3m12.835700538s ago: executing program 0 (id=883): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x3ab1019, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000500)='./file0/../file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000480)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0/../file0\x00', 0x0, 0xa1c08, 0x0) 3m12.820826592s ago: executing program 3 (id=884): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000b80), 0x204008, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) 3m12.71111577s ago: executing program 0 (id=886): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRES16=r0], 0x1000f) 3m12.702542933s ago: executing program 3 (id=887): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x6}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x40080, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r9, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x401c5820, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0xfffffffffffffdfd, 0x0}) 3m12.44451309s ago: executing program 0 (id=890): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$sock_int(r1, 0x1, 0x2f, 0x0, &(0x7f0000000300)=0x700) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = fsopen(&(0x7f00000000c0)='f2fs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x8, 0x0, 0x0, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, &(0x7f00000000c0)=[@wr_crn={0x46, 0x20, {0x4, 0x6d7}}], 0x20}) r4 = dup(r2) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000640)={0x0, 0x107000}) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x0) 3m12.369834837s ago: executing program 3 (id=892): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x0, 0x2, 0x1b9, 0x7fffffff}) fcntl$lock(r0, 0x24, &(0x7f0000000180)={0x1, 0x0, 0x4000000089}) 3m12.12388097s ago: executing program 33 (id=890): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$sock_int(r1, 0x1, 0x2f, 0x0, &(0x7f0000000300)=0x700) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = fsopen(&(0x7f00000000c0)='f2fs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x8, 0x0, 0x0, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, &(0x7f00000000c0)=[@wr_crn={0x46, 0x20, {0x4, 0x6d7}}], 0x20}) r4 = dup(r2) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000640)={0x0, 0x107000}) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_RUN(r5, 0xae80, 0x0) 3m12.114001194s ago: executing program 2 (id=895): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x4, 0xa}, {}, {0xa}}, [@filter_kind_options=@f_bpf={{0x8}, {0x10, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8858}, 0x20004804) 3m12.112014016s ago: executing program 3 (id=896): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x3ab1019, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000500)='./file0/../file0\x00', 0x89901) mount$bind(&(0x7f0000000480)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0/../file0\x00', 0x0, 0xa1c08, 0x0) 3m12.005312138s ago: executing program 3 (id=897): r0 = socket$inet_sctp(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) splice(r1, 0x0, r3, 0x0, 0x6, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x8000}, 0x8880) splice(r2, 0x0, r4, 0x0, 0x6, 0x7) close_range(r0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) 3m11.67971547s ago: executing program 2 (id=900): r0 = socket(0x11, 0x800000003, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001500)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x0, 0x4]}}}}]}, 0x88}}, 0x0) 3m11.575990744s ago: executing program 3 (id=903): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x5, 0x4, 0x4, 0x4}, 0x50) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x8000000}, 0x1c) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 3m11.125988322s ago: executing program 34 (id=903): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x5, 0x4, 0x4, 0x4}, 0x50) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x8000000}, 0x1c) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 3m11.110236179s ago: executing program 2 (id=906): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x3ab1019, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000500)='./file0/../file0\x00', 0x89901) mount$bind(&(0x7f0000000480)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0/../file0\x00', 0x0, 0xa1c08, 0x0) 3m10.956659711s ago: executing program 2 (id=908): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x1, &(0x7f0000000180)=0x6}) 3m9.935557741s ago: executing program 2 (id=916): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000500)={0x0, 0x2, 0x10}, 0xc) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2, 0x5}}, 0x20) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty}}, 0xffffec47, 0x9, 0xffff1896, 0x100, 0x25, 0x7fff}, 0x9c) 3m9.402460117s ago: executing program 35 (id=916): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000500)={0x0, 0x2, 0x10}, 0xc) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2, 0x5}}, 0x20) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty}}, 0xffffec47, 0x9, 0xffff1896, 0x100, 0x25, 0x7fff}, 0x9c) 2m44.944461123s ago: executing program 4 (id=1063): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000140)='./file0/file1\x00') 2m43.897202489s ago: executing program 4 (id=1077): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x1, 0x10, &(0x7f00000040c0)=ANY=[@ANYBLOB="1800000001000000000000004300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085000000a0000000bf91000000000000b7"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe, 0x0, &(0x7f0000000a00)="00000000076f00001abd8cf0eedf", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m43.559579672s ago: executing program 4 (id=1080): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000900)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1}}], 0x1, 0x20008050) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRES16=r0], 0x1000f) 2m43.373112458s ago: executing program 4 (id=1082): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x3ab1019, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000480)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0/../file0\x00', 0x0, 0xa1c08, 0x0) 2m43.123250495s ago: executing program 4 (id=1084): bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0xc47, 0x3, 0x80, 0x82c, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x2, 0x2}, 0x50) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) close(0x3) 2m41.315980474s ago: executing program 4 (id=1099): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) syz_mount_image$fuse(0x0, 0x0, 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000b80), 0x204008, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) 2m41.00925198s ago: executing program 36 (id=1099): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) syz_mount_image$fuse(0x0, 0x0, 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000b80), 0x204008, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) 2.297996681s ago: executing program 9 (id=2857): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) r1 = fsopen(&(0x7f0000000180)='debugfs\x00', 0x1) r2 = fsmount(r1, 0x0, 0x82) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x18}}], 0x1, 0x4000000) fchdir(r2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r3, &(0x7f0000001f80)=""/4071, 0xfe7) 2.152627141s ago: executing program 9 (id=2861): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$isdn_base(0x22, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet(0x2, 0x5, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r3, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r4], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r3, {0xfff2}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x0) 2.067943122s ago: executing program 5 (id=2862): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00000010000d042abd70000000000000000000", @ANYRES32=r2, @ANYBLOB="010000000c0020001c00128009000100626f6e64000000000c0002800500010006"], 0x3c}, 0x1, 0x0, 0x0, 0x404c084}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700ff01000000000000000000000000000108", @ANYRES32=r5], 0x54}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x1201}, [@IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x2c}}, 0x0) 1.994135553s ago: executing program 7 (id=2863): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000300000001"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000500), &(0x7f00000006c0), 0x3, r1}, 0x38) 1.918358343s ago: executing program 5 (id=2864): getrandom(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0x7, 0x9) bpf$PROG_LOAD(0x5, 0x0, 0x0) timerfd_gettime(r0, &(0x7f0000000100)) epoll_create1(0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000780)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x20, 0x7ffc1ffb}]}) semtimedop(0x0, &(0x7f0000000000)=[{0x2, 0x40, 0x1800}], 0x1, 0x0) write$P9_RWRITE(r4, &(0x7f0000000040)={0xb}, 0x11000) read(r3, &(0x7f0000032440)=""/102364, 0x18fdc) write$binfmt_elf64(r4, 0x0, 0x78) lseek(r0, 0x1000000, 0x0) 1.870535217s ago: executing program 9 (id=2865): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYRESHEX=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r2, 0x400, 0x0) r3 = gettid() timer_create(0x0, &(0x7f00000005c0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) timer_create(0x7, &(0x7f0000001880)={0x0, 0x2b, 0x1, @thr={0x0, 0x0}}, &(0x7f00000018c0)=0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r7}, 0x18) r8 = syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001fb, 0x101301) ioctl$USBDEVFS_ALLOW_SUSPEND(r8, 0x5522) timer_settime(r6, 0x1, &(0x7f0000001900)={{0x77359400}, {0x77359400}}, 0x0) timer_settime(r4, 0x0, &(0x7f00000001c0), &(0x7f0000000300)) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='net_dev_xmit\x00'}, 0x9) process_mrelease(0xffffffffffffffff, 0x700000000000000) timer_settime(r4, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000600)={[{@resuid}, {@grpid}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@dioread_lock}, {@noquota}, {@barrier}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@minixdf}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x48a, &(0x7f0000000000)={[{@data_ordered}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@sysvgroups}, {@usrjquota, 0x22}, {@errors_continue}, {@errors_remount}, {@noblock_validity}]}, 0x1, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==") mount(0x0, &(0x7f0000000540)='./file1\x00', 0x0, 0x2200020, &(0x7f0000000400)='S\xdfq\xc3\xd0\xf2IUL\xc1\xf4S\xac\xf4\xcc\x8d\x89\x1d\x80') truncate(&(0x7f0000000900)='./file1\x00', 0x24b9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f00000004c0)='xdp_devmap_xmit\x00', r1, 0x0, 0x40000000000007}, 0x18) semget$private(0x0, 0x5, 0x0) 1.829543801s ago: executing program 7 (id=2866): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk', 0x1, 0x20) io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000140)="2a22cab1fd", 0x5}]) 1.777470061s ago: executing program 8 (id=2867): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xe, 0x0, &(0x7f0000000000)="259a53f271a76d2688ca4c6588a8", 0x0, 0xcfb, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.591837778s ago: executing program 7 (id=2868): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff9, 0x8}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0xc090, 0x5, 0x0, 0x8, 0x8000, 0xde}, [@TCA_NETEM_JITTER64={0xc, 0xb, 0x6}]}}}]}, 0x58}}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r3}, 0x10) r4 = socket(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x14, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000080)={'nicvf0\x00', 0x400}) openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) sendto$inet6(r4, &(0x7f0000000000)="7800000018002507b9409b14ffff00000204be04020506050e0204094300080004000000040010000d0068d0bf46d32345653600648d0a0012000200000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f25232500000", 0x78, 0x4000, 0x0, 0x0) 1.565156143s ago: executing program 6 (id=2869): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000200)='ext2\x00', &(0x7f0000000000)='./file1\x00', 0x2a0471a, &(0x7f00000000c0)={[{@quota}, {@bsdgroups}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@oldalloc}, {@stripe={'stripe', 0x3d, 0x5}}]}, 0x2, 0x474, &(0x7f0000002200)="$eJzs3M9vFFUcAPDvzLag/GpF/AGiVomx8UdLCyoHLxpNPGA00QPqqbaFEAo1tCZCiNTE4MXEkOhZPZr4F3jzYtSTiYknvRsSolxATzUzO1O6293+oMtu7X4+ycJ789503rdv3sybeW0D6FoD2T9JxI6I+D0i+qrZ2goD1f9uXLsw/s+1C+NJzM+/8VeS17t+7cJ4WbXcb3uRGUwj0o+T4iC1Zs6dPzU2NTV5tsgPz55+b3jm3PmnT54eOzF5YvLM6JEjhw+NPPfs6DMtiTOL6/q+D6f3733lrcuvjh+7/O5P32bt3VGUL47jlmxZumkgC/zv+Vx92WNx57oOt9HsXJROejrYENakEhFZd/Xm478vKnGz8/ri5V0dbRxwW2X3pq3Ni+fmgU0siU63AOiM8kafPf+WnzZNPTaEqy9UH4CyuG8Un2pJT6RFnd6659tWGoiIY3P/fpl9ohXvIQAAVvDp+BdH46lG87807l1Ub1exhtIfEXdFxO6IuDsi9kTEPRF53fsi4v6buzRYEdm+ZEv90tDS+U96ZV0BriCb/z1frG3Vzv/K2V/0V4rczjz+3uT4yanJg8X3ZDB6t2b5kWWO8f1Lv37WrGzx/C/7ZMcv54JFO6701L2gmxibHcsnpS1w9aOIfT2N4k8WVgKSiNgbEfvW9qUX1g5OPvHN/maVVo5/GS1YZ5r/OuLxav/PRV38pWT59cnhO2Jq8uBweVYs9fMvl15vdvx1xd8CWf9vqz3/i5KvzhWJ/ncWr9fOxJpXLi/98UnTZ5pbPf+3JG/m16PyIvPB2Ozs2ZGILcnRPF+zffTmvmW+rJ/FP3ig8fjfXeyT9f8DEZGdxA9GxEMR8XDR9kci4tGIOLBM/D++2LxsTf2/dBl53bL4Jxpe/xbO//6kpv/Xnqic+uG7W48/6//DeWqw2JJf/1aw2gau53sHAAAA/xdp/jPwSTq0kE7ToaHqm9o9sS2dmp6ZffL49PtnJqo/K98fvWn5pqtv0fvQkWSu+IrV/GjxrrgsP1S8N/68Enl+aHx6aqLDsUO3295k/Gf+rHS6dcBt12gdbbTB8i2w+dSP/7Q2e/G1djYGaCu/rw3da4Xxn7arHUD7uf9D92o0/i/W5a0FwObk/g/dy/iH7mX8Q/eqG/+V+K1TLQHaaD2/1y/RzYlIN0QzVpVY/d+DuN2JtzdGM1aR6PSVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDX+CwAA//9eQvH6") r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2, r0}, 0xc) 1.400122903s ago: executing program 6 (id=2870): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000f00)={'dummy0\x00', &(0x7f0000000540)=@ethtool_perm_addr={0x4b, 0x2f, "43720700000000004786b89e6fb2940acfbe4c3f9725f0f2bf568d62c050880594c23d36d68dbac78c2893c6a97985"}}) 1.267879458s ago: executing program 6 (id=2871): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(0xffffffffffffffff, 0x0, 0x82) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x18}}], 0x1, 0x4000000) fchdir(r1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r2, &(0x7f0000001f80)=""/4071, 0xfe7) 1.133435035s ago: executing program 8 (id=2872): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x97}, 0x18) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000) 998.923517ms ago: executing program 6 (id=2873): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_int(r3, 0x29, 0x16, &(0x7f0000fcb000), 0x4) close_range(r2, 0xffffffffffffffff, 0x0) 952.904754ms ago: executing program 8 (id=2874): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00000010000d042abd70000000000000000000", @ANYRES32=r2, @ANYBLOB="010000000c0020001c00128009000100626f6e64000000000c0002800500010006"], 0x3c}, 0x1, 0x0, 0x0, 0x404c084}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700ff01000000000000000000000000000108", @ANYRES32=r5], 0x54}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x1201}, [@IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x2c}}, 0x0) 952.075765ms ago: executing program 7 (id=2875): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$isdn_base(0x22, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet(0x2, 0x5, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r3, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r4], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r3, {0xfff2}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x0) 731.945396ms ago: executing program 9 (id=2876): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062"], 0x3c}}, 0x0) 670.150876ms ago: executing program 6 (id=2877): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r1, 0x0, 0x0) lseek(r1, 0x3, 0x1) getdents64(r1, 0x0, 0x0) 643.015147ms ago: executing program 5 (id=2878): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk', 0x1, 0x20) io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000140)="2a22cab1fd", 0x5}]) 631.762047ms ago: executing program 8 (id=2879): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xc}}, 0x5}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='vlan0\x00', 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x10, 0x1402, 0x20, 0x70bd27, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x10080804) 609.859944ms ago: executing program 7 (id=2880): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000200)='ext2\x00', &(0x7f0000000000)='./file1\x00', 0x2a0471a, &(0x7f00000000c0)={[{@quota}, {@bsdgroups}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@oldalloc}, {@stripe={'stripe', 0x3d, 0x5}}]}, 0x2, 0x474, &(0x7f0000002200)="$eJzs3M9vFFUcAPDvzLag/GpF/AGiVomx8UdLCyoHLxpNPGA00QPqqbaFEAo1tCZCiNTE4MXEkOhZPZr4F3jzYtSTiYknvRsSolxATzUzO1O6293+oMtu7X4+ycJ789503rdv3sybeW0D6FoD2T9JxI6I+D0i+qrZ2goD1f9uXLsw/s+1C+NJzM+/8VeS17t+7cJ4WbXcb3uRGUwj0o+T4iC1Zs6dPzU2NTV5tsgPz55+b3jm3PmnT54eOzF5YvLM6JEjhw+NPPfs6DMtiTOL6/q+D6f3733lrcuvjh+7/O5P32bt3VGUL47jlmxZumkgC/zv+Vx92WNx57oOt9HsXJROejrYENakEhFZd/Xm478vKnGz8/ri5V0dbRxwW2X3pq3Ni+fmgU0siU63AOiM8kafPf+WnzZNPTaEqy9UH4CyuG8Un2pJT6RFnd6659tWGoiIY3P/fpl9ohXvIQAAVvDp+BdH46lG87807l1Ub1exhtIfEXdFxO6IuDsi9kTEPRF53fsi4v6buzRYEdm+ZEv90tDS+U96ZV0BriCb/z1frG3Vzv/K2V/0V4rczjz+3uT4yanJg8X3ZDB6t2b5kWWO8f1Lv37WrGzx/C/7ZMcv54JFO6701L2gmxibHcsnpS1w9aOIfT2N4k8WVgKSiNgbEfvW9qUX1g5OPvHN/maVVo5/GS1YZ5r/OuLxav/PRV38pWT59cnhO2Jq8uBweVYs9fMvl15vdvx1xd8CWf9vqz3/i5KvzhWJ/ncWr9fOxJpXLi/98UnTZ5pbPf+3JG/m16PyIvPB2Ozs2ZGILcnRPF+zffTmvmW+rJ/FP3ig8fjfXeyT9f8DEZGdxA9GxEMR8XDR9kci4tGIOLBM/D++2LxsTf2/dBl53bL4Jxpe/xbO//6kpv/Xnqic+uG7W48/6//DeWqw2JJf/1aw2gau53sHAAAA/xdp/jPwSTq0kE7ToaHqm9o9sS2dmp6ZffL49PtnJqo/K98fvWn5pqtv0fvQkWSu+IrV/GjxrrgsP1S8N/68Enl+aHx6aqLDsUO3295k/Gf+rHS6dcBt12gdbbTB8i2w+dSP/7Q2e/G1djYGaCu/rw3da4Xxn7arHUD7uf9D92o0/i/W5a0FwObk/g/dy/iH7mX8Q/eqG/+V+K1TLQHaaD2/1y/RzYlIN0QzVpVY/d+DuN2JtzdGM1aR6PSVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDX+CwAA//9eQvH6") r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2, r0}, 0xc) 421.058953ms ago: executing program 5 (id=2881): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000f00)={'dummy0\x00', &(0x7f0000000540)=@ethtool_perm_addr={0x4b, 0x2f, "43720700000000004786b89e6fb2940acfbe4c3f9725f0f2bf568d62c050880594c23d36d68dbac78c2893c6a97985"}}) 410.521954ms ago: executing program 9 (id=2882): r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, 0x0, 0x0) r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000000440)={{0x0, 0x3938700}}, 0x0) clock_adjtime(0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x0, 0xc, 0x0, 0x0, 0x4, 0x200000000000000, 0x0, 0x100, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x8, 0x2, 0x3, 0x0, 0x3}) 390.4831ms ago: executing program 8 (id=2883): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(0xffffffffffffffff, 0x0, 0x82) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x18}}], 0x1, 0x4000000) fchdir(r1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r2, &(0x7f0000001f80)=""/4071, 0xfe7) 219.997988ms ago: executing program 5 (id=2884): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000) 137.981998ms ago: executing program 7 (id=2885): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)='%pS \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800718, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==") 121.648759ms ago: executing program 9 (id=2886): r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) fallocate(r0, 0x0, 0xbf5, 0x2000402) r1 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x100) preadv2(r1, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0) 85.403248ms ago: executing program 8 (id=2887): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) getcwd(&(0x7f0000000140)=""/115, 0x73) 6.405878ms ago: executing program 6 (id=2888): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) ioctl$SG_IO(r2, 0x2285, 0x0) writev(r2, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2) 0s ago: executing program 5 (id=2889): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r0, 0x0, 0x4804}, 0x18) r1 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x9, @local, 0x4}, 0x1c) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1) kernel console output (not intermixed with test programs): T12388] syzkaller0: entered allmulticast mode [ 468.191357][T12396] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1956'. [ 468.337952][T12399] loop6: detected capacity change from 0 to 2048 [ 468.450025][T12399] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 468.547950][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 468.547969][ T30] audit: type=1800 audit(1760389123.607:478): pid=12399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1955" name="bus" dev="loop6" ino=18 res=0 errno=0 [ 468.580561][T12408] netlink: 19 bytes leftover after parsing attributes in process `syz.7.1960'. [ 468.659423][T12412] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1959'. [ 468.762137][ T9195] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 468.886044][T12417] syzkaller0: entered promiscuous mode [ 468.907832][T12417] syzkaller0: entered allmulticast mode [ 469.156852][T12427] netlink: 24 bytes leftover after parsing attributes in process `syz.9.1965'. [ 469.171260][T12431] loop8: detected capacity change from 0 to 128 [ 469.320013][T12437] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1965'. [ 469.337629][T12434] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1970'. [ 469.804109][T12451] netlink: 16 bytes leftover after parsing attributes in process `syz.9.1976'. [ 470.254739][T12463] syzkaller0: entered promiscuous mode [ 470.298638][T12463] syzkaller0: entered allmulticast mode [ 470.407868][T12468] loop9: detected capacity change from 0 to 512 [ 470.438198][T12468] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 470.522442][T12468] EXT4-fs warning (device loop9): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 470.580682][T12468] EXT4-fs (loop9): 1 truncate cleaned up [ 470.588636][T12468] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 470.686587][T12477] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 470.788718][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 471.013016][T12488] netlink: 272 bytes leftover after parsing attributes in process `syz.6.1990'. [ 471.142575][ T30] audit: type=1326 audit(1760389126.197:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12490 comm="syz.8.1991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 471.231373][ T30] audit: type=1326 audit(1760389126.197:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12490 comm="syz.8.1991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 471.282768][ T30] audit: type=1326 audit(1760389126.197:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12490 comm="syz.8.1991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 471.338525][ T30] audit: type=1326 audit(1760389126.207:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12490 comm="syz.8.1991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 471.362464][T12496] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1993'. [ 471.372005][ T30] audit: type=1326 audit(1760389126.207:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12490 comm="syz.8.1991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 471.650717][T12504] syzkaller0: entered promiscuous mode [ 471.666588][T12504] syzkaller0: entered allmulticast mode [ 472.779895][T12520] loop9: detected capacity change from 0 to 512 [ 472.941907][T12520] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 472.972062][T12520] ext4 filesystem being mounted at /197/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 473.104808][T12520] netlink: 'syz.9.2001': attribute type 27 has an invalid length. [ 473.273901][T12520] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.281927][T12520] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.370129][T12539] EXT4-fs error (device loop9): ext4_do_update_inode:5632: inode #2: comm syz.9.2001: corrupted inode contents [ 473.396543][T12539] EXT4-fs error (device loop9): ext4_dirty_inode:6517: inode #2: comm syz.9.2001: mark_inode_dirty error [ 473.465860][T12539] EXT4-fs error (device loop9): ext4_do_update_inode:5632: inode #2: comm syz.9.2001: corrupted inode contents [ 473.481373][T12546] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2007'. [ 473.676210][T12520] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 473.700949][T12520] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 473.842573][ T30] audit: type=1326 audit(1760389128.907:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12555 comm="syz.7.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 473.874436][ T30] audit: type=1326 audit(1760389128.907:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12555 comm="syz.7.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 473.904007][ T30] audit: type=1326 audit(1760389128.917:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12555 comm="syz.7.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 473.934667][ T30] audit: type=1326 audit(1760389128.917:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12555 comm="syz.7.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 473.977698][ T30] audit: type=1326 audit(1760389128.917:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12555 comm="syz.7.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 474.007310][ T30] audit: type=1326 audit(1760389128.917:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12555 comm="syz.7.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 474.019710][T12558] loop7: detected capacity change from 0 to 2048 [ 474.037332][ T30] audit: type=1326 audit(1760389128.917:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12555 comm="syz.7.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 474.064524][ T30] audit: type=1326 audit(1760389128.917:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12555 comm="syz.7.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 474.075313][T12520] macvtap1: left promiscuous mode [ 474.089606][ T30] audit: type=1326 audit(1760389128.917:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12555 comm="syz.7.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 474.113290][T12520] macvtap1: left allmulticast mode [ 474.137289][ T30] audit: type=1326 audit(1760389128.917:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12555 comm="syz.7.2013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 474.146151][T12558] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 474.203291][T12536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 474.227977][T12536] 8021q: adding VLAN 0 to HW filter on device team0 [ 474.245459][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 474.263451][T12536] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 474.355174][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 474.528209][T12114] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.568634][T12114] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.602036][T12114] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.612105][T12567] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2016'. [ 474.659091][T12114] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.884791][T12578] loop7: detected capacity change from 0 to 1024 [ 474.954529][T12578] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 474.973217][T12586] loop8: detected capacity change from 0 to 2048 [ 475.015075][T12578] ext4 filesystem being mounted at /220/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 475.076309][T12578] EXT4-fs error (device loop7): ext4_lookup:1787: inode #15: comm syz.7.2023: inode has both inline data and extents flags [ 475.132192][T12586] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 475.296362][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 475.368826][T12599] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2030'. [ 475.417688][T12604] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2032'. [ 475.465714][ T9278] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 475.516968][T12607] gtp0: entered promiscuous mode [ 475.532623][T12607] gtp0: entered allmulticast mode [ 475.747598][T12616] loop7: detected capacity change from 0 to 512 [ 475.763435][T12616] EXT4-fs: Ignoring removed oldalloc option [ 475.833280][T12616] EXT4-fs (loop7): couldn't mount as ext2 due to feature incompatibilities [ 475.977443][T12622] loop9: detected capacity change from 0 to 2048 [ 476.081969][T12629] loop7: detected capacity change from 0 to 128 [ 476.121518][T12622] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 476.147235][T12634] loop5: detected capacity change from 0 to 2048 [ 476.272597][T12634] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 476.482830][T12643] fuse: Invalid rootmode [ 476.533136][T12644] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2045'. [ 476.593908][ T6964] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 476.808601][T12649] xt_CT: No such helper "netbios-ns" [ 477.035578][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 477.186098][T12669] fuse: Invalid rootmode [ 477.211968][T12671] loop6: detected capacity change from 0 to 2048 [ 477.243115][T12671] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 477.275657][T12677] netlink: 996 bytes leftover after parsing attributes in process `syz.8.2060'. [ 477.416574][ T9195] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 477.428792][ T5887] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 477.500403][T12684] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2061'. [ 477.565642][T12684] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2061'. [ 477.581731][T12689] program syz.6.2065 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 477.608190][ T5887] usb 6-1: Using ep0 maxpacket: 32 [ 477.618833][ T5887] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 477.638249][ T5887] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 477.658676][ T5887] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 477.667832][ T5887] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 477.708446][ T5887] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 477.729843][ T5887] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 477.768273][ T5887] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 477.777385][ T5887] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.820945][ T5887] usb 6-1: config 0 descriptor?? [ 477.835300][T12699] fuse: Bad value for 'rootmode' [ 478.033991][ T5887] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 18 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 478.066404][ T5887] usb 6-1: USB disconnect, device number 18 [ 478.098568][T12626] Bluetooth: hci1: command 0x0406 tx timeout [ 478.105028][T12626] Bluetooth: hci2: command 0x0406 tx timeout [ 478.109160][ T5887] usblp0: removed [ 478.205971][T12713] loop7: detected capacity change from 0 to 128 [ 478.406845][T12718] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2078'. [ 478.548677][ T5887] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 478.553321][T12728] netlink: 'syz.8.2083': attribute type 12 has an invalid length. [ 478.610907][T12728] netlink: 'syz.8.2083': attribute type 29 has an invalid length. [ 478.628166][T12728] netlink: 148 bytes leftover after parsing attributes in process `syz.8.2083'. [ 478.712574][T12732] loop7: detected capacity change from 0 to 4096 [ 478.725228][ T5887] usb 6-1: Using ep0 maxpacket: 32 [ 478.734377][ T5887] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 478.746734][T12732] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 478.763162][ T5887] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 478.773118][ T5887] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 478.801330][ T5887] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 478.836971][ T5887] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 478.848593][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 478.848612][ T30] audit: type=1326 audit(1760389133.917:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.8.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 478.868923][T12732] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #15: comm syz.7.2085: corrupted inode contents [ 478.902338][ T30] audit: type=1326 audit(1760389133.927:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.8.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 478.907879][ T5887] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 478.938294][ T30] audit: type=1326 audit(1760389133.927:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.8.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 478.976855][T12732] EXT4-fs error (device loop7): ext4_dirty_inode:6517: inode #15: comm syz.7.2085: mark_inode_dirty error [ 478.988703][ T5887] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 478.988736][ T5887] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.991721][ T5887] usb 6-1: config 0 descriptor?? [ 479.009768][ T30] audit: type=1326 audit(1760389133.927:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.8.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 479.020705][T12732] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #15: comm syz.7.2085: corrupted inode contents [ 479.048921][T12732] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #15: comm syz.7.2085: mark_inode_dirty error [ 479.080758][ T30] audit: type=1326 audit(1760389133.927:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.8.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 479.083959][T12732] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #15: comm syz.7.2085: corrupted inode contents [ 479.115762][ T30] audit: type=1326 audit(1760389133.927:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.8.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 479.144188][ T30] audit: type=1326 audit(1760389133.927:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.8.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 479.182371][T12732] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #15: comm syz.7.2085: mark_inode_dirty error [ 479.182877][ T30] audit: type=1326 audit(1760389133.927:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.8.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 479.226675][ T5887] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 19 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 479.237915][T12732] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #15: comm syz.7.2085: corrupted inode contents [ 479.242573][ T30] audit: type=1326 audit(1760389133.927:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.8.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 479.274257][ T5887] usb 6-1: USB disconnect, device number 19 [ 479.283731][ T5887] usblp0: removed [ 479.288393][T12732] EXT4-fs error (device loop7): ext4_truncate:4637: inode #15: comm syz.7.2085: mark_inode_dirty error [ 479.293301][ T30] audit: type=1326 audit(1760389133.927:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12741 comm="syz.8.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 479.323884][T12732] EXT4-fs error (device loop7) in ext4_setattr:6050: Corrupt filesystem [ 479.418239][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 479.733083][T12768] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 479.991032][T12790] loop5: detected capacity change from 0 to 128 [ 480.199159][T12626] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 480.236228][T12799] netlink: 596 bytes leftover after parsing attributes in process `syz.8.2115'. [ 480.457078][T12811] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 480.467102][T12808] ALSA: seq fatal error: cannot create timer (-19) [ 480.477313][T12814] veth0: entered promiscuous mode [ 480.483996][T12814] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2120'. [ 480.740313][ T983] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 480.852001][T12830] fuse: Unknown parameter '0x0000000000000003' [ 480.908237][ T983] usb 9-1: Using ep0 maxpacket: 32 [ 480.924635][ T983] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 480.943477][ T983] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 480.973729][ T983] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 481.036190][ T983] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 481.078215][ T983] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 481.093366][ T983] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 481.110774][T12838] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2133'. [ 481.148619][ T983] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 481.158816][T12838] macvtap2: entered promiscuous mode [ 481.181704][T12838] team0: entered promiscuous mode [ 481.183340][ T983] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.186795][T12838] team_slave_0: entered promiscuous mode [ 481.201996][T12838] team_slave_1: entered promiscuous mode [ 481.208762][T12838] macvtap2: entered allmulticast mode [ 481.215537][T12838] team0: entered allmulticast mode [ 481.221225][T12838] team_slave_0: entered allmulticast mode [ 481.227496][T12838] team_slave_1: entered allmulticast mode [ 481.233953][T12838] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 481.250047][ T983] usb 9-1: config 0 descriptor?? [ 481.250848][T12844] team0: left allmulticast mode [ 481.268684][T12844] team_slave_0: left allmulticast mode [ 481.278822][T12844] team_slave_1: left allmulticast mode [ 481.286644][T12844] team0: left promiscuous mode [ 481.292028][T12844] team_slave_0: left promiscuous mode [ 481.297761][T12844] team_slave_1: left promiscuous mode [ 481.395175][T12852] loop5: detected capacity change from 0 to 128 [ 481.474435][ T983] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 481.511072][ T983] usb 9-1: USB disconnect, device number 5 [ 481.520068][T12858] fuse: Unknown parameter '0x0000000000000003' [ 481.531482][ T983] usblp0: removed [ 481.749023][T12870] loop5: detected capacity change from 0 to 128 [ 481.806541][T12870] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 481.828634][T12870] FAT-fs (loop5): Filesystem has been set read-only [ 481.839187][T12870] syz.5.2147: attempt to access beyond end of device [ 481.839187][T12870] loop5: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 481.853968][T12870] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 481.862290][T12870] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 481.876365][T12870] syz.5.2147: attempt to access beyond end of device [ 481.876365][T12870] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 481.879518][T12877] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2151'. [ 481.898485][T12870] syz.5.2147: attempt to access beyond end of device [ 481.898485][T12870] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 481.934010][T12877] team_slave_0: entered promiscuous mode [ 481.939828][T12877] team_slave_1: entered promiscuous mode [ 481.955006][T12877] macvtap1: entered promiscuous mode [ 481.958503][T12870] syz.5.2147: attempt to access beyond end of device [ 481.958503][T12870] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 481.964935][T12877] team0: entered promiscuous mode [ 481.988586][ T983] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 482.000172][T12877] macvtap1: entered allmulticast mode [ 482.020112][T12877] team0: entered allmulticast mode [ 482.038261][T12877] team_slave_0: entered allmulticast mode [ 482.063426][T12877] team_slave_1: entered allmulticast mode [ 482.068563][T12870] syz.5.2147: attempt to access beyond end of device [ 482.068563][T12870] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 482.084937][T12877] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 482.102334][T12870] syz.5.2147: attempt to access beyond end of device [ 482.102334][T12870] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 482.116588][T12878] team0: left allmulticast mode [ 482.122885][T12870] syz.5.2147: attempt to access beyond end of device [ 482.122885][T12870] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 482.147795][T12878] team_slave_0: left allmulticast mode [ 482.156251][T12883] loop7: detected capacity change from 0 to 128 [ 482.162738][T12878] team_slave_1: left allmulticast mode [ 482.163553][T12870] syz.5.2147: attempt to access beyond end of device [ 482.163553][T12870] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 482.168512][T12878] team0: left promiscuous mode [ 482.169203][T12878] team_slave_0: left promiscuous mode [ 482.182932][ T983] usb 9-1: Using ep0 maxpacket: 32 [ 482.186675][T12878] team_slave_1: left promiscuous mode [ 482.203723][ T983] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 482.212556][ T983] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 482.217393][T12870] syz.5.2147: attempt to access beyond end of device [ 482.217393][T12870] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 482.237241][ T983] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 482.244068][T12870] syz.5.2147: attempt to access beyond end of device [ 482.244068][T12870] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 482.279347][ T983] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 482.304241][ T983] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 482.330026][ T983] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 482.384505][ T983] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 482.413766][ T983] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.432867][ T983] usb 9-1: config 0 descriptor?? [ 482.468524][T12891] Driver unsupported XDP return value 0 on prog (id 363) dev N/A, expect packet loss! [ 482.478822][T12889] fuse: Unknown parameter '0x0000000000000003' [ 482.655885][ T983] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 482.673107][T12894] loop9: detected capacity change from 0 to 2048 [ 482.701847][ T983] usb 9-1: USB disconnect, device number 6 [ 482.721597][ T983] usblp0: removed [ 482.771716][T12899] ipvlan2: entered promiscuous mode [ 482.796398][T12899] bridge0: port 3(ipvlan2) entered blocking state [ 482.813842][T12899] bridge0: port 3(ipvlan2) entered disabled state [ 482.834177][T12899] ipvlan2: entered allmulticast mode [ 482.850681][T12899] bridge0: entered allmulticast mode [ 482.867110][T12899] ipvlan2: left allmulticast mode [ 482.877193][T12899] bridge0: left allmulticast mode [ 483.125551][T12917] loop7: detected capacity change from 0 to 764 [ 483.161895][T12917] rock: directory entry would overflow storage [ 483.170870][T12917] rock: sig=0x4f50, size=4, remaining=3 [ 483.177060][T12917] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 483.221661][ T5146] Bluetooth: hci4: command 0x0406 tx timeout [ 483.679419][T12944] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 483.734593][T12944] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 483.957307][T12955] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2177'. [ 484.406440][T12973] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2181'. [ 484.444291][T12973] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2181'. [ 484.474763][T12975] netlink: 'syz.6.2182': attribute type 46 has an invalid length. [ 484.517842][T12975] netlink: 'syz.6.2182': attribute type 28 has an invalid length. [ 484.683138][T12987] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2185'. [ 484.907137][T13000] syzkaller0: entered promiscuous mode [ 484.922974][T13000] syzkaller0: entered allmulticast mode [ 485.098576][T13004] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2191'. [ 485.274690][T13015] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 485.318293][T13017] netlink: 56 bytes leftover after parsing attributes in process `syz.7.2195'. [ 485.391776][ T30] kauditd_printk_skb: 35 callbacks suppressed [ 485.391795][ T30] audit: type=1326 audit(1760389140.457:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12892 comm="syz.9.2158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 485.391843][ T30] audit: type=1326 audit(1760389140.457:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12892 comm="syz.9.2158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 485.654715][T13026] loop5: detected capacity change from 0 to 512 [ 485.993483][T13026] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.2198: inode has both inline data and extents flags [ 486.066468][T13035] syzkaller0: entered promiscuous mode [ 486.085577][T13035] syzkaller0: entered allmulticast mode [ 486.095238][T13026] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2198: couldn't read orphan inode 15 (err -117) [ 486.134815][T13026] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 486.424160][ T6964] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 486.559547][ T30] audit: type=1326 audit(1760389141.627:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13072 comm="syz.6.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f10e6b85d67 code=0x7ffc0000 [ 486.634474][ T30] audit: type=1326 audit(1760389141.647:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13072 comm="syz.6.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f10e6b2af79 code=0x7ffc0000 [ 486.721685][T13076] syzkaller0: entered promiscuous mode [ 486.727227][T13076] syzkaller0: entered allmulticast mode [ 486.761940][ T30] audit: type=1326 audit(1760389141.647:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13072 comm="syz.6.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f10e6b85d67 code=0x7ffc0000 [ 486.829597][ T30] audit: type=1326 audit(1760389141.647:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13072 comm="syz.6.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f10e6b2af79 code=0x7ffc0000 [ 486.866912][ T30] audit: type=1326 audit(1760389141.647:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13072 comm="syz.6.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10e6b8eec9 code=0x7ffc0000 [ 486.893462][ T30] audit: type=1326 audit(1760389141.647:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13072 comm="syz.6.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10e6b8eec9 code=0x7ffc0000 [ 486.938734][ T30] audit: type=1326 audit(1760389141.667:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13072 comm="syz.6.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f10e6b8eec9 code=0x7ffc0000 [ 486.963786][T13091] netlink: 16 bytes leftover after parsing attributes in process `syz.9.2212'. [ 486.977696][ T30] audit: type=1326 audit(1760389141.667:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13072 comm="syz.6.2208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10e6b8eec9 code=0x7ffc0000 [ 487.132668][T13098] syzkaller0: entered promiscuous mode [ 487.146922][T13098] syzkaller0: entered allmulticast mode [ 487.751603][T13123] syzkaller0: entered promiscuous mode [ 487.757173][T13123] syzkaller0: entered allmulticast mode [ 487.822518][T13126] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2229'. [ 487.952696][T13104] loop5: detected capacity change from 0 to 2048 [ 488.004124][T13104] loop5: detected capacity change from 0 to 512 [ 488.046110][T13130] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2230'. [ 488.052881][T13104] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 488.085851][T13104] ext4 filesystem being mounted at /374/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 488.158547][T13135] loop9: detected capacity change from 0 to 1764 [ 488.174175][T13104] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 3: comm syz.5.2218: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=1, size=2048 fake=0 [ 488.206373][T13104] EXT4-fs (loop5): Remounting filesystem read-only [ 488.373383][T13138] syzkaller0: entered promiscuous mode [ 488.407843][T13138] syzkaller0: entered allmulticast mode [ 488.487313][ T6964] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 488.623382][T13146] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2237'. [ 488.672104][T13152] IPv6: NLM_F_CREATE should be specified when creating new route [ 488.673790][T13148] loop5: detected capacity change from 0 to 512 [ 488.704980][T13148] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 488.723654][T13146] hsr_slave_0: left promiscuous mode [ 488.753866][T13146] hsr_slave_1: left promiscuous mode [ 488.794058][T13148] EXT4-fs (loop5): 1 truncate cleaned up [ 488.852082][T13148] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 488.978660][T13155] syzkaller0: entered promiscuous mode [ 489.000197][T13155] syzkaller0: entered allmulticast mode [ 489.073320][T13162] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2241'. [ 489.086255][T13159] loop8: detected capacity change from 0 to 2048 [ 489.124382][ T6964] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 489.177045][T13159] Alternate GPT is invalid, using primary GPT. [ 489.205234][T13159] loop8: p1 p2 p3 [ 489.215120][T13159] loop8: partition table partially beyond EOD, truncated [ 489.381262][T13174] loop9: detected capacity change from 0 to 256 [ 489.411927][T13170] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2245'. [ 489.985251][T13195] loop8: detected capacity change from 0 to 512 [ 490.006289][T13195] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 490.067488][T13195] EXT4-fs (loop8): 1 truncate cleaned up [ 490.082957][T13200] serio: Serial port ptm0 [ 490.092003][T13195] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 490.239673][ T9278] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 490.889784][T13217] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2264'. [ 491.115219][T13215] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2264'. [ 491.476405][T13224] loop8: detected capacity change from 0 to 2048 [ 491.586676][T13224] Alternate GPT is invalid, using primary GPT. [ 491.608323][T13224] loop8: p1 p2 p3 [ 491.623014][T13224] loop8: partition table partially beyond EOD, truncated [ 491.646141][T13228] loop9: detected capacity change from 0 to 1024 [ 491.698886][T13228] EXT4-fs: Ignoring removed nobh option [ 491.717641][T13228] EXT4-fs: Ignoring removed bh option [ 491.762263][T13228] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 491.868405][ T30] kauditd_printk_skb: 117 callbacks suppressed [ 491.868432][ T30] audit: type=1800 audit(1760389146.877:695): pid=13228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2269" name="file1" dev="loop9" ino=15 res=0 errno=0 [ 492.165651][T13238] loop6: detected capacity change from 0 to 128 [ 492.199415][T13228] EXT4-fs error (device loop9): ext4_mb_mark_diskspace_used:4193: comm syz.9.2269: Allocating blocks 497-513 which overlap fs metadata [ 492.266312][T13228] EXT4-fs (loop9): Remounting filesystem read-only [ 492.361967][T13227] EXT4-fs (loop9): pa ffff88802f9f39f8: logic 32, phys. 161, len 22 [ 492.524298][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 492.535340][T13243] loop7: detected capacity change from 0 to 512 [ 492.621428][T13243] EXT4-fs (loop7): orphan cleanup on readonly fs [ 492.652286][T13243] EXT4-fs error (device loop7): ext4_orphan_get:1418: comm syz.7.2276: bad orphan inode 13 [ 492.696759][T13243] ext4_test_bit(bit=12, block=18) = 1 [ 492.717297][T13243] is_bad_inode(inode)=0 [ 492.721725][T13243] NEXT_ORPHAN(inode)=2130706432 [ 492.726693][T13243] max_ino=32 [ 492.729967][T13243] i_nlink=1 [ 492.735271][T13243] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 492.788271][ T30] audit: type=1326 audit(1760389147.847:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13254 comm="syz.9.2278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 492.857877][ T30] audit: type=1326 audit(1760389147.847:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13254 comm="syz.9.2278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 492.891711][T13257] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2280'. [ 492.903588][T13243] Falling back ldisc for ttyS3. [ 492.944632][ T30] audit: type=1326 audit(1760389147.847:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13254 comm="syz.9.2278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 493.013196][ T30] audit: type=1326 audit(1760389147.847:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13254 comm="syz.9.2278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 493.064050][T13259] loop9: detected capacity change from 0 to 512 [ 493.094345][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 493.099844][ T30] audit: type=1326 audit(1760389147.847:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13254 comm="syz.9.2278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 493.125894][ T30] audit: type=1326 audit(1760389147.847:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13254 comm="syz.9.2278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 493.148774][ T30] audit: type=1326 audit(1760389147.847:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13254 comm="syz.9.2278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 493.171821][ T30] audit: type=1326 audit(1760389147.847:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13254 comm="syz.9.2278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 493.196185][ T30] audit: type=1326 audit(1760389147.857:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13254 comm="syz.9.2278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 493.196533][T13259] EXT4-fs warning (device loop9): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 493.253617][T13257] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2280'. [ 493.312749][T13259] EXT4-fs (loop9): mount failed [ 493.529825][T13274] sd 0:0:1:0: device reset [ 493.686005][T13280] loop7: detected capacity change from 0 to 128 [ 494.076936][T13293] loop9: detected capacity change from 0 to 512 [ 494.149273][T13293] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 494.229256][T13293] EXT4-fs (loop9): 1 truncate cleaned up [ 494.237073][T13293] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 494.390814][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 494.509560][T13302] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2295'. [ 494.622045][T13313] loop5: detected capacity change from 0 to 128 [ 494.645768][T13302] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2295'. [ 494.821298][T13321] netlink: 148 bytes leftover after parsing attributes in process `syz.9.2305'. [ 495.155061][T13348] vxcan1: entered allmulticast mode [ 495.489008][T13366] bridge0: port 3(batadv1) entered blocking state [ 495.495630][T13366] bridge0: port 3(batadv1) entered disabled state [ 495.529587][T13366] batadv1: entered allmulticast mode [ 495.562844][T13366] batadv1: entered promiscuous mode [ 495.722118][T13373] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2318'. [ 495.781423][T13373] macvtap1: entered promiscuous mode [ 495.807229][T13373] bond0: entered promiscuous mode [ 495.818331][T13373] bond_slave_0: entered promiscuous mode [ 495.824348][T13373] bond_slave_1: entered promiscuous mode [ 495.839673][T13373] macvtap1: entered allmulticast mode [ 495.845251][T13373] bond0: entered allmulticast mode [ 495.858788][T13377] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2319'. [ 495.899251][T13373] bond_slave_0: entered allmulticast mode [ 495.941764][T13373] bond_slave_1: entered allmulticast mode [ 495.959425][T13048] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 495.969251][T13048] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 495.989738][T13373] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 496.016182][T13376] bond0: left allmulticast mode [ 496.043624][T13376] bond_slave_0: left allmulticast mode [ 496.043775][T13375] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2319'. [ 496.050052][T13376] bond_slave_1: left allmulticast mode [ 496.069429][T13376] bond0: left promiscuous mode [ 496.074359][T13376] bond_slave_0: left promiscuous mode [ 496.087220][T13376] bond_slave_1: left promiscuous mode [ 497.139017][ T30] kauditd_printk_skb: 49 callbacks suppressed [ 497.139036][ T30] audit: type=1326 audit(1760389152.207:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.8.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 497.308339][ T30] audit: type=1326 audit(1760389152.207:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.8.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 497.338263][ T30] audit: type=1326 audit(1760389152.207:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.8.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 497.379358][ T30] audit: type=1326 audit(1760389152.237:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.8.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 497.429911][T13407] loop6: detected capacity change from 0 to 256 [ 497.485594][ T30] audit: type=1326 audit(1760389152.237:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.8.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 497.558180][ T30] audit: type=1326 audit(1760389152.237:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.8.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 497.640695][ T30] audit: type=1326 audit(1760389152.237:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.8.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 497.733872][T13417] loop7: detected capacity change from 0 to 512 [ 497.738353][ T30] audit: type=1326 audit(1760389152.237:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.8.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 497.757346][T13420] loop5: detected capacity change from 0 to 256 [ 497.814869][T13417] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.2335: inode has both inline data and extents flags [ 497.828375][ T30] audit: type=1326 audit(1760389152.237:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.8.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 497.828431][ T30] audit: type=1326 audit(1760389152.237:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13393 comm="syz.8.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fdb0558eec9 code=0x7ffc0000 [ 497.923263][T13417] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.2335: couldn't read orphan inode 15 (err -117) [ 497.940049][T13417] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 498.072885][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 498.267632][T13443] loop9: detected capacity change from 0 to 512 [ 498.378776][T13443] EXT4-fs (loop9): orphan cleanup on readonly fs [ 498.455228][T13443] EXT4-fs error (device loop9): ext4_validate_block_bitmap:441: comm syz.9.2347: bg 0: block 248: padding at end of block bitmap is not set [ 498.475117][T13443] EXT4-fs error (device loop9): ext4_acquire_dquot:6945: comm syz.9.2347: Failed to acquire dquot type 1 [ 498.492571][T13443] EXT4-fs (loop9): 1 truncate cleaned up [ 498.523486][T13443] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 498.590417][T13450] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2349'. [ 498.657273][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 498.674141][T13450] team_slave_0: entered promiscuous mode [ 498.679913][T13450] team_slave_1: entered promiscuous mode [ 498.692973][T13450] macvtap2: entered promiscuous mode [ 498.698444][T13450] team0: entered promiscuous mode [ 498.719293][T13450] macvtap2: entered allmulticast mode [ 498.743123][T13450] team0: entered allmulticast mode [ 498.761941][T13450] team_slave_0: entered allmulticast mode [ 498.767421][T13459] loop9: detected capacity change from 0 to 1024 [ 498.798207][T13450] team_slave_1: entered allmulticast mode [ 498.798479][T13459] EXT4-fs (loop9): filesystem is read-only [ 498.811689][T13459] EXT4-fs (loop9): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 498.835844][T13459] EXT4-fs (loop9): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 498.854432][T13462] loop7: detected capacity change from 0 to 512 [ 498.861207][T13459] EXT4-fs error (device loop9): ext4_get_journal_inode:5808: comm syz.9.2353: inode #1: comm syz.9.2353: iget: illegal inode # [ 498.874272][T13450] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 498.883771][T13459] EXT4-fs (loop9): no journal found [ 498.904011][T13462] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.2354: inode has both inline data and extents flags [ 498.904325][T13459] EXT4-fs (loop9): can't get journal size [ 498.928738][T13451] team0: left allmulticast mode [ 498.933663][T13451] team_slave_0: left allmulticast mode [ 498.939733][T13462] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.2354: couldn't read orphan inode 15 (err -117) [ 498.951921][T13451] team_slave_1: left allmulticast mode [ 498.957535][T13451] team0: left promiscuous mode [ 498.965225][T13451] team_slave_0: left promiscuous mode [ 498.970737][T13451] team_slave_1: left promiscuous mode [ 498.970888][T13459] EXT4-fs (loop9): failed to initialize system zone (-22) [ 498.978774][T13462] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 499.014410][T13459] EXT4-fs (loop9): mount failed [ 499.056240][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 499.349054][T13481] loop8: detected capacity change from 0 to 512 [ 499.376449][T13481] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 499.421841][T13481] EXT4-fs (loop8): 1 truncate cleaned up [ 499.465349][T13481] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 499.467731][T13491] loop7: detected capacity change from 0 to 2048 [ 499.510877][T13491] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 499.556386][T13495] loop9: detected capacity change from 0 to 512 [ 499.566338][T13495] EXT4-fs: Ignoring removed oldalloc option [ 499.577923][ T9278] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 499.587319][T13495] EXT4-fs (loop9): couldn't mount as ext2 due to feature incompatibilities [ 499.630341][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 499.735057][T13503] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2370'. [ 499.749732][T13504] loop9: detected capacity change from 0 to 512 [ 499.763582][T13504] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.2371: inode has both inline data and extents flags [ 499.777969][T13504] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.2371: couldn't read orphan inode 15 (err -117) [ 499.797763][T13504] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 499.863751][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 500.224420][T13515] syzkaller0: entered promiscuous mode [ 500.234446][T13515] syzkaller0: entered allmulticast mode [ 500.334463][T13519] loop9: detected capacity change from 0 to 2048 [ 500.374223][T13519] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 500.469835][T13525] loop5: detected capacity change from 0 to 512 [ 500.478357][T13525] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 500.500567][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 500.549827][T13525] EXT4-fs (loop5): 1 truncate cleaned up [ 500.566532][T13525] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 500.625990][T13534] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2382'. [ 500.683011][ T6964] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 500.929219][T13548] loop8: detected capacity change from 0 to 256 [ 500.984961][T13550] syzkaller0: entered promiscuous mode [ 500.991415][T13550] syzkaller0: entered allmulticast mode [ 501.089845][T13552] loop7: detected capacity change from 0 to 2048 [ 501.101700][T13554] loop8: detected capacity change from 0 to 512 [ 501.116914][T13554] EXT4-fs (loop8): orphan cleanup on readonly fs [ 501.125726][T13554] EXT4-fs error (device loop8): ext4_validate_block_bitmap:441: comm syz.8.2392: bg 0: block 248: padding at end of block bitmap is not set [ 501.140669][ T5887] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 501.150826][T13554] EXT4-fs error (device loop8): ext4_acquire_dquot:6945: comm syz.8.2392: Failed to acquire dquot type 1 [ 501.153791][T13552] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 501.199437][T13554] EXT4-fs (loop8): 1 truncate cleaned up [ 501.215910][T13554] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 501.317248][T13562] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2394'. [ 501.329586][ T9278] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 501.338717][ T5887] usb 7-1: Using ep0 maxpacket: 32 [ 501.345680][ T5887] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 501.366755][ T5887] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 501.401622][ T5887] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 501.420073][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 501.422416][ T5887] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 501.461973][T13564] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2396'. [ 501.475946][ T5887] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 501.493798][T13564] IPVS: Error connecting to the multicast addr [ 501.504739][ T5887] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 501.572474][ T5887] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 501.615035][ T5887] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.665320][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.671729][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.732618][ T5887] usb 7-1: config 0 descriptor?? [ 501.754120][T13568] lo speed is unknown, defaulting to 1000 [ 501.775870][T13568] lo speed is unknown, defaulting to 1000 [ 501.789520][T13568] lo speed is unknown, defaulting to 1000 [ 502.037626][ T5887] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 502.065498][ T5887] usb 7-1: USB disconnect, device number 7 [ 502.075284][ T5887] usblp0: removed [ 502.154287][ T30] kauditd_printk_skb: 191 callbacks suppressed [ 502.154305][ T30] audit: type=1326 audit(1760389157.217:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13573 comm="syz.8.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdb055c1785 code=0x7ffc0000 [ 502.219325][ T30] audit: type=1326 audit(1760389157.217:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13573 comm="syz.8.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdb055c1785 code=0x7ffc0000 [ 502.266684][ T30] audit: type=1326 audit(1760389157.217:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13573 comm="syz.8.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdb055c1785 code=0x7ffc0000 [ 502.317401][ T30] audit: type=1326 audit(1760389157.217:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13573 comm="syz.8.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdb055c1785 code=0x7ffc0000 [ 502.377489][ T30] audit: type=1326 audit(1760389157.217:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13573 comm="syz.8.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdb055c1785 code=0x7ffc0000 [ 502.416209][T13568] infiniband syz2: set active [ 502.424815][ T983] lo speed is unknown, defaulting to 1000 [ 502.431703][T13568] infiniband syz2: added lo [ 502.437411][ T30] audit: type=1326 audit(1760389157.217:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13573 comm="syz.8.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdb055c1785 code=0x7ffc0000 [ 502.471174][ T30] audit: type=1326 audit(1760389157.217:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13573 comm="syz.8.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdb055c1785 code=0x7ffc0000 [ 502.518340][ T5887] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 502.527438][ T30] audit: type=1326 audit(1760389157.227:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13573 comm="syz.8.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdb055c1785 code=0x7ffc0000 [ 502.554727][ T30] audit: type=1326 audit(1760389157.227:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13573 comm="syz.8.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdb055c1785 code=0x7ffc0000 [ 502.595396][ T30] audit: type=1326 audit(1760389157.227:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13573 comm="syz.8.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdb055c1785 code=0x7ffc0000 [ 502.625817][T13568] RDS/IB: syz2: added [ 502.635435][T13568] smc: adding ib device syz2 with port count 1 [ 502.648260][T13568] smc: ib device syz2 port 1 has no pnetid [ 502.654507][ T983] lo speed is unknown, defaulting to 1000 [ 502.665601][T13568] lo speed is unknown, defaulting to 1000 [ 502.818692][T13579] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 502.836736][ T5887] usb 7-1: Using ep0 maxpacket: 32 [ 502.847529][T13583] loop5: detected capacity change from 0 to 256 [ 502.903691][ T5887] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 502.912428][ T5887] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 502.922304][ T5887] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 502.938578][ T5887] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 502.959313][ T5887] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 502.978531][ T5887] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 503.022268][ T5887] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 503.058736][ T5887] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.075235][T13585] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2403'. [ 503.100071][ T5887] usb 7-1: config 0 descriptor?? [ 503.169354][T13588] loop5: detected capacity change from 0 to 512 [ 503.195011][T13568] lo speed is unknown, defaulting to 1000 [ 503.206664][T13587] syzkaller0: entered promiscuous mode [ 503.214755][T13588] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 503.217554][T13587] syzkaller0: entered allmulticast mode [ 503.238890][T13588] EXT4-fs (loop5): orphan cleanup on readonly fs [ 503.264236][T13588] EXT4-fs warning (device loop5): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 503.330907][T13588] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 503.410758][T13588] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.2403: bg 0: block 40: padding at end of block bitmap is not set [ 503.461196][T13588] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 503.486359][T13588] EXT4-fs (loop5): 1 truncate cleaned up [ 503.504245][T13588] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 503.607150][T13592] capability: warning: `syz.9.2405' uses 32-bit capabilities (legacy support in use) [ 503.621533][T13592] usb usb8: usbfs: process 13592 (syz.9.2405) did not claim interface 5 before use [ 503.752189][ T6964] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 503.812729][T13568] lo speed is unknown, defaulting to 1000 [ 503.913262][T13599] loop8: detected capacity change from 0 to 2048 [ 503.993757][T13599] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 504.056948][ T9278] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 504.261689][T13568] lo speed is unknown, defaulting to 1000 [ 504.631903][T13568] lo speed is unknown, defaulting to 1000 [ 504.791254][ T5887] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 504.832211][ T5887] usb 7-1: USB disconnect, device number 8 [ 504.863222][ T5887] usblp0: removed [ 504.951928][T13626] syzkaller0: entered promiscuous mode [ 504.957455][T13626] syzkaller0: entered allmulticast mode [ 505.334848][T13568] lo speed is unknown, defaulting to 1000 [ 505.570293][T13638] loop5: detected capacity change from 0 to 2048 [ 505.619779][T13638] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 505.762851][ T6964] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 506.277935][T13657] syzkaller0: entered promiscuous mode [ 506.286284][T13657] syzkaller0: entered allmulticast mode [ 506.377290][T13663] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2430'. [ 506.396245][T13663] team_slave_0: entered promiscuous mode [ 506.402053][T13663] team_slave_1: entered promiscuous mode [ 506.414491][T13663] macvtap1: entered promiscuous mode [ 506.424820][T13663] team0: entered promiscuous mode [ 506.431908][T13663] macvtap1: entered allmulticast mode [ 506.437901][T13663] team0: entered allmulticast mode [ 506.443191][T13663] team_slave_0: entered allmulticast mode [ 506.457603][T13663] team_slave_1: entered allmulticast mode [ 506.458681][ T5834] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 506.465486][T13663] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 506.515403][T13665] team0: left allmulticast mode [ 506.526174][T13665] team_slave_0: left allmulticast mode [ 506.542893][T13665] team_slave_1: left allmulticast mode [ 506.552781][T13665] team0: left promiscuous mode [ 506.559989][T13665] team_slave_0: left promiscuous mode [ 506.565504][T13665] team_slave_1: left promiscuous mode [ 506.657311][T13673] netlink: 'syz.5.2436': attribute type 2 has an invalid length. [ 506.666987][T13673] netlink: 'syz.5.2436': attribute type 8 has an invalid length. [ 506.668568][ T5834] usb 10-1: Using ep0 maxpacket: 32 [ 506.676386][T13673] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2436'. [ 506.693441][ T5834] usb 10-1: config index 0 descriptor too short (expected 29220, got 36) [ 506.705539][ T5834] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 506.715518][ T5834] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 506.733855][ T5834] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 506.754412][ T5834] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 506.838150][ T5834] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 506.861637][ T5834] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 506.873774][ T5834] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 506.917199][ T5834] usb 10-1: config 0 descriptor?? [ 507.166572][ T5834] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 507.177577][T13700] syzkaller0: entered promiscuous mode [ 507.183291][T13700] syzkaller0: entered allmulticast mode [ 507.192674][ T5834] usb 10-1: USB disconnect, device number 4 [ 507.203800][ T5834] usblp0: removed [ 507.638398][T13715] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2453'. [ 507.778299][ T5834] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 507.909612][T13723] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2456'. [ 507.938877][ T5834] usb 10-1: Using ep0 maxpacket: 32 [ 507.950241][ T5834] usb 10-1: config index 0 descriptor too short (expected 29220, got 36) [ 507.961977][ T5834] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 507.978164][ T5834] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 507.997563][ T5834] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 508.018027][ T5834] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 508.059270][ T5834] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 508.090924][ T5834] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 508.119686][ T5834] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.155943][ T5834] usb 10-1: config 0 descriptor?? [ 508.699434][T13742] loop7: detected capacity change from 0 to 512 [ 508.737644][T13743] netlink: 'syz.6.2463': attribute type 1 has an invalid length. [ 508.781266][T13742] EXT4-fs (loop7): too many log groups per flexible block group [ 508.830694][T12626] Bluetooth: hci3: command 0x0406 tx timeout [ 508.835912][T13742] EXT4-fs (loop7): failed to initialize mballoc (-12) [ 508.894731][T13742] EXT4-fs (loop7): mount failed [ 508.914772][T13743] 8021q: adding VLAN 0 to HW filter on device bond2 [ 509.047251][T13749] bond2: (slave ip6gretap2): making interface the new active one [ 509.068561][T13749] bond2: (slave ip6gretap2): Enslaving as an active interface with an up link [ 509.310962][T13758] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2466'. [ 509.524976][T13763] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2469'. [ 509.754762][ T5834] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 509.897642][T13767] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2470'. [ 510.048736][ T5834] usb 10-1: USB disconnect, device number 5 [ 510.110008][ T5834] usblp0: removed [ 510.177543][T13775] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2474'. [ 511.492036][T13800] loop5: detected capacity change from 0 to 1024 [ 511.521867][T13800] EXT4-fs: Ignoring removed bh option [ 511.530546][T13800] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 512.175155][T13800] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 512.262095][T13821] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2490'. [ 512.552502][ T6964] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 512.764043][T13840] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2497'. [ 512.955631][T13845] loop5: detected capacity change from 0 to 512 [ 513.009419][T13849] atomic_op ffff88805837d198 conn xmit_atomic 0000000000000000 [ 513.121799][T13845] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.2499: inode has both inline data and extents flags [ 513.176544][T13845] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2499: couldn't read orphan inode 15 (err -117) [ 513.213886][T13857] loop6: detected capacity change from 0 to 512 [ 513.226389][ T30] kauditd_printk_skb: 209 callbacks suppressed [ 513.226408][ T30] audit: type=1326 audit(1760389168.287:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13858 comm="syz.7.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 513.264759][T13845] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 513.302508][ T30] audit: type=1326 audit(1760389168.287:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13858 comm="syz.7.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 513.346755][T13857] Quota error (device loop6): v2_read_file_info: Free block number 1 out of range (1, 6). [ 513.355900][ T30] audit: type=1326 audit(1760389168.287:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13858 comm="syz.7.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 513.398256][ T30] audit: type=1326 audit(1760389168.287:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13858 comm="syz.7.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=75 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 513.421223][ T30] audit: type=1326 audit(1760389168.287:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13858 comm="syz.7.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 513.444154][ T30] audit: type=1326 audit(1760389168.317:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13858 comm="syz.7.2505" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 513.467296][T13857] EXT4-fs warning (device loop6): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 513.475977][T13857] EXT4-fs (loop6): mount failed [ 513.504103][ T6964] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 513.530917][T13857] netlink: 104 bytes leftover after parsing attributes in process `syz.6.2502'. [ 513.615254][T13868] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.2508'. [ 513.704517][T13872] loop9: detected capacity change from 0 to 256 [ 513.746437][T13873] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2511'. [ 513.769280][ T30] audit: type=1800 audit(1760389168.837:1174): pid=13872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2510" name="file2" dev="loop9" ino=1048638 res=0 errno=0 [ 513.832072][T13880] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2513'. [ 513.884447][T13882] loop8: detected capacity change from 0 to 512 [ 513.895774][T13882] EXT4-fs error (device loop8): ext4_orphan_get:1392: inode #15: comm syz.8.2515: inode has both inline data and extents flags [ 513.911323][T13882] EXT4-fs error (device loop8): ext4_orphan_get:1397: comm syz.8.2515: couldn't read orphan inode 15 (err -117) [ 513.935543][T13882] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 514.030720][ T9278] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 514.082921][T13894] loop6: detected capacity change from 0 to 512 [ 514.103271][T13894] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.2518: inode has both inline data and extents flags [ 514.163463][T13894] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.2518: couldn't read orphan inode 15 (err -117) [ 514.231166][T13894] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 514.335856][ T9195] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 514.702655][T13917] loop5: detected capacity change from 0 to 512 [ 514.732106][T13917] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.2529: inode has both inline data and extents flags [ 514.746300][T13917] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2529: couldn't read orphan inode 15 (err -117) [ 514.760475][T13921] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2528'. [ 514.773241][T13917] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 515.127868][ T6964] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 515.325436][T13933] loop7: detected capacity change from 0 to 16384 [ 515.643211][T13936] loop7: detected capacity change from 16384 to 0 [ 515.651607][ C0] I/O error, dev loop7, sector 11008 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2 [ 515.743058][ T30] audit: type=1326 audit(1760389170.807:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13942 comm="syz.5.2538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 515.788921][ T30] audit: type=1326 audit(1760389170.827:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13942 comm="syz.5.2538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 515.851491][T13948] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2540'. [ 515.975563][T13958] loop6: detected capacity change from 0 to 512 [ 516.015421][T13958] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.2543: inode has both inline data and extents flags [ 516.016342][T13960] usb usb8: usbfs: process 13960 (syz.8.2545) did not claim interface 5 before use [ 516.052504][T13958] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.2543: couldn't read orphan inode 15 (err -117) [ 516.084989][T13958] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 516.100893][T13964] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2547'. [ 516.143003][ T9195] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 516.707237][T13995] loop8: detected capacity change from 0 to 512 [ 516.751980][T13995] EXT4-fs error (device loop8): ext4_orphan_get:1392: inode #15: comm syz.8.2559: inode has both inline data and extents flags [ 516.768213][T13995] EXT4-fs error (device loop8): ext4_orphan_get:1397: comm syz.8.2559: couldn't read orphan inode 15 (err -117) [ 516.788804][T13995] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 516.802490][T14002] loop9: detected capacity change from 0 to 512 [ 516.842324][T14000] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2562'. [ 516.849539][T14004] loop6: detected capacity change from 0 to 764 [ 516.877392][T14002] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 516.918745][T14002] ext4 filesystem being mounted at /298/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 516.924134][ T9278] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 516.954405][T14004] rock: directory entry would overflow storage [ 516.969389][T14004] rock: sig=0x4f50, size=4, remaining=3 [ 516.975300][T14004] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 517.379142][T14021] __nla_validate_parse: 2 callbacks suppressed [ 517.379164][T14021] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2570'. [ 517.733603][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 517.843399][T14027] loop6: detected capacity change from 0 to 4096 [ 517.907232][T14027] EXT4-fs: Ignoring removed nomblk_io_submit option [ 517.937550][T14035] loop9: detected capacity change from 0 to 512 [ 517.962221][T14027] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 518.023093][T14035] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.2576: inode has both inline data and extents flags [ 518.092210][T14035] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.2576: couldn't read orphan inode 15 (err -117) [ 518.139858][T14035] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 518.219397][T14038] wireguard0: entered promiscuous mode [ 518.225129][T14038] wireguard0: entered allmulticast mode [ 518.342144][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 518.461173][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 518.461192][ T30] audit: type=1326 audit(1760389173.527:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.9.2580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 518.566483][ T30] audit: type=1326 audit(1760389173.557:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.9.2580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 518.648231][ T30] audit: type=1326 audit(1760389173.567:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.9.2580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 518.729601][T14052] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2582'. [ 518.748189][ T30] audit: type=1326 audit(1760389173.567:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.9.2580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 518.838840][ T30] audit: type=1326 audit(1760389173.567:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.9.2580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 518.908234][ T30] audit: type=1326 audit(1760389173.567:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.9.2580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 519.002124][ T9195] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 519.004283][ T30] audit: type=1326 audit(1760389173.567:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.9.2580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 519.049039][T14058] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2584'. [ 519.118197][ T30] audit: type=1326 audit(1760389173.567:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.9.2580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 520.465862][T14087] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2595'. [ 520.559981][T14084] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2596'. [ 520.852119][T14100] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2602'. [ 520.964602][T14108] macvtap0: refused to change device tx_queue_len [ 520.964823][T14106] loop8: detected capacity change from 0 to 1024 [ 521.010948][ T30] audit: type=1326 audit(1760389176.047:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14107 comm="syz.7.2605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 521.039743][T14106] EXT4-fs: Ignoring removed nomblk_io_submit option [ 521.123232][T14116] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2607'. [ 521.153594][T14106] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 521.241916][ T30] audit: type=1326 audit(1760389176.307:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14119 comm="syz.7.2609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 521.377524][ T9278] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 521.377656][T14122] loop5: detected capacity change from 0 to 2048 [ 521.481271][T14122] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 521.496452][T14131] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2612'. [ 521.670392][T14137] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2615'. [ 521.838173][ T6964] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 521.880392][ T6964] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 522.108265][ T5834] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 522.179120][ T6964] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 522.240385][T14150] 9p: Unknown access argument u: -22 [ 522.338670][ T5834] usb 9-1: Using ep0 maxpacket: 32 [ 522.354201][T14153] wireguard0: entered promiscuous mode [ 522.361700][ T5834] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 522.376985][T14153] wireguard0: entered allmulticast mode [ 522.389431][ T5834] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 522.415109][ T5834] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 522.427107][ T5834] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 522.447064][ T5834] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 522.457204][ T5834] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 522.470351][ T5834] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 522.480723][ T5834] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.531483][T14156] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 522.531483][T14156] program syz.6.2621 not setting count and/or reply_len properly [ 522.580892][ T5834] usb 9-1: config 0 descriptor?? [ 522.629713][T14159] sch_tbf: peakrate 64 is lower than or equals to rate 17038211371681383082 ! [ 522.814464][T14142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 522.828640][T14142] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 522.873298][ T5834] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 522.923215][ T5834] usb 9-1: USB disconnect, device number 7 [ 522.944410][ T5834] usblp0: removed [ 523.083615][T14168] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2627'. [ 523.488881][T14177] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2631'. [ 523.564160][T14182] 9pnet_fd: Insufficient options for proto=fd [ 523.708493][T14191] sch_tbf: burst 1097 is lower than device syzkaller0 mtu (1514) ! [ 523.756294][T14190] wireguard0: entered promiscuous mode [ 523.767305][T14190] wireguard0: entered allmulticast mode [ 523.854164][T14199] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2640'. [ 524.096462][T14212] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2646'. [ 524.154191][T14214] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2647'. [ 524.198362][ T5834] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 524.220077][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 524.220095][ T30] audit: type=1326 audit(1760389179.287:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14218 comm="syz.7.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 524.277262][ T30] audit: type=1326 audit(1760389179.287:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14218 comm="syz.7.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 524.300947][ T30] audit: type=1326 audit(1760389179.287:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14218 comm="syz.7.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 524.326987][ T30] audit: type=1326 audit(1760389179.287:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14218 comm="syz.7.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 524.350355][ T30] audit: type=1326 audit(1760389179.287:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14218 comm="syz.7.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 524.373436][ T30] audit: type=1326 audit(1760389179.287:1211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14218 comm="syz.7.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 524.398948][ T30] audit: type=1326 audit(1760389179.287:1212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14218 comm="syz.7.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 524.399659][ T5834] usb 6-1: Using ep0 maxpacket: 32 [ 524.428971][ T30] audit: type=1326 audit(1760389179.287:1213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14218 comm="syz.7.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 524.455117][ T30] audit: type=1326 audit(1760389179.287:1214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14218 comm="syz.7.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 524.479327][ T5834] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 524.479807][T14219] siw: device registration error -23 [ 524.488003][ T5834] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 524.516022][ T30] audit: type=1326 audit(1760389179.287:1215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14218 comm="syz.7.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67d258eec9 code=0x7ffc0000 [ 524.543071][ T5834] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 524.571244][ T5834] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 524.582171][ T5834] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 524.601422][ T5834] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 524.647691][ T5834] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 524.657808][ T5834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.669729][ T5834] usb 6-1: config 0 descriptor?? [ 524.693925][T14228] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2653'. [ 524.694418][T14227] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2652'. [ 524.722637][T14228] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2653'. [ 524.757708][T14231] wireguard0: entered promiscuous mode [ 524.777779][T14231] wireguard0: entered allmulticast mode [ 524.879847][T14204] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 524.909907][T14204] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 524.917893][T14239] can0: slcan on ttyS3. [ 524.945364][ T5834] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 20 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 524.990866][ T5834] usb 6-1: USB disconnect, device number 20 [ 524.999380][T14239] can0 (unregistered): slcan off ttyS3. [ 525.007483][ T5834] usblp0: removed [ 525.009211][T14239] Falling back ldisc for ttyS3. [ 525.087824][ T5887] IPVS: starting estimator thread 0... [ 525.191299][T14246] IPVS: using max 24 ests per chain, 57600 per kthread [ 525.263287][T14256] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2666'. [ 525.448931][ T5887] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 525.618504][ T5887] usb 9-1: Using ep0 maxpacket: 32 [ 525.632804][ T5887] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 525.768208][ T5887] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 525.779669][ T5887] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 525.789370][ T5887] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 525.808197][ T5887] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 525.817926][ T5887] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 525.831183][ T5887] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 525.858223][ T5887] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.879502][T14277] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2676'. [ 525.890452][ T5887] usb 9-1: config 0 descriptor?? [ 525.906903][T14277] batadv_slave_1: entered promiscuous mode [ 526.118046][T14252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 526.155897][T14252] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 526.178705][ T5887] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 526.193978][ T5887] usb 9-1: USB disconnect, device number 8 [ 526.206919][ T5887] usblp0: removed [ 526.307889][T14300] loop5: detected capacity change from 0 to 512 [ 526.408323][ T5834] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 526.541156][T14299] loop7: detected capacity change from 0 to 512 [ 526.567865][T14299] EXT4-fs (loop7): mounting ext2 file system using the ext4 subsystem [ 526.584185][ T5834] usb 10-1: Using ep0 maxpacket: 32 [ 526.596916][ T5834] usb 10-1: config index 0 descriptor too short (expected 29220, got 36) [ 526.606150][ T5834] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 526.615655][ T5834] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 526.628039][ T5834] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 526.646050][ T5834] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 526.658459][ T5834] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 526.663713][T14299] EXT4-fs error (device loop7): ext4_validate_block_bitmap:432: comm wÞ£ÿ: bg 0: block 104: invalid block bitmap [ 526.686448][ T5834] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 526.695880][ T5834] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.707031][ T5834] usb 10-1: config 0 descriptor?? [ 526.724821][T14299] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 526.744525][T14309] ALSA: seq fatal error: cannot create timer (-19) [ 526.754398][T14299] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #11: comm wÞ£ÿ: invalid indirect mapped block 1 (level 1) [ 526.783809][T14299] EXT4-fs (loop7): 1 truncate cleaned up [ 526.793412][T14299] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 526.926183][ T5834] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 526.937657][T14316] loop5: detected capacity change from 0 to 512 [ 526.938851][T14316] EXT4-fs: Ignoring removed oldalloc option [ 526.939620][T14316] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities [ 526.978479][ T5834] usb 10-1: USB disconnect, device number 6 [ 526.991361][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 527.006991][ T5834] usblp0: removed [ 527.117257][T14328] loop7: detected capacity change from 0 to 2048 [ 527.159557][T14328] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 527.274641][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 527.418583][ T5834] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 527.622460][ T5834] usb 10-1: Using ep0 maxpacket: 32 [ 527.641405][ T5834] usb 10-1: config index 0 descriptor too short (expected 29220, got 36) [ 527.652506][ T5834] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 527.661457][ T5834] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 528.344358][ T5834] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 528.356158][ T5834] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 528.366174][ T5834] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 528.382616][ T5834] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 528.392257][ T5834] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.403221][ T5834] usb 10-1: config 0 descriptor?? [ 528.614903][ T5834] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 528.837937][ T5911] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 529.028265][ T5911] usb 7-1: Using ep0 maxpacket: 32 [ 529.389041][T14360] lo speed is unknown, defaulting to 1000 [ 529.801669][ T5911] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 529.810448][ T5911] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 529.821770][ T5911] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 529.859059][ T5911] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 529.872795][ T5911] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 529.945094][ T5911] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 529.996081][T14371] loop7: detected capacity change from 0 to 512 [ 530.014849][T14371] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.2712: inode has both inline data and extents flags [ 530.029260][T14371] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.2712: couldn't read orphan inode 15 (err -117) [ 530.061415][T14371] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 530.137858][ T5911] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 530.151796][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 530.158469][ T5911] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.209141][ T5911] usb 7-1: config 0 descriptor?? [ 530.314896][ T5834] hid-generic 0000:0000:10003.0013: unknown main item tag 0x0 [ 530.327342][ T5834] hid-generic 0000:0000:10003.0013: unknown main item tag 0x0 [ 530.335012][ T5834] hid-generic 0000:0000:10003.0013: unknown main item tag 0x0 [ 530.346496][ T5834] hid-generic 0000:0000:10003.0013: unknown main item tag 0x0 [ 530.354126][ T5834] hid-generic 0000:0000:10003.0013: unknown main item tag 0x0 [ 530.365937][ T5834] hid-generic 0000:0000:10003.0013: unknown main item tag 0x0 [ 530.373604][ T5834] hid-generic 0000:0000:10003.0013: unknown main item tag 0x0 [ 530.381508][ T5834] hid-generic 0000:0000:10003.0013: unknown main item tag 0x0 [ 530.391612][ T5834] hid-generic 0000:0000:10003.0013: item fetching failed at offset 8/43 [ 530.421053][ T5834] hid-generic 0000:0000:10003.0013: probe with driver hid-generic failed with error -22 [ 530.462846][ T5911] usblp 7-1:0.0: usblp1: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 530.491974][ T5911] usb 7-1: USB disconnect, device number 9 [ 530.520962][ T5911] usblp1: removed [ 530.526347][ T5834] usb 10-1: USB disconnect, device number 7 [ 530.561100][ T5834] usblp0: removed [ 530.587856][ T30] kauditd_printk_skb: 54 callbacks suppressed [ 530.587875][ T30] audit: type=1326 audit(1760389185.637:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14384 comm="syz.5.2717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 530.690220][ T30] audit: type=1326 audit(1760389185.637:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14384 comm="syz.5.2717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 530.713784][T14389] loop9: detected capacity change from 0 to 512 [ 530.743098][ T30] audit: type=1326 audit(1760389185.637:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14384 comm="syz.5.2717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 530.792158][T14393] loop7: detected capacity change from 0 to 2048 [ 530.797050][ T30] audit: type=1326 audit(1760389185.697:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14384 comm="syz.5.2717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 530.804334][T14389] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.2720: inode has both inline data and extents flags [ 530.858747][T14389] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.2720: couldn't read orphan inode 15 (err -117) [ 530.894379][T14389] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 530.924625][T14393] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 530.936968][ T30] audit: type=1326 audit(1760389185.697:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14384 comm="syz.5.2717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 530.971308][ T30] audit: type=1326 audit(1760389185.697:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14384 comm="syz.5.2717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 530.995381][ T30] audit: type=1326 audit(1760389185.697:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14384 comm="syz.5.2717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 531.018606][ T5911] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 531.026349][ T30] audit: type=1326 audit(1760389185.697:1277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14384 comm="syz.5.2717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 531.049785][ T30] audit: type=1326 audit(1760389185.697:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14384 comm="syz.5.2717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 531.072954][ T30] audit: type=1326 audit(1760389185.707:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14384 comm="syz.5.2717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 531.120327][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 531.134874][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 531.198189][ T5911] usb 7-1: Using ep0 maxpacket: 32 [ 531.210091][ T5911] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 531.244652][ T5911] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 531.249148][T14409] loop7: detected capacity change from 0 to 512 [ 531.263826][T14408] macvlan1: entered promiscuous mode [ 531.270878][T14408] ipvlan0: entered promiscuous mode [ 531.277751][T14408] ipvlan0: left promiscuous mode [ 531.288444][ T5911] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 531.294973][T14409] EXT4-fs (loop7): revision level too high, forcing read-only mode [ 531.297534][ T5911] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 531.315971][T14409] EXT4-fs (loop7): orphan cleanup on readonly fs [ 531.330573][T14408] macvlan1: left promiscuous mode [ 531.378345][ T5911] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 531.396373][T14409] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #16: comm syz.7.2727: corrupted inode contents [ 531.401347][ T5911] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 531.423539][T14409] EXT4-fs (loop7): Remounting filesystem read-only [ 531.430029][ T5911] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 531.432543][T14409] EXT4-fs (loop7): 1 truncate cleaned up [ 531.448925][T13054] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 531.490449][T13054] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 531.504405][T13054] EXT4-fs (loop7): Quota write (off=8, len=24) cancelled because transaction is not started [ 531.514760][ T5911] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.531204][T14409] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 531.546008][ T5911] usb 7-1: config 0 descriptor?? [ 531.596592][T14420] netlink: 'syz.9.2731': attribute type 1 has an invalid length. [ 531.715751][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 531.747698][ T5911] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 531.771766][T14422] 8021q: adding VLAN 0 to HW filter on device bond1 [ 531.778466][ T5911] usb 7-1: USB disconnect, device number 10 [ 531.786522][ T5911] usblp0: removed [ 531.858407][ T5902] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 531.871692][T14420] veth3: entered promiscuous mode [ 531.882184][T14420] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 531.993509][T14432] loop7: detected capacity change from 0 to 512 [ 532.008496][ T5902] usb 9-1: Using ep0 maxpacket: 32 [ 532.015039][T14432] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.2736: inode has both inline data and extents flags [ 532.022292][T14435] loop6: detected capacity change from 0 to 512 [ 532.043825][ T5902] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 532.052567][ T5902] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 532.057536][T14440] loop5: detected capacity change from 0 to 128 [ 532.061317][ T5902] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 532.072572][T14432] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.2736: couldn't read orphan inode 15 (err -117) [ 532.076819][ T5902] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 532.095695][T14440] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 532.098567][ T5902] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 532.117350][T14432] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 532.121209][ T5902] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 532.138895][T14440] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 532.146500][ T5902] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 532.164670][ T5902] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.174646][T14435] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.2737: inode has both inline data and extents flags [ 532.180938][ T5902] usb 9-1: config 0 descriptor?? [ 532.198922][T14435] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.2737: couldn't read orphan inode 15 (err -117) [ 532.227864][T14435] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 532.252209][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 532.362557][ T9195] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 532.412444][ T5902] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 532.429695][ T5902] usb 9-1: USB disconnect, device number 9 [ 532.440228][ T5902] usblp0: removed [ 532.465793][T13344] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 532.702118][T14460] __nla_validate_parse: 3 callbacks suppressed [ 532.702138][T14460] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2748'. [ 532.828496][ T5911] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 532.842015][T14465] loop9: detected capacity change from 0 to 512 [ 532.873754][T14465] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.2750: inode has both inline data and extents flags [ 532.900530][T14465] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.2750: couldn't read orphan inode 15 (err -117) [ 532.915208][T14465] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 532.928629][ T5902] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 532.982825][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 532.992413][T14472] loop6: detected capacity change from 0 to 512 [ 533.001581][ T5911] usb 8-1: Using ep0 maxpacket: 32 [ 533.020619][ T5911] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 533.037668][ T5911] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 533.038277][T14472] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.2753: inode has both inline data and extents flags [ 533.050952][ T5911] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 533.073068][T14472] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.2753: couldn't read orphan inode 15 (err -117) [ 533.090538][T14472] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 533.103342][ T5902] usb 9-1: Using ep0 maxpacket: 32 [ 533.105362][ T5911] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 533.110878][ T5902] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 533.122994][ T5911] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 533.127961][ T5902] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 533.127987][ T5902] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 533.139875][ T5911] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 533.151755][ T5902] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 533.178763][ T5902] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 533.188570][ T5902] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 533.201687][ T5902] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 533.210808][ T5902] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 533.221844][ T5902] usb 9-1: config 0 descriptor?? [ 533.252280][ T9195] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 533.258291][ T5911] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 533.272702][ T5911] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 533.289633][ T5911] usb 8-1: config 0 descriptor?? [ 533.340274][T14483] IPVS: Error connecting to the multicast addr [ 533.450378][ T5902] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 533.522369][ T5911] usblp 8-1:0.0: usblp1: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 533.539091][ T5911] usb 8-1: USB disconnect, device number 4 [ 533.550402][ T5911] usblp1: removed [ 533.557463][T14490] team0: Port device team_slave_0 removed [ 533.620439][T14495] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2762'. [ 533.823702][T14503] loop9: detected capacity change from 0 to 512 [ 533.835769][T14503] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.2765: inode has both inline data and extents flags [ 533.853752][T14503] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.2765: couldn't read orphan inode 15 (err -117) [ 533.891199][T14503] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 533.978232][ T5902] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 533.993970][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 534.133105][ T5902] usb 8-1: Using ep0 maxpacket: 32 [ 534.140668][ T5902] usb 8-1: config index 0 descriptor too short (expected 29220, got 36) [ 534.157937][ T5902] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 534.166812][ T5902] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 534.176157][ T5902] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 534.190442][ T5902] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 534.200336][ T5902] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 534.213581][ T5887] IPVS: starting estimator thread 0... [ 534.213589][ T5902] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 534.232338][ T5902] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.244264][ T5902] usb 8-1: config 0 descriptor?? [ 534.320792][T14519] IPVS: using max 34 ests per chain, 81600 per kthread [ 534.377425][T14525] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2774'. [ 534.408195][ T5911] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 534.454831][ T5902] usblp 8-1:0.0: usblp1: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 534.527009][T14533] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2777'. [ 534.558470][ T5911] usb 6-1: device descriptor read/64, error -71 [ 534.798243][ T5911] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 534.829435][ T5902] usb 9-1: USB disconnect, device number 10 [ 534.840696][ T5902] usblp0: removed [ 534.928607][ T5911] usb 6-1: device descriptor read/64, error -71 [ 535.027343][T14547] loop8: detected capacity change from 0 to 512 [ 535.037965][T14547] EXT4-fs error (device loop8): ext4_orphan_get:1392: inode #15: comm syz.8.2782: inode has both inline data and extents flags [ 535.038733][ T5911] usb usb6-port1: attempt power cycle [ 535.058568][T14547] EXT4-fs error (device loop8): ext4_orphan_get:1397: comm syz.8.2782: couldn't read orphan inode 15 (err -117) [ 535.074693][T14547] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 535.112982][ T9278] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 535.478215][ T5911] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 535.498904][ T5911] usb 6-1: device descriptor read/8, error -71 [ 535.863007][T14557] lo speed is unknown, defaulting to 1000 [ 536.489814][ T5902] usb 8-1: USB disconnect, device number 5 [ 536.621034][ T5911] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 536.705265][ T5902] usblp1: removed [ 536.748775][ T5911] usb 6-1: device descriptor read/8, error -71 [ 536.848167][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 536.848189][ T30] audit: type=1326 audit(1760389191.897:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14563 comm="syz.9.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 536.858817][ T5911] usb usb6-port1: unable to enumerate USB device [ 536.899839][T14568] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2788'. [ 537.094779][ T30] audit: type=1326 audit(1760389191.897:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14563 comm="syz.9.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 537.178235][ T30] audit: type=1326 audit(1760389191.897:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14563 comm="syz.9.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 537.224521][ T30] audit: type=1326 audit(1760389191.897:1290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14563 comm="syz.9.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 537.269519][ T30] audit: type=1326 audit(1760389191.897:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14563 comm="syz.9.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 537.292775][ T30] audit: type=1326 audit(1760389191.897:1292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14563 comm="syz.9.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=327 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 537.322990][ T30] audit: type=1326 audit(1760389191.897:1293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14563 comm="syz.9.2787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bd598eec9 code=0x7ffc0000 [ 537.713441][T14592] loop9: detected capacity change from 0 to 2048 [ 537.730709][T14595] loop8: detected capacity change from 0 to 512 [ 537.750696][T14595] EXT4-fs error (device loop8): ext4_orphan_get:1392: inode #15: comm syz.8.2798: inode has both inline data and extents flags [ 537.772047][T14592] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 537.797176][T14595] EXT4-fs error (device loop8): ext4_orphan_get:1397: comm syz.8.2798: couldn't read orphan inode 15 (err -117) [ 537.827443][ T30] audit: type=1800 audit(1760389192.887:1294): pid=14592 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2797" name="bus" dev="loop9" ino=18 res=0 errno=0 [ 537.850027][T14595] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 537.954716][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 537.984136][ T9278] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 538.006436][T14608] loop7: detected capacity change from 0 to 512 [ 538.063973][T14608] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #15: comm syz.7.2802: inode has both inline data and extents flags [ 538.096653][T14608] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.2802: couldn't read orphan inode 15 (err -117) [ 538.109449][T14613] usb usb8: usbfs: process 14613 (syz.6.2805) did not claim interface 5 before use [ 538.131647][T14615] loop9: detected capacity change from 0 to 128 [ 538.147319][T14608] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 538.167407][T14617] netlink: 'syz.8.2804': attribute type 1 has an invalid length. [ 538.170922][T14615] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 538.222379][T14615] ext4 filesystem being mounted at /346/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 538.262681][ T9225] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 538.313425][T14622] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2809'. [ 538.545865][T10037] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 538.564792][T14634] loop5: detected capacity change from 0 to 512 [ 538.628547][T14634] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.2814: inode has both inline data and extents flags [ 538.704078][T14634] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2814: couldn't read orphan inode 15 (err -117) [ 538.739292][T14644] loop6: detected capacity change from 0 to 512 [ 538.754818][T14634] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 538.778412][T14647] usb usb8: usbfs: process 14647 (syz.7.2817) did not claim interface 5 before use [ 538.789882][T14644] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.2818: inode has both inline data and extents flags [ 538.805591][T14644] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.2818: couldn't read orphan inode 15 (err -117) [ 538.843616][T14645] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2819'. [ 538.885240][T14644] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 538.916703][ T6964] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 538.933631][T14650] loop8: detected capacity change from 0 to 512 [ 538.935527][T14652] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2822'. [ 539.007722][ T9195] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 539.033616][T14650] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 539.055132][T14658] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2823'. [ 539.129934][T14654] lo speed is unknown, defaulting to 1000 [ 539.134553][T14662] loop5: detected capacity change from 0 to 512 [ 539.137018][T14650] ext4 filesystem being mounted at /359/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 539.144214][T14662] EXT4-fs: Ignoring removed oldalloc option [ 539.208524][T14662] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities [ 539.298205][ T30] audit: type=1804 audit(1760389194.357:1295): pid=14650 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.2820" name="/newroot/359/file1/bus" dev="loop8" ino=18 res=1 errno=0 [ 539.390253][ T30] audit: type=1800 audit(1760389194.357:1296): pid=14650 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2820" name="bus" dev="loop8" ino=18 res=0 errno=0 [ 539.440762][ T9278] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 539.948242][T14686] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2833'. [ 539.961598][T14688] loop9: detected capacity change from 0 to 512 [ 539.993258][T14688] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.2834: inode has both inline data and extents flags [ 540.070869][T14688] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.2834: couldn't read orphan inode 15 (err -117) [ 540.091828][T14688] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 540.116912][T14693] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2835'. [ 540.261772][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 541.581589][T14722] loop9: detected capacity change from 0 to 512 [ 541.623226][T14722] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.2847: inode has both inline data and extents flags [ 541.710844][T14722] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.2847: couldn't read orphan inode 15 (err -117) [ 541.790281][T14722] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 541.821541][T14734] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2848'. [ 541.835997][T14736] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2849'. [ 541.941737][T10037] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 542.055234][T14738] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2852'. [ 542.085068][T14742] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2850'. [ 542.152928][T14745] siw: device registration error -23 [ 542.165297][T14742] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 542.242402][T14749] loop6: detected capacity change from 0 to 512 [ 542.257737][T14749] EXT4-fs: Ignoring removed oldalloc option [ 542.272582][T14749] EXT4-fs (loop6): couldn't mount as ext2 due to feature incompatibilities [ 542.465536][T14756] netlink: 'syz.7.2858': attribute type 1 has an invalid length. [ 542.487499][T14759] loop8: detected capacity change from 0 to 512 [ 542.541315][T14759] EXT4-fs error (device loop8): ext4_orphan_get:1392: inode #15: comm syz.8.2860: inode has both inline data and extents flags [ 542.558909][T14759] EXT4-fs error (device loop8): ext4_orphan_get:1397: comm syz.8.2860: couldn't read orphan inode 15 (err -117) [ 542.646707][T14759] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 542.848007][T14771] loop9: detected capacity change from 0 to 1024 [ 542.861535][T14771] EXT4-fs: Ignoring removed nobh option [ 542.867168][T14771] EXT4-fs: Ignoring removed bh option [ 542.889045][ T9278] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 542.938580][T14771] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 542.990808][T14771] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 543.103770][T14782] loop6: detected capacity change from 0 to 512 [ 543.111181][T14782] EXT4-fs: Ignoring removed oldalloc option [ 543.121021][T14782] EXT4-fs (loop6): couldn't mount as ext2 due to feature incompatibilities [ 543.153108][T14771] loop9: detected capacity change from 0 to 512 [ 543.185211][T14771] EXT4-fs: journaled quota format not specified [ 543.262637][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 543.262656][ T30] audit: type=1326 audit(1760389198.327:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14768 comm="syz.5.2864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 543.401649][ T30] audit: type=1326 audit(1760389198.327:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14768 comm="syz.5.2864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 543.432204][ T30] audit: type=1326 audit(1760389198.327:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14768 comm="syz.5.2864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 543.464852][ T30] audit: type=1326 audit(1760389198.327:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14768 comm="syz.5.2864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 543.499239][ T30] audit: type=1326 audit(1760389198.337:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14768 comm="syz.5.2864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 543.530053][ T30] audit: type=1326 audit(1760389198.407:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14768 comm="syz.5.2864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 543.557107][ T30] audit: type=1326 audit(1760389198.407:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14768 comm="syz.5.2864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 543.652427][ T30] audit: type=1326 audit(1760389198.407:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14768 comm="syz.5.2864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 543.748176][ T30] audit: type=1326 audit(1760389198.427:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14768 comm="syz.5.2864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 543.771481][T14796] __nla_validate_parse: 3 callbacks suppressed [ 543.771501][T14796] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2874'. [ 543.834735][T14798] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2875'. [ 543.884706][ T30] audit: type=1326 audit(1760389198.427:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14768 comm="syz.5.2864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241778eec9 code=0x7ffc0000 [ 543.969219][T14801] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2876'. [ 543.998348][T14801] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2876'. [ 544.149614][T14809] loop6: detected capacity change from 0 to 512 [ 544.165701][T14804] loop7: detected capacity change from 0 to 512 [ 544.212238][T14804] EXT4-fs: Ignoring removed oldalloc option [ 544.222500][T14809] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.2877: inode has both inline data and extents flags [ 544.259371][T14804] EXT4-fs (loop7): couldn't mount as ext2 due to feature incompatibilities [ 544.308525][T14809] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.2877: couldn't read orphan inode 15 (err -117) [ 544.402256][T14809] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 544.502329][T14819] netlink: 'syz.5.2884': attribute type 1 has an invalid length. [ 544.601287][T14821] loop7: detected capacity change from 0 to 512 [ 544.622905][ T9195] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 544.733326][T14821] [ 544.735725][T14821] ====================================================== [ 544.742762][T14821] WARNING: possible circular locking dependency detected [ 544.749815][T14821] syzkaller #0 Not tainted [ 544.754245][T14821] ------------------------------------------------------ [ 544.761277][T14821] syz.7.2885/14821 is trying to acquire lock: [ 544.767363][T14821] ffff8880330d0b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1cc/0x350 [ 544.777427][T14821] [ 544.777427][T14821] but task is already holding lock: [ 544.777835][T14829] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 544.777835][T14829] program syz.6.2888 not setting count and/or reply_len properly [ 544.784806][T14821] ffff888059377388 (&ei->xattr_sem){++++}-{4:4}, at: __ext4_mark_inode_dirty+0x3eb/0x700 [ 544.784865][T14821] [ 544.784865][T14821] which lock already depends on the new lock. [ 544.784865][T14821] [ 544.784874][T14821] [ 544.784874][T14821] the existing dependency chain (in reverse order) is: [ 544.784883][T14821] [ 544.784883][T14821] -> #1 (&ei->xattr_sem){++++}-{4:4}: [ 544.784911][T14821] lock_acquire+0x120/0x360 [ 544.784935][T14821] down_write+0x96/0x1f0 [ 544.784961][T14821] ext4_destroy_inline_data+0x28/0xe0 [ 544.784980][T14821] ext4_do_writepages+0x526/0x4610 [ 544.785001][T14821] ext4_writepages+0x205/0x350 [ 544.785036][T14821] do_writepages+0x32e/0x550 [ 544.785053][T14821] __writeback_single_inode+0x145/0xff0 [ 544.785074][T14821] writeback_sb_inodes+0x6c7/0x1010 [ 544.882107][T14821] wb_writeback+0x43b/0xaf0 [ 544.887150][T14821] wb_workfn+0x409/0xef0 [ 544.891922][T14821] process_scheduled_works+0xae1/0x17b0 [ 544.897998][T14821] worker_thread+0x8a0/0xda0 [ 544.903121][T14821] kthread+0x711/0x8a0 [ 544.907727][T14821] ret_from_fork+0x4bc/0x870 [ 544.912850][T14821] ret_from_fork_asm+0x1a/0x30 [ 544.918145][T14821] [ 544.918145][T14821] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 544.926581][T14821] validate_chain+0xb9b/0x2140 [ 544.931895][T14821] __lock_acquire+0xab9/0xd20 [ 544.937106][T14821] lock_acquire+0x120/0x360 [ 544.942138][T14821] percpu_down_read_internal+0x48/0x1c0 [ 544.948220][T14821] ext4_writepages+0x1cc/0x350 [ 544.953526][T14821] do_writepages+0x32e/0x550 [ 544.958641][T14821] __writeback_single_inode+0x145/0xff0 [ 544.964714][T14821] writeback_single_inode+0x1f9/0x6a0 [ 544.970720][T14821] write_inode_now+0x160/0x1d0 [ 544.976021][T14821] iput+0x830/0xc50 [ 544.980357][T14821] ext4_xattr_block_set+0x1fce/0x2ac0 [ 544.986254][T14821] ext4_expand_extra_isize_ea+0x12da/0x1ea0 [ 544.992768][T14821] __ext4_expand_extra_isize+0x30d/0x400 [ 544.998931][T14821] __ext4_mark_inode_dirty+0x46c/0x700 [ 545.004919][T14821] ext4_evict_inode+0x80d/0xee0 [ 545.010397][T14821] evict+0x504/0x9c0 [ 545.014818][T14821] ext4_orphan_cleanup+0xc20/0x1460 [ 545.020549][T14821] ext4_fill_super+0x5920/0x61e0 [ 545.026035][T14821] get_tree_bdev_flags+0x40e/0x4d0 [ 545.031675][T14821] vfs_get_tree+0x92/0x2b0 [ 545.036618][T14821] do_new_mount+0x302/0xa10 [ 545.041651][T14821] __se_sys_mount+0x313/0x410 [ 545.046859][T14821] do_syscall_64+0xfa/0xfa0 [ 545.052097][T14821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.058518][T14821] [ 545.058518][T14821] other info that might help us debug this: [ 545.058518][T14821] [ 545.068757][T14821] Possible unsafe locking scenario: [ 545.068757][T14821] [ 545.076225][T14821] CPU0 CPU1 [ 545.081609][T14821] ---- ---- [ 545.086988][T14821] lock(&ei->xattr_sem); [ 545.091334][T14821] lock(&sbi->s_writepages_rwsem); [ 545.099058][T14821] lock(&ei->xattr_sem); [ 545.105917][T14821] rlock(&sbi->s_writepages_rwsem); [ 545.111211][T14821] [ 545.111211][T14821] *** DEADLOCK *** [ 545.111211][T14821] [ 545.119359][T14821] 3 locks held by syz.7.2885/14821: [ 545.124555][T14821] #0: ffff8880778bc0e0 (&type->s_umount_key#27/1){+.+.}-{4:4}, at: alloc_super+0x1bb/0x930 [ 545.134682][T14821] #1: ffff8880778bc610 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x2d6/0xee0 [ 545.144114][T14821] #2: ffff888059377388 (&ei->xattr_sem){++++}-{4:4}, at: __ext4_mark_inode_dirty+0x3eb/0x700 [ 545.154390][T14821] [ 545.154390][T14821] stack backtrace: [ 545.160299][T14821] CPU: 0 UID: 0 PID: 14821 Comm: syz.7.2885 Not tainted syzkaller #0 PREEMPT(full) [ 545.160322][T14821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 545.160336][T14821] Call Trace: [ 545.160344][T14821] [ 545.160353][T14821] dump_stack_lvl+0x189/0x250 [ 545.160375][T14821] ? __pfx_dump_stack_lvl+0x10/0x10 [ 545.160392][T14821] ? __pfx__printk+0x10/0x10 [ 545.160410][T14821] ? print_lock_name+0xde/0x100 [ 545.160428][T14821] print_circular_bug+0x2ee/0x310 [ 545.160457][T14821] check_noncircular+0x134/0x160 [ 545.160486][T14821] validate_chain+0xb9b/0x2140 [ 545.160511][T14821] ? bpf_trace_run4+0x19c/0x4a0 [ 545.160533][T14821] ? bpf_trace_run4+0x322/0x4a0 [ 545.160553][T14821] ? look_up_lock_class+0x74/0x170 [ 545.160575][T14821] ? register_lock_class+0x51/0x320 [ 545.160599][T14821] __lock_acquire+0xab9/0xd20 [ 545.160623][T14821] ? ext4_writepages+0x1cc/0x350 [ 545.160648][T14821] lock_acquire+0x120/0x360 [ 545.160669][T14821] ? ext4_writepages+0x1cc/0x350 [ 545.160700][T14821] percpu_down_read_internal+0x48/0x1c0 [ 545.160726][T14821] ? ext4_writepages+0x1cc/0x350 [ 545.160751][T14821] ext4_writepages+0x1cc/0x350 [ 545.160779][T14821] ? __pfx_ext4_writepages+0x10/0x10 [ 545.160811][T14821] ? do_raw_spin_unlock+0x122/0x240 [ 545.160829][T14821] ? __pfx_ext4_writepages+0x10/0x10 [ 545.160855][T14821] do_writepages+0x32e/0x550 [ 545.160873][T14821] ? do_raw_spin_lock+0x121/0x290 [ 545.160894][T14821] __writeback_single_inode+0x145/0xff0 [ 545.160912][T14821] ? do_raw_spin_unlock+0x122/0x240 [ 545.160931][T14821] writeback_single_inode+0x1f9/0x6a0 [ 545.160961][T14821] write_inode_now+0x160/0x1d0 [ 545.160991][T14821] ? __pfx_write_inode_now+0x10/0x10 [ 545.161037][T14821] ? do_raw_spin_unlock+0x122/0x240 [ 545.161056][T14821] iput+0x830/0xc50 [ 545.161080][T14821] ext4_xattr_block_set+0x1fce/0x2ac0 [ 545.161119][T14821] ? __pfx_ext4_xattr_block_set+0x10/0x10 [ 545.161142][T14821] ? ext4_xattr_block_find+0x2d4/0x350 [ 545.161166][T14821] ext4_expand_extra_isize_ea+0x12da/0x1ea0 [ 545.161207][T14821] __ext4_expand_extra_isize+0x30d/0x400 [ 545.161235][T14821] __ext4_mark_inode_dirty+0x46c/0x700 [ 545.161259][T14821] ext4_evict_inode+0x80d/0xee0 [ 545.161281][T14821] ? __pfx_ext4_evict_inode+0x10/0x10 [ 545.161300][T14821] ? do_raw_spin_unlock+0x122/0x240 [ 545.161318][T14821] ? __pfx_ext4_evict_inode+0x10/0x10 [ 545.161334][T14821] evict+0x504/0x9c0 [ 545.161352][T14821] ? __pfx_evict+0x10/0x10 [ 545.161365][T14821] ? do_raw_spin_unlock+0x122/0x240 [ 545.161383][T14821] ? _raw_spin_unlock+0x28/0x50 [ 545.161400][T14821] ? iput+0x946/0xc50 [ 545.161424][T14821] ext4_orphan_cleanup+0xc20/0x1460 [ 545.161447][T14821] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 545.161465][T14821] ? ext4_register_li_request+0x259/0x720 [ 545.161481][T14821] ? errseq_check_and_advance+0x66/0x120 [ 545.161519][T14821] ext4_fill_super+0x5920/0x61e0 [ 545.161553][T14821] ? __pfx_ext4_fill_super+0x10/0x10 [ 545.161593][T14821] ? snprintf+0xda/0x120 [ 545.161610][T14821] ? __pfx_snprintf+0x10/0x10 [ 545.161623][T14821] ? set_blocksize+0x21e/0x500 [ 545.161644][T14821] ? sb_set_blocksize+0x104/0x180 [ 545.161663][T14821] ? setup_bdev_super+0x4c1/0x5b0 [ 545.161683][T14821] get_tree_bdev_flags+0x40e/0x4d0 [ 545.161701][T14821] ? __pfx_ext4_fill_super+0x10/0x10 [ 545.161727][T14821] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 545.161752][T14821] vfs_get_tree+0x92/0x2b0 [ 545.161771][T14821] do_new_mount+0x302/0xa10 [ 545.161790][T14821] ? apparmor_capable+0x137/0x1b0 [ 545.161816][T14821] ? __pfx_do_new_mount+0x10/0x10 [ 545.161836][T14821] ? ns_capable+0x8a/0xf0 [ 545.161860][T14821] ? kmem_cache_free+0x19b/0x690 [ 545.161884][T14821] __se_sys_mount+0x313/0x410 [ 545.161907][T14821] ? __pfx___se_sys_mount+0x10/0x10 [ 545.161929][T14821] ? do_syscall_64+0xbe/0xfa0 [ 545.161949][T14821] ? __x64_sys_mount+0x20/0xc0 [ 545.161970][T14821] do_syscall_64+0xfa/0xfa0 [ 545.161996][T14821] ? lockdep_hardirqs_on+0x9c/0x150 [ 545.162016][T14821] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.162032][T14821] ? clear_bhb_loop+0x60/0xb0 [ 545.162052][T14821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.162072][T14821] RIP: 0033:0x7f67d259066a [ 545.162089][T14821] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 545.162105][T14821] RSP: 002b:00007f67d333ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 545.162123][T14821] RAX: ffffffffffffffda RBX: 00007f67d333eef0 RCX: 00007f67d259066a [ 545.162135][T14821] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f67d333eeb0 [ 545.162147][T14821] RBP: 0000200000000180 R08: 00007f67d333eef0 R09: 0000000000800718 [ 545.162158][T14821] R10: 0000000000800718 R11: 0000000000000246 R12: 00002000000001c0 [ 545.162169][T14821] R13: 00007f67d333eeb0 R14: 0000000000000473 R15: 0000200000000680 [ 545.162190][T14821] [ 545.644479][T14821] ------------[ cut here ]------------ [ 545.650341][T14821] EA inode 11 i_nlink=2 [ 545.654326][T14821] WARNING: fs/ext4/xattr.c:1058 at ext4_xattr_inode_update_ref+0x51a/0x5b0, CPU#1: syz.7.2885/14821 [ 545.669665][T14821] Modules linked in: [ 545.673683][T14821] CPU: 1 UID: 0 PID: 14821 Comm: syz.7.2885 Not tainted syzkaller #0 PREEMPT(full) [ 545.683142][T14821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 545.693257][T14821] RIP: 0010:ext4_xattr_inode_update_ref+0x51a/0x5b0 [ 545.699922][T14821] Code: 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 0f 85 80 00 00 00 41 8b 17 48 c7 c7 40 11 80 8b 4c 89 e6 e8 57 c6 f9 fe 90 <0f> 0b 90 90 4c 8b 6c 24 28 e9 59 fe ff ff e8 23 06 c3 08 44 89 f9 [ 545.719676][T14821] RSP: 0018:ffffc9001037f100 EFLAGS: 00010246 [ 545.726334][T14821] RAX: 1c2b43b65129a100 RBX: 0000000000000001 RCX: 0000000000080000 [ 545.734887][T14821] RDX: ffffc900168a0000 RSI: 000000000007ffff RDI: 0000000000080000 [ 545.743257][T14821] RBP: ffffc9001037f1f8 R08: 0000000000000003 R09: 0000000000000004 [ 545.751466][T14821] R10: dffffc0000000000 R11: fffffbfff1bfa650 R12: 000000000000000b [ 545.759487][T14821] R13: ffff88804154eca0 R14: 1ffff110082a9d82 R15: ffff88804154ec10 [ 545.767482][T14821] FS: 00007f67d333f6c0(0000) GS:ffff888125e08000(0000) knlGS:0000000000000000 [ 545.777511][T14821] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 545.785113][T14821] CR2: 00007f8bd5bb12f8 CR3: 000000003301c000 CR4: 00000000003526f0 [ 545.794158][T14821] Call Trace: [ 545.797469][T14821] [ 545.801328][T14821] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 545.807190][T14821] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 545.814219][T14821] ? ext4_xattr_inode_iget+0x3d2/0x5f0 [ 545.820366][T14821] ext4_xattr_set_entry+0xabb/0x1e20 [ 545.826959][T14821] ext4_xattr_ibody_set+0x254/0x6a0 [ 545.833547][T14821] ext4_expand_extra_isize_ea+0x13ad/0x1ea0 [ 545.840407][T14821] __ext4_expand_extra_isize+0x30d/0x400 [ 545.846086][T14821] __ext4_mark_inode_dirty+0x46c/0x700 [ 545.852474][T14821] ext4_evict_inode+0x80d/0xee0 [ 545.857362][T14821] ? __pfx_ext4_evict_inode+0x10/0x10 [ 545.863673][T14821] ? do_raw_spin_unlock+0x122/0x240 [ 545.869830][T14821] ? __pfx_ext4_evict_inode+0x10/0x10 [ 545.875231][T14821] evict+0x504/0x9c0 [ 545.880008][T14821] ? __pfx_evict+0x10/0x10 [ 545.884448][T14821] ? do_raw_spin_unlock+0x122/0x240 [ 545.890543][T14821] ? _raw_spin_unlock+0x28/0x50 [ 545.895423][T14821] ? iput+0x946/0xc50 [ 545.900329][T14821] ext4_orphan_cleanup+0xc20/0x1460 [ 545.905569][T14821] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 545.912072][T14821] ? ext4_register_li_request+0x259/0x720 [ 545.917818][T14821] ? errseq_check_and_advance+0x66/0x120 [ 545.924332][T14821] ext4_fill_super+0x5920/0x61e0 [ 545.930642][T14821] ? __pfx_ext4_fill_super+0x10/0x10 [ 545.935963][T14821] ? snprintf+0xda/0x120 [ 545.941488][T14821] ? __pfx_snprintf+0x10/0x10 [ 545.946189][T14821] ? set_blocksize+0x21e/0x500 [ 545.951797][T14821] ? sb_set_blocksize+0x104/0x180 [ 545.956858][T14821] ? setup_bdev_super+0x4c1/0x5b0 [ 545.962771][T14821] get_tree_bdev_flags+0x40e/0x4d0 [ 545.967914][T14821] ? __pfx_ext4_fill_super+0x10/0x10 [ 545.974060][T14821] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 545.980500][T14821] vfs_get_tree+0x92/0x2b0 [ 545.984948][T14821] do_new_mount+0x302/0xa10 [ 545.990300][T14821] ? apparmor_capable+0x137/0x1b0 [ 545.995362][T14821] ? __pfx_do_new_mount+0x10/0x10 [ 546.001200][T14821] ? ns_capable+0x8a/0xf0 [ 546.005560][T14821] ? kmem_cache_free+0x19b/0x690 [ 546.011327][T14821] __se_sys_mount+0x313/0x410 [ 546.016043][T14821] ? __pfx___se_sys_mount+0x10/0x10 [ 546.022145][T14821] ? do_syscall_64+0xbe/0xfa0 [ 546.026863][T14821] ? __x64_sys_mount+0x20/0xc0 [ 546.032916][T14821] do_syscall_64+0xfa/0xfa0 [ 546.037467][T14821] ? lockdep_hardirqs_on+0x9c/0x150 [ 546.043894][T14821] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.050760][T14821] ? clear_bhb_loop+0x60/0xb0 [ 546.055465][T14821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.062141][T14821] RIP: 0033:0x7f67d259066a [ 546.066579][T14821] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.087073][T14821] RSP: 002b:00007f67d333ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 546.096354][T14821] RAX: ffffffffffffffda RBX: 00007f67d333eef0 RCX: 00007f67d259066a [ 546.105155][T14821] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f67d333eeb0 [ 546.113937][T14821] RBP: 0000200000000180 R08: 00007f67d333eef0 R09: 0000000000800718 [ 546.122769][T14821] R10: 0000000000800718 R11: 0000000000000246 R12: 00002000000001c0 [ 546.131488][T14821] R13: 00007f67d333eeb0 R14: 0000000000000473 R15: 0000200000000680 [ 546.140800][T14821] [ 546.143844][T14821] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 546.151138][T14821] CPU: 1 UID: 0 PID: 14821 Comm: syz.7.2885 Not tainted syzkaller #0 PREEMPT(full) [ 546.160532][T14821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 546.170620][T14821] Call Trace: [ 546.173911][T14821] [ 546.176849][T14821] dump_stack_lvl+0x99/0x250 [ 546.181452][T14821] ? __asan_memcpy+0x40/0x70 [ 546.186054][T14821] ? __pfx_dump_stack_lvl+0x10/0x10 [ 546.191263][T14821] ? __pfx__printk+0x10/0x10 [ 546.195867][T14821] vpanic+0x237/0x6d0 [ 546.199866][T14821] ? __pfx_vpanic+0x10/0x10 [ 546.204383][T14821] ? is_bpf_text_address+0x292/0x2b0 [ 546.209680][T14821] ? is_bpf_text_address+0x26/0x2b0 [ 546.214895][T14821] panic+0xb9/0xc0 [ 546.218631][T14821] ? __pfx_panic+0x10/0x10 [ 546.223068][T14821] __warn+0x334/0x4c0 [ 546.227065][T14821] ? ext4_xattr_inode_update_ref+0x51a/0x5b0 [ 546.233061][T14821] ? ext4_xattr_inode_update_ref+0x51a/0x5b0 [ 546.239061][T14821] report_bug+0x2be/0x4f0 [ 546.243406][T14821] ? ext4_xattr_inode_update_ref+0x51a/0x5b0 [ 546.249399][T14821] ? ext4_xattr_inode_update_ref+0x51a/0x5b0 [ 546.255402][T14821] ? ext4_xattr_inode_update_ref+0x51c/0x5b0 [ 546.261396][T14821] handle_bug+0x84/0x160 [ 546.265651][T14821] exc_invalid_op+0x1a/0x50 [ 546.270165][T14821] asm_exc_invalid_op+0x1a/0x20 [ 546.275020][T14821] RIP: 0010:ext4_xattr_inode_update_ref+0x51a/0x5b0 [ 546.281653][T14821] Code: 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 06 84 c0 0f 85 80 00 00 00 41 8b 17 48 c7 c7 40 11 80 8b 4c 89 e6 e8 57 c6 f9 fe 90 <0f> 0b 90 90 4c 8b 6c 24 28 e9 59 fe ff ff e8 23 06 c3 08 44 89 f9 [ 546.301366][T14821] RSP: 0018:ffffc9001037f100 EFLAGS: 00010246 [ 546.307456][T14821] RAX: 1c2b43b65129a100 RBX: 0000000000000001 RCX: 0000000000080000 [ 546.315432][T14821] RDX: ffffc900168a0000 RSI: 000000000007ffff RDI: 0000000000080000 [ 546.323408][T14821] RBP: ffffc9001037f1f8 R08: 0000000000000003 R09: 0000000000000004 [ 546.331632][T14821] R10: dffffc0000000000 R11: fffffbfff1bfa650 R12: 000000000000000b [ 546.339626][T14821] R13: ffff88804154eca0 R14: 1ffff110082a9d82 R15: ffff88804154ec10 [ 546.347624][T14821] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 546.353458][T14821] ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10 [ 546.359803][T14821] ? ext4_xattr_inode_iget+0x3d2/0x5f0 [ 546.365284][T14821] ext4_xattr_set_entry+0xabb/0x1e20 [ 546.370594][T14821] ext4_xattr_ibody_set+0x254/0x6a0 [ 546.375814][T14821] ext4_expand_extra_isize_ea+0x13ad/0x1ea0 [ 546.381775][T14821] __ext4_expand_extra_isize+0x30d/0x400 [ 546.387432][T14821] __ext4_mark_inode_dirty+0x46c/0x700 [ 546.392902][T14821] ext4_evict_inode+0x80d/0xee0 [ 546.397765][T14821] ? __pfx_ext4_evict_inode+0x10/0x10 [ 546.403149][T14821] ? do_raw_spin_unlock+0x122/0x240 [ 546.408359][T14821] ? __pfx_ext4_evict_inode+0x10/0x10 [ 546.413739][T14821] evict+0x504/0x9c0 [ 546.417645][T14821] ? __pfx_evict+0x10/0x10 [ 546.422074][T14821] ? do_raw_spin_unlock+0x122/0x240 [ 546.427309][T14821] ? _raw_spin_unlock+0x28/0x50 [ 546.432167][T14821] ? iput+0x946/0xc50 [ 546.436163][T14821] ext4_orphan_cleanup+0xc20/0x1460 [ 546.441371][T14821] ? __pfx_ext4_orphan_cleanup+0x10/0x10 [ 546.447025][T14821] ? ext4_register_li_request+0x259/0x720 [ 546.452772][T14821] ? errseq_check_and_advance+0x66/0x120 [ 546.458438][T14821] ext4_fill_super+0x5920/0x61e0 [ 546.463408][T14821] ? __pfx_ext4_fill_super+0x10/0x10 [ 546.468711][T14821] ? snprintf+0xda/0x120 [ 546.472961][T14821] ? __pfx_snprintf+0x10/0x10 [ 546.477652][T14821] ? set_blocksize+0x21e/0x500 [ 546.482429][T14821] ? sb_set_blocksize+0x104/0x180 [ 546.487458][T14821] ? setup_bdev_super+0x4c1/0x5b0 [ 546.492489][T14821] get_tree_bdev_flags+0x40e/0x4d0 [ 546.497610][T14821] ? __pfx_ext4_fill_super+0x10/0x10 [ 546.502909][T14821] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 546.508555][T14821] vfs_get_tree+0x92/0x2b0 [ 546.512985][T14821] do_new_mount+0x302/0xa10 [ 546.517496][T14821] ? apparmor_capable+0x137/0x1b0 [ 546.522534][T14821] ? __pfx_do_new_mount+0x10/0x10 [ 546.527568][T14821] ? ns_capable+0x8a/0xf0 [ 546.531928][T14821] ? kmem_cache_free+0x19b/0x690 [ 546.536885][T14821] __se_sys_mount+0x313/0x410 [ 546.541577][T14821] ? __pfx___se_sys_mount+0x10/0x10 [ 546.546797][T14821] ? do_syscall_64+0xbe/0xfa0 [ 546.551490][T14821] ? __x64_sys_mount+0x20/0xc0 [ 546.556268][T14821] do_syscall_64+0xfa/0xfa0 [ 546.560808][T14821] ? lockdep_hardirqs_on+0x9c/0x150 [ 546.566025][T14821] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.572098][T14821] ? clear_bhb_loop+0x60/0xb0 [ 546.576787][T14821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.582687][T14821] RIP: 0033:0x7f67d259066a [ 546.587108][T14821] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.606719][T14821] RSP: 002b:00007f67d333ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 546.615145][T14821] RAX: ffffffffffffffda RBX: 00007f67d333eef0 RCX: 00007f67d259066a [ 546.623120][T14821] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f67d333eeb0 [ 546.631098][T14821] RBP: 0000200000000180 R08: 00007f67d333eef0 R09: 0000000000800718 [ 546.639074][T14821] R10: 0000000000800718 R11: 0000000000000246 R12: 00002000000001c0 [ 546.647052][T14821] R13: 00007f67d333eeb0 R14: 0000000000000473 R15: 0000200000000680 [ 546.655048][T14821] [ 546.658373][T14821] Kernel Offset: disabled [ 546.662702][T14821] Rebooting in 86400 seconds..