last executing test programs: 29.857351165s ago: executing program 3 (id=525): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000100)='kfree\x00', r4}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, {0x0, 0x0, 0x3}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd29, 0x25dfdaff, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {}, {0xd}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0xae96, 0xe, 0xf, 0x4}]}}]}}]}, 0x44}}, 0x0) 29.666875426s ago: executing program 3 (id=528): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2) 29.476894256s ago: executing program 3 (id=532): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0x503, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0) 29.329494818s ago: executing program 3 (id=533): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(0x0, 0x0, 0x0, 0x80000, 0x0) mount$bind(0x0, 0x0, 0x0, 0x1adc51, 0x0) mount$bind(0x0, 0x0, 0x0, 0x1389899, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x88f8d2, 0x0) 29.073016119s ago: executing program 3 (id=536): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec988cafbe863cac50580cd8b", 0x17}, {&(0x7f0000000440)="9c74dfbf77572856c809ff86bb648daf351a32ad5ea7e5599da7a5b3d468381d8ff50420", 0x24}], 0x2) 28.417489174s ago: executing program 3 (id=539): bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x60040, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 27.417626553s ago: executing program 32 (id=539): bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x60040, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 9.664982657s ago: executing program 5 (id=641): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) 8.479562957s ago: executing program 1 (id=649): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='scalable\x00', 0x9) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0xfffffffe}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20048094}, 0x0) shutdown(r2, 0x2) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) socket$inet6(0xa, 0x3, 0x5) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0) sendfile(r5, r4, &(0x7f00000000c0)=0x8b, 0x100000500) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000000040)={0x0, 0x9}, 0x0) 7.567908938s ago: executing program 5 (id=652): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) pipe2(&(0x7f0000001040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$P9_RGETLOCK(r2, &(0x7f00000000c0)=ANY=[], 0xffffff6a) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='tlb_flush\x00', r4}, 0x18) syz_clone(0x20042400, 0x0, 0x0, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r1, r5, 0xfffffffffffffc01, 0x0) tee(r1, r5, 0x60000000000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r2, 0x1e, &(0x7f0000000500)={r1}, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x20, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0xc, 0xc, 0x0, 0x0, @u64=0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4000804) r7 = syz_open_procfs(0x0, &(0x7f0000000140)='net/netstat\x00') open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', 0x0) pread64(r7, 0x0, 0x0, 0x7f) sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r6) 7.300924548s ago: executing program 2 (id=655): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r3 = dup(r2) write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) syz_clone(0x0, &(0x7f0000000180)="645b5ffe09a8da034c9dfe6a13a0a6891ea1014cdefa043305fa6cb54ac468269f6e4617a2918c1ec95e2c3aa1e345a15580afe9e76e52f831ae832c883e8c657b94dec5a2ee62148d6f73e43d02e1284aac9b3918a8424c3128c8ed374581b4450613118d776999c6604f4f624095bcc3c3bb2220a8152b", 0x78, &(0x7f0000000040), &(0x7f0000000200), 0x0) write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) 6.790372827s ago: executing program 2 (id=659): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) r4 = syz_open_procfs(0x0, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000008, 0x8010, r3, 0xe000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=ANY=[], 0x88}, 0x1, 0x0, 0x0, 0xc0408c1}, 0x24000840) r6 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) pipe2$watch_queue(0x0, 0x80) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000910000000000000000000000005000600000000000a00000000000000000000000000000000000000000000000000000000000000020001000000000000000702000000ff05000500000000000a00000000000000ff010000000000000000000000000001000000000000000002"], 0x80}}, 0x0) r8 = add_key$keyring(&(0x7f0000000300), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, r6) r9 = add_key$user(&(0x7f0000000280), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000500)="000000c6d222406b096cc34801000000647418aaf9784416ed438eb9a332f44a1ec989b2d2e513f57632c54d863ecd9b0df090728300e43d59f817b99310b6b600968f3d2f02bbdfbbcb5c4f13e25d19bfdffe6f178f3580ea2b14da36c6095d68284c04c724611344d68d651aa37d305b61d2ffec13ebbbdaa51c2dac42788676771ee9f9a1cd34fbb8c576bfddf2a15d55dcb910f9eb6f9e572c362d7df6deb76cab9bff062885ec675056768437", 0xaf, r8) r10 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r9, r10, r9}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r11, 0x0, 0x40850) unshare(0x28000600) shutdown(r4, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x2000, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '|^b!'}, 0x0, 0x1, {0x0}}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000340)=@mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x101, {}, {0x0, 0xc, 0x0, 0x0, 0x0, 0x0, "186856f3"}}) 6.628599659s ago: executing program 5 (id=661): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x34, r2, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x8041}, 0x0) 5.725416558s ago: executing program 5 (id=663): bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f00000004c0), &(0x7f0000001c40)=r1}, 0x20) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x2a, {0xf95d}, 0x2b}, 0x1) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a06ffffff7f000000000000000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) 5.430527914s ago: executing program 5 (id=666): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0x503, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0) 5.142759179s ago: executing program 5 (id=667): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r2 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) msgrcv(0x0, 0x0, 0x0, 0x1, 0x3000) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000"], 0x8, 0x0) msgrcv(0x0, &(0x7f0000000140)={0x0, ""/140}, 0x94, 0x2, 0x1000) 4.634900962s ago: executing program 1 (id=670): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x9, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xe) r3 = getpid() capget(&(0x7f0000000100)={0x20080522, r3}, &(0x7f0000000180)={0x5, 0x8, 0xfffffffc, 0x7, 0xd, 0x9}) shutdown(r2, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) 4.631684351s ago: executing program 4 (id=671): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10) mount_setattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 4.485405086s ago: executing program 4 (id=672): r0 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000540)=0x6) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x140}}, 0x0) memfd_create(0x0, 0x2) sendfile(r0, r0, 0x0, 0x24002de8) 4.415697011s ago: executing program 2 (id=674): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200008, &(0x7f0000000380)={[{@nolazytime}, {@auto_da_alloc}, {@sysvgroups}, {@norecovery}, {@jqfmt_vfsv0}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5ba}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x3}, 0x18) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000380)=@generic={&(0x7f0000000340)='./file0\x00', r2}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) io_pgetevents(0x0, 0x4, 0x0, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r3, 0x2007ffc) sendfile(r3, r3, 0x0, 0x800000009) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = open(&(0x7f0000000340)='./file1\x00', 0x4000, 0x0) preadv2(r4, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0) 4.29779367s ago: executing program 4 (id=675): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000700)=0x8, 0x4) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) accept(r0, 0x0, 0x0) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) 3.529649112s ago: executing program 0 (id=676): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x34, r2, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x8041}, 0x0) 3.225275947s ago: executing program 0 (id=677): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x4) syz_open_dev$vbi(0x0, 0x1, 0x2) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000080000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_LOG_BASE(r2, 0x4008af04, &(0x7f00000002c0)=&(0x7f0000000180)) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, 0x0) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) userfaultfd(0x801) 3.182278208s ago: executing program 2 (id=678): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]}) futimesat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)={{}, {0x0, 0x2710}}) 3.159282033s ago: executing program 4 (id=679): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x48802) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, 0x0) unshare(0x62040200) syz_usb_connect(0x0, 0x4a, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x1, 0x1, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f0000000240)=0x0) bpf$BPF_GET_PROG_INFO(0x15, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) keyctl$session_to_parent(0x12) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1}) io_uring_enter(r1, 0x20af, 0x6d82, 0x0, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, &(0x7f0000000040)={'veth0_macvtap\x00', @ifru_settings={0xeb, 0x6, @te1=&(0x7f0000000000)={0xaf1, 0x3, 0xf, 0xf5d}}}) 2.218709863s ago: executing program 2 (id=682): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) 1.96945984s ago: executing program 2 (id=683): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='scalable\x00', 0x9) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0xfffffffe}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20048094}, 0x0) shutdown(r2, 0x2) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) socket$inet6(0xa, 0x3, 0x5) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0) sendfile(r5, r4, &(0x7f00000000c0)=0x8b, 0x100000500) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000000040)={0x0, 0x9}, 0x0) 1.863987716s ago: executing program 1 (id=685): syz_mount_image$ext4(&(0x7f00000004c0)='ext2\x00', &(0x7f0000000200)='./file1\x00', 0x3804402, &(0x7f0000000340), 0xfd, 0x564, &(0x7f0000000b00)="$eJzs3d9rW+UbAPDnpE33+7sOxvgqIoVdOJlL19YfE7yYl6LDgd7P0mZlNFlGk461Dtwu3I03MgQRB8Nr9d7L4T/gXzHQwZBRFPEmctKTmK3JmnXZmprPB872vjkne8+T9zzv3jcnIQEMrYn0j1zECxHxZRJxsG3faGQ7J9aPW3twdS7dkqjXP/o9iSR7rHl8kv29L6v8PyJ+/jzieG5ju9WV1cXZUqm4lNUna+VLk9WV1RMXyrMLxYXixemZmVNvzEy//dabfYv11bN/fvPhnfdOfXF07esf7x26mcTp2J/ta4/jKVxrr0zERPaa5OP0IwdO9aGxQZJs9wmwJSNZnucjHQMOxkiW9cB/32cRUQeGVCL/YUg15wHNtX2f1sE7xv131xdAG+MfXX9vJHY31kZ715KHVkbpene8D+2nbfz0262b6Rb9ex8CYFPXrkfEydHRjeNfko1/W3eyh2MebcP4B8/PnXT+81qn+U+uNf+JDvOffR1ydys2z//cvT4001U6/3un4/y3ddNqfCSrHWjM+fLJ+QulYjq2/S8ijkV+V1p/3P2cU2t36932tc//0i1tvzkXzM7j3uiuh58zP1ubfZqY292/HvFix/lv0ur/pEP/p6/H2R7bOFK89XK3fZvH/2zVv4t4pWP/51vHJI+/PznZuB4mm1fFRn/cOPJLt/a3O/60//eux/9XtiRs9X9mPGm/X1t98jZu7/672G3fVq//seTjRnkse+zKbK22NBUxlnyw8fHpf5/brDePT+M/dvTx41+n639PRHzSY/w3Dv/w0tbjf7bS+Oc7Xv/d+v/JC3ff//Tbzq3f7rH/X4+k7QZzL+Nfryf4VC8eAAAAAAAADJhcROyPJFdolXO5QmH98x2HY2+uVKnWjp+vLF+cj8Z3Zccjn2ve6T7Y9nmIqezzsM369CP1mYg4FBFfjexp1AtzldL8dgcPAAAAAAAAAAAAAAAAAAAAA2Jfl+//p34d2e6zA545P/kNw2vT/O/HLz0BA8n//zC85D8ML/kPw0v+w/CS/zC85D8ML/kPw0v+AwAAAAAAAAAAAAAAAAAAAAAAAAAAQF+dPXMm3eprD67OpfX5yyvLi5XLJ+aL1cVCeXmuMFdZulRYqFQWSsXCXKW82b9XqlQuTU3H8pXJWrFam6yurJ4rV5Yv1s5dKH9/IKKYfy5RAQAAAAAAAAAAAAAAAAAAwM5SXVldnC2ViksKjcKuGIjT2EGF0cE4DYU+FzoMFmPbMEABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQET8EwAA//+ndDnV") r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000000101010300000000000000000a0000030c0019800800010008000000100001800c0002"], 0x30}, 0x1, 0x0, 0x0, 0x8008001}, 0x24008854) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b}, 0x94) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) shutdown(r2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$nci(r3, 0x0, 0xfffffeea) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8040) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/seq/clients\x00', 0x0, 0x0) read$char_usb(r4, &(0x7f0000000000)=""/38, 0x26) socket$inet6_tcp(0xa, 0x1, 0x0) io_setup(0x6, &(0x7f0000000140)) r5 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$KDSKBENT(r5, 0x4b47, &(0x7f0000000400)={0x0, 0x7f, 0x20f}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) 1.706317939s ago: executing program 6 (id=686): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r1, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r2, &(0x7f0000000740)=[{{&(0x7f00000002c0)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000540)='P', 0x1}], 0x1}}], 0x1, 0x0) 1.405556218s ago: executing program 1 (id=687): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @private1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)='P', 0x1}], 0x1}}, {{&(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000002400)=[{&(0x7f0000000140)='i', 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, 0x0, 0x0) 1.405179306s ago: executing program 6 (id=688): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r4 = dup(r3) write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) write$binfmt_elf64(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102) 1.286590771s ago: executing program 0 (id=689): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00'}, 0x18) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) 1.249205677s ago: executing program 1 (id=690): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xfffffffc, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x10, 0xb, &(0x7f00000009c0)=@framed={{0x18, 0x2}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x8}, @exit]}, &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0xa}, 0x94) 1.154020404s ago: executing program 4 (id=691): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200008, &(0x7f0000000380)={[{@nolazytime}, {@auto_da_alloc}, {@sysvgroups}, {@norecovery}, {@jqfmt_vfsv0}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5ba}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x3}, 0x18) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000380)=@generic={&(0x7f0000000340)='./file0\x00', r2}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) io_pgetevents(0x0, 0x4, 0x0, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r3, 0x2007ffc) sendfile(r3, r3, 0x0, 0x800000009) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = open(&(0x7f0000000340)='./file1\x00', 0x4000, 0x0) preadv2(r4, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0) 1.132569933s ago: executing program 6 (id=692): r0 = socket$nl_route(0x10, 0x3, 0x0) fgetxattr(r0, &(0x7f0000000580)=@known='system.posix_acl_access\x00', 0x0, 0x0) 1.108537889s ago: executing program 0 (id=693): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xa, 0x7, 0x7ffc, 0xcc, 0x0, 0xffffffffffffffff, 0x8000c}, 0x50) 967.217889ms ago: executing program 1 (id=694): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) inotify_init() 821.53867ms ago: executing program 6 (id=695): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xd83, &(0x7f0000001c00)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xd75, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xd61, 0x0, @wg=@data={0x4, 0x7407, 0xfffdfffffffffffd, "9c67524ed6ed152d4f775bbc411126513b67aa2818e6f3aeb55bee6ae1049f195705bc8bd9b1085cd41af77353267df8a1d4cecdb01908186ea04e641c89a2ee0432e9c0894a8d7aff0c865e96548d507f048f907320b0f8b1e83b5f1425b63ad9c6adfd09578bbda92c9bd8f57d6efd752a6f20487ebea241d612212e3ccb077a5150c08f56aed6ee45acd4439043886b78cc5562b00bc57cf509d90b02a7bc86919f1b882f556e6aac5e9b93ee545b2b68bd014e2a49c332432ef4adeb61ac418aa4e20ee299f1a8b7a72e985223996b11a8913f3b1c23b10f88c3de28660457a37126fd3b6394536da0cd962f532ff22c496e1df4ffe049b193514c02571399d3618383a287068f4f15d51d1781cc0bc2af66ddc68135bfd33634e1a75be80630ce76ef79c86c9abb2fdc6d84367ea10fd8a6ee3c99eaec83c66bf5ffce6eb5ccc2546b6df905ff1aea223029ba2f7eb2469c5b8637b79347361f8cf0fa9d58a039e7811f343961b22c23d68b2c04eb8b5aeee7c6f71ce95cab886bf2694e0643d18761043e2d1dcb8ce0bdd15817a75f591b05146424797f729689e2a7bd53cb6c02fd15c339057c714794b407b342d12e69ec383b6ea6c99f845d04fd5128203c78a388fb0a1caf1f725f7636eb41e415951f8284a9c475760eb9312f7d6307037d472fbda509d56a0cf8e36d44f3f0b67fabdd2842ab4241cbfc7d309188d3a634129a13bfcac3b39b75d46bed585550ff7b41746dfd7e0f0c8a25e9f39deb7e2a4f0e068b86c6593b3b37838d2809eef3eb2f3120fde2fe3e9fef4e4bea1ddf3d17c40f753b37baaa110a8b4ad805d500e0235e9371b828993da25c5697d1001c8971b3862eef047730b242350403c851cd74cdea94501c0e2875a5830aa71733a0f022cb37e1cfffaee8eb0a23d51181a0691dadcd6b30a86a5fbf5c499120e265938f6430ffde09eb173327c2e25bdf22ae0d742141db856c4beee07af0ce37c078f6e59b41a29502cc01737c984185f6622a3ce02ed04daf2a7eb03c92a5a5ecce5973ef704aba9efcb99bf52f5c662d52f4399a13af760f9f9ff3d5930c3fae014b92ee0aded4ba51d95cf946d5f55f5b5d4603f8b76087d681ad77fc385fe114331c24a4ada85eaebf5405467dbe656b31b79a0f893864a13bda309a2fec2f4fc4858d9daf946df31f4077338bfc3116a45827ce8907ad691d241d3a8859a3672aeee3878e45b0be6f68194638dee30ba6735a6424e51f8b9a4965d37ab7ca96e167a5c32c8a935ff34693e24d067039db0f4ffe4dc5fe7c56a0d6e52a7cef9a6f1cc8b88d61d2258e3e0e8f2d7b699d4a22ab661f6afae5b48cc8fbc9ddfe57e76f274e65b210994fd96cd4deb6fdb795df4147ca0d876b1b08b64d20a28a358f48086c0f8d1f0741260f95adabba51f2d3f36107d49d46ba0c666232597bf08bfab60b5a432a1652e2c503fcf977ea6ff15c8e8f3bd9b7a3017c36be787d5a6579f5236b17d7bdc2c3918d9257e266bdf7929bb366d98d2b225c08c3c5ed22113b8c051c811bd1e52ecbe619dbc9579270c7cf69ac129e84a7141e689d9745d56e1cda6affdc1856757a6e39039b17d5286cf393186b99b20c54987087ece9972c39b4a05f1ca218c35254c666e7fcb7df4aa401cc79e1aade63732064ca80af164709a85fcf8ac72fa5ace60aa04d2ee0d5f051cb032f7c25100facb7ec1c247812b0de4f1c3c1ab98f904d9752cc427bc0445d8e27b51d5a8084087ea61f82ccc1114679f673753eddc7cfc00ba7e25db3391579ecdf638ab73078133e49b522d3d16bf2ebd06e7cefc24154088965ad3c9291c68f19f7cdd2943abc716ecf0b33fe249108da2b1f9abdbcb4dba89746a8c5711a41556efe5537327e253bd9ac68dc56516392292152b86ef118e25cac4e3c7c2b20bbc5bbc2d825c8dc14e9807aa6a423fdebfa7deee913c8f9f58bd967d43af1d65dc5ce72b2cd1a17ce34facd199bf2c62beeb752d156d6f31ea0323bc3ec0500587c485d8141f5b5ac81457df9396fbf98222212ef70527b6ed8d6e4d11156c8ecaee4692e068a72cb3b12686436028a7297956c48ee8fc393907edd3695fddbb786808c0a48182e3334e73fedcef0ee1bfbb13dce8a79b8822fd1ca0ed645f64d134c240844be5a7ac3aa15419ae79e7b1d721ae5abe1b0896c6189f23b65d79f5c3677b89f40aceff98dfca244a160dff264a2b14a3774064e1152fe0cabfc23e3e16dba5f46ea6af09fb3b8529022837c7e9303e3ecd0170fcc0e6fb0f3981d9f8f838412eae1a3dd13b7a980a642739e8abebed29db34c06460f09e27ddba1ed76b4ac6290235f6f81fcd3eb12af9821575b050aaf80d5c6c695807f7480f24e4bc0159744f9045a2d37574508d7e687482f775d0a4c471c4914e6a64b0d444037407b8d079751ddf4b14ed0ee6f1e622952a331a1a147f3a805fb7ca29c3c7feb2dddd0db795ac0ca327d95b19ff37bd8d553703014e5137f8c41b947d199f95f245d3354f9679876db736da5cfbd7cb9f80a12e50c895b999b670c9e161aa12e82c79d98fed5017e11674158a2f258ecc7c550f10dee6bb9d159316c567e3973e8aa30f157f6d30f239877021e7161c0a93c7b6bedccc7a3d8c9313f6f860d33ae0c162236853ae29d7a619bc306998e51c5d91a73475119a648700fbf3a41701ef87b440b83573a44339aea5806c0883470613e38baa518466dee2c671d96768f8d842feb5a812ea3ecd1e307a913a1032f06af2656b0a969b38366c39ca149205540391f36c897efb80aa43707c12e21544386fc232a45c9eb40a64c35edd4db20bd4970d642c0c2a0ee43ce8bf4d1bd84b3c3fa198cfc8d1f83960a1c3cd85a164926dc962a9078c5b079e0f4bb0b4e94b0aec3d13e7c47edc936927da2e6e7fe9485b0489bc4fdd1699611aeb00d767057602b8e53dfb4a6651c0f2873e5f60fdd7e2542d6aba79f491f87522f77427323e87386c89e1df9dd6e4f32be85c9eefbd6e6b177dde573b0d0bb8df828185aedc7aba2e6c3d4d9df393b203c1147f005860a6dd44dbcebead0eeb29fe3216930ef4a5994a93851df960d3be82d4294b64ba8295a59d099fd10afe39c2a79727a5447fa27909d53df6a00a63897261619e853036a6852e95ac6da62276007f2f3f386267cd8a0d136e645247e76db84e466e56ba42618b4fdef3e6d8c48dae5d03e1e369cd74042146e361cd6b4e654c8adc75446c454d3275a7d91646c4fb721966df9df3f761f10bebd212bfc87db9c48ffa0c6efcb17db3955f4a6f58919a036cda4f0a0c07a7306d2909adeeb474bd0bbec58865c4a5804108a014838673ff26438c162ec61e71bb880b154d475c71d500bfda3128b9fac2bccecb790dbd3075f424b1244f111c7eb5cbb7af0b6f3ec9cac20f82b1631822b940c03d697e213747627a5a7ed57414f2826888e515b88e61e69b742b053fe086ffc916abe00a41870cd332201d96c96bd174b369094b0da81ddc50affefa3709a358a5c00308d30a41d10b1c3f91a011bd246588336ff76dd60c10c3bbc8eec06adb3e73cc21d218b83eb9306e0650dd4e41bd65e15bb99a0653fc312251c174abed9e3ed04ef0378feaf78d839ebf61fda85c290f140cd3690cff881c348c57f504c50ca61986b29e58fdb0cbe276e42c982154762110c0f65b240aebe4291c66157629f0a45ea48e8e6a5dfe062214d635c5f828d1c888ec83a279ddac80f748c00e984248bef8e884590dcc1322aceb2d3b525618450fa0649e4ae8722769c6a32eb47161f7bf08bd59f903240ab9f790313b41607554b21ce45f10cde937f9f68fbb23ace0eaebd86b1201ea230c7f4c57f6594e655904db2a6d3d294f98fe630a524573f52c145b19eea382bc3adac7c7b62863bfa04f2d9fb9b93e7cda0fff4af897281580b879912ebd2c9c9d433ef479e886a477ce4538590179049aaff5e8e51b25db6c0300393a37c25c350e1e4effdd657f26de15199d39e134d1e7fe278b68377674a0e31a12e67096d44f62bd0353147041050fe44d9fbfc95fa8aa368e5868148a9e7a6f5551cf55f677b48ac2b4cd29a300d3cb9cd3a5ef486b9b3138018fb1568ce3f59385b98e93b7113dc85cd242bb57e545d6c151727d1c33ced565b2e29419bc6c458b45ab2107a55793618d20bd476e81ff79543cbace7b26a53a67a3f17ad0e2f2c0cc55f45d374ddc3cf8ada0c52cf1251cc4a6e1c7e84a1536cf328a0a392a3b79bbef1b40ad6e69811f3ec73b971c7cf6d64bfd0b183135d76fbb121aa99c753dce310f3288d460a1158a0c1c2ca4a66eadb38c6669dae4742a1da14b007555ffdae4e60f535ee23018dde93863b028346edc0f8da3ee5208b06fb107e921492ed9f2f2064d865afb5f955c80b1a6c5dbc540f1af7dd68925353d288fce304243f09d1791661027ea11f21ade9abb81a71343f1d405f35b01a504a99e08514f3b8307dce0b7c4305c0e531a538c6c11d8021183a87c2de3e1e384d114559601b948359f153d9845067683d8ef3dc75829a46211368ddf4837c021bf3ba1cc8005ab6902e094635f86f2f090851d5ac0af51c3aec46bdf9024ebe196351e2acd483f71821f033aa02d7bdee2fe987412bda115a5ce7f51dfdb78ce378485801fa10180339d3c5372a65cc46d2f0ef8ad3317062af5c243f81d920075e4874ea69081ba22d8be502422e973128c657da28f4f63d34919b5a4663544e244524263bae0a9a6c7455a16b5b860aedea7a2e"}}}}}}, 0x0) readv(r0, &(0x7f0000001780)=[{&(0x7f0000000380)=""/4090, 0xffa}], 0x1) 545.8681ms ago: executing program 6 (id=696): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x18) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 503.597495ms ago: executing program 0 (id=697): write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x182) pwrite64(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0xfecc) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) lsm_set_self_attr(0x0, 0x0, 0x0, 0x0) 207.75935ms ago: executing program 0 (id=698): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x9, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xe) r3 = getpid() capget(&(0x7f0000000100)={0x20080522, r3}, &(0x7f0000000180)={0x5, 0x8, 0xfffffffc, 0x7, 0xd, 0x9}) shutdown(r2, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000100)=0x6, 0x4) recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) 196.699613ms ago: executing program 4 (id=699): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x100, 0xffffffffffffffff, 0x10000}, 0x50) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000004c0)={r2, &(0x7f0000000340), 0x0}, 0x20) 0s ago: executing program 6 (id=700): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001cc0)=ANY=[@ANYBLOB="070000000c000000083e4c153693c5166f1bf167f0a07ebba702000021dfa08a1aca50daca41d99ef53c6f93cd084a869dc1ebb68018b72a48800212d66f7bc6796d30841444ff79e44a62676fdf946a048ea89d92d2030892e2ac6175720d78fb6746b5bf2baa9871d028572bf0b39331e59365d7879ed4c9aaa575f6789405feb4e2b8fac205e8190acb5066"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r2}, 0x18) r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000008c0)=@RTM_DELMDB={0x78, 0x55, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x0, 0x1, {@in6_addr=@rand_addr=' \x01\x00', 0x86dd}}}, @MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x0, 0x3, {@in6_addr=@private2, 0x86dd}}}, @MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x0, 0x3, {@ip4=@multicast1, 0x8edd}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x20018800}, 0x40000) r5 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r3) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000000c0)=@chain={'key_or_keyring:', r5}) listen(r0, 0x0) r6 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r6, &(0x7f0000000080), 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) write$tun(r7, &(0x7f0000000940)=ANY=[@ANYBLOB="0035110c1f15e14a31b313d4000000ffffffffffffaaaaaaaaaabb08004500452c00000000002f9078ac1e0001e00000010000645800189078040000110000000086ddffff00000000"], 0xfdef) setsockopt$sock_linger(r6, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) sendmmsg(r6, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x11}}], 0x1, 0x24008094) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1e) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8, 0x0, 0x1}, 0x18) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000240)='./file1\x00', 0x80c406, &(0x7f0000000540)=ANY=[@ANYBLOB='dots,dots,dmask=000000000200000,nodots,discard,nfs=nostale_ro,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c646f733178666c6f70707900000000000000003030ff1a59e117a07cd59231373737373737373756c0f39fdb37372c004c0f1208ec0c34b7df4ba1c1e6b76697434db8574db9bcaef6a61a12c3f260bebc7ac5b1b11361119b83f1cf9f686b715b8e58fd37cea6623dc422c2ddbcefe94e5c255b5e8c90613e6b598b3b7a2c05de53dab7"], 0x1, 0x291, &(0x7f0000000280)="$eJzs3M9r034YwPGn6dZ0+7Ifpy/oxQe96CXMelQPVTYQC0q3inoQMpZpaG1HErQVwZw97e8YHr0J4j+w/8LbEGSnnYyszbKs+4Wza2f7fkHJkzz5tE8SUp5PId16uv66uupbq3YgRl7FEAllR2RWXNmTiZe5dpxLtsvdgoRyY+7N9sfFZ88fFkul+bLqQnHpVkFVp698ffv+09VvwX9PPk+bpmzOvtj6Wfi++f/mpa1fS69cX11f641AbV1uNAJ7ueboiutXLdXHNcf2HXXrvuMdyK/WGmtrLbXrK1OTa57j+2rXW2pIS4OG5uOq6mpZlk5N7sZ5GSG5Px5R2SiX7eK5FIMLw/OKdlZEJg7dDZWNwVQEAAAG6fj+30j22ev/je7+X+SU/v9DvNf0l573/1lJ+v+q0+7/A6+l9kvbTff/ONHZ+n/jfIrB38iEqZV7B1KeV5w4ehD9PwAAAAAAAAAAAAAAAAAAAAAA/4KdKJqJomhmd2mISBSvmyKSTa0fMXSknq0fVunrH6VeZnyBT7j+GAKpB/fyIj/CZqVZybSXnfzCg9L8nLalHvzbbjYr2SR/s5PXg/lxmYzzhSPzObl+rZPfzd1/VErn15uVCVk5sfKwV6cAAAAAAIChZ2liNtmYl2R+b1lqSne+PX/vROH+7wNd8/sxuTzWv+MAAAAAAADH81vvqnat5nj9CbJ9/KwzByJnG347MntSRlZETtmnvCgy+BN1KDDlQpQxzMGdnr1hlBHpbBmPvwy67gIAAAAAw2V/PjDoSgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF39+OuyQR8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcFH8DgAA//8sg70h") lstat(&(0x7f0000000640)='./file1\x00', &(0x7f0000000800)) r10 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), r0) sendmsg$TIPC_CMD_ENABLE_BEARER(r9, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x34, r10, 0x10, 0x70bd27, 0x25dfdbfe, {{}, {}, {0x18, 0x17, {0xd, 0x59, @udp='udp:syz0\x00'}}}, ["", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) kernel console output (not intermixed with test programs): =1326 audit(1755756098.129:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6229 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 106.188828][ T30] audit: type=1326 audit(1755756098.129:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6229 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 106.550912][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 107.190660][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 107.684969][ T6263] loop4: detected capacity change from 0 to 1024 [ 107.830764][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 107.929695][ T6271] loop0: detected capacity change from 0 to 512 [ 107.998628][ T6271] EXT4-fs: Ignoring removed oldalloc option [ 108.000936][ T6263] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.139380][ T6274] loop1: detected capacity change from 0 to 2048 [ 108.147253][ T6271] EXT4-fs error (device loop0): ext4_xattr_inode_iget:432: comm syz.0.92: Parent and EA inode have the same ino 15 [ 108.178667][ T90] usb 3-1: USB disconnect, device number 2 [ 108.186930][ T90] em28xx 3-1:0.0: Disconnecting em28xx [ 108.200652][ T90] em28xx 3-1:0.0: Freeing device [ 108.269422][ T6271] EXT4-fs (loop0): Remounting filesystem read-only [ 108.276112][ T6271] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -30) [ 108.298739][ T6274] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.314105][ T6271] EXT4-fs (loop0): 1 orphan inode deleted [ 108.322612][ T6271] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.324701][ T5876] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.346505][ T6271] syz.0.92 uses obsolete (PF_INET,SOCK_PACKET) [ 108.359622][ T6271] netlink: 24 bytes leftover after parsing attributes in process `syz.0.92'. [ 108.383655][ T6274] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.452717][ T5865] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.717467][ T6289] netlink: 'syz.0.97': attribute type 13 has an invalid length. [ 108.732774][ T6289] netlink: 'syz.0.97': attribute type 14 has an invalid length. [ 109.462219][ T5873] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.517283][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 109.517306][ T30] audit: type=1326 audit(1755756102.539:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6299 comm="syz.5.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 109.573118][ T6302] loop5: detected capacity change from 0 to 512 [ 109.599264][ T30] audit: type=1326 audit(1755756102.539:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6299 comm="syz.5.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 109.671652][ T6302] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.694535][ T30] audit: type=1326 audit(1755756102.539:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6299 comm="syz.5.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 109.726496][ T6302] ext4 filesystem being mounted at /17/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 109.743923][ T6302] EXT4-fs error (device loop5): ext4_readdir:262: inode #12: block 32: comm syz.5.100: path /17/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 109.768329][ T30] audit: type=1326 audit(1755756102.539:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6299 comm="syz.5.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 109.837876][ T30] audit: type=1326 audit(1755756102.539:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6299 comm="syz.5.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 109.848722][ T6308] loop4: detected capacity change from 0 to 512 [ 109.887378][ T6302] EXT4-fs (loop5): Remounting filesystem read-only [ 109.905979][ T6308] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 110.079920][ T30] audit: type=1326 audit(1755756102.539:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6299 comm="syz.5.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 110.095529][ T6308] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.119079][ T30] audit: type=1326 audit(1755756102.539:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6299 comm="syz.5.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 110.150143][ T6308] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.183223][ T30] audit: type=1326 audit(1755756102.539:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6299 comm="syz.5.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 110.693415][ T30] audit: type=1326 audit(1755756102.539:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6299 comm="syz.5.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 110.814559][ T30] audit: type=1326 audit(1755756102.539:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6299 comm="syz.5.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 110.843834][ T5876] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.869359][ T5944] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 110.878210][ T5877] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.927234][ T6331] loop0: detected capacity change from 0 to 128 [ 111.029477][ T5944] usb 3-1: Using ep0 maxpacket: 16 [ 111.043323][ T5944] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 111.072897][ T5944] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 111.095534][ T5944] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 111.104918][ T5944] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.122807][ T6334] loop4: detected capacity change from 0 to 512 [ 111.192591][ T5944] usb 3-1: Product: syz [ 111.212539][ T6335] loop5: detected capacity change from 0 to 512 [ 111.219452][ T6335] EXT4-fs: Ignoring removed nobh option [ 111.238390][ T6334] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.761616][ T5944] usb 3-1: Manufacturer: syz [ 111.766251][ T5944] usb 3-1: SerialNumber: syz [ 111.796730][ T6335] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 111.819889][ T5944] usb 3-1: config 0 descriptor?? [ 111.842133][ T5944] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 111.851884][ T6334] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 111.862993][ T6335] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #3: comm syz.5.112: corrupted inode contents [ 111.871760][ T5944] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 111.930168][ T5876] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.938733][ T6335] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #3: comm syz.5.112: mark_inode_dirty error [ 111.977147][ T6335] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #3: comm syz.5.112: corrupted inode contents [ 112.049802][ T5947] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 112.056077][ T6335] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #3: comm syz.5.112: mark_inode_dirty error [ 112.128649][ T6335] EXT4-fs error (device loop5): ext4_acquire_dquot:6935: comm syz.5.112: Failed to acquire dquot type 0 [ 112.172555][ T6335] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.112: corrupted inode contents [ 112.214220][ T6335] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #16: comm syz.5.112: mark_inode_dirty error [ 112.227013][ T6335] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.112: corrupted inode contents [ 112.259054][ T5947] usb 2-1: Using ep0 maxpacket: 16 [ 112.283474][ T5947] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 112.301692][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 112.319458][ T6335] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #16: comm syz.5.112: mark_inode_dirty error [ 112.334482][ T6335] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.112: corrupted inode contents [ 112.344325][ T6354] ALSA: seq fatal error: cannot create timer (-19) [ 112.353692][ T5947] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 112.362950][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.370997][ T5947] usb 2-1: Product: syz [ 112.375203][ T6335] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 112.384767][ T5947] usb 2-1: Manufacturer: syz [ 112.389454][ T5947] usb 2-1: SerialNumber: syz [ 112.390151][ T6335] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.112: corrupted inode contents [ 112.395629][ T5947] usb 2-1: config 0 descriptor?? [ 112.418486][ T5947] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 112.435697][ T6335] EXT4-fs error (device loop5): ext4_truncate:4666: inode #16: comm syz.5.112: mark_inode_dirty error [ 112.450928][ T5947] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 112.462290][ T6335] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 112.472797][ T6335] EXT4-fs (loop5): 1 truncate cleaned up [ 112.482125][ T6335] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.498167][ T6335] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.520671][ T5944] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 112.527694][ T6361] netlink: 'syz.0.117': attribute type 13 has an invalid length. [ 112.528386][ T6335] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.556858][ T6361] netlink: 'syz.0.117': attribute type 14 has an invalid length. [ 112.570981][ T5944] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 113.399068][ T6372] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.408846][ T6372] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.549607][ T5947] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 113.559653][ T5947] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 113.615496][ T5944] em28xx 3-1:0.0: AC97 chip type couldn't be determined [ 113.647180][ T5944] em28xx 3-1:0.0: No AC97 audio processor [ 113.877936][ T6386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.356097][ T6386] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.588107][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 114.588132][ T30] audit: type=1326 audit(1755756107.609:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.0.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 114.625483][ T6393] loop5: detected capacity change from 0 to 128 [ 114.779099][ T5947] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 114.779131][ T5947] em28xx 2-1:0.0: No AC97 audio processor [ 114.835016][ T6393] bridge0: port 1(bridge_slave_0) entered listening state [ 114.893085][ T30] audit: type=1326 audit(1755756107.609:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.0.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 114.893148][ T30] audit: type=1326 audit(1755756107.869:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.0.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 114.893204][ T30] audit: type=1326 audit(1755756107.869:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.0.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 114.893259][ T30] audit: type=1326 audit(1755756107.869:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.0.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 114.910722][ T30] audit: type=1326 audit(1755756107.929:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.0.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 114.910785][ T30] audit: type=1326 audit(1755756107.929:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.0.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 114.910847][ T30] audit: type=1326 audit(1755756107.929:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.0.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 114.910904][ T30] audit: type=1326 audit(1755756107.929:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.0.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 114.910959][ T30] audit: type=1326 audit(1755756107.929:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.0.125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 115.054328][ T6392] loop0: detected capacity change from 0 to 512 [ 115.296304][ T6392] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.296387][ T6392] ext4 filesystem being mounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 115.328072][ T6403] loop3: detected capacity change from 0 to 1024 [ 115.338793][ T6403] EXT4-fs: Ignoring removed orlov option [ 115.379994][ T6392] EXT4-fs error (device loop0): ext4_readdir:262: inode #12: block 32: comm syz.0.125: path /23/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 115.417014][ T6403] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.491759][ T6392] EXT4-fs (loop0): Remounting filesystem read-only [ 115.550588][ T5947] usb 3-1: USB disconnect, device number 3 [ 115.557891][ T5947] em28xx 3-1:0.0: Disconnecting em28xx [ 115.581343][ T5947] em28xx 3-1:0.0: Freeing device [ 116.009818][ T5865] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.034046][ T5868] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.196723][ T6431] loop3: detected capacity change from 0 to 512 [ 116.228228][ T6431] EXT4-fs: Ignoring removed oldalloc option [ 116.247248][ T6431] EXT4-fs error (device loop3): ext4_xattr_inode_iget:432: comm syz.3.136: Parent and EA inode have the same ino 15 [ 116.265188][ T6431] EXT4-fs (loop3): Remounting filesystem read-only [ 116.284389][ T6431] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -30) [ 116.302409][ T6433] veth0_vlan: entered allmulticast mode [ 116.321193][ T6431] EXT4-fs (loop3): 1 orphan inode deleted [ 116.327601][ T6431] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.352279][ T6431] netlink: 24 bytes leftover after parsing attributes in process `syz.3.136'. [ 116.479677][ T5868] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.765660][ T6433] ÿÿÿÿÿÿ: renamed from vlan1 [ 116.780388][ T6446] program syz.0.141 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 116.958652][ T6450] loop4: detected capacity change from 0 to 1024 [ 116.978720][ T6450] EXT4-fs: Ignoring removed orlov option [ 117.051755][ T6450] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.281174][ T5975] usb 2-1: USB disconnect, device number 2 [ 117.288791][ T5975] em28xx 2-1:0.0: Disconnecting em28xx [ 117.322271][ T5975] em28xx 2-1:0.0: Freeing device [ 117.433508][ T5876] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.495800][ T6459] netlink: 4 bytes leftover after parsing attributes in process `syz.2.145'. [ 117.584530][ T6463] loop5: detected capacity change from 0 to 512 [ 117.612841][ T6465] netlink: 'syz.3.150': attribute type 1 has an invalid length. [ 117.630839][ T6463] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 117.698905][ T6463] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2847: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 117.721822][ T6463] EXT4-fs (loop5): 1 truncate cleaned up [ 117.724392][ T6465] 8021q: adding VLAN 0 to HW filter on device bond1 [ 117.728483][ T6463] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.775107][ T6469] loop4: detected capacity change from 0 to 512 [ 117.858117][ T6475] bond1: (slave veth3): Enslaving as an active interface with a down link [ 117.867947][ T6469] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.001956][ T6469] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 118.081413][ T6469] EXT4-fs error (device loop4): ext4_readdir:262: inode #12: block 32: comm syz.4.148: path /29/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 118.088479][ T6481] loop0: detected capacity change from 0 to 164 [ 118.148450][ T6469] EXT4-fs (loop4): Remounting filesystem read-only [ 118.160694][ T6465] vlan2: entered allmulticast mode [ 118.165823][ T6465] veth0_to_bond: entered allmulticast mode [ 118.196482][ T6481] iso9660: Unknown parameter '' [ 118.215207][ T5877] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.261418][ T6465] veth0_to_bond: entered promiscuous mode [ 118.272167][ T6481] netlink: 60 bytes leftover after parsing attributes in process `syz.0.153'. [ 118.284891][ T6465] veth0_to_bond: left promiscuous mode [ 118.315035][ T6481] netlink: 60 bytes leftover after parsing attributes in process `syz.0.153'. [ 118.327372][ T6465] bond1: (slave vlan2): making interface the new active one [ 118.489795][ T6465] veth0_to_bond: entered promiscuous mode [ 118.521889][ T6465] vlan2: entered promiscuous mode [ 118.535723][ T6465] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 118.838790][ T6481] netlink: 60 bytes leftover after parsing attributes in process `syz.0.153'. [ 118.868163][ T6481] netlink: 60 bytes leftover after parsing attributes in process `syz.0.153'. [ 118.980319][ T5876] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.076747][ T6488] sctp: failed to load transform for md5: -2 [ 119.644319][ T6523] Zero length message leads to an empty skb [ 121.088685][ T6530] netlink: 4 bytes leftover after parsing attributes in process `syz.0.165'. [ 121.570204][ T30] kauditd_printk_skb: 77 callbacks suppressed [ 121.570227][ T30] audit: type=1326 audit(1755756114.599:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 121.728558][ T6546] loop5: detected capacity change from 0 to 512 [ 121.872867][ T30] audit: type=1326 audit(1755756114.629:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 121.873806][ T6539] loop0: detected capacity change from 0 to 512 [ 121.908900][ T6546] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 121.910106][ C0] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.939853][ T30] audit: type=1326 audit(1755756114.629:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 121.998564][ T6546] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.169098][ T30] audit: type=1326 audit(1755756114.629:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 122.199174][ T30] audit: type=1326 audit(1755756114.629:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 122.233994][ T30] audit: type=1326 audit(1755756114.629:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 122.329406][ T5947] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 122.338708][ T6539] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.375151][ T6539] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 122.405718][ T30] audit: type=1326 audit(1755756114.629:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 122.435582][ T6560] loop1: detected capacity change from 0 to 512 [ 122.438517][ T6539] EXT4-fs error (device loop0): ext4_readdir:262: inode #12: block 32: comm syz.0.169: path /29/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 122.541520][ T5877] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 122.544556][ T5947] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 122.550781][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.624823][ T6539] EXT4-fs (loop0): Remounting filesystem read-only [ 122.644396][ T5947] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 122.661064][ T6562] netlink: 36 bytes leftover after parsing attributes in process `syz.3.176'. [ 122.697724][ T5947] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 122.697773][ T5947] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 122.697803][ T5947] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.730769][ T6562] netlink: 16 bytes leftover after parsing attributes in process `syz.3.176'. [ 122.749152][ T30] audit: type=1326 audit(1755756114.629:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 122.762003][ T5947] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 122.822242][ T6562] netlink: 36 bytes leftover after parsing attributes in process `syz.3.176'. [ 122.834502][ T5947] usb 3-1: invalid MIDI out EP 0 [ 122.886917][ T6562] netlink: 36 bytes leftover after parsing attributes in process `syz.3.176'. [ 122.955440][ T6555] delete_channel: no stack [ 122.986269][ T30] audit: type=1326 audit(1755756114.629:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 122.987337][ T6560] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.034355][ T6560] ext4 filesystem being mounted at /23/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.078611][ T30] audit: type=1326 audit(1755756114.629:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 123.085409][ T5888] udevd[5888]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 123.141481][ T5947] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 123.184438][ T5865] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.193716][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 123.266161][ T5947] usb 3-1: USB disconnect, device number 4 [ 123.565722][ T5873] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.631074][ T5947] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 123.653426][ T6578] program syz.0.182 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 123.801253][ T5947] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 123.851690][ T5947] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 123.885717][ T6580] loop5: detected capacity change from 0 to 8192 [ 123.899109][ T5947] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 123.934598][ T6580] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.945266][ T5947] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 123.975844][ T5947] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 124.012590][ T5947] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.038793][ T5947] usb 3-1: config 0 descriptor?? [ 124.485945][ T6596] bridge0: port 1(bridge_slave_0) entered listening state [ 125.077202][ T6605] loop5: detected capacity change from 0 to 1024 [ 125.137915][ T6605] EXT4-fs: Ignoring removed orlov option [ 125.179314][ T6603] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.186865][ T6603] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.267605][ T6605] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.682726][ T6603] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 125.757939][ T6603] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.067936][ T5947] hdpvr 3-1:0.0: unexpected answer of status request, len -71 [ 126.101532][ T5947] hdpvr 3-1:0.0: device init failed [ 126.124974][ T5877] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.136661][ T5947] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12 [ 126.176930][ T5947] usb 3-1: USB disconnect, device number 5 [ 126.222960][ T6630] loop3: detected capacity change from 0 to 1024 [ 126.332354][ T6630] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 126.423358][ T60] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.466219][ T6630] ext4 filesystem being mounted at /40/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.510332][ T60] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.534209][ T60] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.634384][ T6644] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 126.755893][ T6644] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 96 with error 28 [ 126.787014][ T60] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.828409][ T6643] bridge0: port 1(bridge_slave_0) entered listening state [ 126.899030][ T6644] EXT4-fs (loop3): This should not happen!! Data will be lost [ 126.899030][ T6644] [ 126.946332][ T6644] EXT4-fs (loop3): Total free blocks count 0 [ 127.116461][ T6644] EXT4-fs (loop3): Free/Dirty block details [ 127.122743][ T6644] EXT4-fs (loop3): free_blocks=4293918720 [ 127.167666][ T6644] EXT4-fs (loop3): dirty_blocks=1840 [ 128.374756][ T6644] EXT4-fs (loop3): Block reservation details [ 128.380865][ T6644] EXT4-fs (loop3): i_reserved_data_blocks=115 [ 128.408834][ T6656] program syz.4.207 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 128.472412][ T12] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: comm kworker/u8:0: lblock 0 mapped to illegal pblock 0 (length 6) [ 128.568382][ T12] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 128.614092][ T12] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 8: comm kworker/u8:0: lblock 8 mapped to illegal pblock 8 (length 8) [ 128.744720][ T6665] loop5: detected capacity change from 0 to 1024 [ 128.805917][ T6665] EXT4-fs: Ignoring removed orlov option [ 128.978160][ T6665] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.109180][ T30] kauditd_printk_skb: 78 callbacks suppressed [ 129.109205][ T30] audit: type=1800 audit(1755756122.129:338): pid=6665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.211" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 129.181921][ T30] audit: type=1804 audit(1755756122.209:339): pid=6683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.211" name="/newroot/36/file1/file1" dev="loop5" ino=15 res=1 errno=0 [ 129.216529][ T30] audit: type=1800 audit(1755756122.209:340): pid=6683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.211" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 129.297605][ T6688] loop3: detected capacity change from 0 to 512 [ 129.340928][ T6688] EXT4-fs: Ignoring removed i_version option [ 129.458802][ T6688] EXT4-fs: journaled quota format not specified [ 129.509078][ T5933] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 129.529317][ T60] bio_check_eod: 9 callbacks suppressed [ 129.529337][ T60] kworker/u8:4: attempt to access beyond end of device [ 129.529337][ T60] loop2: rw=0, sector=65, nr_sectors = 1 limit=0 [ 129.609257][ T60] FAT-fs (loop2): unable to read inode block for updating (i_pos 1050) [ 129.669150][ T5933] usb 1-1: Using ep0 maxpacket: 16 [ 129.793891][ T5933] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.836102][ T5933] usb 1-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00 [ 129.848063][ T5877] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.889070][ T5933] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.927393][ T5933] usb 1-1: config 0 descriptor?? [ 130.073916][ T6678] infiniband syz!: set active [ 130.105340][ T6678] infiniband syz!: added team_slave_0 [ 130.128849][ T6678] syz!: rxe_create_cq: returned err = -12 [ 130.178886][ T6678] infiniband syz!: Couldn't create ib_mad CQ [ 130.215048][ T6706] loop1: detected capacity change from 0 to 1024 [ 130.223432][ T6678] infiniband syz!: Couldn't open port 1 [ 130.332347][ T6706] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 130.356620][ T6706] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.368154][ T6678] RDS/IB: syz!: added [ 130.376170][ T6714] loop4: detected capacity change from 0 to 1024 [ 130.397362][ T6678] smc: adding ib device syz! with port count 1 [ 130.450905][ T6714] EXT4-fs: Ignoring removed orlov option [ 130.460988][ T6678] smc: ib device syz! port 1 has pnetid [ 130.538241][ T6714] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 130.602287][ T30] audit: type=1326 audit(1755756123.629:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6705 comm="syz.1.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6bf58ebe9 code=0x7ffc0000 [ 130.630869][ T30] audit: type=1326 audit(1755756123.629:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6705 comm="syz.1.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7fd6bf58ebe9 code=0x7ffc0000 [ 130.880158][ T30] audit: type=1326 audit(1755756123.629:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6705 comm="syz.1.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6bf58ebe9 code=0x7ffc0000 [ 130.944188][ T30] audit: type=1326 audit(1755756123.629:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6705 comm="syz.1.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd6bf58ebe9 code=0x7ffc0000 [ 131.183233][ T30] audit: type=1800 audit(1755756123.819:345): pid=6714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.224" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 131.438525][ T5876] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.456646][ T4334] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: comm kworker/u8:8: lblock 0 mapped to illegal pblock 0 (length 6) [ 131.499837][ T30] audit: type=1804 audit(1755756123.919:346): pid=6722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.224" name="/newroot/43/file1/file1" dev="loop4" ino=15 res=1 errno=0 [ 131.584377][ T30] audit: type=1800 audit(1755756123.919:347): pid=6722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.224" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 131.626045][ T4334] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 131.797501][ T4334] EXT4-fs (loop1): This should not happen!! Data will be lost [ 131.797501][ T4334] [ 132.132520][ T60] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 8: comm kworker/u8:4: lblock 8 mapped to illegal pblock 8 (length 8) [ 132.269063][ T60] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 132.289650][ T6735] program syz.4.229 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 132.331342][ T60] EXT4-fs (loop1): This should not happen!! Data will be lost [ 132.331342][ T60] [ 132.413482][ T5873] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 132.599533][ T60] vlan2: left promiscuous mode [ 132.968398][ T5933] usbhid 1-1:0.0: can't add hid device: -71 [ 132.993235][ T5933] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 133.108386][ T5933] usb 1-1: USB disconnect, device number 2 [ 133.413563][ T6750] loop0: detected capacity change from 0 to 2048 [ 133.463257][ T6750] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.510535][ T6750] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.990364][ T5865] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.081576][ T6767] netlink: 'syz.5.237': attribute type 12 has an invalid length. [ 134.601742][ T6770] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.844009][ T6770] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.862312][ T6773] loop4: detected capacity change from 0 to 1024 [ 134.884978][ T6773] EXT4-fs: Ignoring removed orlov option [ 134.944599][ T6770] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.092162][ T6773] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 135.197300][ T30] audit: type=1800 audit(1755756128.219:348): pid=6773 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.239" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 135.217689][ C1] vkms_vblank_simulate: vblank timer overrun [ 135.250415][ T30] audit: type=1804 audit(1755756128.269:349): pid=6780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.239" name="/newroot/46/file1/file1" dev="loop4" ino=15 res=1 errno=0 [ 135.273022][ T30] audit: type=1800 audit(1755756128.269:350): pid=6780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.239" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 135.385708][ T6770] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.030312][ T5876] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.078137][ T60] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.219425][ T36] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.247419][ T36] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.255828][ T6793] netlink: 'syz.1.246': attribute type 13 has an invalid length. [ 137.292177][ T6793] netlink: 'syz.1.246': attribute type 14 has an invalid length. [ 137.306827][ T36] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.336560][ T6799] loop4: detected capacity change from 0 to 128 [ 137.386338][ T6799] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 137.394337][ T30] audit: type=1800 audit(1755756130.409:351): pid=6799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.245" name="file2" dev="loop4" ino=1048608 res=0 errno=0 [ 137.425611][ T6799] FAT-fs (loop4): Filesystem has been set read-only [ 137.457188][ T6799] syz.4.245: attempt to access beyond end of device [ 137.457188][ T6799] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 137.539997][ T6799] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 137.555179][ T6799] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 137.685285][ T6799] syz.4.245: attempt to access beyond end of device [ 137.685285][ T6799] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 137.857584][ T6799] syz.4.245: attempt to access beyond end of device [ 137.857584][ T6799] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 137.884079][ T6801] syz.4.245: attempt to access beyond end of device [ 137.884079][ T6801] loop4: rw=0, sector=2065, nr_sectors = 1 limit=128 [ 138.549048][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 139.109127][ T6801] Buffer I/O error on dev loop4, logical block 2065, async page read [ 139.117327][ T6801] syz.4.245: attempt to access beyond end of device [ 139.117327][ T6801] loop4: rw=0, sector=2066, nr_sectors = 1 limit=128 [ 139.220439][ T30] audit: type=1326 audit(1755756132.249:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6813 comm="syz.3.252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70fab8ebe9 code=0x7ffc0000 [ 139.293334][ T6801] Buffer I/O error on dev loop4, logical block 2066, async page read [ 139.301799][ T30] audit: type=1326 audit(1755756132.249:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6813 comm="syz.3.252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70fab8ebe9 code=0x7ffc0000 [ 139.336323][ T30] audit: type=1326 audit(1755756132.249:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6813 comm="syz.3.252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f70fab8ebe9 code=0x7ffc0000 [ 139.336376][ T30] audit: type=1326 audit(1755756132.249:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6813 comm="syz.3.252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70fab8ebe9 code=0x7ffc0000 [ 139.336427][ T30] audit: type=1326 audit(1755756132.249:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6813 comm="syz.3.252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70fab8ebe9 code=0x7ffc0000 [ 139.336479][ T30] audit: type=1326 audit(1755756132.249:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6813 comm="syz.3.252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f70fab8ebe9 code=0x7ffc0000 [ 139.383564][ T6809] mmap: syz.0.249 (6809) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 139.405432][ T6801] syz.4.245: attempt to access beyond end of device [ 139.405432][ T6801] loop4: rw=0, sector=2067, nr_sectors = 1 limit=128 [ 139.405477][ T6801] Buffer I/O error on dev loop4, logical block 2067, async page read [ 139.405555][ T6801] syz.4.245: attempt to access beyond end of device [ 139.405555][ T6801] loop4: rw=0, sector=2068, nr_sectors = 1 limit=128 [ 139.405616][ T6801] Buffer I/O error on dev loop4, logical block 2068, async page read [ 139.405693][ T6801] syz.4.245: attempt to access beyond end of device [ 139.405693][ T6801] loop4: rw=0, sector=2069, nr_sectors = 1 limit=128 [ 139.405730][ T6801] Buffer I/O error on dev loop4, logical block 2069, async page read [ 139.405803][ T6801] syz.4.245: attempt to access beyond end of device [ 139.405803][ T6801] loop4: rw=0, sector=2070, nr_sectors = 1 limit=128 [ 139.405840][ T6801] Buffer I/O error on dev loop4, logical block 2070, async page read [ 139.405915][ T6801] syz.4.245: attempt to access beyond end of device [ 139.405915][ T6801] loop4: rw=0, sector=2071, nr_sectors = 1 limit=128 [ 139.405952][ T6801] Buffer I/O error on dev loop4, logical block 2071, async page read [ 139.406029][ T6801] Buffer I/O error on dev loop4, logical block 2072, async page read [ 139.843895][ T6825] loop3: detected capacity change from 0 to 512 [ 139.887339][ T6825] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.887418][ T6825] ext4 filesystem being mounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 139.897115][ T6825] EXT4-fs error (device loop3): ext4_readdir:262: inode #12: block 32: comm syz.3.252: path /47/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 139.897372][ T6825] EXT4-fs (loop3): Remounting filesystem read-only [ 140.028232][ T6831] loop4: detected capacity change from 0 to 1024 [ 140.060414][ T6831] EXT4-fs: Ignoring removed orlov option [ 141.257536][ T6843] netlink: 4 bytes leftover after parsing attributes in process `syz.2.260'. [ 142.037301][ T6831] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.114734][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 142.114757][ T30] audit: type=1800 audit(1755756135.129:372): pid=6831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.257" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 142.308798][ T30] audit: type=1326 audit(1755756135.159:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6813 comm="syz.3.252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70fab8ebe9 code=0x7ffc0000 [ 142.331537][ T30] audit: type=1326 audit(1755756135.159:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6813 comm="syz.3.252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70fab8ebe9 code=0x7ffc0000 [ 142.354114][ T30] audit: type=1804 audit(1755756135.179:375): pid=6848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.257" name="/newroot/48/file1/file1" dev="loop4" ino=15 res=1 errno=0 [ 142.442893][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 142.470172][ T5868] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.569345][ T30] audit: type=1800 audit(1755756135.179:376): pid=6848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.257" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 142.593745][ T30] audit: type=1326 audit(1755756135.469:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6849 comm="syz.2.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 142.650208][ T5876] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.745731][ T30] audit: type=1326 audit(1755756135.469:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6849 comm="syz.2.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 142.823289][ T6858] loop3: detected capacity change from 0 to 1024 [ 142.974069][ T6858] EXT4-fs: Ignoring removed i_version option [ 143.032311][ T6858] EXT4-fs: Ignoring removed nobh option [ 143.095172][ T6858] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.187177][ T6858] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4182: comm syz.3.263: Allocating blocks 385-513 which overlap fs metadata [ 143.235592][ T6870] smc: net device bond0 applied user defined pnetid SYZ0 [ 143.269795][ T6857] EXT4-fs (loop3): pa ffff888076276ae0: logic 16, phys. 129, len 24 [ 143.277842][ T6857] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5433: group 0, free 0, pa_free 8 [ 143.298872][ T6870] smc: net device bond0 erased user defined pnetid SYZ0 [ 143.432832][ T5868] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.545562][ T6884] loop1: detected capacity change from 0 to 512 [ 143.618490][ T6884] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.640879][ T6884] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.729890][ T6884] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 143.926319][ T6884] netlink: 28 bytes leftover after parsing attributes in process `syz.1.275'. [ 143.950047][ T6884] netlink: 32 bytes leftover after parsing attributes in process `syz.1.275'. [ 143.971786][ T6884] netlink: 28 bytes leftover after parsing attributes in process `syz.1.275'. [ 143.990635][ T6901] netlink: 8 bytes leftover after parsing attributes in process `syz.2.281'. [ 143.995124][ T6884] netlink: 32 bytes leftover after parsing attributes in process `syz.1.275'. [ 144.029855][ T6903] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 144.136549][ T30] audit: type=1326 audit(1755756137.159:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6905 comm="syz.4.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 144.190438][ T30] audit: type=1326 audit(1755756137.159:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6905 comm="syz.4.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 144.229336][ T30] audit: type=1326 audit(1755756137.159:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6905 comm="syz.4.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 144.232561][ T5944] IPVS: starting estimator thread 0... [ 144.409632][ T6909] IPVS: using max 32 ests per chain, 76800 per kthread [ 144.410649][ T5873] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.868163][ T90] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 145.119057][ T90] usb 3-1: Using ep0 maxpacket: 16 [ 145.165393][ T90] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.181373][ T6936] tipc: Started in network mode [ 145.202689][ T6936] tipc: Node identity ac14140f, cluster identity 4711 [ 145.226058][ T6936] tipc: New replicast peer: 255.255.255.255 [ 145.233077][ T90] usb 3-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00 [ 145.267000][ T90] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.269512][ T6936] tipc: Enabled bearer , priority 10 [ 145.396347][ T90] usb 3-1: config 0 descriptor?? [ 145.928622][ T6953] loop5: detected capacity change from 0 to 128 [ 146.275418][ T6958] netlink: 12 bytes leftover after parsing attributes in process `syz.5.303'. [ 146.418438][ T5933] tipc: Node number set to 2886997007 [ 146.563528][ T6960] syzkaller0: entered promiscuous mode [ 146.596038][ T6960] syzkaller0: entered allmulticast mode [ 148.695221][ T90] usbhid 3-1:0.0: can't add hid device: -71 [ 148.716003][ T90] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 148.754306][ T90] usb 3-1: USB disconnect, device number 6 [ 148.866477][ T6992] program syz.2.315 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 149.042749][ T6996] loop1: detected capacity change from 0 to 128 [ 149.277566][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 149.277590][ T30] audit: type=1326 audit(1755756142.299:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7003 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 149.307607][ T30] audit: type=1326 audit(1755756142.299:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7003 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 149.345531][ T30] audit: type=1326 audit(1755756142.319:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7003 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 149.373757][ T7004] loop0: detected capacity change from 0 to 512 [ 149.411358][ T30] audit: type=1326 audit(1755756142.319:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7003 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 149.439732][ T30] audit: type=1326 audit(1755756142.319:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7003 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 149.473588][ T7004] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.530069][ T7004] ext4 filesystem being mounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 149.573027][ T30] audit: type=1326 audit(1755756142.319:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7003 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 149.596828][ T30] audit: type=1326 audit(1755756142.319:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7003 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 149.626903][ T30] audit: type=1326 audit(1755756142.319:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7003 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 149.716563][ T7004] EXT4-fs error (device loop0): ext4_readdir:262: inode #12: block 32: comm syz.0.319: path /47/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 149.785064][ T30] audit: type=1326 audit(1755756142.319:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7003 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 149.812468][ T7004] EXT4-fs (loop0): Remounting filesystem read-only [ 149.843611][ T7010] vlan2: entered allmulticast mode [ 149.858927][ T30] audit: type=1326 audit(1755756142.369:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7003 comm="syz.0.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 149.895581][ T7010] hsr0: entered allmulticast mode [ 149.903382][ T7010] hsr_slave_0: entered allmulticast mode [ 149.952534][ T7010] hsr_slave_1: entered allmulticast mode [ 150.179757][ T5865] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.917177][ T7032] loop4: detected capacity change from 0 to 1024 [ 152.000474][ T7032] EXT4-fs: Ignoring removed orlov option [ 152.079589][ T7032] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.498138][ T7049] loop5: detected capacity change from 0 to 512 [ 152.512311][ T7049] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 152.576422][ T7049] EXT4-fs (loop5): 1 truncate cleaned up [ 152.670184][ T7049] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.858447][ T7055] netlink: 'syz.3.334': attribute type 12 has an invalid length. [ 153.022740][ T5876] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.375603][ T5877] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.777078][ T7069] batadv_slave_1: entered promiscuous mode [ 153.785797][ T7068] batadv_slave_1: left promiscuous mode [ 153.909068][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.269130][ T5944] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 154.392781][ T7082] program syz.0.342 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 154.439058][ T5944] usb 4-1: Using ep0 maxpacket: 16 [ 154.445809][ T5944] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 154.471989][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 154.500435][ T7083] loop5: detected capacity change from 0 to 512 [ 154.534834][ T7083] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 154.562950][ T5944] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 154.589170][ T5944] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.606031][ T5944] usb 4-1: Product: syz [ 154.615823][ T7083] EXT4-fs (loop5): 1 truncate cleaned up [ 154.648125][ T7083] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.677207][ T5944] usb 4-1: Manufacturer: syz [ 154.717470][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 154.725386][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 154.725766][ T5944] usb 4-1: SerialNumber: syz [ 154.732850][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 154.732887][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 154.732921][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 154.796327][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 154.830011][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 154.842606][ T5944] usb 4-1: config 0 descriptor?? [ 154.865533][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 154.869907][ T5944] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 154.895546][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 154.916851][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 154.938357][ T49] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 154.948464][ T5944] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 155.005039][ T5877] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.162376][ T7095] netlink: 16 bytes leftover after parsing attributes in process `syz.1.348'. [ 155.177618][ T30] kauditd_printk_skb: 49 callbacks suppressed [ 155.177640][ T30] audit: type=1326 audit(1755756148.209:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7097 comm="syz.5.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 155.256036][ T30] audit: type=1326 audit(1755756148.239:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7097 comm="syz.5.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 155.369504][ T7092] fido_id[7092]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 155.399844][ T30] audit: type=1326 audit(1755756148.249:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7097 comm="syz.5.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 155.944211][ T5944] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 155.964691][ T5944] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 155.974545][ T30] audit: type=1326 audit(1755756148.269:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7099 comm="syz.5.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 155.999286][ T30] audit: type=1326 audit(1755756148.269:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7097 comm="syz.5.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 156.030409][ T30] audit: type=1326 audit(1755756148.269:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7097 comm="syz.5.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 156.073955][ T30] audit: type=1326 audit(1755756148.459:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7097 comm="syz.5.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 156.108542][ T7105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 156.139110][ T30] audit: type=1326 audit(1755756148.459:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7097 comm="syz.5.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 156.149596][ T7105] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 156.184865][ T30] audit: type=1326 audit(1755756148.459:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7097 comm="syz.5.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 156.390838][ T30] audit: type=1326 audit(1755756148.459:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7097 comm="syz.5.346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 156.495282][ T7108] netlink: 'syz.0.350': attribute type 13 has an invalid length. [ 156.622016][ T7113] loop0: detected capacity change from 0 to 1024 [ 156.653488][ T7113] EXT4-fs: inline encryption not supported [ 156.693688][ T7113] EXT4-fs: Ignoring removed i_version option [ 156.752829][ T7113] EXT4-fs: test_dummy_encryption requires encrypt feature [ 156.869890][ T7108] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.877325][ T7108] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.938462][ T7108] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 156.953069][ T7108] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 157.054230][ T6298] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.089714][ T6298] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.148031][ T6298] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.189407][ T5944] em28xx 4-1:0.0: AC97 chip type couldn't be determined [ 157.205936][ T6298] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.222212][ T5944] em28xx 4-1:0.0: No AC97 audio processor [ 157.330444][ T7122] binfmt_misc: register: failed to install interpreter file ./file0 [ 157.735086][ T7130] netlink: 'syz.1.353': attribute type 12 has an invalid length. [ 159.928377][ T7174] loop0: detected capacity change from 0 to 512 [ 159.984385][ T7174] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002] [ 160.036574][ T7174] System zones: 0-2, 18-18, 34-34 [ 160.060165][ T7174] EXT4-fs (loop0): orphan cleanup on readonly fs [ 160.094893][ T7174] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm syz.0.356: bg 0: block 248: padding at end of block bitmap is not set [ 160.122784][ T7174] EXT4-fs error (device loop0): ext4_acquire_dquot:6935: comm syz.0.356: Failed to acquire dquot type 1 [ 160.182747][ T7185] loop4: detected capacity change from 0 to 128 [ 160.197113][ T7187] program syz.1.362 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 160.210136][ T7174] EXT4-fs (loop0): 1 orphan inode deleted [ 160.229294][ T7150] __quota_error: 21 callbacks suppressed [ 160.229311][ T7150] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-5 [ 160.244215][ T7150] EXT4-fs error (device loop0): ext4_release_dquot:6971: comm kworker/u8:11: Failed to release dquot type 1 [ 160.325720][ T7174] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 160.482359][ T5933] hid_parser_main: 33 callbacks suppressed [ 160.482390][ T5933] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 160.526272][ T5865] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.596171][ T5933] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 160.999377][ T7202] netlink: 8 bytes leftover after parsing attributes in process `syz.0.368'. [ 161.077038][ T49] usb 4-1: USB disconnect, device number 2 [ 161.108442][ T49] em28xx 4-1:0.0: Disconnecting em28xx [ 162.299409][ T49] em28xx 4-1:0.0: Freeing device [ 162.352361][ T7208] netlink: 'syz.2.370': attribute type 13 has an invalid length. [ 162.369039][ T7208] netlink: 'syz.2.370': attribute type 14 has an invalid length. [ 162.629139][ T30] audit: type=1326 audit(1755756155.649:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7220 comm="syz.2.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 162.685652][ T30] audit: type=1326 audit(1755756155.649:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7220 comm="syz.2.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 162.741636][ T30] audit: type=1326 audit(1755756155.659:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7220 comm="syz.2.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 162.778778][ T7224] loop3: detected capacity change from 0 to 128 [ 165.063945][ T30] audit: type=1326 audit(1755756155.659:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7220 comm="syz.2.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 165.139662][ T7224] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 165.152335][ T7224] ext4 filesystem being mounted at /63/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 165.341674][ T7232] loop4: detected capacity change from 0 to 1024 [ 165.371418][ T5868] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 165.443190][ T7232] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 165.521554][ T30] audit: type=1800 audit(1755756158.549:476): pid=7232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.378" name="file2" dev="loop4" ino=18 res=0 errno=0 [ 166.558010][ T5876] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.467608][ T7267] program syz.4.391 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 167.511086][ T7265] netlink: 16 bytes leftover after parsing attributes in process `syz.0.390'. [ 167.893551][ T7277] netlink: 32 bytes leftover after parsing attributes in process `syz.3.393'. [ 168.110917][ T7283] hub 9-0:1.0: USB hub found [ 168.164710][ T7283] hub 9-0:1.0: 1 port detected [ 168.610245][ T30] audit: type=1326 audit(1755756161.629:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7285 comm="syz.0.398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 168.677282][ T30] audit: type=1326 audit(1755756161.629:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7285 comm="syz.0.398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 168.736891][ T30] audit: type=1326 audit(1755756161.759:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7285 comm="syz.0.398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fe08078d84a code=0x7ffc0000 [ 168.781884][ T30] audit: type=1326 audit(1755756161.759:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7285 comm="syz.0.398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fe0807c14a5 code=0x7ffc0000 [ 168.966660][ T30] audit: type=1326 audit(1755756161.989:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7285 comm="syz.0.398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 169.091739][ T30] audit: type=1326 audit(1755756161.989:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7285 comm="syz.0.398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 169.203380][ T30] audit: type=1326 audit(1755756162.039:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7285 comm="syz.0.398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 169.236279][ T30] audit: type=1326 audit(1755756162.039:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7285 comm="syz.0.398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 169.265916][ T30] audit: type=1326 audit(1755756162.039:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7285 comm="syz.0.398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 170.983343][ T7304] loop4: detected capacity change from 0 to 1024 [ 171.175414][ T7304] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 171.301514][ T7304] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.426521][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 171.426545][ T30] audit: type=1326 audit(1755756164.449:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 171.525280][ T30] audit: type=1326 audit(1755756164.449:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 171.571464][ T7320] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 171.587066][ T7318] loop5: detected capacity change from 0 to 512 [ 171.589825][ T30] audit: type=1326 audit(1755756164.489:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 171.639071][ T7320] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 96 with error 28 [ 171.664377][ T7320] EXT4-fs (loop4): This should not happen!! Data will be lost [ 171.664377][ T7320] [ 171.686223][ T7320] EXT4-fs (loop4): Total free blocks count 0 [ 171.697704][ T7320] EXT4-fs (loop4): Free/Dirty block details [ 171.719118][ T7320] EXT4-fs (loop4): free_blocks=4293918720 [ 171.809057][ T7320] EXT4-fs (loop4): dirty_blocks=2416 [ 171.814376][ T7320] EXT4-fs (loop4): Block reservation details [ 171.852671][ T7298] loop3: detected capacity change from 0 to 512 [ 171.852831][ T30] audit: type=1326 audit(1755756164.489:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 171.882325][ T30] audit: type=1326 audit(1755756164.489:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 171.905776][ T7318] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 171.906923][ T30] audit: type=1326 audit(1755756164.539:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.4.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 171.937340][ T7320] EXT4-fs (loop4): i_reserved_data_blocks=152 [ 171.970062][ T7150] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #15: comm kworker/u8:11: lblock 0 mapped to illegal pblock 0 (length 6) [ 172.016921][ T7298] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 172.045885][ T7318] EXT4-fs (loop5): orphan cleanup on readonly fs [ 172.090839][ T7298] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 172.110630][ T7318] Quota error (device loop5): find_block_dqentry: Quota for id 0 referenced but not present [ 172.190016][ T7298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.199000][ T7150] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 172.219126][ T7318] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 172.228506][ T7318] EXT4-fs error (device loop5): ext4_acquire_dquot:6935: comm syz.5.407: Failed to acquire dquot type 1 [ 172.258848][ T7150] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #15: block 8: comm kworker/u8:11: lblock 8 mapped to illegal pblock 8 (length 8) [ 172.321625][ T7318] EXT4-fs error (device loop5): ext4_validate_block_bitmap:440: comm syz.5.407: bg 0: block 40: padding at end of block bitmap is not set [ 172.360857][ T7318] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 172.404459][ T7318] EXT4-fs (loop5): 1 truncate cleaned up [ 172.419985][ T7318] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 172.640738][ T5877] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.513027][ T30] audit: type=1326 audit(1755756166.539:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.1.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6bf58ebe9 code=0x7ffc0000 [ 173.540004][ T7352] loop0: detected capacity change from 0 to 512 [ 173.568796][ T7353] loop1: detected capacity change from 0 to 512 [ 173.626286][ T7352] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 173.659548][ T30] audit: type=1326 audit(1755756166.539:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.1.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6bf58ebe9 code=0x7ffc0000 [ 173.684999][ T7353] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.718490][ T7353] ext4 filesystem being mounted at /64/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 173.736319][ T7352] EXT4-fs (loop0): 1 truncate cleaned up [ 173.746379][ T7352] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.855622][ T7353] EXT4-fs error (device loop1): ext4_readdir:262: inode #12: block 32: comm syz.1.418: path /64/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 174.033396][ T7353] EXT4-fs (loop1): Remounting filesystem read-only [ 174.164096][ T5865] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.327172][ T5873] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.609712][ T7363] loop0: detected capacity change from 0 to 512 [ 174.616714][ T7363] EXT4-fs: Ignoring removed mblk_io_submit option [ 174.713557][ T7363] EXT4-fs: Mount option(s) incompatible with ext2 [ 174.831084][ T7367] netlink: 28 bytes leftover after parsing attributes in process `syz.1.421'. [ 174.866778][ T7367] netlink: 28 bytes leftover after parsing attributes in process `syz.1.421'. [ 175.163531][ T7369] syzkaller0: entered promiscuous mode [ 175.200420][ T7369] syzkaller0: entered allmulticast mode [ 175.282927][ T7372] netlink: 4 bytes leftover after parsing attributes in process `syz.1.424'. [ 176.828427][ T7398] loop1: detected capacity change from 0 to 1756 [ 176.864630][ T7398] iso9660: Bad value for 'gid' [ 176.891094][ T7398] iso9660: Bad value for 'gid' [ 178.401886][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 178.401912][ T30] audit: type=1326 audit(1755756171.429:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7422 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 178.446720][ T7423] loop5: detected capacity change from 0 to 512 [ 178.518274][ T30] audit: type=1326 audit(1755756171.429:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7422 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 178.555045][ T7423] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.579366][ T30] audit: type=1326 audit(1755756171.429:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7422 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 178.604925][ T30] audit: type=1326 audit(1755756171.429:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7422 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 178.627377][ T30] audit: type=1326 audit(1755756171.429:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7422 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 178.650636][ T30] audit: type=1326 audit(1755756171.469:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7422 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 178.693585][ T30] audit: type=1326 audit(1755756171.469:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7422 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 178.829051][ T30] audit: type=1326 audit(1755756171.469:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7422 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 178.932220][ T30] audit: type=1326 audit(1755756171.469:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7422 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 179.017172][ T7438] loop3: detected capacity change from 0 to 2048 [ 179.041359][ T30] audit: type=1326 audit(1755756171.469:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7422 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f720f98ebe9 code=0x7ffc0000 [ 179.116203][ T7440] syzkaller0: entered promiscuous mode [ 179.128487][ T7438] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.135796][ T7440] syzkaller0: entered allmulticast mode [ 179.330795][ T5868] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.532003][ T7476] smc: net device bond0 applied user defined pnetid SYZ0 [ 181.578598][ T7476] smc: net device bond0 erased user defined pnetid SYZ0 [ 181.700063][ T7483] geneve2: entered promiscuous mode [ 181.753155][ T7483] geneve2: entered allmulticast mode [ 181.849061][ T49] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 181.918125][ T7488] loop0: detected capacity change from 0 to 1024 [ 181.946497][ T7488] EXT4-fs: Ignoring removed orlov option [ 182.026359][ T49] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 182.063489][ T49] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 182.109002][ T49] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 182.188355][ T49] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 182.210296][ T7488] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.294943][ T49] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.349348][ T49] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 182.382598][ T49] usb 2-1: invalid MIDI out EP 0 [ 182.540925][ T5871] udevd[5871]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 182.562475][ T7479] delete_channel: no stack [ 182.622073][ T49] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 182.843868][ T5865] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.876361][ T49] usb 2-1: USB disconnect, device number 3 [ 184.939148][ T49] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 186.909126][ T5947] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 186.920243][ T7548] loop1: detected capacity change from 0 to 128 [ 187.134523][ T5947] usb 3-1: Using ep0 maxpacket: 16 [ 187.170205][ T7550] process 'syz.3.470' launched './file0' with NULL argv: empty string added [ 187.188755][ T5947] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 187.230371][ T5947] usb 3-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00 [ 187.454882][ T5947] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.769217][ T5947] usb 3-1: config 0 descriptor?? [ 188.064336][ T7559] loop0: detected capacity change from 0 to 1024 [ 188.142248][ T7559] EXT4-fs: Ignoring removed orlov option [ 188.219885][ T7559] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.380038][ T5947] usbhid 3-1:0.0: can't add hid device: -71 [ 188.386053][ T5947] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 188.403656][ T30] kauditd_printk_skb: 56 callbacks suppressed [ 188.403677][ T30] audit: type=1800 audit(1755756181.429:622): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.474" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 188.410738][ T5947] usb 3-1: USB disconnect, device number 7 [ 188.493527][ T30] audit: type=1804 audit(1755756181.519:623): pid=7563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.474" name="/newroot/78/file1/file1" dev="loop0" ino=15 res=1 errno=0 [ 188.549322][ T30] audit: type=1800 audit(1755756181.519:624): pid=7563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.474" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 188.714320][ T5865] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.818726][ T7567] netlink: 24 bytes leftover after parsing attributes in process `syz.1.477'. [ 188.874190][ T7569] loop0: detected capacity change from 0 to 512 [ 188.892472][ T7569] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 188.908292][ T7569] EXT4-fs (loop0): 1 truncate cleaned up [ 188.920879][ T7569] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.937567][ T7569] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.132317][ T7581] loop3: detected capacity change from 0 to 128 [ 189.164372][ T30] audit: type=1800 audit(1755756182.189:625): pid=7581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.480" name="file2" dev="loop3" ino=1048609 res=0 errno=0 [ 189.165318][ T7581] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 189.165354][ T7581] FAT-fs (loop3): Filesystem has been set read-only [ 189.165379][ T7581] bio_check_eod: 1 callbacks suppressed [ 189.165397][ T7581] syz.3.480: attempt to access beyond end of device [ 189.165397][ T7581] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 189.165577][ T7581] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 189.165611][ T7581] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 189.165990][ T7581] syz.3.480: attempt to access beyond end of device [ 189.165990][ T7581] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 189.166124][ T7581] syz.3.480: attempt to access beyond end of device [ 189.166124][ T7581] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 189.166238][ T7581] syz.3.480: attempt to access beyond end of device [ 189.166238][ T7581] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 189.166348][ T7581] syz.3.480: attempt to access beyond end of device [ 189.166348][ T7581] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 189.166458][ T7581] syz.3.480: attempt to access beyond end of device [ 189.166458][ T7581] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 189.166599][ T7581] syz.3.480: attempt to access beyond end of device [ 189.166599][ T7581] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 189.166709][ T7581] syz.3.480: attempt to access beyond end of device [ 189.166709][ T7581] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 189.166819][ T7581] syz.3.480: attempt to access beyond end of device [ 189.166819][ T7581] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 189.166932][ T7581] syz.3.480: attempt to access beyond end of device [ 189.166932][ T7581] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 189.291496][ T7584] Buffer I/O error on dev loop3, logical block 2065, async page read [ 189.291589][ T7584] Buffer I/O error on dev loop3, logical block 2066, async page read [ 189.291666][ T7584] Buffer I/O error on dev loop3, logical block 2067, async page read [ 189.291741][ T7584] Buffer I/O error on dev loop3, logical block 2068, async page read [ 189.291816][ T7584] Buffer I/O error on dev loop3, logical block 2069, async page read [ 189.291900][ T7584] Buffer I/O error on dev loop3, logical block 2070, async page read [ 189.291976][ T7584] Buffer I/O error on dev loop3, logical block 2071, async page read [ 189.292090][ T7584] Buffer I/O error on dev loop3, logical block 2072, async page read [ 189.292193][ T7584] Buffer I/O error on dev loop3, logical block 2065, async page read [ 189.292272][ T7584] Buffer I/O error on dev loop3, logical block 2066, async page read [ 189.949104][ T5975] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 190.099399][ T5975] usb 2-1: Using ep0 maxpacket: 16 [ 190.128206][ T5975] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 190.128260][ T5975] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 190.130291][ T5975] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 190.130333][ T5975] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.130367][ T5975] usb 2-1: Product: syz [ 190.130392][ T5975] usb 2-1: Manufacturer: syz [ 190.130418][ T5975] usb 2-1: SerialNumber: syz [ 190.131949][ T5975] usb 2-1: config 0 descriptor?? [ 190.134644][ T5975] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 190.134692][ T5975] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 190.223648][ T7599] loop4: detected capacity change from 0 to 1024 [ 190.224451][ T7599] EXT4-fs: Ignoring removed orlov option [ 190.234409][ T7599] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.258848][ T30] audit: type=1800 audit(1755756183.279:626): pid=7599 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.488" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 190.376401][ T5947] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 190.377353][ T5947] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 190.389048][ T30] audit: type=1804 audit(1755756183.349:627): pid=7604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.488" name="/newroot/87/file1/file1" dev="loop4" ino=15 res=1 errno=0 [ 190.389115][ T30] audit: type=1800 audit(1755756183.349:628): pid=7604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.488" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 190.632731][ T5876] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.775046][ T5975] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 190.777116][ T5975] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 191.216321][ T7616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 191.216575][ T7616] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 192.209778][ T5975] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 192.209810][ T5975] em28xx 2-1:0.0: No AC97 audio processor [ 192.838750][ T7627] loop3: detected capacity change from 0 to 2048 [ 192.902686][ T7627] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 192.902768][ T7627] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 193.178525][ T5868] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.182839][ T5877] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.370249][ T7639] netlink: 4 bytes leftover after parsing attributes in process `syz.2.500'. [ 193.451067][ T7641] netlink: 'syz.5.501': attribute type 10 has an invalid length. [ 193.488105][ T7641] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 193.786082][ T7661] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 193.938682][ T7663] loop3: detected capacity change from 0 to 2048 [ 193.973426][ T7663] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.998423][ T7669] netlink: 4 bytes leftover after parsing attributes in process `syz.2.512'. [ 194.029285][ T7663] ext4 filesystem being mounted at /93/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 194.190254][ T5868] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.358036][ T7679] loop4: detected capacity change from 0 to 128 [ 194.475952][ T30] audit: type=1800 audit(1755756187.499:629): pid=7679 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.513" name="file2" dev="loop4" ino=1048610 res=0 errno=0 [ 194.501400][ T7679] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 194.529595][ T7679] FAT-fs (loop4): Filesystem has been set read-only [ 194.536818][ T7679] bio_check_eod: 2821 callbacks suppressed [ 194.536835][ T7679] syz.4.513: attempt to access beyond end of device [ 194.536835][ T7679] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 194.588752][ T7679] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 194.616198][ T7679] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 194.649259][ T7680] netlink: 16 bytes leftover after parsing attributes in process `syz.2.515'. [ 194.674455][ T7683] loop3: detected capacity change from 0 to 512 [ 194.733865][ T90] usb 2-1: USB disconnect, device number 5 [ 194.744438][ T90] em28xx 2-1:0.0: Disconnecting em28xx [ 194.758076][ T90] em28xx 2-1:0.0: Freeing device [ 194.823493][ T7681] syz.4.513: attempt to access beyond end of device [ 194.823493][ T7681] loop4: rw=0, sector=2065, nr_sectors = 1 limit=128 [ 194.905012][ T7681] buffer_io_error: 2398 callbacks suppressed [ 194.905038][ T7681] Buffer I/O error on dev loop4, logical block 2065, async page read [ 194.923949][ T7681] syz.4.513: attempt to access beyond end of device [ 194.923949][ T7681] loop4: rw=0, sector=2066, nr_sectors = 1 limit=128 [ 194.937482][ T7681] Buffer I/O error on dev loop4, logical block 2066, async page read [ 194.945824][ T7681] syz.4.513: attempt to access beyond end of device [ 194.945824][ T7681] loop4: rw=0, sector=2067, nr_sectors = 1 limit=128 [ 194.959983][ T7681] Buffer I/O error on dev loop4, logical block 2067, async page read [ 194.968121][ T7681] syz.4.513: attempt to access beyond end of device [ 194.968121][ T7681] loop4: rw=0, sector=2068, nr_sectors = 1 limit=128 [ 195.080124][ T7683] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 195.187444][ T7681] Buffer I/O error on dev loop4, logical block 2068, async page read [ 195.199334][ T7683] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.208561][ T7681] syz.4.513: attempt to access beyond end of device [ 195.208561][ T7681] loop4: rw=0, sector=2069, nr_sectors = 1 limit=128 [ 195.317707][ T7681] Buffer I/O error on dev loop4, logical block 2069, async page read [ 195.364219][ T7681] syz.4.513: attempt to access beyond end of device [ 195.364219][ T7681] loop4: rw=0, sector=2070, nr_sectors = 1 limit=128 [ 195.379073][ T5947] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 195.396596][ T5868] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.424363][ T5947] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 195.439998][ T7681] Buffer I/O error on dev loop4, logical block 2070, async page read [ 195.529379][ T7681] syz.4.513: attempt to access beyond end of device [ 195.529379][ T7681] loop4: rw=0, sector=2071, nr_sectors = 1 limit=128 [ 195.587116][ T7681] Buffer I/O error on dev loop4, logical block 2071, async page read [ 195.661637][ T7681] syz.4.513: attempt to access beyond end of device [ 195.661637][ T7681] loop4: rw=0, sector=2072, nr_sectors = 1 limit=128 [ 195.757055][ T7681] Buffer I/O error on dev loop4, logical block 2072, async page read [ 195.884978][ T7706] netlink: 4 bytes leftover after parsing attributes in process `syz.3.525'. [ 195.925733][ T7706] netlink: 12 bytes leftover after parsing attributes in process `syz.3.525'. [ 196.599050][ T5944] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 196.783915][ T5944] usb 1-1: Using ep0 maxpacket: 16 [ 196.800696][ T5944] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.812502][ T5944] usb 1-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00 [ 196.824216][ T5944] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.867471][ T5944] usb 1-1: config 0 descriptor?? [ 196.900888][ T30] audit: type=1326 audit(1755756189.929:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7736 comm="syz.4.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 197.264057][ T30] audit: type=1326 audit(1755756189.929:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7736 comm="syz.4.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 197.345384][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.370794][ T30] audit: type=1326 audit(1755756189.929:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7736 comm="syz.4.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 197.481897][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.494100][ T30] audit: type=1326 audit(1755756189.929:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7736 comm="syz.4.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 197.546471][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.608530][ T30] audit: type=1326 audit(1755756189.929:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7736 comm="syz.4.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 197.647681][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.670906][ T30] audit: type=1326 audit(1755756189.929:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7736 comm="syz.4.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 197.770551][ T30] audit: type=1326 audit(1755756189.929:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7736 comm="syz.4.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 198.136423][ T30] audit: type=1326 audit(1755756189.929:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7736 comm="syz.4.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 198.163630][ T30] audit: type=1326 audit(1755756189.959:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7736 comm="syz.4.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab8bd8ebe9 code=0x7ffc0000 [ 198.225248][ T12] bridge_slave_1: left allmulticast mode [ 198.234695][ T12] bridge_slave_1: left promiscuous mode [ 198.242878][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.256428][ T12] bridge_slave_0: left allmulticast mode [ 198.264809][ T12] bridge_slave_0: left promiscuous mode [ 198.270890][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.645847][ T7753] program syz.4.545 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 198.985765][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 199.035980][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 199.067210][ T12] bond0 (unregistering): Released all slaves [ 199.131212][ T12] bond1 (unregistering): (slave veth3): Releasing active interface [ 199.165908][ T12] vlan2: entered promiscuous mode [ 199.184485][ T12] bond1 (unregistering): (slave vlan2): Releasing active interface [ 199.196648][ T5887] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 199.234254][ T5887] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 199.241636][ T5887] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 199.249789][ T5887] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 199.257281][ T5887] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 199.278507][ T12] bond1 (unregistering): Released all slaves [ 199.469032][ T7766] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 199.475597][ T7766] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 199.563991][ T7766] vhci_hcd vhci_hcd.0: Device attached [ 199.611061][ T7768] vhci_hcd: connection closed [ 199.613702][ T1150] vhci_hcd: stop threads [ 199.663582][ T1150] vhci_hcd: release socket [ 199.698433][ T1150] vhci_hcd: disconnect device [ 199.749525][ T6051] vhci_hcd: vhci_device speed not set [ 200.042601][ T5944] usbhid 1-1:0.0: can't add hid device: -71 [ 200.048637][ T5944] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 200.060653][ T5944] usb 1-1: USB disconnect, device number 3 [ 200.232720][ T7777] syzkaller0: entered promiscuous mode [ 200.239054][ T7777] syzkaller0: entered allmulticast mode [ 200.306391][ T12] hsr_slave_0: left promiscuous mode [ 200.319256][ T12] hsr_slave_1: left promiscuous mode [ 200.328368][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 200.345782][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 200.373242][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 200.401899][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 200.434255][ T12] veth1_macvtap: left promiscuous mode [ 200.441694][ T12] veth0_macvtap: left promiscuous mode [ 200.461043][ T12] veth1_vlan: left promiscuous mode [ 200.476026][ T12] veth0_vlan: left promiscuous mode [ 201.051576][ T12] team0 (unregistering): Port device team_slave_1 removed [ 201.148072][ T12] team0 (unregistering): Port device team_slave_0 removed [ 201.157660][ T7148] smc: removing ib device syz! [ 201.349577][ T5887] Bluetooth: hci2: command tx timeout [ 201.484331][ T7786] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.761928][ T7800] netlink: 'syz.1.560': attribute type 1 has an invalid length. [ 201.776482][ T7786] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.890637][ T7798] wireguard0: entered promiscuous mode [ 201.896593][ T7798] wireguard0: entered allmulticast mode [ 203.448679][ T5887] Bluetooth: hci2: command tx timeout [ 203.649393][ T7800] 8021q: adding VLAN 0 to HW filter on device bond1 [ 203.737068][ T7820] loop4: detected capacity change from 0 to 8192 [ 203.751488][ T5933] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 203.763018][ T7806] bond1: (slave gretap1): making interface the new active one [ 203.783753][ T7820] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 203.835466][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 203.939814][ T7806] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 204.009337][ T5933] usb 3-1: Using ep0 maxpacket: 16 [ 204.114255][ T7786] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.133319][ T5933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 204.364957][ T5933] usb 3-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00 [ 204.420599][ T7821] loop4: detected capacity change from 8192 to 0 [ 204.428641][ C1] I/O error, dev loop4, sector 1 op 0x1:(WRITE) flags 0x0 phys_seg 1 prio class 2 [ 204.437886][ C1] Buffer I/O error on dev loop4, logical block 1, lost sync page write [ 204.454734][ T7820] +}[@: attempt to access beyond end of device [ 204.454734][ T7820] loop4: rw=0, sector=1, nr_sectors = 1 limit=0 [ 204.468321][ T7825] syz.4.564: attempt to access beyond end of device [ 204.468321][ T7825] loop4: rw=0, sector=65, nr_sectors = 1 limit=0 [ 204.469281][ T7820] FAT-fs (loop4): FAT read failed (blocknr 1) [ 204.482559][ T7825] FAT-fs (loop4): Directory bread(block 65) failed [ 204.499219][ T7825] syz.4.564: attempt to access beyond end of device [ 204.499219][ T7825] loop4: rw=0, sector=66, nr_sectors = 1 limit=0 [ 204.499531][ T7786] bond0: (slave netdevsim0): Releasing backup interface [ 204.523884][ T5933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.538502][ T7834] program syz.1.566 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 204.554241][ T7825] FAT-fs (loop4): Directory bread(block 66) failed [ 204.560989][ T7825] syz.4.564: attempt to access beyond end of device [ 204.560989][ T7825] loop4: rw=0, sector=67, nr_sectors = 1 limit=0 [ 204.577409][ T7820] +}[@: attempt to access beyond end of device [ 204.577409][ T7820] loop4: rw=0, sector=65, nr_sectors = 1 limit=0 [ 204.577739][ T5933] usb 3-1: config 0 descriptor?? [ 204.591760][ T7825] FAT-fs (loop4): Directory bread(block 67) failed [ 204.603342][ T7786] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.616669][ T7820] FAT-fs (loop4): unable to read inode block for updating (i_pos 1050) [ 204.635459][ T7825] syz.4.564: attempt to access beyond end of device [ 204.635459][ T7825] loop4: rw=0, sector=68, nr_sectors = 1 limit=0 [ 204.650528][ T7825] FAT-fs (loop4): Directory bread(block 68) failed [ 204.667117][ T7825] syz.4.564: attempt to access beyond end of device [ 204.667117][ T7825] loop4: rw=0, sector=69, nr_sectors = 1 limit=0 [ 204.685150][ T7825] FAT-fs (loop4): Directory bread(block 69) failed [ 204.693631][ T7825] syz.4.564: attempt to access beyond end of device [ 204.693631][ T7825] loop4: rw=0, sector=70, nr_sectors = 1 limit=0 [ 204.706810][ T7825] FAT-fs (loop4): Directory bread(block 70) failed [ 204.716045][ T7825] syz.4.564: attempt to access beyond end of device [ 204.716045][ T7825] loop4: rw=0, sector=71, nr_sectors = 1 limit=0 [ 204.760714][ T7762] chnl_net:caif_netlink_parms(): no params data found [ 204.801751][ T7825] FAT-fs (loop4): Directory bread(block 71) failed [ 204.971226][ T7838] syzkaller0: entered promiscuous mode [ 204.976817][ T7838] syzkaller0: entered allmulticast mode [ 205.109222][ T7148] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.165477][ T7847] netlink: 36 bytes leftover after parsing attributes in process `syz.4.570'. [ 205.379377][ T60] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.407887][ T60] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.441999][ T7762] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.490621][ T7762] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.497898][ T7762] bridge_slave_0: entered allmulticast mode [ 205.510328][ T5887] Bluetooth: hci2: command tx timeout [ 205.653393][ T7762] bridge_slave_0: entered promiscuous mode [ 205.671773][ T7762] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.678866][ T7762] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.689154][ T7762] bridge_slave_1: entered allmulticast mode [ 205.696108][ T7762] bridge_slave_1: entered promiscuous mode [ 205.734326][ T5933] usbhid 3-1:0.0: can't add hid device: -71 [ 205.749925][ T5933] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 205.807662][ T5933] usb 3-1: USB disconnect, device number 8 [ 205.857447][ T7162] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.963165][ T7762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.018158][ T7762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.030087][ T7867] netlink: 16 bytes leftover after parsing attributes in process `syz.5.577'. [ 206.095635][ T7762] team0: Port device team_slave_0 added [ 206.110555][ T7762] team0: Port device team_slave_1 added [ 206.232045][ T7762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 206.249964][ T7762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.304099][ T7762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 206.484074][ T7881] netlink: 4 bytes leftover after parsing attributes in process `syz.5.583'. [ 206.504681][ T7762] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 206.539409][ T7762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.593153][ T7762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 206.787732][ T7889] program syz.4.586 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 206.857956][ T7762] hsr_slave_0: entered promiscuous mode [ 206.863734][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 206.863757][ T30] audit: type=1326 audit(1755756199.879:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.2.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 206.930320][ T7762] hsr_slave_1: entered promiscuous mode [ 206.959704][ T7762] debugfs: 'hsr0' already exists in 'hsr' [ 206.965637][ T7762] Cannot create hsr debugfs directory [ 206.983696][ T30] audit: type=1326 audit(1755756199.879:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.2.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 207.101496][ T30] audit: type=1326 audit(1755756199.879:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.2.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 207.147524][ T30] audit: type=1326 audit(1755756199.879:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.2.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 207.179047][ T30] audit: type=1326 audit(1755756199.879:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.2.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 207.189339][ T5947] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 207.205089][ T30] audit: type=1326 audit(1755756199.879:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.2.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 207.231078][ T30] audit: type=1326 audit(1755756199.879:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.2.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 207.253434][ T30] audit: type=1326 audit(1755756199.879:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.2.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 207.275823][ T30] audit: type=1326 audit(1755756199.879:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.2.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 207.298370][ T30] audit: type=1326 audit(1755756199.879:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.2.587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 207.589042][ T5887] Bluetooth: hci2: command tx timeout [ 207.621383][ T5947] usb 1-1: Using ep0 maxpacket: 16 [ 207.644948][ T5947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 207.681815][ T5947] usb 1-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00 [ 207.701273][ T5947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.722519][ T5947] usb 1-1: config 0 descriptor?? [ 208.014268][ T7907] netlink: 16 bytes leftover after parsing attributes in process `syz.4.592'. [ 208.186332][ T7911] capability: warning: `syz.5.593' uses deprecated v2 capabilities in a way that may be insecure [ 208.197700][ T7762] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 208.245449][ T7762] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 208.311375][ T7762] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 208.367987][ T7762] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 208.481795][ T7918] netlink: 4 bytes leftover after parsing attributes in process `syz.4.596'. [ 208.693764][ T7762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.733914][ T7762] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.748486][ T7158] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.755641][ T7158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.878713][ T7158] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.885874][ T7158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.289038][ T6011] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 209.325548][ T7762] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.471166][ T6011] usb 6-1: Using ep0 maxpacket: 16 [ 209.477875][ T6011] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 209.528021][ T6011] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 209.627552][ T6011] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 209.674293][ T6011] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.726459][ T6011] usb 6-1: Product: syz [ 209.735307][ T6011] usb 6-1: Manufacturer: syz [ 209.746672][ T6011] usb 6-1: SerialNumber: syz [ 209.761432][ T6011] usb 6-1: config 0 descriptor?? [ 209.799424][ T6011] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 209.808677][ T6011] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class) [ 210.336133][ T7762] veth0_vlan: entered promiscuous mode [ 210.361786][ T7762] veth1_vlan: entered promiscuous mode [ 210.404153][ T6011] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 210.436962][ T6011] em28xx 6-1:0.0: Config register raw data: 0xfffffffb [ 210.474543][ T7964] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.494258][ T7964] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.501122][ T7762] veth0_macvtap: entered promiscuous mode [ 210.545121][ T7762] veth1_macvtap: entered promiscuous mode [ 210.577966][ T5947] usbhid 1-1:0.0: can't add hid device: -71 [ 210.591356][ T5947] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 210.604215][ T5947] usb 1-1: USB disconnect, device number 4 [ 210.736461][ T7967] autofs4:pid:7967:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(31.1), cmd(0xc018937e) [ 210.792123][ T7967] autofs4:pid:7967:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 210.833437][ T7762] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.881784][ T7762] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 211.016855][ T7158] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.029887][ T5883] Bluetooth: hci1: command 0x0406 tx timeout [ 211.035972][ T5884] Bluetooth: hci0: command 0x0406 tx timeout [ 211.036004][ T5178] Bluetooth: hci4: command 0x0406 tx timeout [ 211.043818][ T5883] Bluetooth: hci3: command 0x0406 tx timeout [ 211.048326][ T5885] Bluetooth: hci5: command 0x0406 tx timeout [ 211.075395][ T7158] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.106469][ T7977] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 211.127143][ T7158] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.179285][ T7158] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.237737][ T7158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 211.254066][ T7158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.283774][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 211.308547][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.538646][ T6011] em28xx 6-1:0.0: AC97 chip type couldn't be determined [ 211.562609][ T7989] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 211.590680][ T6011] em28xx 6-1:0.0: No AC97 audio processor [ 211.813344][ T6011] usb 6-1: USB disconnect, device number 2 [ 211.823489][ T6011] em28xx 6-1:0.0: Disconnecting em28xx [ 211.833149][ T6011] em28xx 6-1:0.0: Freeing device [ 212.498502][ T5911] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 212.699169][ T5911] usb 2-1: Using ep0 maxpacket: 16 [ 212.819422][ T5911] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.874653][ T5911] usb 2-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00 [ 212.895349][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.916546][ T5911] usb 2-1: config 0 descriptor?? [ 212.941044][ T30] kauditd_printk_skb: 126 callbacks suppressed [ 212.941079][ T30] audit: type=1326 audit(1755756205.969:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8018 comm="syz.6.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688e98ebe9 code=0x7ffc0000 [ 212.969414][ C1] vkms_vblank_simulate: vblank timer overrun [ 213.005372][ T30] audit: type=1326 audit(1755756205.999:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8018 comm="syz.6.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688e98ebe9 code=0x7ffc0000 [ 213.072413][ T8019] loop6: detected capacity change from 0 to 512 [ 213.121841][ T30] audit: type=1326 audit(1755756206.009:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8018 comm="syz.6.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f688e98ebe9 code=0x7ffc0000 [ 213.148279][ T30] audit: type=1326 audit(1755756206.009:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8018 comm="syz.6.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688e98ebe9 code=0x7ffc0000 [ 213.170712][ C1] vkms_vblank_simulate: vblank timer overrun [ 213.177792][ T8019] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.199123][ T30] audit: type=1326 audit(1755756206.009:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8018 comm="syz.6.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688e98ebe9 code=0x7ffc0000 [ 213.199614][ T8019] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 213.221277][ C1] vkms_vblank_simulate: vblank timer overrun [ 213.221516][ T30] audit: type=1326 audit(1755756206.009:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8018 comm="syz.6.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f688e98ebe9 code=0x7ffc0000 [ 213.350084][ T30] audit: type=1326 audit(1755756206.009:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8018 comm="syz.6.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688e98ebe9 code=0x7ffc0000 [ 213.589145][ T30] audit: type=1326 audit(1755756206.009:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8018 comm="syz.6.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f688e98ebe9 code=0x7ffc0000 [ 213.629014][ T8024] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 213.635545][ T8024] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 214.133580][ T8024] vhci_hcd vhci_hcd.0: Device attached [ 214.157995][ T8019] EXT4-fs error (device loop6): ext4_readdir:262: inode #12: block 32: comm syz.6.626: path /3/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 214.159375][ T30] audit: type=1326 audit(1755756206.009:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8018 comm="syz.6.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f688e98ebe9 code=0x7ffc0000 [ 214.201559][ C1] vkms_vblank_simulate: vblank timer overrun [ 214.247882][ T30] audit: type=1326 audit(1755756206.009:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8018 comm="syz.6.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f688e98ebe9 code=0x7ffc0000 [ 214.270001][ C1] vkms_vblank_simulate: vblank timer overrun [ 214.386050][ T8019] EXT4-fs (loop6): Remounting filesystem read-only [ 214.428999][ T8027] vhci_hcd: connection closed [ 214.429452][ T60] vhci_hcd: stop threads [ 214.458351][ T8034] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 214.467924][ T8036] netlink: 32 bytes leftover after parsing attributes in process `{/}\'. [ 214.469087][ T60] vhci_hcd: release socket [ 214.509284][ T5944] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 214.539958][ T60] vhci_hcd: disconnect device [ 214.598530][ T7762] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.330728][ T8048] netlink: 'syz.6.635': attribute type 10 has an invalid length. [ 215.591352][ T8048] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 215.602806][ T8048] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 215.614509][ T8048] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 215.953311][ T8057] netlink: 16 bytes leftover after parsing attributes in process `syz.4.638'. [ 215.969041][ T5933] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 216.171010][ T5933] usb 1-1: Using ep0 maxpacket: 16 [ 216.196059][ T5933] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 216.222562][ T5933] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 216.334742][ T5933] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 216.344452][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.354497][ T5933] usb 1-1: Product: syz [ 216.358731][ T5933] usb 1-1: Manufacturer: syz [ 216.379567][ T8066] netlink: 4 bytes leftover after parsing attributes in process `syz.4.642'. [ 216.388633][ T5933] usb 1-1: SerialNumber: syz [ 216.392809][ T5911] usbhid 2-1:0.0: can't add hid device: -71 [ 216.403802][ T5933] usb 1-1: config 0 descriptor?? [ 216.413428][ T5911] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 216.413528][ T5933] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 216.543291][ T5933] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 216.590812][ T5911] usb 2-1: USB disconnect, device number 6 [ 217.016799][ T5933] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 217.024835][ T5933] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 217.414274][ T8083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 217.467313][ T8083] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 218.079911][ T5933] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 218.086934][ T5933] em28xx 1-1:0.0: No AC97 audio processor [ 218.411997][ T8097] netlink: 'syz.5.652': attribute type 12 has an invalid length. [ 219.659068][ T5944] vhci_hcd: vhci_device speed not set [ 219.785871][ T8119] loop6: detected capacity change from 0 to 4096 [ 219.836644][ T8119] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 219.944639][ T5933] usb 1-1: USB disconnect, device number 5 [ 219.951063][ T5933] em28xx 1-1:0.0: Disconnecting em28xx [ 219.959324][ T5933] em28xx 1-1:0.0: Freeing device [ 220.088983][ T30] kauditd_printk_skb: 48 callbacks suppressed [ 220.089009][ T30] audit: type=1326 audit(1755756213.109:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8125 comm="syz.0.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 220.241646][ T30] audit: type=1326 audit(1755756213.109:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8125 comm="syz.0.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 220.349197][ T30] audit: type=1326 audit(1755756213.119:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8125 comm="syz.0.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 220.454199][ T30] audit: type=1326 audit(1755756213.149:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8125 comm="syz.0.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 220.565677][ T30] audit: type=1326 audit(1755756213.149:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8125 comm="syz.0.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 220.671708][ T30] audit: type=1326 audit(1755756213.149:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8125 comm="syz.0.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 220.994136][ T30] audit: type=1326 audit(1755756213.149:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8125 comm="syz.0.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 221.091985][ T30] audit: type=1326 audit(1755756213.149:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8125 comm="syz.0.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 221.550274][ T8159] netlink: 'syz.0.673': attribute type 12 has an invalid length. [ 222.808806][ T8174] program syz.4.679 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 222.848098][ T7762] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.468996][ T30] audit: type=1326 audit(1755756216.489:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.2.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 223.614516][ T30] audit: type=1326 audit(1755756216.489:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8180 comm="syz.2.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc3a58ebe9 code=0x7ffc0000 [ 224.038476][ T8193] netlink: 8 bytes leftover after parsing attributes in process `syz.1.685'. [ 225.311620][ T30] kauditd_printk_skb: 37 callbacks suppressed [ 225.311645][ T30] audit: type=1326 audit(1755756218.339:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 225.416148][ T30] audit: type=1326 audit(1755756218.379:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 225.475519][ T30] audit: type=1326 audit(1755756218.379:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 225.555281][ T30] audit: type=1326 audit(1755756218.379:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 225.888553][ T30] audit: type=1326 audit(1755756218.379:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 225.976835][ T30] audit: type=1326 audit(1755756218.379:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 226.032412][ T8234] ------------[ cut here ]------------ [ 226.037905][ T8234] 'send_pkt()' returns 0, but 65536 expected [ 226.043395][ T30] audit: type=1326 audit(1755756218.379:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 226.112206][ T8234] WARNING: CPU: 1 PID: 8234 at net/vmw_vsock/virtio_transport_common.c:426 virtio_transport_send_pkt_info+0x91d/0x1020 [ 226.124736][ T8234] Modules linked in: [ 226.125683][ T30] audit: type=1326 audit(1755756218.379:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=460 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 226.128639][ T8234] CPU: 1 UID: 0 PID: 8234 Comm: syz.6.700 Not tainted syzkaller #0 PREEMPT(full) [ 226.161196][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 226.171307][ T8234] RIP: 0010:virtio_transport_send_pkt_info+0x91d/0x1020 [ 226.178281][ T8234] Code: a9 ec 49 f6 84 db 75 26 e8 c0 f1 49 f6 c6 05 47 45 22 05 01 90 48 8b 54 24 10 44 89 ee 48 c7 c7 40 4f 13 8d e8 d4 92 08 f6 90 <0f> 0b 90 90 e8 9a f1 49 f6 31 ff 44 89 e6 e8 d0 ec 49 f6 45 85 e4 [ 226.198088][ T8234] RSP: 0018:ffffc90003b2f730 EFLAGS: 00010282 [ 226.204211][ T8234] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9001d2af000 [ 226.212236][ T8234] RDX: 0000000000080000 RSI: ffffffff817a3365 RDI: 0000000000000001 [ 226.220245][ T8234] RBP: ffff88803edfe800 R08: 0000000000000001 R09: 0000000000000000 [ 226.228229][ T8234] R10: 0000000000000001 R11: 6b705f646e657327 R12: 0000000000010000 [ 226.233488][ T8237] loop6: detected capacity change from 0 to 128 [ 226.236692][ T8234] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000010000 [ 226.249096][ T30] audit: type=1326 audit(1755756218.379:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8222 comm="syz.0.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe08078ebe9 code=0x7ffc0000 [ 226.250904][ T8234] FS: 00007f688f8b16c0(0000) GS:ffff8881247bd000(0000) knlGS:0000000000000000 [ 226.282401][ T8234] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 226.289022][ T8234] CR2: 00007f688f890d58 CR3: 0000000083e0a000 CR4: 0000000000350ef0 [ 226.297011][ T8234] Call Trace: [ 226.300288][ T8234] [ 226.303204][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.307972][ T8234] virtio_transport_seqpacket_enqueue+0x13c/0x1c0 [ 226.314514][ T8234] ? __pfx_virtio_transport_seqpacket_enqueue+0x10/0x10 [ 226.321480][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.327110][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.331915][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.336678][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.342373][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.347164][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.353259][ T8234] vsock_connectible_sendmsg+0xfa1/0x1280 [ 226.359362][ T8234] ? __pfx_vsock_connectible_sendmsg+0x10/0x10 [ 226.365516][ T8234] ? __pfx_aa_sk_perm+0x10/0x10 [ 226.370387][ T8234] ? iovec_from_user+0xbb/0x140 [ 226.375230][ T8234] ? __pfx_woken_wake_function+0x10/0x10 [ 226.380881][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.386510][ T8234] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 226.392634][ T8234] ____sys_sendmsg+0xa98/0xc70 [ 226.397422][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.403079][ T8234] ? copy_msghdr_from_user+0x10a/0x160 [ 226.408562][ T8234] ? __pfx_____sys_sendmsg+0x10/0x10 [ 226.413926][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.419609][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.425268][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.430118][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.435772][ T8234] ? lock_release+0x201/0x2f0 [ 226.440518][ T8234] ___sys_sendmsg+0x134/0x1d0 [ 226.445215][ T8234] ? __pfx____sys_sendmsg+0x10/0x10 [ 226.450481][ T8234] ? __pfx___futex_wait+0x10/0x10 [ 226.456069][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.461212][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.466870][ T8234] __sys_sendmmsg+0x200/0x420 [ 226.471602][ T8234] ? __pfx___sys_sendmmsg+0x10/0x10 [ 226.476803][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.482467][ T8234] ? __pfx_do_futex+0x10/0x10 [ 226.487156][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.491953][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.497586][ T8234] ? xfd_validate_state+0x61/0x180 [ 226.502733][ T8234] ? __sys_setsockopt+0x1c0/0x230 [ 226.507766][ T8234] __x64_sys_sendmmsg+0x9c/0x100 [ 226.512750][ T8234] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 226.518731][ T8234] do_syscall_64+0xcd/0x4c0 [ 226.523292][ T8234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.529201][ T8234] RIP: 0033:0x7f688e98ebe9 [ 226.533605][ T8234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.553276][ T8234] RSP: 002b:00007f688f8b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 226.562074][ T8234] RAX: ffffffffffffffda RBX: 00007f688ebb5fa0 RCX: 00007f688e98ebe9 [ 226.570356][ T8234] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000006 [ 226.578322][ T8234] RBP: 00007f688ea11e19 R08: 0000000000000000 R09: 0000000000000000 [ 226.586328][ T8234] R10: 0000000024008094 R11: 0000000000000246 R12: 0000000000000000 [ 226.594314][ T8234] R13: 00007f688ebb6038 R14: 00007f688ebb5fa0 R15: 00007fff2ad03a58 [ 226.602303][ T8234] [ 226.605309][ T8234] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 226.612571][ T8234] CPU: 1 UID: 0 PID: 8234 Comm: syz.6.700 Not tainted syzkaller #0 PREEMPT(full) [ 226.621759][ T8234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 226.631800][ T8234] Call Trace: [ 226.635062][ T8234] [ 226.637974][ T8234] dump_stack_lvl+0x3d/0x1f0 [ 226.642568][ T8234] vpanic+0x6e8/0x7a0 [ 226.646575][ T8234] ? __pfx_vpanic+0x10/0x10 [ 226.651088][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.656723][ T8234] ? virtio_transport_send_pkt_info+0x91d/0x1020 [ 226.663045][ T8234] panic+0xca/0xd0 [ 226.666773][ T8234] ? __pfx_panic+0x10/0x10 [ 226.671207][ T8234] check_panic_on_warn+0xab/0xb0 [ 226.676175][ T8234] __warn+0xf6/0x3c0 [ 226.680059][ T8234] ? preempt_schedule_notrace+0x62/0xe0 [ 226.685622][ T8234] ? virtio_transport_send_pkt_info+0x91d/0x1020 [ 226.691949][ T8234] report_bug+0x3c3/0x580 [ 226.696277][ T8234] ? virtio_transport_send_pkt_info+0x91d/0x1020 [ 226.702600][ T8234] handle_bug+0x184/0x210 [ 226.706938][ T8234] exc_invalid_op+0x17/0x50 [ 226.711445][ T8234] asm_exc_invalid_op+0x1a/0x20 [ 226.716300][ T8234] RIP: 0010:virtio_transport_send_pkt_info+0x91d/0x1020 [ 226.723234][ T8234] Code: a9 ec 49 f6 84 db 75 26 e8 c0 f1 49 f6 c6 05 47 45 22 05 01 90 48 8b 54 24 10 44 89 ee 48 c7 c7 40 4f 13 8d e8 d4 92 08 f6 90 <0f> 0b 90 90 e8 9a f1 49 f6 31 ff 44 89 e6 e8 d0 ec 49 f6 45 85 e4 [ 226.742836][ T8234] RSP: 0018:ffffc90003b2f730 EFLAGS: 00010282 [ 226.748900][ T8234] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9001d2af000 [ 226.756862][ T8234] RDX: 0000000000080000 RSI: ffffffff817a3365 RDI: 0000000000000001 [ 226.764820][ T8234] RBP: ffff88803edfe800 R08: 0000000000000001 R09: 0000000000000000 [ 226.772783][ T8234] R10: 0000000000000001 R11: 6b705f646e657327 R12: 0000000000010000 [ 226.780746][ T8234] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000010000 [ 226.788710][ T8234] ? __warn_printk+0x1a5/0x350 [ 226.793488][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.798361][ T8234] virtio_transport_seqpacket_enqueue+0x13c/0x1c0 [ 226.804775][ T8234] ? __pfx_virtio_transport_seqpacket_enqueue+0x10/0x10 [ 226.811723][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.817353][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.822131][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.826898][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.832527][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.837305][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.842939][ T8234] vsock_connectible_sendmsg+0xfa1/0x1280 [ 226.848673][ T8234] ? __pfx_vsock_connectible_sendmsg+0x10/0x10 [ 226.854821][ T8234] ? __pfx_aa_sk_perm+0x10/0x10 [ 226.859676][ T8234] ? iovec_from_user+0xbb/0x140 [ 226.864525][ T8234] ? __pfx_woken_wake_function+0x10/0x10 [ 226.870168][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.875887][ T8234] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 226.881953][ T8234] ____sys_sendmsg+0xa98/0xc70 [ 226.886729][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.892361][ T8234] ? copy_msghdr_from_user+0x10a/0x160 [ 226.897820][ T8234] ? __pfx_____sys_sendmsg+0x10/0x10 [ 226.903120][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.908754][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.914383][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.919145][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.924776][ T8234] ? lock_release+0x201/0x2f0 [ 226.929472][ T8234] ___sys_sendmsg+0x134/0x1d0 [ 226.934150][ T8234] ? __pfx____sys_sendmsg+0x10/0x10 [ 226.939351][ T8234] ? __pfx___futex_wait+0x10/0x10 [ 226.944378][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.949142][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.954788][ T8234] __sys_sendmmsg+0x200/0x420 [ 226.959471][ T8234] ? __pfx___sys_sendmmsg+0x10/0x10 [ 226.964671][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.970310][ T8234] ? __pfx_do_futex+0x10/0x10 [ 226.975003][ T8234] ? rcu_is_watching+0x12/0xc0 [ 226.979785][ T8234] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.985417][ T8234] ? xfd_validate_state+0x61/0x180 [ 226.990540][ T8234] ? __sys_setsockopt+0x1c0/0x230 [ 226.995584][ T8234] __x64_sys_sendmmsg+0x9c/0x100 [ 227.000525][ T8234] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 227.006506][ T8234] do_syscall_64+0xcd/0x4c0 [ 227.011020][ T8234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.016906][ T8234] RIP: 0033:0x7f688e98ebe9 [ 227.021309][ T8234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.040913][ T8234] RSP: 002b:00007f688f8b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 227.049320][ T8234] RAX: ffffffffffffffda RBX: 00007f688ebb5fa0 RCX: 00007f688e98ebe9 [ 227.057281][ T8234] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000006 [ 227.065242][ T8234] RBP: 00007f688ea11e19 R08: 0000000000000000 R09: 0000000000000000 [ 227.073227][ T8234] R10: 0000000024008094 R11: 0000000000000246 R12: 0000000000000000 [ 227.081188][ T8234] R13: 00007f688ebb6038 R14: 00007f688ebb5fa0 R15: 00007fff2ad03a58 [ 227.089168][ T8234] [ 227.092397][ T8234] Kernel Offset: disabled [ 227.096713][ T8234] Rebooting in 86400 seconds..