last executing test programs: 6.364500165s ago: executing program 4 (id=1023): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000600)={'wlan0\x00'}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}, 0x1, 0x0, 0x0, 0x4000004}, 0x40000) 5.94463675s ago: executing program 4 (id=1031): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r0) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000fcdbdf250400000004000480140001"], 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) 5.813006656s ago: executing program 4 (id=1034): unshare(0x26020480) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x20, 0x4) setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f00000000c0)=r0, 0x4) 5.657274271s ago: executing program 4 (id=1039): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000e40)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0200000002"], 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000000000000000000009500160000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r6, r5, 0x2, 0x6, 0x4000, @void, @value}, 0x10) 5.456518018s ago: executing program 4 (id=1043): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a0000020000002400018014"], 0x64}}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000013000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a80180004801400068008"], 0x3c}}, 0x0) 5.053533147s ago: executing program 4 (id=1051): r0 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f00000022c0)={0x0, 0x0, &(0x7f0000002280)={&(0x7f0000002200)={0x28, r0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x5818680ba2430678}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x12) 4.752502819s ago: executing program 1 (id=1054): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r0 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000180)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$unix(0x1, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r3}, 0x10) r4 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000004c0)={'ip6_vti0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x3, 0x0, 0x4c, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10, 0x7, 0x2, 0x8}}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x1) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r6, @ANYBLOB="0c009900ff070000090000001400040073797a6b616c6c6572300000000000000800050006000000eba06db65a1abfe3953d43364c41221e0e739ab0183ce2af4502fe38fce990edea05a9d2"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) 4.234852403s ago: executing program 1 (id=1061): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a) write(r0, &(0x7f0000000000)="240000001a005f0400f9f407000904018000", 0x12) 4.047373388s ago: executing program 1 (id=1064): r0 = socket(0x2, 0x80805, 0x0) getsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000140), &(0x7f0000000180)=0x4) sendto(r0, 0x0, 0x0, 0x48000, &(0x7f00000000c0)=@can, 0x80) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = socket(0xa, 0x3, 0x3a) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_bcm(r2, &(0x7f0000000600)={&(0x7f0000000440)={0x1d, r3}, 0x10, &(0x7f0000000500)={&(0x7f0000000480)={0x6, 0x304, 0x800, {0x77359400}, {0x0, 0xea60}, {0x2, 0x0, 0x1}, 0x1, @canfd={{0x1, 0x0, 0x0, 0x1}, 0x32, 0x2, 0x0, 0x0, "4a7a4a8ebc26a4b73791e4e9ff0f118b573f3b5884a5f763e126bdd6feb187cb5565470773ca3381fecb652b68121453fbfa563f337525b5532ce7a362c7bb51"}}, 0x80}, 0x1, 0x0, 0x0, 0x44085}, 0x80) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2}, {0xa, 0x0, 0x0, @empty}, 0x20}, 0x5c) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0xa65, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet6(0xa, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x4, 0x200008, 0x4, 0x20000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000030000000000a70000000060a0b0400000000000000000200000044000480400001800a0001006d6174636800000030000280080002400000000118000300d67a8527f76ec11542b6fcd728b981a405106c720a0001006f776e65720000000900010073797a30000000000900020073797a3200"], 0x98}}, 0x4048010) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r4], 0x4c}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.051533319s ago: executing program 3 (id=1073): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}}, 0x24}}, 0x0) 2.634058702s ago: executing program 1 (id=1074): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a) write(r0, &(0x7f0000000000)="240000001a005f0400f9f407000904018000"/27, 0x1b) 2.58382183s ago: executing program 3 (id=1075): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2d, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x104, 0xf2, 0x0, 0x1, [@typed={0xc, 0x58, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1e}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) r2 = socket$inet6(0xa, 0x1, 0x0) close(r2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}]}, 0x0) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x82, 0x0, 0x0) socket(0x10, 0x3, 0x4) accept4(r1, 0x0, &(0x7f0000000040), 0xc0000) socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0) 2.383413599s ago: executing program 1 (id=1078): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000140), 0x4) sendto$inet(r0, &(0x7f00000000c0)="8f", 0x1, 0x1, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10) close(0x3) 2.245542463s ago: executing program 2 (id=1081): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={0x0, 0x20}}, 0x2000c094) 2.120266202s ago: executing program 1 (id=1082): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) r2 = accept4$unix(r0, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001680)=[{{0x0, 0xfffffffffffffe55, &(0x7f0000000000), 0x3}}], 0x40002b2, 0x2, 0x0) 1.772714567s ago: executing program 2 (id=1083): bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1e, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000001000000000000000000000089120e000000000095"], &(0x7f0000000100)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x63, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3fffffc, @void, @value}, 0x94) 1.67926948s ago: executing program 3 (id=1084): r0 = socket(0x2, 0x80805, 0x0) getsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000140), &(0x7f0000000180)=0x4) sendto(r0, 0x0, 0x0, 0x48000, &(0x7f00000000c0)=@can, 0x80) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = socket(0xa, 0x3, 0x3a) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000001c0)={'vxcan0\x00', 0x0}) sendmsg$can_bcm(r2, &(0x7f0000000600)={&(0x7f0000000440)={0x1d, r3}, 0x10, &(0x7f0000000500)={&(0x7f0000000480)={0x6, 0x304, 0x800, {0x77359400}, {0x0, 0xea60}, {0x2, 0x0, 0x1}, 0x1, @canfd={{0x1, 0x0, 0x0, 0x1}, 0x32, 0x2, 0x0, 0x0, "4a7a4a8ebc26a4b73791e4e9ff0f118b573f3b5884a5f763e126bdd6feb187cb5565470773ca3381fecb652b68121453fbfa563f337525b5532ce7a362c7bb51"}}, 0x80}, 0x1, 0x0, 0x0, 0x44085}, 0x80) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2}, {0xa, 0x0, 0x0, @empty}, 0x20}, 0x5c) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0xa65, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet6(0xa, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x4, 0x200008, 0x4, 0x20000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000030000000000a70000000060a0b0400000000000000000200000044000480400001800a0001006d6174636800000030000280080002400000000118000300d67a8527f76ec11542b6fcd728b981a405106c720a0001006f776e65720000000900010073797a30000000000900020073797a3200"], 0x98}}, 0x4048010) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r4], 0x4c}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.617706198s ago: executing program 0 (id=1085): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[], 0xb8}}, 0x4004) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0xfffffffffffffffd}}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5, 0x0, 0x1}}, 0xb8}}, 0x0) 1.498549659s ago: executing program 2 (id=1086): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}}, 0x24}}, 0x0) 1.425524588s ago: executing program 0 (id=1087): socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) socket(0x40000000002, 0x3, 0x80000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x803, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x840000000002, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$xdp(0x2c, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010000304016100"/20, @ANYRES32=0x0, @ANYBLOB="d3ddd1de00000000140012800b0001006d616373656300000400028008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES8], 0x44}}, 0x0) 1.303413228s ago: executing program 3 (id=1088): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a) write(r0, &(0x7f0000000000)="240000001a005f0400f9f407000904018000"/27, 0x1b) 1.179293523s ago: executing program 2 (id=1089): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000dc0)=ANY=[@ANYBLOB="b7000000a5517f5fbfa30000000000000703000028feffff720af0fff8ffffff71a4f0ff00000000b7060000000000012e400300000000006506020001cd00007118540000000000c3640000000000006b0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912435f1b6a693172e6191a12bebf9f9804ea033388cd15b65877ad4b200000000000000000beca090f32050e436fe275daf51efd601b6bf01c8e8b1abe4fef3bef7074815ae98743d1ace4c46631256dd19aed0d600c0b6199fe3ff3128e599b0eaebbdbd7359a48f5b0afc3996792043a6787bac46aa7aa400000000000069669622208266f896ba2c9e73c2efeec2dc565fbafb2cb63f5fef9ab79ff8abaa8a08f54a062107e9bb3e980fff675c8d3e91df6648a7a6aebcb63e0867b75690152af27711f0cbb9c06018d21bf3f87b8eb65323b4267a526d53442db8e48dbc5ce47d67d07441a7975d5e41b14fd0154a8246249952a8b61633ce068220defe09d3b1136af6d03e9cf996c13d1bfcdc54567a9ca80dec2e943fe4ae7c617cc071f7add70cfbd48f8f6b50fe6a8297d88efa73e7e601040000b4a685969f28902bdecf66ef39755de79ed2c711477febc96231a53984d00877301d0ec62427a8e38618fdd1ce9aaed569ebc5f2e58d6028e66139a737cc7146a131d47dcebb32ed67021d76e983223c998aec22242ae54e87f438d26982876b58f9134366952f7399a733f07138a736924f3709000000e97f0c117ec439c6b7b965752bbc06eced08d97a32ae4b1ad4d11c5b6f68ee841975233e4cea13f3ef04b2cab9cc256d4539dbafd888c7097c1169e0bebcc81ca3da40bf34b6c9c1da2d6ed8acaf2a8091820ff4cf6be74ddca8bf2eed0e11b2139e8c3ec95436af5269d5792decda7d8b5dcf8640b504ba23c6d0a7f67cdfd27328100ebf9319a56f0f9cee17deecf747f3493f1dc39551f4c9a40b3e93fa80b8234ccbf39a9ef09bd97321f0dc20956f44ba2c5ec2e7569b05cf4690ddc189f174046a8b214acf23f42fb51ed4819e6b4cb5a8bf2b559d0c198fe0315483b8beb9801d06c58b22dd713fe3b7ef18e21081aacfd091b754125a488cea18255f79bebcb3051f622f8a1d9af1908e88a58774a24f35a4ccdbedea6212286c23dd89c2b4b90647f17231472af8dda7f3ab20f093aad3ce875f7458039ee6d0a50deb7bc8eb393f056a5e7725531c5485278e0362338e2e2710fe00465e0d182a322091022cf5b814eeb9b3cab21196581e4d92d0b6fe5525285eea359274f1f21d69233bbe94941f10ba292100000000000000000000000000000000c18e93a0c5231779f2ee201e9fe7e63e84b57b5f05ecd278919bad330ffcb594b8255b3085b352ca9533d6c31c1a30158c30352f8a126a65cb6582e58aa641007418611df53a601c3a8fb8d2286e86abf98136f345446730f68f5d6d1817a9e1b09e5650d2599fbe719a45337d29eb3fef5f7f565457660dec6fe903a1c2ea4f40a8ea1c179892afa219fc69a44163f0d731de418e9fd82a8c4661caea674b19242d1840d047882f640ea248457288c5ffb63e857da03ff5c0475c3cfff41c4806f1dc750eb1c45ec3a2a0b064834010604d6f88a29e8e9bda2bc9c18d1b53a08f25d62ccaa46bc0235c830a7b3fe64bc6031b431bcad6b698a1ba6027870ea9e55fafbbf140c5f82a33ee4ac793b989c12a5827a7957f4d8136cf918b7cbf5bc5fc64c8001992536584586edded6f65bdd371ac84fd5cc60ab79b84e9e85a1c54d5666a5d133e95eff121621dff14b9de7a188b8c5387f9da63c2cce405bc44079e34e2db2b275bfbb54841d647338cad74be91144b780cf381a6860f641446ef73bd11d45f5e4df8f3c6440d8425fd7382225cf8c2cada01bf3cd5cbc6a403173e0c89a491c75efc3c21b7825a521c6011945eef94abc3000000000000000000000000000000d71b794e9b4c145caf050429937eef4364d9e1cbe9150bccd9b2e73757f1f5e8ac50736cd3cbc029ede2869642841371bb4b9c1aaa8826889a909e6716b60e4b568b6761f8ccc7d35b0e66357746b10fc481b47e67f1e14408c1ef3e018a5e647e3f607654f3bf82bcfb42be038a272d82f8362944f608b3810000000019fda0b1b607f1ab34194ed954973f7a5accc0938d3364ab07574d0b32fc30f3ab73d012b63ee905e98ab6989ec2c840cd216eb18fedfb3b204e94e170bae930660368d3799c9b1bf7556ac57164966791626f06ad2e332341965f72141ec140b80efd7720ccdaa890b79bc4523386bd66553121543c9a35b7adcf2f6b257fefef1d6e1da2ee94d3f822bf45aad21e5b5a3788ab584090664065af39b0f43968dcd7c5f8e5a8dc6298691423fbf7e8e012260bc62f9422434a547ef7ca37953d435098d9b71edd1a03e46d0ade465d0c0db0a51f9e29cac05e5a04f94e"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x45, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0xb5}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 1.178749458s ago: executing program 0 (id=1090): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000580)) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f00000001c0)={0x2, &(0x7f0000000000)=[{0x50, 0x13, 0x80, 0x809}, {0x6, 0x0, 0x0, 0xfe}]}) write$ppp(r0, &(0x7f0000000300)="4daf", 0x2) 1.164695168s ago: executing program 3 (id=1091): unshare(0x20000400) r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, 0x0) socket$l2tp(0x2, 0x2, 0x73) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/243, 0xfffffdef}], 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r3}, 0x10) r4 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r4, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000000), 0xffffff6a) sendfile(r4, r5, 0x0, 0xffffffff000) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r6, 0xfff) accept(r6, 0xfffffffffffffffd, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) 940.512948ms ago: executing program 0 (id=1092): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4014}, 0x0) 861.893679ms ago: executing program 2 (id=1093): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000640)=ANY=[], 0x20}}, 0x2000c094) 715.45649ms ago: executing program 0 (id=1094): mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x1d, &(0x7f00000008c0)=0x2, 0x4) 355.77184ms ago: executing program 0 (id=1095): r0 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0xc3052, 0xffffffffffffffff, 0x2000) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_JOIN_FILTERS(r1, 0x65, 0x6, &(0x7f0000000040)=0x1, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r3) sendmsg$NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000740)=ANY=[@ANYBLOB="44010000", @ANYRES16=r4, @ANYBLOB="010000000000000008000100000004000480080002000100000008000100000000000400088018010c8054000b800800090000000000080009000000000008000a000000000008000a0000000000080009000000000008000a000000000008000a000000000008000a000000000008000a000000000008000900000000000c000b8008000a000000000014000b8008000900c81e173808000a0083ec000004000b8054000b800800090000000000080009000000000008000a000000000008000a000000000008000a000000000008000a00000000000800090000000000080009000000000008000a000000000008000a00000000003c000b80080009000000000008000a000000000008000a000000000008000900000000000800090080000000080009000000000008000900000000000c000b"], 0x144}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xfff3}}}, 0x24}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000496000/0x2000)=nil, 0x2000, 0x0, 0x12, r7, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r9, 0x1000) mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r8, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000497000/0x2000)=nil, 0x2000, 0x2000002, 0x13, r10, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305829, &(0x7f0000000540)={0x1100, 0x0, 0x52, 0x10000}) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)={0x30, r0, 0x1, 0x0, 0xa6ff, {{}, {0x0, 0x3}, {0x14}}}, 0x30}, 0x1, 0x0, 0x0, 0x4004018}, 0x0) syz_emit_ethernet(0xa6, &(0x7f00000000c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x70, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, [{0x3, 0xa, "bd3e6d4706598080a80300378927fc503b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0302"}, {0x0, 0x1, "000000050000000026000400"}]}}}}}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0xa, [@struct={0x8, 0x2, 0x0, 0xf, 0x0, 0xffffffff, [{0xe, 0x0, 0x3}, {0x7, 0x3, 0xfffffffd}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e]}}, &(0x7f0000000040)=""/236, 0x46, 0xec, 0x6, 0x0, 0x0, @void, @value}, 0x28) r11 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r11, 0x28, 0x8, &(0x7f0000000100)=0x147ae147ae147ad, 0x112) r12 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000180001000101000000000000020000000000000900000000060015000400000014001680100008800c00028008000180"], 0x38}}, 0x4000000) ioctl$sock_inet_SIOCSIFADDR(r11, 0x8916, &(0x7f0000000000)={'ipvlan1\x00', {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}) 355.31985ms ago: executing program 2 (id=1096): r0 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r0, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x503, 0x1, 0xfffffffc, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) 0s ago: executing program 3 (id=1097): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)={0x5c, r1, 0x1, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x40, 0x33, @action={{{}, {}, @broadcast}, @sp_mp_confirm={0xf, 0x2, {0x20a8, @random=0x7, {}, @void, @val={0x2d, 0x1a, {0x8, 0x3, 0x7, 0x0, {0x2, 0x6, 0x0, 0x6, 0x0, 0x0, 0x1, 0x2}, 0x6, 0x6, 0x1}}}}}}]}, 0x5c}}, 0x4000084) kernel console output (not intermixed with test programs): 98][ T7501] loop1: detected capacity change from 0 to 2048 [ 263.168603][ T7501] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 263.187708][ T7501] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 263.204426][ T7501] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 263.402558][ T7513] loop0: detected capacity change from 0 to 512 [ 263.462206][ T7513] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 263.498920][ T7513] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 263.508497][ T7513] System zones: 1-12 [ 263.530818][ T7513] EXT4-fs (loop0): 1 truncate cleaned up [ 263.544936][ T7513] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 264.628027][ T7522] loop3: detected capacity change from 0 to 512 [ 264.649177][ T7522] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 264.784543][ T7522] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 264.793321][ T7522] System zones: 1-12 [ 264.812325][ T7522] EXT4-fs (loop3): 1 truncate cleaned up [ 264.828252][ T7522] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 265.254219][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.359350][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.395527][ T7525] loop1: detected capacity change from 0 to 512 [ 265.417069][ T7525] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 265.702463][ T7525] EXT4-fs (loop1): 1 truncate cleaned up [ 265.714182][ T7525] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 265.835702][ T7532] netlink: 16 bytes leftover after parsing attributes in process `syz.0.348'. [ 265.862191][ T7532] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 265.982293][ T7533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 266.077656][ T7532] loop0: detected capacity change from 0 to 8 [ 266.102012][ T7532] SQUASHFS error: Failed to read block 0x62: -5 [ 266.108660][ T7532] squashfs image failed sanity check [ 266.686610][ T7526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.741173][ T7551] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 269.967611][ T7550] loop0: detected capacity change from 0 to 2048 [ 270.107919][ T7550] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 270.146578][ T7550] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 270.245366][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.328804][ T7560] tipc: Started in network mode [ 270.347242][ T7560] tipc: Node identity fac92af8cdda, cluster identity 4711 [ 270.355216][ T7560] tipc: Enabled bearer , priority 0 [ 270.357905][ T7550] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 270.437292][ T7565] FAULT_INJECTION: forcing a failure. [ 270.437292][ T7565] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 270.450759][ T7565] CPU: 1 UID: 0 PID: 7565 Comm: syz.2.358 Not tainted 6.15.0-rc1-next-20250411-syzkaller #0 PREEMPT(full) [ 270.450784][ T7565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 270.450795][ T7565] Call Trace: [ 270.450803][ T7565] [ 270.450810][ T7565] dump_stack_lvl+0x241/0x360 [ 270.450844][ T7565] ? __pfx_dump_stack_lvl+0x10/0x10 [ 270.450867][ T7565] ? __pfx__printk+0x10/0x10 [ 270.450900][ T7565] should_fail_ex+0x424/0x570 [ 270.450928][ T7565] _copy_to_user+0x31/0xb0 [ 270.450950][ T7565] simple_read_from_buffer+0xc4/0x170 [ 270.450978][ T7565] proc_fail_nth_read+0x1ef/0x260 [ 270.450999][ T7565] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 270.451020][ T7565] ? rw_verify_area+0x246/0x630 [ 270.451037][ T7565] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 270.451056][ T7565] vfs_read+0x21f/0xb90 [ 270.451079][ T7565] ? __pfx___mutex_lock+0x10/0x10 [ 270.451100][ T7565] ? __pfx_vfs_read+0x10/0x10 [ 270.451121][ T7565] ? __rcu_read_unlock+0xa1/0x110 [ 270.451142][ T7565] ? __fget_files+0x2a/0x420 [ 270.451167][ T7565] ? __fget_files+0x39d/0x420 [ 270.451187][ T7565] ? __fget_files+0x2a/0x420 [ 270.451218][ T7565] ksys_read+0x19d/0x2d0 [ 270.451238][ T7565] ? __pfx_ksys_read+0x10/0x10 [ 270.451262][ T7565] ? do_syscall_64+0xb6/0x230 [ 270.451295][ T7565] do_syscall_64+0xf3/0x230 [ 270.451313][ T7565] ? clear_bhb_loop+0x45/0xa0 [ 270.451335][ T7565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.451351][ T7565] RIP: 0033:0x7fab9698bb7c [ 270.451368][ T7565] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 270.451383][ T7565] RSP: 002b:00007fab97892030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 270.451402][ T7565] RAX: ffffffffffffffda RBX: 00007fab96ba6160 RCX: 00007fab9698bb7c [ 270.451414][ T7565] RDX: 000000000000000f RSI: 00007fab978920a0 RDI: 0000000000000006 [ 270.451424][ T7565] RBP: 00007fab97892090 R08: 0000000000000000 R09: 0000000000000000 [ 270.451435][ T7565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 270.451445][ T7565] R13: 0000000000000001 R14: 00007fab96ba6160 R15: 00007ffc7d1ff378 [ 270.451473][ T7565] [ 270.676241][ C1] vkms_vblank_simulate: vblank timer overrun [ 270.979500][ T7570] loop1: detected capacity change from 0 to 512 [ 271.191872][ T7560] tipc: Disabling bearer [ 271.681930][ T52] tipc: Node number set to 924003064 [ 271.692804][ T7570] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 271.716013][ T7570] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 271.725130][ T7570] System zones: 1-12 [ 271.732204][ T7570] EXT4-fs (loop1): 1 truncate cleaned up [ 271.739651][ T7570] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 271.979511][ T7581] loop2: detected capacity change from 0 to 512 [ 272.020093][ T7581] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 272.262662][ T7580] loop3: detected capacity change from 0 to 128 [ 272.360333][ T7580] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 272.448742][ T7581] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 272.455581][ T7580] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 272.456996][ T7581] System zones: 1-12 [ 272.474695][ T7581] EXT4-fs (loop2): 1 truncate cleaned up [ 272.489902][ T7581] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 272.590162][ T7580] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 272.592918][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 272.852449][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 272.870155][ T7590] netlink: 8 bytes leftover after parsing attributes in process `syz.4.364'. [ 272.880128][ T7590] netlink: 8 bytes leftover after parsing attributes in process `syz.4.364'. [ 272.941191][ T7590] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 273.332019][ T7608] loop2: detected capacity change from 0 to 512 [ 273.363701][ T7609] loop0: detected capacity change from 0 to 128 [ 273.372215][ T7609] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 273.395567][ T7602] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=64 (128 ns) > initial count (34 ns). Using initial count to start timer. [ 273.528634][ T7611] loop4: detected capacity change from 0 to 2048 [ 273.567037][ T7611] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 273.584968][ T7611] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 273.668073][ T7611] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 274.831347][ T7630] loop2: detected capacity change from 0 to 512 [ 274.848906][ T7630] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 274.899771][ T7630] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 274.908948][ T7630] System zones: 1-12 [ 274.938576][ T7630] EXT4-fs (loop2): 1 truncate cleaned up [ 274.952921][ T7630] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 275.865500][ T7638] loop3: detected capacity change from 0 to 512 [ 275.931597][ T7638] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 276.034497][ T7638] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 276.043435][ T7638] System zones: 1-12 [ 276.065103][ T7638] EXT4-fs (loop3): 1 truncate cleaned up [ 276.079530][ T7638] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 276.165967][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 276.327122][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 276.366807][ T7641] loop2: detected capacity change from 0 to 1024 [ 276.474650][ T7641] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 276.561090][ T7641] ext4 filesystem being mounted at /78/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 276.577585][ T7647] loop3: detected capacity change from 0 to 512 [ 276.592868][ T7647] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 276.627120][ T7647] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 276.635529][ T7647] System zones: 1-12 [ 276.641152][ T7647] EXT4-fs (loop3): 1 truncate cleaned up [ 276.654595][ T7620] loop0: detected capacity change from 0 to 32768 [ 276.656259][ T7647] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 276.717579][ T7641] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 276.877431][ T7653] loop1: detected capacity change from 0 to 512 [ 276.982643][ T7653] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 277.017008][ T7653] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 277.025983][ T7653] System zones: 1-12 [ 277.034778][ T7653] EXT4-fs (loop1): 1 truncate cleaned up [ 277.042504][ T7653] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 277.631342][ T5833] Bluetooth: hci5: command 0x1003 tx timeout [ 277.641250][ T5841] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 277.849905][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.879176][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.173449][ T7659] netlink: 4 bytes leftover after parsing attributes in process `syz.2.380'. [ 278.192930][ T7659] ipvlan2: entered promiscuous mode [ 278.205656][ T7659] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 278.243854][ T7659] team0: Device ipvlan2 is already an upper device of the team interface [ 278.317211][ T7664] loop3: detected capacity change from 0 to 2048 [ 278.349432][ T7664] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 278.383590][ T7664] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 278.432287][ T7664] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 278.642863][ T7667] tmpfs: Bad value for 'mpol' [ 279.525862][ T7675] loop2: detected capacity change from 0 to 512 [ 279.581496][ T7675] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 279.626493][ T7675] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 279.635069][ T7675] System zones: 1-12 [ 279.719739][ T7675] EXT4-fs (loop2): 1 truncate cleaned up [ 279.735255][ T7675] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 280.184897][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.417263][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.529832][ T7662] loop4: detected capacity change from 0 to 32768 [ 280.537735][ T7662] btrfs: Unknown parameter 'posixacl' [ 281.379271][ T7690] loop3: detected capacity change from 0 to 512 [ 281.413741][ T7691] loop1: detected capacity change from 0 to 512 [ 281.650958][ T7691] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 281.665022][ T7690] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 281.717439][ T7691] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 281.725952][ T7691] System zones: 1-12 [ 281.742395][ T7691] EXT4-fs (loop1): 1 truncate cleaned up [ 281.756410][ T7691] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 281.921726][ T7690] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 281.930860][ T7690] System zones: 1-12 [ 281.959835][ T7690] EXT4-fs (loop3): 1 truncate cleaned up [ 281.974940][ T7690] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 282.200977][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 282.228648][ T7699] FAULT_INJECTION: forcing a failure. [ 282.228648][ T7699] name failslab, interval 1, probability 0, space 0, times 0 [ 282.337761][ T7699] CPU: 1 UID: 0 PID: 7699 Comm: syz.0.390 Not tainted 6.15.0-rc1-next-20250411-syzkaller #0 PREEMPT(full) [ 282.337789][ T7699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 282.337800][ T7699] Call Trace: [ 282.337808][ T7699] [ 282.337814][ T7699] dump_stack_lvl+0x241/0x360 [ 282.337847][ T7699] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.337866][ T7699] ? __pfx__printk+0x10/0x10 [ 282.337892][ T7699] ? __pfx___might_resched+0x10/0x10 [ 282.337915][ T7699] should_fail_ex+0x424/0x570 [ 282.337943][ T7699] should_failslab+0xac/0x100 [ 282.337967][ T7699] kmem_cache_alloc_noprof+0x78/0x390 [ 282.337985][ T7699] ? key_alloc+0x341/0xff0 [ 282.338010][ T7699] ? key_user_lookup+0x1b2/0x450 [ 282.338029][ T7699] key_alloc+0x341/0xff0 [ 282.338059][ T7699] keyring_alloc+0x44/0xb0 [ 282.338081][ T7699] join_session_keyring+0x152/0x470 [ 282.338102][ T7699] lookup_user_key+0x591/0x15b0 [ 282.338116][ T7699] ? __lock_acquire+0xad5/0xd80 [ 282.338139][ T7699] ? __pfx_lookup_user_key+0x10/0x10 [ 282.338157][ T7699] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 282.338182][ T7699] ? _copy_from_user+0x95/0xb0 [ 282.338201][ T7699] ? memdup_user+0x99/0xd0 [ 282.338221][ T7699] __se_sys_request_key+0x200/0x3c0 [ 282.338244][ T7699] ? __pfx___se_sys_request_key+0x10/0x10 [ 282.338275][ T7699] ? do_syscall_64+0xb6/0x230 [ 282.338298][ T7699] do_syscall_64+0xf3/0x230 [ 282.338317][ T7699] ? clear_bhb_loop+0x45/0xa0 [ 282.338337][ T7699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.338353][ T7699] RIP: 0033:0x7f480298d169 [ 282.338370][ T7699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.338385][ T7699] RSP: 002b:00007f48007f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 282.338404][ T7699] RAX: ffffffffffffffda RBX: 00007f4802ba6080 RCX: 00007f480298d169 [ 282.338414][ T7699] RDX: 0000000000000000 RSI: 0000200000000800 RDI: 00002000000007c0 [ 282.338425][ T7699] RBP: 00007f48007f6090 R08: 0000000000000000 R09: 0000000000000000 [ 282.338434][ T7699] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000001 [ 282.338444][ T7699] R13: 0000000000000001 R14: 00007f4802ba6080 R15: 00007fff6a5f1858 [ 282.338469][ T7699] [ 283.126564][ T7713] loop0: detected capacity change from 0 to 128 [ 283.134555][ T7713] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 284.463714][ T7722] loop1: detected capacity change from 0 to 512 [ 284.480824][ T7722] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 284.515687][ T7722] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 284.524035][ T7722] System zones: 1-12 [ 284.530743][ T7722] EXT4-fs (loop1): 1 truncate cleaned up [ 284.538215][ T7722] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 284.593267][ T7723] loop0: detected capacity change from 0 to 1024 [ 286.161220][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.535416][ T12] hfsplus: b-tree write err: -5, ino 4 [ 286.552568][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.651698][ T7749] netlink: 16 bytes leftover after parsing attributes in process `syz.3.401'. [ 287.671970][ T7749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 287.779534][ T7751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 287.863262][ T7749] loop3: detected capacity change from 0 to 8 [ 288.113383][ T7749] SQUASHFS error: Failed to read block 0x62: -5 [ 288.119834][ T7749] squashfs image failed sanity check [ 288.343979][ T7747] loop3: detected capacity change from 0 to 32768 [ 288.363001][ T7747] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.401 (7747) [ 288.383386][ T7747] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 288.395197][ T7747] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm [ 288.404103][ T7747] BTRFS info (device loop3): using free-space-tree [ 288.434654][ T7758] FAULT_INJECTION: forcing a failure. [ 288.434654][ T7758] name failslab, interval 1, probability 0, space 0, times 0 [ 288.448483][ T7758] CPU: 0 UID: 0 PID: 7758 Comm: syz.4.408 Not tainted 6.15.0-rc1-next-20250411-syzkaller #0 PREEMPT(full) [ 288.448526][ T7758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 288.448537][ T7758] Call Trace: [ 288.448545][ T7758] [ 288.448552][ T7758] dump_stack_lvl+0x241/0x360 [ 288.448585][ T7758] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.448608][ T7758] ? __pfx__printk+0x10/0x10 [ 288.448634][ T7758] ? __pfx___might_resched+0x10/0x10 [ 288.448667][ T7758] should_fail_ex+0x424/0x570 [ 288.448696][ T7758] should_failslab+0xac/0x100 [ 288.448721][ T7758] __kmalloc_noprof+0xdf/0x4d0 [ 288.448740][ T7758] ? __pfx_ovs_flow_cmd_dump+0x10/0x10 [ 288.448759][ T7758] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 288.448788][ T7758] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 288.448817][ T7758] genl_rcv_msg+0x819/0xf00 [ 288.448848][ T7758] ? __pfx_genl_rcv_msg+0x10/0x10 [ 288.448867][ T7758] ? __dev_queue_xmit+0x1780/0x3f60 [ 288.448888][ T7758] ? kasan_save_track+0x3f/0x80 [ 288.448904][ T7758] ? __kasan_slab_alloc+0x66/0x80 [ 288.448927][ T7758] ? do_syscall_64+0xf3/0x230 [ 288.448961][ T7758] ? __lock_acquire+0xad5/0xd80 [ 288.448979][ T7758] ? __pfx_ovs_flow_cmd_get+0x10/0x10 [ 288.449012][ T7758] netlink_rcv_skb+0x208/0x480 [ 288.449032][ T7758] ? __pfx_genl_rcv_msg+0x10/0x10 [ 288.449054][ T7758] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 288.449093][ T7758] ? netlink_deliver_tap+0x2e/0x1b0 [ 288.449118][ T7758] genl_rcv+0x28/0x40 [ 288.449138][ T7758] netlink_unicast+0x7f8/0x9a0 [ 288.449164][ T7758] ? __pfx_netlink_unicast+0x10/0x10 [ 288.449183][ T7758] ? skb_put+0x114/0x1f0 [ 288.449208][ T7758] netlink_sendmsg+0x8c3/0xcd0 [ 288.449239][ T7758] ? __pfx_netlink_sendmsg+0x10/0x10 [ 288.449261][ T7758] ? aa_sock_msg_perm+0xf3/0x1d0 [ 288.449287][ T7758] ? __pfx_netlink_sendmsg+0x10/0x10 [ 288.449303][ T7758] __sock_sendmsg+0x221/0x270 [ 288.449324][ T7758] ____sys_sendmsg+0x523/0x860 [ 288.449354][ T7758] ? __pfx_____sys_sendmsg+0x10/0x10 [ 288.449373][ T7758] ? __fget_files+0x2a/0x420 [ 288.449399][ T7758] ? __fget_files+0x2a/0x420 [ 288.449430][ T7758] __sys_sendmsg+0x28a/0x380 [ 288.449456][ T7758] ? __pfx___sys_sendmsg+0x10/0x10 [ 288.449533][ T7758] ? do_syscall_64+0xb6/0x230 [ 288.449554][ T7758] do_syscall_64+0xf3/0x230 [ 288.449573][ T7758] ? clear_bhb_loop+0x45/0xa0 [ 288.449593][ T7758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.449609][ T7758] RIP: 0033:0x7f6a9e78d169 [ 288.449625][ T7758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.449639][ T7758] RSP: 002b:00007f6a9f557038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 288.449666][ T7758] RAX: ffffffffffffffda RBX: 00007f6a9e9a5fa0 RCX: 00007f6a9e78d169 [ 288.449678][ T7758] RDX: 0000000000000084 RSI: 0000200000000000 RDI: 0000000000000003 [ 288.449687][ T7758] RBP: 00007f6a9f557090 R08: 0000000000000000 R09: 0000000000000000 [ 288.449696][ T7758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.449710][ T7758] R13: 0000000000000000 R14: 00007f6a9e9a5fa0 R15: 00007fffe009fcd8 [ 288.449737][ T7758] [ 288.910028][ T7747] BTRFS info (device loop3): rebuilding free space tree [ 288.914340][ T52] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 289.145618][ T7739] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 289.315164][ T52] usb 2-1: config 0 has an invalid interface number: 149 but max is 0 [ 289.330646][ T52] usb 2-1: config 0 has no interface number 0 [ 289.336819][ T52] usb 2-1: config 0 interface 149 has no altsetting 0 [ 289.381162][ T52] usb 2-1: New USB device found, idVendor=357d, idProduct=7788, bcdDevice=36.2f [ 289.411645][ T52] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.436747][ T7779] xt_CT: No such helper "snmp" [ 289.444580][ T52] usb 2-1: config 0 descriptor?? [ 289.571188][ T7783] gtp0: entered promiscuous mode [ 289.576264][ T7783] gtp0: entered allmulticast mode [ 289.656885][ T7744] loop0: detected capacity change from 0 to 32768 [ 289.763044][ T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 289.775146][ T7776] netlink: 'syz.4.409': attribute type 39 has an invalid length. [ 289.920173][ T7754] netlink: 6 bytes leftover after parsing attributes in process `syz.1.407'. [ 289.929534][ T7754] netlink: 6 bytes leftover after parsing attributes in process `syz.1.407'. [ 289.957786][ T5827] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 289.987460][ T7744] [ 289.987460][ T7744] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 289.987460][ T7744] [ 290.029340][ T7788] loop1: detected capacity change from 0 to 512 [ 290.058350][ T7788] EXT4-fs error (device loop1): ext4_orphan_get:1390: comm syz.1.407: inode #15: comm syz.1.407: iget: illegal inode # [ 290.078718][ T7788] EXT4-fs error (device loop1): ext4_orphan_get:1395: comm syz.1.407: couldn't read orphan inode 15 (err -117) [ 290.098960][ T7788] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 290.122516][ T7788] netlink: 8 bytes leftover after parsing attributes in process `syz.1.407'. [ 290.132272][ T7788] netlink: 8 bytes leftover after parsing attributes in process `syz.1.407'. [ 290.146447][ T24] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 290.157029][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.172505][ T24] usb 3-1: config 0 descriptor?? [ 290.315103][ T7744] find_entry called with index = 0 [ 290.379535][ T7744] read_mapping_page failed! [ 290.419260][ T7744] ERROR: (device loop0): txCommit: [ 290.419260][ T7744] [ 290.616749][ T24] usb 3-1: Cannot read MAC address [ 290.622485][ T24] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 290.671895][ T12] ERROR: (device loop0): diWrite: ixpxd invalid [ 290.671895][ T12] [ 290.695843][ T24] usb 3-1: USB disconnect, device number 7 [ 290.709897][ T12] ERROR: (device loop0): txCommit: [ 290.709897][ T12] [ 290.754390][ T12] jfs_write_inode: jfs_commit_inode failed! [ 290.796167][ T5826] [ 290.796167][ T5826] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 290.796167][ T5826] [ 290.836658][ T5826] [ 290.836658][ T5826] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 290.836658][ T5826] [ 291.124665][ T7801] loop3: detected capacity change from 0 to 512 [ 291.133072][ T7801] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 291.244077][ T7801] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 291.252492][ T7801] System zones: 1-12 [ 291.268087][ T7801] EXT4-fs (loop3): 1 truncate cleaned up [ 291.276039][ T7801] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 291.459946][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.528627][ T52] usb 2-1: string descriptor 0 read error: -71 [ 291.541551][ T52] usb-storage 2-1:0.149: USB Mass Storage device detected [ 291.585296][ T52] usb-storage 2-1:0.149: Quirks match for vid 357d pid 7788: 4800000 [ 291.674423][ T52] usb 2-1: USB disconnect, device number 5 [ 291.928944][ T7811] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 292.004458][ T5897] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 292.016692][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.027076][ T7812] loop4: detected capacity change from 0 to 32768 [ 292.035979][ T7812] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.418 (7812) [ 292.070315][ T7812] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 292.077865][ T7813] loop2: detected capacity change from 0 to 4096 [ 292.081806][ T7812] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 292.095705][ T7812] BTRFS info (device loop4): using free-space-tree [ 292.180950][ T7821] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 292.200752][ T5897] usb 1-1: Using ep0 maxpacket: 32 [ 292.220963][ T5897] usb 1-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice= 6.87 [ 292.267463][ T5897] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.291211][ T5897] usb 1-1: config 0 descriptor?? [ 292.428438][ T7806] NILFS error (device loop2): nilfs_dotdot: directory #12 missing '.' [ 292.460599][ T5934] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 292.542324][ T7806] Remounting filesystem read-only [ 292.547791][ T5897] usb 1-1: string descriptor 0 read error: -71 [ 292.573400][ T5897] usb 1-1: probing VID:PID(2201:012C) [ 292.597406][ T5897] usb 1-1: Could not find two sets of bulk-in/out endpoint pairs [ 292.634799][ T5897] vub300 1-1:0.0: probe with driver vub300 failed with error -22 [ 292.666339][ T5897] usb 1-1: USB disconnect, device number 11 [ 292.670869][ T5825] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 292.700535][ T5934] usb 2-1: Using ep0 maxpacket: 16 [ 292.718105][ T5934] usb 2-1: config 0 has an invalid interface number: 236 but max is 0 [ 292.730504][ T5934] usb 2-1: config 0 has no interface number 0 [ 292.747332][ T5934] usb 2-1: config 0 interface 236 altsetting 0 bulk endpoint 0xA has invalid maxpacket 16 [ 292.770488][ T5934] usb 2-1: config 0 interface 236 altsetting 0 endpoint 0x83 has invalid maxpacket 1104, setting to 1024 [ 292.827123][ T5831] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 292.840688][ T5934] usb 2-1: config 0 interface 236 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 292.861640][ T5934] usb 2-1: New USB device found, idVendor=f205, idProduct=b038, bcdDevice=26.19 [ 292.871698][ T5934] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.880038][ T5934] usb 2-1: Product: syz [ 292.889719][ T5934] usb 2-1: Manufacturer: syz [ 292.896466][ T5934] usb 2-1: SerialNumber: syz [ 292.933907][ T5934] usb 2-1: config 0 descriptor?? [ 292.949687][ T7826] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 292.964906][ T7826] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 292.999182][ T5934] usb-storage 2-1:0.236: USB Mass Storage device detected [ 293.057364][ T5934] scsi host1: usb-storage 2-1:0.236 [ 293.210702][ T5897] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 293.401907][ T5897] usb 3-1: Using ep0 maxpacket: 32 [ 293.481383][ T5897] usb 3-1: unable to get BOS descriptor or descriptor too short [ 293.533563][ T5897] usb 3-1: config 9 has an invalid interface number: 196 but max is 0 [ 293.567022][ T7856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.578315][ T5897] usb 3-1: config 9 has no interface number 0 [ 293.650801][ T5897] usb 3-1: config 9 interface 196 has no altsetting 0 [ 293.658884][ T7856] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 293.745398][ T5897] usb 3-1: New USB device found, idVendor=7dd8, idProduct=d075, bcdDevice=b4.e4 [ 293.778186][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.798852][ T5897] usb 3-1: Product: syz [ 293.817532][ T5897] usb 3-1: Manufacturer: syz [ 293.823894][ T5897] usb 3-1: SerialNumber: syz [ 293.871115][ T7857] ptrace attach of "./syz-executor exec"[5827] was attempted by ""[7857] [ 294.606584][ T5897] usb 3-1: USB disconnect, device number 8 [ 294.727392][ T7847] usb 2-1: reset high-speed USB device number 6 using dummy_hcd [ 295.571120][ T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 295.832477][ T5934] usb 2-1: USB disconnect, device number 6 [ 296.662478][ T24] usb 4-1: device descriptor read/64, error -71 [ 296.990750][ T24] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 297.160585][ T24] usb 4-1: device descriptor read/64, error -71 [ 297.281212][ T24] usb usb4-port1: attempt power cycle [ 297.648323][ T7893] loop2: detected capacity change from 0 to 2048 [ 297.661139][ T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 297.728935][ T24] usb 4-1: device descriptor read/8, error -71 [ 297.755303][ T7893] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 297.790733][ T7893] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 297.934770][ T30] audit: type=1800 audit(1744499808.168:3): pid=7893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.435" name="file0" dev="loop2" ino=13 res=0 errno=0 [ 297.938806][ T7893] fs-verity: sha512 using implementation "sha512-avx2" [ 297.955097][ C1] vkms_vblank_simulate: vblank timer overrun [ 298.046288][ T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 298.125182][ T24] usb 4-1: device descriptor read/8, error -71 [ 298.560982][ T24] usb usb4-port1: unable to enumerate USB device [ 298.701238][ T7893] fs-verity (loop2, inode 13): Error -4 building Merkle tree [ 298.827436][ T7884] loop0: detected capacity change from 0 to 32768 [ 298.857211][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.872740][ T7884] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.433 (7884) [ 298.944761][ T7895] loop4: detected capacity change from 0 to 32768 [ 298.960283][ T7884] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 298.984829][ T7884] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 299.006498][ T7889] loop1: detected capacity change from 0 to 32768 [ 299.015675][ T7884] BTRFS info (device loop0): using free-space-tree [ 299.188603][ T7889] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 299.247948][ T7884] BTRFS info (device loop0): rebuilding free space tree [ 299.593518][ T7895] bond0: entered promiscuous mode [ 299.654562][ T7902] loop3: detected capacity change from 0 to 32768 [ 299.676246][ T7902] btrfs: Deprecated parameter 'usebackuproot' [ 299.698895][ T7902] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 299.701846][ T7889] XFS (loop1): Ending clean mount [ 299.782687][ T7902] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.438 (7902) [ 299.804673][ T7889] XFS (loop1): Quotacheck needed: Please wait. [ 299.970581][ T7943] loop4: detected capacity change from 0 to 512 [ 300.484831][ T7943] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 300.573042][ T7943] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 300.582642][ T7943] System zones: 1-12 [ 300.603535][ T7943] EXT4-fs (loop4): 1 truncate cleaned up [ 300.613595][ T7943] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 300.695066][ T7902] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 300.729556][ T5959] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 300.749024][ T5826] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 300.750944][ T7902] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm [ 300.890782][ T7889] XFS (loop1): Quotacheck: Done. [ 300.896158][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 300.905612][ T7902] BTRFS info (device loop3): disk space caching is enabled [ 300.930969][ T7902] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 301.028254][ T5829] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 301.256036][ T7902] BTRFS info (device loop3): rebuilding free space tree [ 301.433297][ T7902] BTRFS info (device loop3): disabling free space tree [ 301.440324][ T7902] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 301.453873][ T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 301.520631][ T7902] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 301.673715][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 301.710511][ T24] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 301.719619][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.778668][ T5827] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 301.793934][ T24] usb 5-1: config 0 descriptor?? [ 301.837195][ T24] pwc: Askey VC010 type 2 USB webcam detected. [ 302.009265][ T7981] loop2: detected capacity change from 0 to 128 [ 302.017737][ T7981] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 302.100574][ T5934] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 302.273707][ T24] pwc: recv_control_msg error -32 req 02 val 2b00 [ 302.289398][ T5934] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 302.308477][ T24] pwc: recv_control_msg error -32 req 02 val 2700 [ 302.356532][ T5934] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 302.437404][ T5934] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 302.500950][ T5934] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.572600][ T5934] usb 2-1: config 0 descriptor?? [ 302.598677][ T24] pwc: recv_control_msg error -32 req 02 val 2c00 [ 302.635491][ T24] pwc: recv_control_msg error -32 req 04 val 1000 [ 302.659025][ T24] pwc: recv_control_msg error -32 req 04 val 1300 [ 302.687122][ T5934] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 302.709287][ T5934] dvb-usb: bulk message failed: -22 (3/0) [ 302.760077][ T24] pwc: recv_control_msg error -32 req 04 val 1400 [ 302.768850][ T24] pwc: recv_control_msg error -32 req 02 val 2000 [ 302.857761][ T5934] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 303.146575][ T5934] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 303.209806][ T5934] usb 2-1: media controller created [ 303.862178][ T5934] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 303.907897][ T5934] dvb-usb: bulk message failed: -22 (6/0) [ 303.923237][ T5934] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 303.938368][ T5934] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input5 [ 303.961864][ T5934] dvb-usb: schedule remote query interval to 150 msecs. [ 303.968967][ T5934] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 304.047194][ T7962] loop4: detected capacity change from 0 to 4096 [ 304.123764][ T5934] dvb-usb: bulk message failed: -22 (1/0) [ 304.133600][ T5934] dvb-usb: error while querying for an remote control event. [ 304.196331][ T7962] fscrypt: Error allocating hmac(sha512): -2 [ 304.322476][ T5934] dvb-usb: bulk message failed: -22 (1/0) [ 304.353585][ T5934] dvb-usb: error while querying for an remote control event. [ 304.444187][ T24] pwc: recv_control_msg error -71 req 02 val 2100 [ 304.466625][ T24] pwc: recv_control_msg error -71 req 04 val 1500 [ 304.488610][ T24] pwc: recv_control_msg error -71 req 02 val 2500 [ 304.527912][ T24] pwc: recv_control_msg error -71 req 02 val 2400 [ 304.550557][ T5934] dvb-usb: bulk message failed: -22 (1/0) [ 304.567324][ T24] pwc: recv_control_msg error -71 req 02 val 2600 [ 304.584800][ T5934] dvb-usb: error while querying for an remote control event. [ 304.600736][ T24] pwc: recv_control_msg error -71 req 02 val 2900 [ 304.641667][ T24] pwc: recv_control_msg error -71 req 02 val 2800 [ 304.800659][ T5897] dvb-usb: bulk message failed: -22 (1/0) [ 304.852801][ T24] pwc: recv_control_msg error -71 req 04 val 1100 [ 304.861786][ T24] pwc: recv_control_msg error -71 req 04 val 1200 [ 305.212219][ T24] pwc: Registered as video103. [ 305.440872][ T5897] dvb-usb: error while querying for an remote control event. [ 305.455024][ T5897] usb 2-1: USB disconnect, device number 7 [ 305.566636][ T24] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input6 [ 305.592265][ T8010] loop0: detected capacity change from 0 to 128 [ 305.602005][ T8010] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 305.614514][ T5934] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 305.709566][ T8012] netlink: 112 bytes leftover after parsing attributes in process `syz.1.452'. [ 305.781102][ T8012] fuse: Bad value for 'fd' [ 305.920556][ T5934] usb 4-1: Using ep0 maxpacket: 8 [ 305.932118][ T5934] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 305.981785][ T24] usb 5-1: USB disconnect, device number 8 [ 306.012020][ T5934] usb 4-1: New USB device found, idVendor=04e7, idProduct=0020, bcdDevice=36.e1 [ 306.078019][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.142499][ T5934] usb 4-1: Product: syz [ 306.164405][ T5934] usb 4-1: Manufacturer: syz [ 306.171872][ T7995] loop2: detected capacity change from 0 to 32768 [ 306.172476][ T5897] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 306.187098][ T5934] usb 4-1: SerialNumber: syz [ 306.227026][ T7995] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.448 (7995) [ 306.236227][ T5934] usb 4-1: config 0 descriptor?? [ 306.304287][ T5934] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input7 [ 306.318639][ T7995] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 306.388377][ T7995] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm [ 306.467804][ T7995] BTRFS info (device loop2): using free-space-tree [ 306.518741][ T5934] usb 4-1: USB disconnect, device number 9 [ 306.981268][ T8045] netlink: 'syz.4.453': attribute type 39 has an invalid length. [ 306.996388][ T8049] gtp1: entered promiscuous mode [ 307.001892][ T8049] gtp1: entered allmulticast mode [ 307.204534][ T7995] BTRFS error (device loop2): open_ctree failed: -4 [ 308.082216][ T8069] loop2: detected capacity change from 0 to 64 [ 308.105618][ T8066] Bluetooth: MGMT ver 1.23 [ 309.156451][ T8066] loop3: detected capacity change from 0 to 40427 [ 309.193620][ T8066] F2FS-fs (loop3): invalid crc value [ 309.334028][ T8066] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 310.880682][ T5841] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 310.928416][ T8080] loop2: detected capacity change from 0 to 262144 [ 310.935744][ T8080] btrfs: Deprecated parameter 'usebackuproot' [ 310.941897][ T8080] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 310.951948][ T8080] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.461 (8080) [ 310.966825][ T8080] BTRFS info (device loop2): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 310.977240][ T8080] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 310.986562][ T8080] BTRFS info (device loop2): disk space caching is enabled [ 310.993837][ T8080] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 311.177279][ T8099] loop0: detected capacity change from 0 to 512 [ 311.247247][ T8080] BTRFS info (device loop2): rebuilding free space tree [ 311.274697][ T8080] BTRFS info (device loop2): disabling free space tree [ 311.281775][ T8080] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 311.291489][ T8080] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 311.311564][ T8099] EXT4-fs: Ignoring removed bh option [ 311.361011][ T8099] EXT4-fs: Ignoring removed mblk_io_submit option [ 311.370608][ T52] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 311.468375][ T8099] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 311.489075][ T5825] BTRFS info (device loop2): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53 [ 311.550657][ T8099] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 311.581625][ T8099] EXT4-fs (loop0): orphan cleanup on readonly fs [ 311.600142][ T8099] Quota error (device loop0): do_insert_tree: Free block already used in tree: block 4 [ 311.617619][ T52] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 311.644556][ T8099] Quota error (device loop0): qtree_write_dquot: Error -5 occurred while creating quota [ 311.661196][ T52] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 311.680225][ T52] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 311.689706][ T8099] EXT4-fs error (device loop0): ext4_acquire_dquot:6935: comm syz.0.463: Failed to acquire dquot type 1 [ 311.695797][ T8099] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.463: Invalid block bitmap block 0 in block_group 0 [ 311.727321][ T52] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.761886][ T52] usb 5-1: config 0 descriptor?? [ 311.773787][ T52] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 311.794686][ T8099] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.463: Invalid block bitmap block 0 in block_group 0 [ 311.819546][ T52] dvb-usb: bulk message failed: -22 (3/0) [ 311.846462][ T52] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 311.857371][ T8107] loop1: detected capacity change from 0 to 512 [ 311.859452][ T52] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 311.871625][ T8107] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 311.875399][ T8099] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.463: Invalid block bitmap block 0 in block_group 0 [ 311.904915][ T52] usb 5-1: media controller created [ 311.923312][ T8107] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 311.927165][ T52] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 311.932847][ T8107] System zones: 1-12 [ 311.948499][ T8107] EXT4-fs (loop1): 1 truncate cleaned up [ 311.955851][ T8107] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 311.958468][ T52] dvb-usb: bulk message failed: -22 (6/0) [ 311.974097][ T52] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 311.984916][ T52] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input8 [ 312.023106][ T52] dvb-usb: schedule remote query interval to 150 msecs. [ 312.030139][ T52] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 312.179482][ T8099] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.463: Invalid block bitmap block 0 in block_group 0 [ 312.212129][ T52] dvb-usb: bulk message failed: -22 (1/0) [ 312.217980][ T52] dvb-usb: error while querying for an remote control event. [ 312.762094][ T8099] Quota error (device loop0): write_blk: dquota write failed [ 312.856033][ T8099] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 312.869144][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 312.883568][ T8099] EXT4-fs error (device loop0): ext4_acquire_dquot:6935: comm syz.0.463: Failed to acquire dquot type 1 [ 312.930899][ T52] dvb-usb: bulk message failed: -22 (1/0) [ 312.952553][ T52] dvb-usb: error while querying for an remote control event. [ 312.993202][ T8099] Quota error (device loop0): write_blk: dquota write failed [ 313.023719][ T8099] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 313.063624][ T8099] EXT4-fs error (device loop0): ext4_acquire_dquot:6935: comm syz.0.463: Failed to acquire dquot type 1 [ 313.097831][ T8099] EXT4-fs (loop0): 1 orphan inode deleted [ 313.126250][ T8116] loop3: detected capacity change from 0 to 1024 [ 313.133990][ T8099] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 313.144066][ T8116] EXT4-fs: Ignoring removed nobh option [ 313.149096][ T52] dvb-usb: bulk message failed: -22 (1/0) [ 313.169021][ T8116] EXT4-fs: Ignoring removed bh option [ 313.177393][ T52] dvb-usb: error while querying for an remote control event. [ 313.210357][ T8116] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 313.428945][ T52] dvb-usb: bulk message failed: -22 (1/0) [ 313.434890][ T52] dvb-usb: error while querying for an remote control event. [ 313.452288][ T8121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.464'. [ 313.583094][ T8122] EXT4-fs error (device loop0): ext4_lookup:1793: inode #2: comm syz.0.463: deleted inode referenced: 12 [ 313.600718][ T52] dvb-usb: bulk message failed: -22 (1/0) [ 313.609900][ T52] dvb-usb: error while querying for an remote control event. [ 313.698821][ T8114] loop1: detected capacity change from 0 to 32768 [ 313.712531][ T8114] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.467 (8114) [ 313.764171][ T8114] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 313.776240][ T8114] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 313.788444][ T52] dvb-usb: bulk message failed: -22 (1/0) [ 313.800539][ T52] dvb-usb: error while querying for an remote control event. [ 313.812627][ T8099] syz.0.463 (8099) used greatest stack depth: 18016 bytes left [ 313.822382][ T8114] BTRFS info (device loop1): using free-space-tree [ 313.855409][ T8115] orangefs_mount: mount request failed with -4 [ 313.980567][ T52] dvb-usb: bulk message failed: -22 (1/0) [ 313.992664][ T52] dvb-usb: error while querying for an remote control event. [ 314.024825][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 314.041734][ T8114] BTRFS info (device loop1): rebuilding free space tree [ 314.144573][ T52] usb 5-1: USB disconnect, device number 9 [ 314.287628][ T52] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 314.619030][ T5829] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 314.845864][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.083331][ T8154] loop3: detected capacity change from 0 to 512 [ 315.116960][ T8154] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 315.165988][ T8154] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 315.174600][ T8154] System zones: 1-12 [ 315.187467][ T8154] EXT4-fs (loop3): 1 truncate cleaned up [ 315.201501][ T8154] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 315.733684][ T8158] loop2: detected capacity change from 0 to 128 [ 315.741416][ T8158] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 316.822611][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.119151][ T8172] loop0: detected capacity change from 0 to 512 [ 317.129161][ T8172] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 317.162021][ T8171] IPVS: sync thread started: state = MASTER, mcast_ifn = macvlan1, syncid = -1, id = 0 [ 317.198463][ T8164] loop1: detected capacity change from 0 to 1024 [ 317.215350][ T8172] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 317.223766][ T8172] System zones: 1-12 [ 317.239436][ T8172] EXT4-fs (loop0): 1 truncate cleaned up [ 317.246912][ T8172] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 317.336458][ T8178] loop3: detected capacity change from 0 to 64 [ 317.760768][ T8164] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 317.805058][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.817122][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.831591][ T8181] loop2: detected capacity change from 0 to 256 [ 318.032989][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 318.068811][ T8184] xt_nfacct: accounting object `syz1' does not exists [ 318.351839][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 318.499169][ T8190] loop3: detected capacity change from 0 to 2048 [ 318.560629][ T52] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 318.585046][ T8190] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 318.613272][ T8190] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 318.644844][ T8190] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 318.771462][ T52] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 318.824633][ T52] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 318.908779][ T52] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 318.997376][ T52] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.920250][ T52] usb 1-1: config 0 descriptor?? [ 319.963018][ T52] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 319.969728][ T52] dvb-usb: bulk message failed: -22 (3/0) [ 320.012602][ T52] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 320.124134][ T52] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 320.135744][ T52] usb 1-1: media controller created [ 320.143214][ T52] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 320.266113][ T8189] loop4: detected capacity change from 0 to 32768 [ 320.278642][ T8203] FAULT_INJECTION: forcing a failure. [ 320.278642][ T8203] name failslab, interval 1, probability 0, space 0, times 0 [ 320.299419][ T8204] loop3: detected capacity change from 0 to 512 [ 320.330976][ T8189] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.482 (8189) [ 320.356015][ T8204] EXT4-fs: Ignoring removed bh option [ 320.364036][ T8203] CPU: 0 UID: 0 PID: 8203 Comm: syz.2.485 Not tainted 6.15.0-rc1-next-20250411-syzkaller #0 PREEMPT(full) [ 320.364061][ T8203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 320.364071][ T8203] Call Trace: [ 320.364078][ T8203] [ 320.364085][ T8203] dump_stack_lvl+0x241/0x360 [ 320.364119][ T8203] ? __pfx_dump_stack_lvl+0x10/0x10 [ 320.364149][ T8203] ? __pfx__printk+0x10/0x10 [ 320.364174][ T8203] ? __pfx___might_resched+0x10/0x10 [ 320.364196][ T8203] should_fail_ex+0x424/0x570 [ 320.364222][ T8203] should_failslab+0xac/0x100 [ 320.364244][ T8203] kmem_cache_alloc_noprof+0x78/0x390 [ 320.364262][ T8203] ? ptlock_alloc+0x20/0x70 [ 320.364286][ T8203] ptlock_alloc+0x20/0x70 [ 320.364305][ T8203] pte_alloc_one+0x6d/0x160 [ 320.364322][ T8203] __pte_alloc+0x7b/0x240 [ 320.364340][ T8203] ? __pfx___pte_alloc+0x10/0x10 [ 320.364354][ T8203] ? kasan_save_track+0x51/0x80 [ 320.364369][ T8203] ? __kasan_slab_alloc+0x66/0x80 [ 320.364383][ T8203] ? kmem_cache_alloc_noprof+0x1e1/0x390 [ 320.364400][ T8203] ? __pmd_alloc+0x118/0x440 [ 320.364421][ T8203] handle_pte_fault+0x4ede/0x61c0 [ 320.364444][ T8203] ? __mod_memcg_lruvec_state+0x301/0x4f0 [ 320.364471][ T8203] ? __pfx_handle_pte_fault+0x10/0x10 [ 320.364485][ T8203] ? __lruvec_stat_mod_folio+0x7d/0x300 [ 320.364508][ T8203] ? __lock_acquire+0xad5/0xd80 [ 320.364528][ T8203] ? do_raw_spin_lock+0x151/0x370 [ 320.364554][ T8203] ? do_raw_spin_unlock+0x13c/0x8b0 [ 320.364576][ T8203] ? _raw_spin_unlock+0x28/0x50 [ 320.364590][ T8203] ? __pmd_alloc+0x37f/0x440 [ 320.364611][ T8203] ? __pfx___pmd_alloc+0x10/0x10 [ 320.364640][ T8203] handle_mm_fault+0x1129/0x1bf0 [ 320.364659][ T8203] ? mt_find+0x28a/0x8f0 [ 320.364704][ T8203] ? __pfx_handle_mm_fault+0x10/0x10 [ 320.364748][ T8203] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 320.364769][ T8203] exc_page_fault+0x29e/0x8e0 [ 320.364796][ T8203] asm_exc_page_fault+0x26/0x30 [ 320.364813][ T8203] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 320.364839][ T8203] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 320.364853][ T8203] RSP: 0018:ffffc9001bfefa18 EFLAGS: 00050202 [ 320.364869][ T8203] RAX: 00007ffffffff001 RBX: 0000200000000000 RCX: 0000000000000050 [ 320.364880][ T8203] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffc9001bfefb50 [ 320.364890][ T8203] RBP: ffffc9001bfefd10 R08: ffffc9001bfefb9f R09: 1ffff920037fdf73 [ 320.364902][ T8203] R10: dffffc0000000000 R11: fffff520037fdf74 R12: ffff888062532040 [ 320.364914][ T8203] R13: dffffc0000000000 R14: ffffc9001bfefb50 R15: 0000000000000050 [ 320.364943][ T8203] _copy_from_user+0x7b/0xb0 [ 320.364964][ T8203] do_arpt_set_ctl+0x75b/0x1650 [ 320.364986][ T8203] ? __lock_acquire+0xad5/0xd80 [ 320.365004][ T8203] ? __mutex_trylock_common+0x184/0x2e0 [ 320.365025][ T8203] ? __pfx_do_arpt_set_ctl+0x10/0x10 [ 320.365048][ T8203] ? __pfx___mutex_trylock_common+0x10/0x10 [ 320.365085][ T8203] ? __mutex_unlock_slowpath+0x229/0x800 [ 320.365114][ T8203] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 320.365137][ T8203] ? aa_sk_perm+0x96f/0xac0 [ 320.365160][ T8203] ? ksys_write+0x24e/0x2d0 [ 320.365178][ T8203] ? __pfx_aa_sk_perm+0x10/0x10 [ 320.365198][ T8203] nf_setsockopt+0x295/0x2c0 [ 320.365223][ T8203] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 320.365241][ T8203] do_sock_setsockopt+0x3b1/0x710 [ 320.365268][ T8203] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 320.365285][ T8203] ? __fget_files+0x2a/0x420 [ 320.365312][ T8203] ? __fget_files+0x39d/0x420 [ 320.365332][ T8203] ? __fget_files+0x2a/0x420 [ 320.365362][ T8203] __x64_sys_setsockopt+0x1ea/0x270 [ 320.365389][ T8203] do_syscall_64+0xf3/0x230 [ 320.365408][ T8203] ? clear_bhb_loop+0x45/0xa0 [ 320.365428][ T8203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.365443][ T8203] RIP: 0033:0x7fab9698d169 [ 320.365458][ T8203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.365472][ T8203] RSP: 002b:00007fab978d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 320.365489][ T8203] RAX: ffffffffffffffda RBX: 00007fab96ba5fa0 RCX: 00007fab9698d169 [ 320.365501][ T8203] RDX: 0000000000000060 RSI: 0a02000000000000 RDI: 0000000000000003 [ 320.365512][ T8203] RBP: 00007fab978d4090 R08: 0000000000000438 R09: 0000000000000000 [ 320.365522][ T8203] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.365532][ T8203] R13: 0000000000000000 R14: 00007fab96ba5fa0 R15: 00007ffc7d1ff378 [ 320.365560][ T8203] [ 320.829293][ T8204] EXT4-fs: Ignoring removed mblk_io_submit option [ 320.831101][ T52] dvb-usb: bulk message failed: -22 (6/0) [ 320.840053][ T8204] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 320.851287][ T52] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 321.117659][ T52] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input9 [ 321.316203][ T52] dvb-usb: schedule remote query interval to 150 msecs. [ 321.380932][ T52] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 321.422480][ T8204] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 321.440997][ T8204] EXT4-fs (loop3): orphan cleanup on readonly fs [ 321.508383][ T8204] Quota error (device loop3): do_insert_tree: Free block already used in tree: block 4 [ 321.550191][ T8204] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 321.649044][ T8204] EXT4-fs error (device loop3): ext4_acquire_dquot:6935: comm syz.3.484: Failed to acquire dquot type 1 [ 321.693477][ T52] dvb-usb: bulk message failed: -22 (1/0) [ 321.699953][ T52] dvb-usb: error while querying for an remote control event. [ 321.710170][ T8204] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.484: Invalid block bitmap block 0 in block_group 0 [ 321.725873][ T8204] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.484: Invalid block bitmap block 0 in block_group 0 [ 321.747773][ T8204] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.484: Invalid block bitmap block 0 in block_group 0 [ 321.926216][ T52] dvb-usb: bulk message failed: -22 (1/0) [ 322.103651][ T52] dvb-usb: error while querying for an remote control event. [ 322.213825][ T8204] Quota error (device loop3): write_blk: dquota write failed [ 322.285929][ T8204] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 322.296484][ T8204] EXT4-fs error (device loop3): ext4_acquire_dquot:6935: comm syz.3.484: Failed to acquire dquot type 1 [ 322.326876][ T8204] Quota error (device loop3): write_blk: dquota write failed [ 322.379120][ T8204] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 322.432717][ T52] dvb-usb: bulk message failed: -22 (1/0) [ 322.438563][ T52] dvb-usb: error while querying for an remote control event. [ 322.461174][ T8204] EXT4-fs error (device loop3): ext4_acquire_dquot:6935: comm syz.3.484: Failed to acquire dquot type 1 [ 322.526069][ T9] usb 1-1: USB disconnect, device number 12 [ 322.552887][ T8204] EXT4-fs (loop3): 1 orphan inode deleted [ 322.623697][ T8204] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 322.943041][ T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 324.371843][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 324.977905][ T8238] loop2: detected capacity change from 0 to 512 [ 325.096141][ T8238] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 325.333681][ T8242] netlink: 16 bytes leftover after parsing attributes in process `syz.1.494'. [ 325.345319][ T8242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 325.472392][ T8243] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 325.544547][ T8242] loop1: detected capacity change from 0 to 8 [ 325.575057][ T8242] SQUASHFS error: Failed to read block 0x62: -5 [ 325.581721][ T8242] squashfs image failed sanity check [ 325.950965][ T8238] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 325.959044][ T8238] System zones: 1-12 [ 326.027022][ T8238] EXT4-fs (loop2): 1 truncate cleaned up [ 326.034521][ T8238] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 326.133144][ T8242] loop1: detected capacity change from 0 to 32768 [ 326.141278][ T8242] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.494 (8242) [ 326.157423][ T8242] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 326.170198][ T8242] BTRFS info (device loop1): using crc32c (crc32c-x86_64) checksum algorithm [ 326.179988][ T8242] BTRFS info (device loop1): using free-space-tree [ 326.574773][ T8242] BTRFS info (device loop1): rebuilding free space tree [ 326.621744][ T8264] loop3: detected capacity change from 0 to 4096 [ 326.744348][ T8232] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 326.763540][ T8269] gtp2: entered promiscuous mode [ 326.768628][ T8269] gtp2: entered allmulticast mode [ 326.778128][ T8269] netlink: 'syz.4.490': attribute type 39 has an invalid length. [ 326.862329][ T8264] ntfs3: Unknown parameter 'hidden' [ 327.105284][ T8264] loop3: detected capacity change from 0 to 64 [ 327.170310][ T8264] Bad inode number on dev loop3: 1 is out of range [ 327.253929][ T30] audit: type=1326 audit(1744499837.488:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8245 comm="syz.3.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccecb8d169 code=0x7ffc0000 [ 327.353728][ T5829] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 327.440686][ T30] audit: type=1326 audit(1744499837.488:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8245 comm="syz.3.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccecb8d169 code=0x7ffc0000 [ 327.488228][ T30] audit: type=1326 audit(1744499837.568:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8245 comm="syz.3.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7fccecb8d169 code=0x7ffc0000 [ 327.565421][ T30] audit: type=1326 audit(1744499837.568:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8245 comm="syz.3.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccecb8d169 code=0x7ffc0000 [ 327.587866][ T30] audit: type=1326 audit(1744499837.568:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8245 comm="syz.3.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccecb8d169 code=0x7ffc0000 [ 327.613788][ T30] audit: type=1326 audit(1744499837.568:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8245 comm="syz.3.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fccecb8d169 code=0x7ffc0000 [ 327.637826][ T30] audit: type=1326 audit(1744499837.568:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8245 comm="syz.3.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccecb8d169 code=0x7ffc0000 [ 327.704446][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 327.730623][ T30] audit: type=1326 audit(1744499837.568:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8245 comm="syz.3.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccecb8d169 code=0x7ffc0000 [ 327.768702][ T8275] gtp2: entered promiscuous mode [ 327.863298][ T8275] gtp2: entered allmulticast mode [ 327.893803][ T8278] netlink: 220 bytes leftover after parsing attributes in process `syz.1.496'. [ 327.910847][ T8277] netlink: 'syz.0.495': attribute type 39 has an invalid length. [ 329.290254][ T8290] loop2: detected capacity change from 0 to 2048 [ 329.332370][ T8290] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 329.344062][ T8274] loop4: detected capacity change from 0 to 32768 [ 329.384481][ T8290] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 329.396142][ T8274] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.497 (8274) [ 329.431828][ T8290] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 329.492101][ T8274] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 329.572451][ T8274] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 329.623835][ T8274] BTRFS info (device loop4): using free-space-tree [ 330.399739][ T8274] BTRFS info (device loop4): rebuilding free space tree [ 330.496878][ T8310] loop2: detected capacity change from 0 to 512 [ 330.662267][ T8310] EXT4-fs: Ignoring removed bh option [ 330.667742][ T8310] EXT4-fs: Ignoring removed mblk_io_submit option [ 330.714736][ T8310] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 330.853077][ T8310] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 330.993404][ T8310] EXT4-fs (loop2): orphan cleanup on readonly fs [ 331.168527][ T8310] Quota error (device loop2): do_insert_tree: Free block already used in tree: block 4 [ 331.297724][ T8310] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota [ 331.307740][ T8310] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.502: Failed to acquire dquot type 1 [ 331.324777][ T8310] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.502: Invalid block bitmap block 0 in block_group 0 [ 331.350650][ T8310] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.502: Invalid block bitmap block 0 in block_group 0 [ 331.470577][ T8310] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.502: Invalid block bitmap block 0 in block_group 0 [ 331.510147][ T8310] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.502: Failed to acquire dquot type 1 [ 331.571502][ T8310] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.502: Failed to acquire dquot type 1 [ 331.604435][ T5831] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 331.624012][ T8310] EXT4-fs (loop2): 1 orphan inode deleted [ 331.660204][ T8310] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 331.939139][ T8310] EXT4-fs error (device loop2): ext4_lookup:1793: inode #2: comm syz.2.502: deleted inode referenced: 12 [ 332.076708][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.243586][ T8324] loop2: detected capacity change from 0 to 128 [ 332.251275][ T8324] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 332.527050][ T8319] loop0: detected capacity change from 0 to 32768 [ 332.649873][ T8335] netlink: 16 bytes leftover after parsing attributes in process `syz.4.506'. [ 332.669820][ T8335] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 332.778463][ T8336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 332.863876][ T8335] loop4: detected capacity change from 0 to 8 [ 332.887873][ T8335] SQUASHFS error: Failed to read block 0x62: -5 [ 332.894605][ T8335] squashfs image failed sanity check [ 333.189094][ T8319] netlink: 4 bytes leftover after parsing attributes in process `syz.0.505'. [ 333.310284][ T8335] loop4: detected capacity change from 0 to 32768 [ 333.343749][ T8335] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.506 (8335) [ 333.457490][ T8334] loop2: detected capacity change from 0 to 32768 [ 333.466803][ T8328] netlink: 8 bytes leftover after parsing attributes in process `syz.1.508'. [ 333.485399][ T8334] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.509 (8334) [ 333.499255][ T8335] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 333.509714][ T8335] BTRFS info (device loop4): using crc32c (crc32c-x86_64) checksum algorithm [ 333.518770][ T8335] BTRFS info (device loop4): using free-space-tree [ 333.561980][ T8334] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 333.576133][ T8334] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 333.595314][ T8335] BTRFS info (device loop4): rebuilding free space tree [ 333.636452][ T8340] netlink: 48 bytes leftover after parsing attributes in process `syz.1.508'. [ 333.769605][ T8325] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 333.799344][ T8321] loop3: detected capacity change from 0 to 32768 [ 333.920038][ T8334] BTRFS info (device loop2): rebuilding free space tree [ 333.935307][ T8334] BTRFS info (device loop2): disabling free space tree [ 333.942485][ T8334] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 333.952345][ T8334] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 333.955836][ T8321] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 334.335245][ T8321] XFS (loop3): Ending clean mount [ 334.348615][ T8321] XFS (loop3): Quotacheck needed: Please wait. [ 335.100524][ T5831] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 335.208411][ T8321] XFS (loop3): Quotacheck: Done. [ 335.262735][ T5827] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 335.769044][ T5825] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 336.650015][ T8391] loop1: detected capacity change from 0 to 32768 [ 336.751067][ T8391] XFS: ikeep mount option is deprecated. [ 337.666606][ T8391] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 337.717818][ T8415] loop2: detected capacity change from 0 to 512 [ 337.728823][ T8415] EXT4-fs: Ignoring removed bh option [ 337.738109][ T8415] EXT4-fs: Ignoring removed mblk_io_submit option [ 337.775448][ T8415] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 337.805245][ T8415] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 337.927012][ T8415] EXT4-fs (loop2): orphan cleanup on readonly fs [ 338.016584][ T8415] __quota_error: 4 callbacks suppressed [ 338.016611][ T8415] Quota error (device loop2): do_insert_tree: Free block already used in tree: block 4 [ 338.038236][ T8391] XFS (loop1): Ending clean mount [ 338.042306][ T8399] loop0: detected capacity change from 0 to 32768 [ 338.052944][ T8391] XFS (loop1): Quotacheck needed: Please wait. [ 338.076279][ T8415] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota [ 338.108902][ T8399] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.516 (8399) [ 338.115650][ T8415] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.517: Failed to acquire dquot type 1 [ 338.255405][ T8399] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 338.255483][ T8415] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.517: Invalid block bitmap block 0 in block_group 0 [ 338.328542][ T8399] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 338.345537][ T8415] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.517: Invalid block bitmap block 0 in block_group 0 [ 338.356191][ T8391] XFS (loop1): Quotacheck: Done. [ 338.461425][ T8399] BTRFS info (device loop0): using free-space-tree [ 338.478833][ T8415] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.517: Invalid block bitmap block 0 in block_group 0 [ 338.593077][ T5829] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 338.645692][ T8415] Quota error (device loop2): write_blk: dquota write failed [ 338.687947][ T8415] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 338.764676][ T8415] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.517: Failed to acquire dquot type 1 [ 338.800372][ T8415] Quota error (device loop2): write_blk: dquota write failed [ 338.810771][ T8415] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 338.810946][ T8399] BTRFS info (device loop0): rebuilding free space tree [ 338.822129][ T8415] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.517: Failed to acquire dquot type 1 [ 338.872085][ T8415] EXT4-fs (loop2): 1 orphan inode deleted [ 338.887343][ T8421] loop4: detected capacity change from 0 to 32768 [ 338.912411][ T8415] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 338.935523][ T8421] (syz.4.518,8421,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 339.023184][ T8421] (syz.4.518,8421,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 339.170056][ T8415] EXT4-fs error (device loop2): ext4_lookup:1793: inode #2: comm syz.2.517: deleted inode referenced: 12 [ 339.333197][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 339.395638][ T8421] JBD2: Ignoring recovery information on journal [ 339.415041][ T8400] syz.3.514 (8400): drop_caches: 2 [ 339.560732][ T5826] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 339.598148][ T8421] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 340.070897][ T52] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 340.334973][ T8446] loop1: detected capacity change from 0 to 2048 [ 340.372872][ T8446] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 340.390697][ T52] usb 4-1: Using ep0 maxpacket: 16 [ 340.408910][ T8446] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 340.428954][ T8446] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 340.439482][ T52] usb 4-1: unable to get BOS descriptor or descriptor too short [ 340.560625][ T52] usb 4-1: config 0 has an invalid interface number: 213 but max is 0 [ 340.641140][ T52] usb 4-1: config 0 has no interface number 0 [ 340.693786][ T52] usb 4-1: config 0 interface 213 altsetting 251 bulk endpoint 0x5 has invalid maxpacket 24 [ 340.803507][ T52] usb 4-1: config 0 interface 213 altsetting 251 bulk endpoint 0x9 has invalid maxpacket 8 [ 340.894788][ T52] usb 4-1: config 0 interface 213 has no altsetting 0 [ 341.001346][ T52] usb 4-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=de.91 [ 341.071958][ T52] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.257255][ T52] usb 4-1: Product: syz [ 341.272248][ T52] usb 4-1: Manufacturer: syz [ 341.307475][ T52] usb 4-1: SerialNumber: syz [ 342.307391][ T52] usb 4-1: config 0 descriptor?? [ 342.313293][ T8449] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 342.330808][ T8449] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 342.630113][ T8449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 342.701346][ T5831] ocfs2: Unmounting device (7,4) on (node local) [ 342.753980][ T8449] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 342.827087][ T8467] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.521'. [ 343.479859][ T8467] loop0: detected capacity change from 0 to 512 [ 343.511849][ T8467] EXT4-fs: Ignoring removed nobh option [ 343.581997][ T52] usb 4-1: probing VID:PID(0424:012C) [ 343.610800][ T52] usb 4-1: vub300 testing BULK OUT EndPoint(0) 05 [ 343.617318][ T52] usb 4-1: vub300 testing BULK OUT EndPoint(1) 0D [ 343.816252][ T52] usb 4-1: vub300 testing BULK OUT EndPoint(2) 09 [ 344.007288][ T52] usb 4-1: ignoring unexpected bulk_out endpoint [ 344.042557][ T52] usb 4-1: Could not find two sets of bulk-in/out endpoint pairs [ 344.243474][ T52] vub300 4-1:0.213: probe with driver vub300 failed with error -22 [ 344.300162][ T8486] loop4: detected capacity change from 0 to 2048 [ 344.372100][ T8486] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 344.401730][ T52] usb 4-1: USB disconnect, device number 10 [ 344.414516][ T8490] loop1: detected capacity change from 0 to 512 [ 344.434740][ T8490] EXT4-fs: Ignoring removed bh option [ 344.469250][ T8492] loop3: detected capacity change from 0 to 128 [ 344.476941][ T8492] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 344.499175][ T8490] EXT4-fs: Ignoring removed mblk_io_submit option [ 344.512699][ T8467] EXT4-fs error (device loop0): ext4_do_update_inode:5182: inode #16: comm syz.0.521: corrupted inode contents [ 344.554369][ T30] audit: type=1804 audit(1744499854.748:12): pid=8486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.525" name="/newroot/96/file1/bus" dev="loop4" ino=18 res=1 errno=0 [ 344.597583][ T8490] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 344.615746][ T8486] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 344.632268][ T30] audit: type=1804 audit(1744499854.778:13): pid=8486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.525" name="/newroot/96/file1/bus" dev="loop4" ino=18 res=1 errno=0 [ 345.075571][ T8467] EXT4-fs (loop0): Remounting filesystem read-only [ 345.244214][ T8467] EXT4-fs (loop0): 1 truncate cleaned up [ 345.353837][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 345.375313][ T8467] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 345.419721][ T8467] ext4 filesystem being mounted at /107/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 345.492156][ T3443] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 345.508087][ T8490] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 345.508545][ T3443] Quota error (device loop0): write_blk: dquota write failed [ 345.530328][ T3443] Quota error (device loop0): remove_free_dqentry: Can't write block (5) with free entries [ 345.542547][ T3443] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 345.553870][ T3443] Quota error (device loop0): write_blk: dquota write failed [ 345.561383][ T3443] Quota error (device loop0): free_dqentry: Can't move quota data block (5) to free list [ 345.561509][ T8490] EXT4-fs (loop1): orphan cleanup on readonly fs [ 345.571501][ T3443] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 345.582250][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 345.588187][ T3443] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 345.611623][ T3443] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 345.627223][ T8490] Quota error (device loop1): do_insert_tree: Free block already used in tree: block 4 [ 345.770743][ T8490] Quota error (device loop1): qtree_write_dquot: Error -5 occurred while creating quota [ 345.790738][ T8490] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.530: Failed to acquire dquot type 1 [ 345.819819][ T8490] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.530: Invalid block bitmap block 0 in block_group 0 [ 345.841681][ T8490] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.530: Invalid block bitmap block 0 in block_group 0 [ 345.858002][ T8490] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.530: Invalid block bitmap block 0 in block_group 0 [ 345.880874][ T8490] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.530: Failed to acquire dquot type 1 [ 345.903684][ T8490] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.530: Failed to acquire dquot type 1 [ 346.178982][ T8490] EXT4-fs (loop1): 1 orphan inode deleted [ 346.306131][ T8490] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 346.554920][ T8502] gtp3: entered promiscuous mode [ 346.560051][ T8502] gtp3: entered allmulticast mode [ 346.671095][ T8500] netlink: 'syz.2.528': attribute type 39 has an invalid length. [ 346.842226][ T8490] EXT4-fs error (device loop1): ext4_lookup:1793: inode #2: comm syz.1.530: deleted inode referenced: 12 [ 346.891309][ T8513] loop4: detected capacity change from 0 to 512 [ 346.963879][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 347.002728][ T5881] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 347.057907][ T8513] EXT4-fs warning (device loop4): ext4_enable_quotas:7170: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix. [ 347.183524][ T8513] EXT4-fs (loop4): mount failed [ 347.204820][ T5881] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 347.245627][ T5881] usb 1-1: config 0 has no interface number 0 [ 347.293306][ T5881] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 347.354096][ T5881] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 347.385768][ T8514] loop3: detected capacity change from 0 to 512 [ 347.405238][ T8514] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 347.437662][ T8514] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 347.446051][ T8514] System zones: 1-12 [ 347.456941][ T8514] EXT4-fs (loop3): 1 truncate cleaned up [ 347.465241][ T8514] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 347.548250][ T5881] usb 1-1: config 0 interface 255 has no altsetting 0 [ 347.571952][ T8521] FAULT_INJECTION: forcing a failure. [ 347.571952][ T8521] name failslab, interval 1, probability 0, space 0, times 0 [ 347.572330][ T5881] usb 1-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 347.620754][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.623039][ T8521] CPU: 0 UID: 0 PID: 8521 Comm: syz.1.536 Not tainted 6.15.0-rc1-next-20250411-syzkaller #0 PREEMPT(full) [ 347.623070][ T8521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 347.623081][ T8521] Call Trace: [ 347.623089][ T8521] [ 347.623096][ T8521] dump_stack_lvl+0x241/0x360 [ 347.623129][ T8521] ? __pfx_dump_stack_lvl+0x10/0x10 [ 347.623151][ T8521] ? __pfx__printk+0x10/0x10 [ 347.623178][ T8521] ? __pfx___might_resched+0x10/0x10 [ 347.623200][ T8521] should_fail_ex+0x424/0x570 [ 347.623229][ T8521] should_failslab+0xac/0x100 [ 347.623254][ T8521] kmem_cache_alloc_noprof+0x78/0x390 [ 347.623274][ T8521] ? ptlock_alloc+0x20/0x70 [ 347.623301][ T8521] ptlock_alloc+0x20/0x70 [ 347.623330][ T8521] pte_alloc_one+0x6d/0x160 [ 347.623353][ T8521] __pte_alloc+0x7b/0x240 [ 347.623372][ T8521] ? __pfx___pte_alloc+0x10/0x10 [ 347.623389][ T8521] ? kasan_save_track+0x51/0x80 [ 347.623405][ T8521] ? __kasan_slab_alloc+0x66/0x80 [ 347.623420][ T8521] ? kmem_cache_alloc_noprof+0x1e1/0x390 [ 347.623438][ T8521] ? __pmd_alloc+0x118/0x440 [ 347.623461][ T8521] handle_pte_fault+0x4ede/0x61c0 [ 347.623485][ T8521] ? __mod_memcg_lruvec_state+0x301/0x4f0 [ 347.623517][ T8521] ? __pfx_handle_pte_fault+0x10/0x10 [ 347.623532][ T8521] ? __lruvec_stat_mod_folio+0x7d/0x300 [ 347.623557][ T8521] ? __lock_acquire+0xad5/0xd80 [ 347.623577][ T8521] ? do_raw_spin_lock+0x151/0x370 [ 347.623605][ T8521] ? do_raw_spin_unlock+0x13c/0x8b0 [ 347.623631][ T8521] ? _raw_spin_unlock+0x28/0x50 [ 347.623646][ T8521] ? __pmd_alloc+0x37f/0x440 [ 347.623667][ T8521] ? __pfx___pmd_alloc+0x10/0x10 [ 347.623698][ T8521] handle_mm_fault+0x1129/0x1bf0 [ 347.623717][ T8521] ? mt_find+0x28a/0x8f0 [ 347.623760][ T8521] ? __pfx_handle_mm_fault+0x10/0x10 [ 347.623802][ T8521] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 347.623824][ T8521] exc_page_fault+0x29e/0x8e0 [ 347.623851][ T8521] asm_exc_page_fault+0x26/0x30 [ 347.623867][ T8521] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 347.623889][ T8521] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 347.623904][ T8521] RSP: 0018:ffffc90004037d38 EFLAGS: 00050216 [ 347.623921][ T8521] RAX: 00007ffffffff001 RBX: 0000200000000240 RCX: 0000000000000020 [ 347.623933][ T8521] RDX: 0000000000000001 RSI: 0000200000000240 RDI: ffffc90004037da0 [ 347.623943][ T8521] RBP: ffffc90004037ed8 R08: ffffc90004037dbf R09: 1ffff92000806fb7 [ 347.623955][ T8521] R10: dffffc0000000000 R11: fffff52000806fb8 R12: ffffc90004037da0 [ 347.623966][ T8521] R13: 0000000000000000 R14: ffffc90004037da0 R15: 0000000000000020 [ 347.623994][ T8521] _copy_from_user+0x7b/0xb0 [ 347.624014][ T8521] __sys_bpf+0x1c5/0x8b0 [ 347.624034][ T8521] ? __pfx___sys_bpf+0x10/0x10 [ 347.624078][ T8521] __x64_sys_bpf+0x7c/0x90 [ 347.624100][ T8521] do_syscall_64+0xf3/0x230 [ 347.624118][ T8521] ? clear_bhb_loop+0x45/0xa0 [ 347.624136][ T8521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.624151][ T8521] RIP: 0033:0x7f8c0938d169 [ 347.624165][ T8521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.624178][ T8521] RSP: 002b:00007f8c0a150038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 347.624193][ T8521] RAX: ffffffffffffffda RBX: 00007f8c095a5fa0 RCX: 00007f8c0938d169 [ 347.624205][ T8521] RDX: 0000000000000020 RSI: 0000200000000240 RDI: 0000000000000009 [ 347.624214][ T8521] RBP: 00007f8c0a150090 R08: 0000000000000000 R09: 0000000000000000 [ 347.624224][ T8521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 347.624234][ T8521] R13: 0000000000000000 R14: 00007f8c095a5fa0 R15: 00007ffcebbe93c8 [ 347.624260][ T8521] [ 347.800648][ T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 347.952253][ T5881] usb 1-1: config 0 descriptor?? [ 348.077116][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.211420][ T5881] ums-realtek 1-1:0.255: USB Mass Storage device detected [ 348.326858][ T8527] loop1: detected capacity change from 0 to 64 [ 348.353532][ T9] usb 5-1: device descriptor read/64, error -71 [ 349.319504][ T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 349.581513][ T8529] loop3: detected capacity change from 0 to 2048 [ 350.236084][ T8529] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 350.328148][ T8529] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 350.360775][ T9] usb 5-1: device descriptor read/64, error -71 [ 350.370184][ T8529] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 350.473848][ T9] usb usb5-port1: attempt power cycle [ 350.483716][ T8545] loop2: detected capacity change from 0 to 128 [ 350.492041][ T8545] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 351.488058][ T8552] netlink: 92 bytes leftover after parsing attributes in process `syz.3.544'. [ 352.120597][ T5897] usb 1-1: USB disconnect, device number 13 [ 352.336651][ T8563] loop4: detected capacity change from 0 to 512 [ 352.368834][ T8563] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 352.422498][ T8563] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 352.431144][ T8563] System zones: 1-12 [ 352.446442][ T8563] EXT4-fs (loop4): 1 truncate cleaned up [ 352.460727][ T8563] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 352.481181][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 352.850369][ T8569] loop3: detected capacity change from 0 to 512 [ 352.955248][ T8570] loop2: detected capacity change from 0 to 512 [ 352.962983][ T8570] EXT4-fs: Ignoring removed bh option [ 352.968450][ T8570] EXT4-fs: Ignoring removed mblk_io_submit option [ 352.979229][ T8569] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 353.021988][ T8559] loop0: detected capacity change from 0 to 128 [ 353.029767][ T8559] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 353.053427][ T8569] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 353.062016][ T8569] System zones: 1-12 [ 353.067582][ T8569] EXT4-fs (loop3): 1 truncate cleaned up [ 353.075089][ T8569] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 353.110797][ T8570] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 353.173198][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 353.208919][ T8570] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 353.340869][ T8570] EXT4-fs (loop2): orphan cleanup on readonly fs [ 353.355648][ T8570] __quota_error: 4 callbacks suppressed [ 353.355671][ T8570] Quota error (device loop2): do_insert_tree: Free block already used in tree: block 4 [ 353.400667][ T8570] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota [ 353.423507][ T8570] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.546: Failed to acquire dquot type 1 [ 353.457156][ T8576] loop4: detected capacity change from 0 to 128 [ 353.465381][ T8576] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 353.498936][ T8570] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.546: Invalid block bitmap block 0 in block_group 0 [ 353.541336][ T8570] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.546: Invalid block bitmap block 0 in block_group 0 [ 353.623029][ T8570] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.546: Invalid block bitmap block 0 in block_group 0 [ 353.665038][ T8570] Quota error (device loop2): write_blk: dquota write failed [ 353.700352][ T8570] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 353.762983][ T8570] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.546: Failed to acquire dquot type 1 [ 353.783989][ T8570] Quota error (device loop2): write_blk: dquota write failed [ 353.812726][ T8570] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 354.213063][ T8570] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.546: Failed to acquire dquot type 1 [ 354.471365][ T8570] EXT4-fs (loop2): 1 orphan inode deleted [ 354.561325][ T8570] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 354.781468][ T8581] FAULT_INJECTION: forcing a failure. [ 354.781468][ T8581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 354.829565][ T8581] CPU: 1 UID: 0 PID: 8581 Comm: syz.4.551 Not tainted 6.15.0-rc1-next-20250411-syzkaller #0 PREEMPT(full) [ 354.829595][ T8581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 354.829606][ T8581] Call Trace: [ 354.829614][ T8581] [ 354.829622][ T8581] dump_stack_lvl+0x241/0x360 [ 354.829657][ T8581] ? __pfx_dump_stack_lvl+0x10/0x10 [ 354.829678][ T8581] ? __pfx__printk+0x10/0x10 [ 354.829718][ T8581] should_fail_ex+0x424/0x570 [ 354.829746][ T8581] _copy_from_user+0x2d/0xb0 [ 354.829767][ T8581] memdup_user+0x5e/0xd0 [ 354.829789][ T8581] strndup_user+0x68/0xd0 [ 354.829808][ T8581] __se_sys_mount+0xa2/0x400 [ 354.829840][ T8581] ? ksys_write+0x2ad/0x2d0 [ 354.829861][ T8581] ? __pfx___se_sys_mount+0x10/0x10 [ 354.829889][ T8581] ? __x64_sys_mount+0x20/0xc0 [ 354.829913][ T8581] do_syscall_64+0xf3/0x230 [ 354.829933][ T8581] ? clear_bhb_loop+0x45/0xa0 [ 354.829953][ T8581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.829969][ T8581] RIP: 0033:0x7f6a9e78d169 [ 354.829985][ T8581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.830000][ T8581] RSP: 002b:00007f6a9f557038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 354.830021][ T8581] RAX: ffffffffffffffda RBX: 00007f6a9e9a5fa0 RCX: 00007f6a9e78d169 [ 354.830032][ T8581] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 0000000000000000 [ 354.830043][ T8581] RBP: 00007f6a9f557090 R08: 0000200000000380 R09: 0000000000000000 [ 354.830055][ T8581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 354.830064][ T8581] R13: 0000000000000000 R14: 00007f6a9e9a5fa0 R15: 00007fffe009fcd8 [ 354.830091][ T8581] [ 355.019101][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 355.128819][ T8583] EXT4-fs error (device loop2): ext4_lookup:1793: inode #2: comm syz.2.546: deleted inode referenced: 12 [ 355.671096][ T8587] loop4: detected capacity change from 0 to 128 [ 355.679020][ T8587] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 355.781139][ T8573] loop1: detected capacity change from 0 to 40427 [ 355.812681][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 355.917819][ T8585] loop3: detected capacity change from 0 to 64 [ 356.717887][ T8573] F2FS-fs (loop1): Unable to read 2th superblock [ 356.765334][ T8573] F2FS-fs (loop1): build fault injection rate: 690 [ 356.801441][ T8573] F2FS-fs (loop1): build fault injection type: 0x2 [ 356.821440][ T8573] F2FS-fs (loop1): Image doesn't support compression [ 356.855884][ T8573] F2FS-fs (loop1): Image doesn't support compression [ 357.066141][ T8573] F2FS-fs (loop1): invalid crc value [ 357.105068][ T8573] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-4) [ 357.126315][ T8595] loop2: detected capacity change from 0 to 512 [ 357.376407][ T8595] EXT4-fs: Ignoring removed i_version option [ 357.673023][ T8595] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 357.704749][ T8595] EXT4-fs (loop2): failed to open journal device unknown-block(128,0) -6 [ 357.866182][ T8595] loop2: detected capacity change from 0 to 1024 [ 358.298801][ T8607] netlink: 92 bytes leftover after parsing attributes in process `syz.3.559'. [ 358.561964][ T8605] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 360.029473][ T8623] gtp1: entered promiscuous mode [ 360.034611][ T8623] gtp1: entered allmulticast mode [ 360.053401][ T8623] netlink: 'syz.3.561': attribute type 39 has an invalid length. [ 360.603370][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 361.497943][ T9] usb 2-1: config 0 has an invalid interface number: 255 but max is 0 [ 361.784111][ T8635] loop0: detected capacity change from 0 to 512 [ 361.866492][ T8636] netlink: 92 bytes leftover after parsing attributes in process `syz.3.564'. [ 362.510248][ T9] usb 2-1: config 0 has no interface number 0 [ 362.600980][ T8635] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 362.617814][ T9] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 362.633850][ T8635] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 362.646465][ T8635] System zones: 1-12 [ 362.654200][ T9] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 362.671813][ T8635] EXT4-fs (loop0): 1 truncate cleaned up [ 362.679252][ T8635] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 362.704040][ T8639] loop2: detected capacity change from 0 to 512 [ 362.712449][ T9] usb 2-1: config 0 interface 255 has no altsetting 0 [ 362.720351][ T8639] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 362.731544][ T9] usb 2-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 362.754849][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.772916][ T8639] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 362.791780][ T9] usb 2-1: config 0 descriptor?? [ 362.797020][ T8639] System zones: 1-12 [ 362.808278][ T9] usb 2-1: can't set config #0, error -71 [ 362.825635][ T8639] EXT4-fs (loop2): 1 truncate cleaned up [ 362.891701][ T9] usb 2-1: USB disconnect, device number 8 [ 362.907129][ T8647] loop1: detected capacity change from 0 to 2048 [ 362.908170][ T8639] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 362.965463][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 362.979424][ T8647] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 363.050974][ T8647] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 363.102534][ T8647] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 363.151782][ T5825] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 363.373011][ T8653] loop0: detected capacity change from 0 to 512 [ 363.390353][ T8653] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 363.902301][ T8653] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 363.910993][ T8653] System zones: 1-12 [ 363.918723][ T8653] EXT4-fs (loop0): 1 truncate cleaned up [ 363.926170][ T8653] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 364.430718][ T8663] netlink: 92 bytes leftover after parsing attributes in process `syz.2.569'. [ 366.537980][ T8669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 366.873130][ T8670] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 367.233559][ T8669] loop3: detected capacity change from 0 to 8 [ 367.647325][ T8669] SQUASHFS error: Failed to read block 0x62: -5 [ 367.653988][ T8669] squashfs image failed sanity check [ 367.888785][ T5826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 368.298253][ T8677] netlink: 92 bytes leftover after parsing attributes in process `syz.2.572'. [ 368.786312][ T8658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 368.996604][ T8675] loop1: detected capacity change from 0 to 4096 [ 369.135043][ T8675] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 369.232884][ T8690] netlink: 92 bytes leftover after parsing attributes in process `syz.0.573'. [ 369.835472][ T8696] misc userio: No port type given on /dev/userio [ 369.934503][ T8697] misc userio: Invalid payload size [ 369.971786][ T8697] misc userio: The device must be registered before sending interrupts [ 370.118882][ T8701] loop3: detected capacity change from 0 to 512 [ 370.161036][ T8701] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 370.692109][ T8701] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 370.700258][ T8701] System zones: 1-12 [ 370.707714][ T8701] EXT4-fs (loop3): 1 truncate cleaned up [ 370.716018][ T8701] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 370.973651][ T5827] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 371.475884][ T8710] gtp3: entered promiscuous mode [ 371.481093][ T8710] gtp3: entered allmulticast mode [ 371.545206][ T8710] netlink: 'syz.0.580': attribute type 39 has an invalid length. [ 374.061869][ T8705] loop2: detected capacity change from 0 to 32768 [ 374.341543][ T8730] loop1: detected capacity change from 0 to 512 [ 374.349558][ T8730] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 374.465722][ T8730] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c019, mo2=0002] [ 374.473993][ T8730] System zones: 1-12 [ 374.487545][ T8730] EXT4-fs (loop1): 1 truncate cleaned up [ 374.495242][ T8730] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 375.315480][ T8739] FAULT_INJECTION: forcing a failure. [ 375.315480][ T8739] name failslab, interval 1, probability 0, space 0, times 0 [ 375.360826][ T8739] CPU: 0 UID: 0 PID: 8739 Comm: syz.2.587 Not tainted 6.15.0-rc1-next-20250411-syzkaller #0 PREEMPT(full) [ 375.360858][ T8739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 375.360869][ T8739] Call Trace: [ 375.360876][ T8739] [ 375.360884][ T8739] dump_stack_lvl+0x241/0x360 [ 375.360919][ T8739] ? __pfx_dump_stack_lvl+0x10/0x10 [ 375.360941][ T8739] ? __pfx__printk+0x10/0x10 [ 375.360968][ T8739] ? __pfx___might_resched+0x10/0x10 [ 375.360992][ T8739] should_fail_ex+0x424/0x570 [ 375.361022][ T8739] should_failslab+0xac/0x100 [ 375.361046][ T8739] __kmalloc_cache_noprof+0x73/0x370 [ 375.361066][ T8739] ? tcf_proto_create+0x62/0x370 [ 375.361092][ T8739] tcf_proto_create+0x62/0x370 [ 375.361116][ T8739] tc_new_tfilter+0x15e8/0x1a90 [ 375.361161][ T8739] ? __pfx_tc_new_tfilter+0x10/0x10 [ 375.361193][ T8739] ? __lock_acquire+0xad5/0xd80 [ 375.361231][ T8739] ? __pfx_tc_new_tfilter+0x10/0x10 [ 375.361253][ T8739] rtnetlink_rcv_msg+0x80f/0xd70 [ 375.361272][ T8739] ? rtnetlink_rcv_msg+0x1ba/0xd70 [ 375.361295][ T8739] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 375.361311][ T8739] ? __lock_acquire+0xad5/0xd80 [ 375.361341][ T8739] netlink_rcv_skb+0x208/0x480 [ 375.361361][ T8739] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 375.361381][ T8739] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 375.361417][ T8739] ? netlink_deliver_tap+0x2e/0x1b0 [ 375.361438][ T8739] ? netlink_deliver_tap+0x2e/0x1b0 [ 375.361458][ T8739] netlink_unicast+0x7f8/0x9a0 [ 375.361484][ T8739] ? __pfx_netlink_unicast+0x10/0x10 [ 375.361511][ T8739] ? skb_put+0x114/0x1f0 [ 375.361537][ T8739] netlink_sendmsg+0x8c3/0xcd0 [ 375.361568][ T8739] ? __pfx_netlink_sendmsg+0x10/0x10 [ 375.361590][ T8739] ? aa_sock_msg_perm+0xf3/0x1d0 [ 375.361616][ T8739] ? __pfx_netlink_sendmsg+0x10/0x10 [ 375.361632][ T8739] __sock_sendmsg+0x221/0x270 [ 375.361653][ T8739] ____sys_sendmsg+0x523/0x860 [ 375.361684][ T8739] ? __pfx_____sys_sendmsg+0x10/0x10 [ 375.361702][ T8739] ? __fget_files+0x2a/0x420 [ 375.361728][ T8739] ? __fget_files+0x2a/0x420 [ 375.361758][ T8739] __sys_sendmsg+0x28a/0x380 [ 375.361784][ T8739] ? __pfx___sys_sendmsg+0x10/0x10 [ 375.361859][ T8739] ? do_syscall_64+0xb6/0x230 [ 375.361882][ T8739] do_syscall_64+0xf3/0x230 [ 375.361899][ T8739] ? clear_bhb_loop+0x45/0xa0 [ 375.361918][ T8739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.361933][ T8739] RIP: 0033:0x7fab9698d169 [ 375.361949][ T8739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.361964][ T8739] RSP: 002b:00007fab978d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 375.361984][ T8739] RAX: ffffffffffffffda RBX: 00007fab96ba5fa0 RCX: 00007fab9698d169 [ 375.361996][ T8739] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004 [ 375.362007][ T8739] RBP: 00007fab978d4090 R08: 0000000000000000 R09: 0000000000000000 [ 375.362017][ T8739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 375.362028][ T8739] R13: 0000000000000000 R14: 00007fab96ba5fa0 R15: 00007ffc7d1ff378 [ 375.362056][ T8739] [ 375.698478][ T8741] block nbd3: Unsupported socket: shutdown callout must be supported. [ 376.197930][ T8749] dvmrp9: entered allmulticast mode [ 376.254277][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 377.113888][ T8761] loop0: detected capacity change from 0 to 256 [ 377.390297][ T8759] syz.2.592 (8759): drop_caches: 2 [ 377.432861][ T8759] syz.2.592 (8759): drop_caches: 2 [ 377.460731][ T8761] FAT-fs (loop0): Directory bread(block 64) failed [ 377.480805][ T5897] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 377.514156][ T8761] FAT-fs (loop0): Directory bread(block 65) failed [ 377.618882][ T8761] FAT-fs (loop0): Directory bread(block 66) failed [ 377.627640][ T8761] FAT-fs (loop0): Directory bread(block 67) failed [ 377.636370][ T8761] FAT-fs (loop0): Directory bread(block 68) failed [ 377.643370][ T8761] FAT-fs (loop0): Directory bread(block 69) failed [ 377.670969][ T8761] FAT-fs (loop0): Directory bread(block 70) failed [ 377.681603][ T8761] FAT-fs (loop0): Directory bread(block 71) failed [ 377.688416][ T8761] FAT-fs (loop0): Directory bread(block 72) failed [ 377.755105][ T8761] FAT-fs (loop0): Directory bread(block 73) failed [ 377.777367][ T5897] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 377.799753][ T5897] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 377.842728][ T5897] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 377.884168][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.920754][ T30] audit: type=1804 audit(1744499888.138:14): pid=8761 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.594" name="/newroot/119/file0/file0" dev="loop0" ino=26 res=1 errno=0 [ 377.994170][ T5897] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 378.031463][ T5897] usb 2-1: invalid MIDI out EP 0 [ 378.362639][ T8752] loop3: detected capacity change from 0 to 32768 [ 378.371067][ T5897] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 379.026197][ T8752] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 379.088081][ T5879] udevd[5879]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 379.108089][ T8752] workqueue: Failed to create a rescuer kthread for wq "xfs-log/loop3": -EINTR [ 379.108712][ T8752] XFS (loop3): log mount failed [ 379.212744][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.219549][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.729418][ T8800] netlink: 24 bytes leftover after parsing attributes in process `syz.4.608'. [ 379.799699][ T8800] netlink: 8 bytes leftover after parsing attributes in process `syz.4.608'. [ 379.887650][ T8808] netlink: 8 bytes leftover after parsing attributes in process `syz.0.612'. [ 379.908942][ T8808] netlink: 4 bytes leftover after parsing attributes in process `syz.0.612'. [ 379.925459][ T8808] netlink: 32 bytes leftover after parsing attributes in process `syz.0.612'. [ 379.952797][ T8810] lo speed is unknown, defaulting to 1000 [ 379.959485][ T8810] lo speed is unknown, defaulting to 1000 [ 379.974937][ T8810] lo speed is unknown, defaulting to 1000 [ 380.036989][ T5837] block nbd0: Receive control failed (result -107) [ 380.073770][ T24] usb 2-1: USB disconnect, device number 9 [ 380.132350][ T8808] nbd0: detected capacity change from 0 to 256 [ 380.148170][ T8810] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 380.208019][ T6704] block nbd0: Dead connection, failed to find a fallback [ 380.246933][ T6704] block nbd0: shutting down sockets [ 380.269696][ T6704] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 380.302340][ T6704] Buffer I/O error on dev nbd0, logical block 0, async page read [ 380.305547][ T8810] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 380.323609][ T6704] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 380.367808][ T6704] Buffer I/O error on dev nbd0, logical block 0, async page read [ 380.403471][ T8825] sctp: [Deprecated]: syz.0.618 (pid 8825) Use of struct sctp_assoc_value in delayed_ack socket option. [ 380.403471][ T8825] Use struct sctp_sack_info instead [ 380.430679][ T6704] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 380.473745][ T6704] Buffer I/O error on dev nbd0, logical block 0, async page read [ 380.510712][ T6704] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 380.519998][ T6704] Buffer I/O error on dev nbd0, logical block 0, async page read [ 380.528963][ T6704] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 380.543785][ T6704] Buffer I/O error on dev nbd0, logical block 0, async page read [ 380.554863][ T8825] sctp: [Deprecated]: syz.0.618 (pid 8825) Use of int in max_burst socket option deprecated. [ 380.554863][ T8825] Use struct sctp_assoc_value instead [ 380.574591][ T8810] lo speed is unknown, defaulting to 1000 [ 380.586641][ T6704] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 380.599070][ T6704] Buffer I/O error on dev nbd0, logical block 0, async page read [ 380.611617][ T6704] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 380.628484][ T8810] lo speed is unknown, defaulting to 1000 [ 380.657255][ T8810] lo speed is unknown, defaulting to 1000 [ 380.668000][ T8831] netlink: 104 bytes leftover after parsing attributes in process `syz.3.621'. [ 380.684271][ T6704] Buffer I/O error on dev nbd0, logical block 0, async page read [ 380.700933][ T6704] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 380.704166][ T8810] lo speed is unknown, defaulting to 1000 [ 380.725852][ T6704] Buffer I/O error on dev nbd0, logical block 0, async page read [ 380.741593][ T6704] ldm_validate_partition_table(): Disk read failed. [ 380.758282][ T6704] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 380.769682][ T8810] lo speed is unknown, defaulting to 1000 [ 380.792805][ T6704] Buffer I/O error on dev nbd0, logical block 0, async page read [ 380.819791][ T6704] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 380.850022][ T6704] Buffer I/O error on dev nbd0, logical block 0, async page read [ 380.882082][ T6704] Dev nbd0: unable to read RDB block 0 [ 380.905197][ T6704] nbd0: unable to read partition table [ 380.982647][ T6704] ldm_validate_partition_table(): Disk read failed. [ 381.013391][ T6704] Dev nbd0: unable to read RDB block 0 [ 381.035814][ T6704] nbd0: unable to read partition table [ 381.362091][ T8860] netlink: 104 bytes leftover after parsing attributes in process `syz.0.634'. [ 381.909465][ T8883] syz_tun: entered promiscuous mode [ 381.938425][ T8883] vlan2: entered promiscuous mode [ 381.983635][ T8890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.647'. [ 382.399807][ T8902] lo speed is unknown, defaulting to 1000 [ 382.497163][ T8912] netlink: 'syz.4.658': attribute type 10 has an invalid length. [ 382.645104][ T8912] team0: Port device dummy0 added [ 383.909202][ T8961] hsr0: entered promiscuous mode [ 383.930571][ T8968] netlink: 4 bytes leftover after parsing attributes in process `syz.1.677'. [ 383.957763][ T8968] hsr_slave_0: left promiscuous mode [ 384.016399][ T8968] hsr_slave_1: left promiscuous mode [ 384.116788][ T8968] hsr0 (unregistering): left promiscuous mode [ 384.815766][ T8990] vlan3: entered promiscuous mode [ 384.860103][ T8990] vlan2: entered promiscuous mode [ 384.886465][ T8990] netdevsim netdevsim2 netdevsim1: entered promiscuous mode [ 385.174907][ T9002] netlink: 12 bytes leftover after parsing attributes in process `syz.2.691'. [ 385.253312][ T9002] vlan3: entered promiscuous mode [ 385.259298][ T9002] team0: entered promiscuous mode [ 385.274734][ T9002] team_slave_0: entered promiscuous mode [ 385.293317][ T9002] team_slave_1: entered promiscuous mode [ 385.371516][ T9012] netlink: 104 bytes leftover after parsing attributes in process `syz.3.695'. [ 385.440552][ T5841] Bluetooth: hci4: command 0x0c1a tx timeout [ 385.738750][ T9032] netlink: 'syz.3.703': attribute type 30 has an invalid length. [ 385.796233][ T9029] lo speed is unknown, defaulting to 1000 [ 386.125797][ T9045] tipc: Started in network mode [ 386.131660][ T9045] tipc: Node identity ac14140f, cluster identity 4711 [ 386.152528][ T9045] tipc: New replicast peer: 10.1.1.2 [ 386.165173][ T9045] tipc: Enabled bearer , priority 10 [ 386.266189][ T9051] syz.2.710 uses old SIOCAX25GETINFO [ 387.027257][ T9083] netlink: 20 bytes leftover after parsing attributes in process `syz.1.720'. [ 387.055616][ T9082] netlink: 32 bytes leftover after parsing attributes in process `syz.2.724'. [ 387.166566][ T975] tipc: Node number set to 2886997007 [ 387.431974][ T9095] ipvlan2: entered promiscuous mode [ 387.458140][ T9095] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 387.488378][ T9095] team0: Device ipvlan2 is already an upper device of the team interface [ 387.996357][ T9109] netlink: 104 bytes leftover after parsing attributes in process `syz.0.732'. [ 388.606650][ T9128] veth1_to_bond: entered allmulticast mode [ 388.631809][ T9130] netlink: 24 bytes leftover after parsing attributes in process `syz.1.743'. [ 388.653162][ T9128] veth1_to_bond: entered promiscuous mode [ 388.755929][ T9139] netlink: 104 bytes leftover after parsing attributes in process `syz.3.747'. [ 388.834282][ T9127] veth1_to_bond: left promiscuous mode [ 388.842089][ T9127] veth1_to_bond: left allmulticast mode [ 388.959582][ T5881] IPVS: starting estimator thread 0... [ 389.060705][ T9150] IPVS: using max 43 ests per chain, 103200 per kthread [ 389.687195][ T9174] netlink: 104 bytes leftover after parsing attributes in process `syz.4.759'. [ 390.094903][ T9176] netlink: 52 bytes leftover after parsing attributes in process `syz.3.760'. [ 390.156765][ T9191] Illegal XDP return value 4294967274 on prog (id 152) dev N/A, expect packet loss! [ 390.266287][ T9196] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 390.455831][ T9206] netlink: 104 bytes leftover after parsing attributes in process `syz.4.771'. [ 390.500166][ T9208] netlink: 16 bytes leftover after parsing attributes in process `syz.3.772'. [ 390.629522][ T9215] netlink: 12 bytes leftover after parsing attributes in process `syz.3.772'. [ 390.715221][ T9220] lo speed is unknown, defaulting to 1000 [ 390.747950][ T9220] lo speed is unknown, defaulting to 1000 [ 390.765280][ T9220] lo speed is unknown, defaulting to 1000 [ 391.022618][ T9227] netlink: 'syz.4.778': attribute type 30 has an invalid length. [ 391.270719][ T5881] lo speed is unknown, defaulting to 1000 [ 391.283398][ T9220] infiniband syz0: set down [ 391.301662][ T9220] infiniband syz0: added lo [ 391.455036][ T9220] RDS/IB: syz0: added [ 391.460247][ T9220] smc: adding ib device syz0 with port count 1 [ 391.467373][ T9220] smc: ib device syz0 port 1 has pnetid [ 391.478172][ T5881] lo speed is unknown, defaulting to 1000 [ 391.492341][ T9220] lo speed is unknown, defaulting to 1000 [ 391.595765][ T9238] raw_sendmsg: syz.1.782 forgot to set AF_INET. Fix it! [ 392.201500][ T9220] lo speed is unknown, defaulting to 1000 [ 392.636742][ T9262] netlink: 104 bytes leftover after parsing attributes in process `syz.1.793'. [ 392.967181][ T9220] lo speed is unknown, defaulting to 1000 [ 393.354051][ T9277] ieee802154 phy0 wpan0: encryption failed: -22 [ 393.687595][ T9220] lo speed is unknown, defaulting to 1000 [ 394.213465][ T9220] lo speed is unknown, defaulting to 1000 [ 395.601002][ T9321] sctp: [Deprecated]: syz.0.819 (pid 9321) Use of int in max_burst socket option deprecated. [ 395.601002][ T9321] Use struct sctp_assoc_value instead [ 395.792860][ T9327] veth1_to_bond: entered allmulticast mode [ 395.819807][ T9327] veth1_to_bond: entered promiscuous mode [ 395.838121][ T9325] veth1_to_bond: left promiscuous mode [ 395.847631][ T9325] veth1_to_bond: left allmulticast mode [ 395.871659][ T9331] netlink: 'syz.3.823': attribute type 3 has an invalid length. [ 395.896080][ T9331] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.823'. [ 395.946639][ T9331] netlink: 76 bytes leftover after parsing attributes in process `syz.3.823'. [ 396.012468][ T9335] sch_tbf: burst 1 is lower than device ip6tnl0 mtu (1452) ! [ 396.938431][ T9359] veth1_to_bond: entered allmulticast mode [ 396.986855][ T9357] veth1_to_bond: left allmulticast mode [ 398.197883][ T9418] ieee802154 phy0 wpan0: encryption failed: -22 [ 398.729737][ T9445] netlink: 'syz.3.876': attribute type 4 has an invalid length. [ 398.749544][ T24] lo speed is unknown, defaulting to 1000 [ 398.755652][ T24] syz0: Port: 1 Link ACTIVE [ 398.764201][ T52] lo speed is unknown, defaulting to 1000 [ 399.102021][ T9464] netlink: 'syz.2.883': attribute type 30 has an invalid length. [ 399.505490][ T9477] netlink: 28 bytes leftover after parsing attributes in process `syz.2.887'. [ 399.564887][ T9481] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 399.575724][ T9482] netlink: 104 bytes leftover after parsing attributes in process `syz.3.892'. [ 399.631054][ T9477] netlink: 8 bytes leftover after parsing attributes in process `syz.2.887'. [ 399.925883][ T9489] delete_channel: no stack [ 400.414419][ T9508] team0: Port device dummy0 removed [ 400.423526][ T9508] bridge_slave_0: left allmulticast mode [ 400.429227][ T9508] bridge_slave_0: left promiscuous mode [ 400.436051][ T9508] bridge0: port 1(bridge_slave_0) entered disabled state [ 400.449861][ T9508] bridge_slave_1: left allmulticast mode [ 400.459219][ T9508] bridge_slave_1: left promiscuous mode [ 400.465151][ T9508] bridge0: port 2(bridge_slave_1) entered disabled state [ 400.479289][ T9508] bond0: (slave bond_slave_0): Releasing backup interface [ 400.495903][ T9508] bond0: (slave bond_slave_1): Releasing backup interface [ 400.524639][ T9508] team0: Port device team_slave_0 removed [ 400.535639][ T9508] team0: Port device team_slave_1 removed [ 400.543292][ T9508] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 400.550956][ T9508] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 400.560032][ T9508] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 400.567997][ T9508] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 400.625178][ T9514] team0: Mode changed to "loadbalance" [ 401.549316][ T9552] netlink: 'syz.4.924': attribute type 4 has an invalid length. [ 401.773699][ T9566] netlink: 24 bytes leftover after parsing attributes in process `syz.1.928'. [ 401.913212][ T9571] ieee802154 phy0 wpan0: encryption failed: -22 [ 402.493274][ T9594] netlink: 24 bytes leftover after parsing attributes in process `syz.1.943'. [ 402.722037][ T9603] sctp: [Deprecated]: syz.0.947 (pid 9603) Use of int in max_burst socket option deprecated. [ 402.722037][ T9603] Use struct sctp_assoc_value instead [ 402.858339][ T9606] netlink: 'syz.1.948': attribute type 30 has an invalid length. [ 403.502369][ T9627] veth1_to_team: entered promiscuous mode [ 403.524231][ T9627] veth1_to_team: left promiscuous mode [ 404.360549][ T9674] ieee802154 phy0 wpan0: encryption failed: -22 [ 404.750861][ T9693] netlink: 'syz.0.991': attribute type 3 has an invalid length. [ 404.758612][ T9693] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.991'. [ 404.827139][ T9693] netlink: 76 bytes leftover after parsing attributes in process `syz.0.991'. [ 405.199002][ T9708] gretap0: entered promiscuous mode [ 405.211565][ T9708] macsec1: entered promiscuous mode [ 405.238763][ T9708] gretap0: left promiscuous mode [ 405.672890][ T9739] ieee802154 phy0 wpan0: encryption failed: -22 [ 405.679909][ T9739] ieee802154 phy0 wpan0: encryption failed: -22 [ 406.051341][ T9754] team0: No ports can be present during mode change [ 406.145326][ T9760] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1024'. [ 406.429430][ T9774] ieee802154 phy0 wpan0: encryption failed: -22 [ 406.437464][ T9774] ieee802154 phy0 wpan0: encryption failed: -22 [ 406.503595][ T9777] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1031'. [ 406.928467][ T9800] ieee802154 phy0 wpan0: encryption failed: -22 [ 406.955066][ T9800] ieee802154 phy0 wpan0: encryption failed: -22 [ 407.011749][ T9803] netlink: 'syz.2.1044': attribute type 4 has an invalid length. [ 407.186633][ T9811] netlink: 'syz.2.1048': attribute type 3 has an invalid length. [ 407.225660][ T9811] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1048'. [ 407.297986][ T9811] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1048'. [ 407.555449][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.637637][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.742325][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.760891][ T9828] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1056'. [ 407.784877][ T9828] vcan0: Master is either lo or non-ether device [ 407.944689][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.223598][ T9842] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1060'. [ 408.426958][ T9842] netlink: 'syz.3.1060': attribute type 1 has an invalid length. [ 408.459160][ T9842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1060'. [ 408.481611][ T9851] sctp: [Deprecated]: syz.0.1063 (pid 9851) Use of int in max_burst socket option deprecated. [ 408.481611][ T9851] Use struct sctp_assoc_value instead [ 408.526033][ T9842] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.606431][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 408.618692][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 408.630825][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 408.639139][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 408.649265][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 408.739364][ T9842] bridge_slave_1 (unregistering): left allmulticast mode [ 408.756161][ T9842] bridge_slave_1 (unregistering): left promiscuous mode [ 408.773528][ T9842] bridge0: port 2(bridge_slave_1) entered disabled state [ 409.746163][ T12] bond0 (unregistering): Released all slaves [ 409.938758][ T12] tipc: Left network mode [ 409.941503][ T9854] lo speed is unknown, defaulting to 1000 [ 409.974476][ T9854] lo speed is unknown, defaulting to 1000 [ 409.983968][ T9894] netlink: 'syz.3.1075': attribute type 11 has an invalid length. [ 410.013936][ T9894] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1075'. [ 410.132328][ T9900] sctp: [Deprecated]: syz.1.1078 (pid 9900) Use of int in max_burst socket option deprecated. [ 410.132328][ T9900] Use struct sctp_assoc_value instead [ 410.721649][ T5837] Bluetooth: hci4: command tx timeout [ 410.894903][ T9930] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1085'. [ 411.897741][ T12] hsr_slave_0: left promiscuous mode [ 412.010753][ T12] hsr_slave_1: left promiscuous mode [ 412.190215][ T12] veth1_macvtap: left promiscuous mode [ 412.242567][ T12] veth0_macvtap: left promiscuous mode [ 412.271883][ T9958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1095'. [ 412.300990][ T12] veth1_vlan: left promiscuous mode [ 412.306719][ T12] veth0_vlan: left promiscuous mode [ 412.351788][ T9961] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1095'. [ 412.458905][ T9962] IPv6: addrconf: prefix option has invalid lifetime [ 412.626715][ T12] [ 412.629112][ T12] ====================================================== [ 412.636158][ T12] WARNING: possible circular locking dependency detected [ 412.643287][ T12] 6.15.0-rc1-next-20250411-syzkaller #0 Not tainted [ 412.649888][ T12] ------------------------------------------------------ [ 412.656960][ T12] kworker/u8:0/12 is trying to acquire lock: [ 412.662958][ T12] ffff888061c0ce00 (team->team_lock_key#5){+.+.}-{4:4}, at: team_vlan_rx_kill_vid+0x36/0xe0 [ 412.673094][ T12] [ 412.673094][ T12] but task is already holding lock: [ 412.680473][ T12] ffff888061a70d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2510 [ 412.692083][ T12] [ 412.692083][ T12] which lock already depends on the new lock. [ 412.692083][ T12] [ 412.702508][ T12] [ 412.702508][ T12] the existing dependency chain (in reverse order) is: [ 412.711553][ T12] [ 412.711553][ T12] -> #1 (&dev_instance_lock_key#3){+.+.}-{4:4}: [ 412.720199][ T12] lock_acquire+0x116/0x2f0 [ 412.725266][ T12] __mutex_lock+0x1a5/0x10c0 [ 412.730406][ T12] dev_set_mtu+0x11c/0x270 [ 412.735366][ T12] team_add_slave+0x83b/0x28b0 [ 412.740680][ T12] do_set_master+0x579/0x730 [ 412.745825][ T12] do_setlink+0xf76/0x4390 [ 412.750876][ T12] rtnl_newlink+0x17e2/0x1fe0 [ 412.756114][ T12] rtnetlink_rcv_msg+0x80f/0xd70 [ 412.761620][ T12] netlink_rcv_skb+0x208/0x480 [ 412.766950][ T12] netlink_unicast+0x7f8/0x9a0 [ 412.772253][ T12] netlink_sendmsg+0x8c3/0xcd0 [ 412.777561][ T12] __sock_sendmsg+0x221/0x270 [ 412.782780][ T12] ____sys_sendmsg+0x523/0x860 [ 412.788159][ T12] __sys_sendmsg+0x28a/0x380 [ 412.793287][ T12] do_syscall_64+0xf3/0x230 [ 412.798327][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.804761][ T12] [ 412.804761][ T12] -> #0 (team->team_lock_key#5){+.+.}-{4:4}: [ 412.813237][ T12] validate_chain+0xa69/0x24e0 [ 412.818556][ T12] __lock_acquire+0xad5/0xd80 [ 412.823787][ T12] lock_acquire+0x116/0x2f0 [ 412.829017][ T12] __mutex_lock+0x1a5/0x10c0 [ 412.834167][ T12] team_vlan_rx_kill_vid+0x36/0xe0 [ 412.839854][ T12] vlan_vid_del+0x483/0x770 [ 412.844912][ T12] vlan_device_event+0x23c/0x1e00 [ 412.850523][ T12] notifier_call_chain+0x1a5/0x3f0 [ 412.856181][ T12] dev_close_many+0x33e/0x4c0 [ 412.861408][ T12] unregister_netdevice_many_notify+0x628/0x2510 [ 412.868287][ T12] default_device_exit_batch+0x7ff/0x880 [ 412.874469][ T12] cleanup_net+0x8af/0xd60 [ 412.879433][ T12] process_scheduled_works+0xac3/0x18e0 [ 412.885608][ T12] worker_thread+0x870/0xd50 [ 412.890753][ T12] kthread+0x7b7/0x940 [ 412.895451][ T12] ret_from_fork+0x4b/0x80 [ 412.900495][ T12] ret_from_fork_asm+0x1a/0x30 [ 412.905801][ T12] [ 412.905801][ T12] other info that might help us debug this: [ 412.905801][ T12] [ 412.916052][ T12] Possible unsafe locking scenario: [ 412.916052][ T12] [ 412.923605][ T12] CPU0 CPU1 [ 412.928982][ T12] ---- ---- [ 412.934363][ T12] lock(&dev_instance_lock_key#3); [ 412.939593][ T12] lock(team->team_lock_key#5); [ 412.947077][ T12] lock(&dev_instance_lock_key#3); [ 412.955087][ T12] lock(team->team_lock_key#5); [ 412.960106][ T12] [ 412.960106][ T12] *** DEADLOCK *** [ 412.960106][ T12] [ 412.968700][ T12] 5 locks held by kworker/u8:0/12: [ 412.973850][ T12] #0: ffff88801bef6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 412.984770][ T12] #1: ffffc90000117c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 412.995384][ T12] #2: ffffffff900f6710 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17c/0xd60 [ 413.004825][ T12] #3: ffffffff90103248 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xde/0x880 [ 413.014876][ T12] #4: ffff888061a70d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2510 [ 413.026941][ T12] [ 413.026941][ T12] stack backtrace: [ 413.032854][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc1-next-20250411-syzkaller #0 PREEMPT(full) [ 413.032902][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 413.032927][ T12] Workqueue: netns cleanup_net [ 413.032958][ T12] Call Trace: [ 413.032965][ T12] [ 413.032972][ T12] dump_stack_lvl+0x241/0x360 [ 413.033000][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 413.033020][ T12] ? __pfx__printk+0x10/0x10 [ 413.033042][ T12] ? print_lock+0x171/0x1a0 [ 413.033062][ T12] print_circular_bug+0x2e1/0x300 [ 413.033082][ T12] check_noncircular+0x142/0x160 [ 413.033103][ T12] validate_chain+0xa69/0x24e0 [ 413.033132][ T12] __lock_acquire+0xad5/0xd80 [ 413.033150][ T12] lock_acquire+0x116/0x2f0 [ 413.033172][ T12] ? team_vlan_rx_kill_vid+0x36/0xe0 [ 413.033196][ T12] __mutex_lock+0x1a5/0x10c0 [ 413.033214][ T12] ? team_vlan_rx_kill_vid+0x36/0xe0 [ 413.033234][ T12] ? __cancel_work+0x24c/0x390 [ 413.033253][ T12] ? team_vlan_rx_kill_vid+0x36/0xe0 [ 413.033269][ T12] ? __cancel_work+0x2f0/0x390 [ 413.033283][ T12] ? __pfx___mutex_lock+0x10/0x10 [ 413.033300][ T12] ? __pfx___cancel_work+0x10/0x10 [ 413.033317][ T12] ? do_raw_spin_unlock+0x13c/0x8b0 [ 413.033340][ T12] team_vlan_rx_kill_vid+0x36/0xe0 [ 413.033357][ T12] vlan_vid_del+0x483/0x770 [ 413.033382][ T12] vlan_device_event+0x23c/0x1e00 [ 413.033407][ T12] ? br_device_event+0x28f/0xae0 [ 413.033424][ T12] ? __pfx_phonet_device_notify+0x10/0x10 [ 413.033446][ T12] ? __pfx_vlan_device_event+0x10/0x10 [ 413.033466][ T12] ? __pfx_br_device_event+0x10/0x10 [ 413.033482][ T12] ? raw_notifier+0x9d/0x740 [ 413.033500][ T12] ? isotp_notifier+0xa4/0x6b0 [ 413.033520][ T12] ? cgw_notifier+0xd8/0x3b0 [ 413.033539][ T12] ? packet_notifier+0x76/0xa30 [ 413.033557][ T12] notifier_call_chain+0x1a5/0x3f0 [ 413.033579][ T12] dev_close_many+0x33e/0x4c0 [ 413.033599][ T12] ? __pfx_dev_close_many+0x10/0x10 [ 413.033619][ T12] unregister_netdevice_many_notify+0x628/0x2510 [ 413.033645][ T12] ? lockdep_hardirqs_on+0x9d/0x150 [ 413.033662][ T12] ? __local_bh_enable_ip+0x168/0x200 [ 413.033686][ T12] ? batadv_tt_local_remove+0x119/0x230 [ 413.033710][ T12] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 413.033737][ T12] ? batadv_tt_local_remove+0x119/0x230 [ 413.033758][ T12] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 413.033786][ T12] ? unregister_netdevice_queue+0x2c4/0x400 [ 413.033810][ T12] ? batadv_meshif_destroy_netlink+0x1e6/0x270 [ 413.033831][ T12] default_device_exit_batch+0x7ff/0x880 [ 413.033853][ T12] ? __pfx_default_device_exit_batch+0x10/0x10 [ 413.033872][ T12] ? __pfx_rdma_dev_exit_net+0x10/0x10 [ 413.033899][ T12] ? __pfx_default_device_exit_batch+0x10/0x10 [ 413.033918][ T12] cleanup_net+0x8af/0xd60 [ 413.033938][ T12] ? __pfx_cleanup_net+0x10/0x10 [ 413.033960][ T12] ? process_scheduled_works+0x9cb/0x18e0 [ 413.033975][ T12] process_scheduled_works+0xac3/0x18e0 [ 413.034002][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 413.034021][ T12] ? assign_work+0x367/0x3d0 [ 413.034038][ T12] worker_thread+0x870/0xd50 [ 413.034061][ T12] ? __kthread_parkme+0x1a8/0x200 [ 413.034080][ T12] ? __pfx_worker_thread+0x10/0x10 [ 413.034095][ T12] kthread+0x7b7/0x940 [ 413.034115][ T12] ? __pfx_worker_thread+0x10/0x10 [ 413.034130][ T12] ? __pfx_kthread+0x10/0x10 [ 413.034147][ T12] ? __pfx_kthread+0x10/0x10 [ 413.034164][ T12] ? __pfx_kthread+0x10/0x10 [ 413.034180][ T12] ? __pfx_kthread+0x10/0x10 [ 413.034197][ T12] ? _raw_spin_unlock_irq+0x23/0x50 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 413.034212][ T12] ? lockdep_hardirqs_on+0x9d/0x150 [ 413.034228][ T12] ? __pfx_kthread+0x10/0x10 [ 413.034245][ T12] ret_from_fork+0x4b/0x80 [ 413.034261][ T12] ? __pfx_kthread+0x10/0x10 [ 413.034278][ T12] ret_from_fork_asm+0x1a/0x30 [ 413.034301][ T12] [ 413.413002][ T5837] Bluetooth: hci4: command tx timeout