last executing test programs: 32.712935704s ago: executing program 3 (id=555): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x20, 0x0, &(0x7f00000002c0)="b90103616908068c3c270040e700009e0dc5cf1dbafff2fcffff8100632f2991", 0x0, 0x8104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 31.64056653s ago: executing program 3 (id=559): mkdir(&(0x7f0000000540)='./file0\x00', 0x0) mount$9p_tcp(0x0, 0x0, 0x0, 0x204000, &(0x7f0000000340)=ANY=[@ANYBLOB="7472616e733d7463702c706f72743d3078303030303030303030303030346532332c69676e6f726571762c6673757569643d643b3336630139342d323666382d3564", @ANYRESDEC=0xee00, @ANYBLOB="2c6673757569643d636638003b3967322d373732332d613935612d33b030342d36615863633000342c00094b6e63345f3672cbc2e66c9085371155ebc6ef0d2e132e5d8e53660d967c4d973aa050322155bed0ab49"]) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) setxattr$security_evm(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0, 0x0) setxattr$incfs_size(&(0x7f0000000300)='./file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x1) listxattr(&(0x7f00000001c0)='./file0\x00', 0x0, 0x25) 31.36051136s ago: executing program 3 (id=562): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = socket$packet(0x11, 0x3, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000006400000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) 30.583703819s ago: executing program 3 (id=564): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1000400, &(0x7f00000000c0), 0x6, 0x588, &(0x7f0000000300)="$eJzs3U1sHFcdAPD/TOzsOnGaFHooCGgohYCirmOnjapeWi5IUFUgFU49pNZ6Y0VeZyPvutTGB+fEgSsSlTjBhQsnDpU4IPWEuHKDG5dyQCooAtVICE01491kd7ObbOOPie3fTxrte/P1f2/kfeN5szMvgBPrYkRsR8TpiHgnIs5HUsxPulO8vjvl631yd6u+c3ernkSWvfWvqe4etuq99XvORsRPR8Sq9KXbG5sri81mY62bn+us3p5rb2y+eHN1cbmx3Li1sHBt/tqVV66+vLBvdX1u9Xcff+fmGz/6w++//NGft7/1k7zMr3WX5XXrWzXJsmzvAV/rHZfpmO3OSiMiP3Jv7H3vT4RT3fqcLrsgPJb87/FzEfF8N31PtbwyAQAHK8vOR3a+P39fOpDLsmTEOgDA0ZNf889Gkta61/+zkaa1WtGHV30mzqTNVrtz+UZr/VbS6+KbTm/cbDauFH2FEZWYTvL8fERcKKbd/MJQ/mpEPB0RP6/MFPlavdVcKuU/HgDg7ND5/z+V/PxfmWRTdwgA4ChzJgeAk+fB8/90KeUAAA6P638AOHn6zv8T3fkHAI6+6tCz/yNlyaGUBQA4HCP7/98+dz/9bDL0ii8A4Khz/x8ATpQfvPlmPmU7WVK8/3rp3Y31lda7Ly412iu11fV6rd5au11bbrWWi3f2rI7YxZ3+TLPVuj3/Uqy/N9dptDtz7Y3N66ut9Vud68V7va83PFgAAOV7+rkP/5pExParM8UUvbEcHv2DAOCISyNmyi4DUI5TZRcAKM1U2QUASqM/HnjUj3tH/kRoJiLeH7+NjgV4sl36wpj+/+H/DQbvB/x/H0bHBkrW/VrrBoATaG/9/3oP4Ch7+Infg0FwnGVZYjx/ADhhJriC9xNBOOYe6/4/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnHCzxZSkte5Y4LORprVaxLmIuBDTyY2bzcaViHgqIv5Sma7k+fmyCw0A7FH6j6Q7/tel8y/MDi89nfy3UnxGxI9/+dYv3lvs9IYOvDe/834xv7O2MDJA5eDrAAD0mRqe0TtPF599F/Kf3N2q96bDLODH394dXDSPu3N3q35/POKpbuGrkc878+9koDLJPg1MvH0nIp4drn96b/mF7sinw/Hz2OcOLH4UNZwdiD/4b1RaLNv9zI/F52cmjLcPZYbj4sO8/Xl91PcvjYvFZ/f7NzXYmFbjZw82ro+h1/7tZLvt305f/Hz/3z9XLdqaUe3fxUljvPTH745ddudU9sWpiF7snb72Z1e1SI2K/8KE8f/2pa88P+5gZb+KuBQPi7+bmuus3p5rb2z+9nsf/Gm5sdy4tbBwbf7alVeuvrwwV/RRz/V6qh/0z1cvPzW+/hFnxsSvPqL+X5+w/r/+3ztvf/Uh8b/5tVHx03jmIfHzc+I3Ym2i+ItnPhg7fHcef2lM/acG4p8e2C6fd3l4Z2P+ID/6++bSRAUFAA5Fe2NzZbHZbKxNkkhjc2Wxd6E58VYDiZnH2mrCRBzYnkcnpgcOQvWgYp0ds+g3n3mH03Gox2ffEnc+w8qVcop6Kpq9/qhHrtxdb3svQbNsD2W+OME6JTVIwKG5/6UvuyQAAAAAAAAAAAAAAMA47R92X/m3zw9F9T8MV3YdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOL4+DQAA//+T6cce") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) 30.329182885s ago: executing program 3 (id=569): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10) connect$tipc(r0, &(0x7f0000000040)=@id={0x1e, 0x3, 0x2, {0x4e21, 0x3}}, 0x10) 30.081412009s ago: executing program 3 (id=572): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_vlan={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x9a8}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x806}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0xf, 0x2, 0xf, 0x10000007, 0x739c}, 0x3}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x4800) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000480)=@ccm_128={{0x304}, "f002ad8c789ed466", "57e95eb060e75664246a4cca184b4098", "57f5041c", "dd80254a4c771b8a"}, 0x28) write$binfmt_script(r0, &(0x7f0000000500)={'#! ', './file0'}, 0xb) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = gettid() read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000180)={0x335, @tick=0xe, 0x42, {}, 0x2}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(0xffffffffffffffff, 0xc04c5349, &(0x7f0000000000)={0x4c58, 0x8001, 0x200}) tkill(r3, 0x7) fcntl$dupfd(r2, 0x0, r1) 29.719873826s ago: executing program 32 (id=572): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_vlan={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x9a8}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x806}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0xf, 0x2, 0xf, 0x10000007, 0x739c}, 0x3}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x4800) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000480)=@ccm_128={{0x304}, "f002ad8c789ed466", "57e95eb060e75664246a4cca184b4098", "57f5041c", "dd80254a4c771b8a"}, 0x28) write$binfmt_script(r0, &(0x7f0000000500)={'#! ', './file0'}, 0xb) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = gettid() read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000180)={0x335, @tick=0xe, 0x42, {}, 0x2}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(0xffffffffffffffff, 0xc04c5349, &(0x7f0000000000)={0x4c58, 0x8001, 0x200}) tkill(r3, 0x7) fcntl$dupfd(r2, 0x0, r1) 8.504334295s ago: executing program 4 (id=741): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0) ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110c23003f) r4 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1980, 0x0) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110c230007) close(0x3) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000029000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000900000000000000000000000000000000000000000000000200000000000000ffffffffffffffff00000000000000000000000000000000000000000000000000249b02e11fb75f78d47200000000000000ffffffffffffffff07000000000000000000000000000000eef0325615a53100ce496fe3799ebce4dbf2f99accb4db6ef7d6d2a69baee326c81b0d8e60293655abe85df130473f755e57870c42bab2e7539b9b666d67736b7bcb859aec8f04513fc85ead62bced4ed1604973c941da092341a4d74fa023081cfc65034ed38fab52d6676b4cd23b0000000000"], 0xb8}}, 0x10) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0) 5.874209967s ago: executing program 1 (id=756): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a48000000030a010200000000000000000a0000050900030093797a30000000000900010073797a3100000000080007006e617400140004800800024054dd5e54080001"], 0x70}}, 0x24044850) 5.703846089s ago: executing program 0 (id=758): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0xc40, 0x0) r1 = syz_io_uring_setup(0x9e, &(0x7f0000000300)={0x0, 0x1852, 0x10000, 0x0, 0x1bf, 0x0, r0}, &(0x7f0000000040)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x0, &(0x7f0000000980), 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x100847c0, 0x0, 0x1, 0x0, 0x0) 5.506859579s ago: executing program 1 (id=760): bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_clone(0x40042700, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, 0x0) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r3}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200), 0x2, 0x0) 5.506298958s ago: executing program 4 (id=761): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000010000', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x202, 0x0, 0x0, 0x2}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101081, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x40305829, &(0x7f0000000000)={0x10001, 0x6, 0xa000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) 5.46738966s ago: executing program 0 (id=762): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10) sendmsg$nl_route(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001e008d2a00", @ANYRESHEX=r0], 0x24}, 0x1, 0x0, 0x0, 0x10008000}, 0x14048010) 5.445497642s ago: executing program 5 (id=763): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x3008000, &(0x7f0000000140)={[{@quota}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@abort}]}, 0xfe, 0x452, &(0x7f0000000980)="$eJzs3M1vFOUfAPDvzG7L+6/8EF9A0CoaiS8tLS9y8ILRxIMmJnrAeKptIchCDa2JEKLoAY+GxLvxaOJf4EkvRj2ZeNW7ISGGC+hpzezOlKXdbbvtlq3M55MMPM/Os3me78w8u888z04DKK3h7J8kYntE/B4RQ83s3QWGm//dvnl58u+blyeTqNff+itplLt18/JkUbR437Zmpl7P85va1Hv13YiJWm36Qp4fnTv3wejsxUsvnDk3cXr69PT58ePHjxzeP3hs/GhP4sziurX345l9e15759obkyevvffzt1l7t+f7W+NYkXT5IsPNo9vW011VtvHtaEkn1T42hK5UIiI7XQON/j8Uldgyv28oXv2sr40D1lW9Xq+3+37OXakD97Ek+t0CoD+KL/rs/rfY7tHQY0O4caJ5A5TFfTvfmnuq87f4Awvub3tpOCJOXvnnq2yL1cxDAAB06fts/PN8u/FfGg+1lPtfvoayMyL+HxG7IuKBiNgdEQ9GNMo+HBGPdFn/whWSxeOf9PqqAluhbPz3Ur62dff4L22M+7KQK/lyz45G/APJqTO16UP5MTkYA5uy/NgSdfzwym9fdNrXOv7Ltqz+YiyYt+N6dcEE3dTE3MTaor7jxqcRe6vt4k+iWMZJImJPROxdZR1nnv1mX6d9y8e/hB6sM9W/jnimef6vxIL4C0nH9cmxF4+NHx3dHLXpQ6PFVbHYL79efbNT/WuKvwey87+17fU/H//OZHPE7MVLZxvrtbPd13H1j8873tOs9vofTN5upAfz1z6amJu7MBYxmLy++PXxO+8t8kX5LP6DB9r3/13VO0fi0YjILuL9EfFYRDyet/2JiHgyIg4sEf9PLz/1fvfxLzEr30NZ/FPLnf9oPf/dJypnf/yu+/gL2fk/0kgdzF9ZyeffShu4lmMHAAAA/xVp4zfwSToyn07TkZHmb/h3x9a0NjM799ypmQ/PTzV/K78zBtJipmuoZT50LJ8bLvLjC/KH83njLytbGvmRyZnaVL+Dh5Lb1qH/Z/6s9Lt1wLrzvBaUl/4P5aX/Q3np/1Be+j+UV7v+/0kf2gHce77/obz0fygv/R/KS/+HUur4bHy6pkf+1z1RfGRtlPbcD4kTXb0r0o3Q5hIkqiv+YxarTGxqu6vPH0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA98m8AAAD//0Fo4Oc=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000001f40)={0x0, 0x2904c, 0x40000000000015b, 0x10003, '\x00', [{0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0, 0x8000000000000001}, {0xffffffff, 0x0, 0x9, 0xa}]}) 5.105121554s ago: executing program 0 (id=764): close(0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='dctcp', 0x5) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "560400", 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x0, 0x0, 0x4}}}}}}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket(0x29, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[], 0x10}}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/168, 0xa8}], 0x1, 0x2004, 0x80) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x40) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000240), 0x3af4701e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r4, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r5 = syz_clone(0x0, 0x0, 0x43, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0, r4) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, 0x0, 0x1) process_vm_writev(r5, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) 5.103581204s ago: executing program 4 (id=765): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setpgid(0x0, r0) wait4(r0, 0x0, 0x2, 0x0) tkill(r0, 0x28) 4.660257416s ago: executing program 5 (id=767): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000e70000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a64000000160a01080000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010067656e657665300000000000000000000c000540000000000000000114000000110001"], 0x8c}}, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000380)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000f0003002e2e2564aaee7b1d58b9a64411f6bbf44d", 0x39}], 0x1) 4.64386979s ago: executing program 1 (id=768): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) socket(0x28, 0x5, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x7a22, 0xc000, 0x7, 0x337}) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='9', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 4.215078569s ago: executing program 1 (id=770): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00008bc6000200", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000340)={0xb}, 0x1) sendto$inet6(r0, &(0x7f00000001c0)='l', 0xfef4, 0x10, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0xfffffffc}, 0x1c) 3.995011934s ago: executing program 0 (id=771): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a48000000030a010200000000000000000a0000050900030093797a30000000000900010073797a3100000000080007006e617400140004800800024054dd5e54080001"], 0x70}}, 0x24044850) 3.920474959s ago: executing program 1 (id=772): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0) ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110c23003f) r4 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1980, 0x0) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110c230007) close(0x3) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000029000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000900000000000000000000000000000000000000000000000200000000000000ffffffffffffffff00000000000000000000000000000000000000000000000000249b02e11fb75f78d47200000000000000ffffffffffffffff07000000000000000000000000000000eef0325615a53100ce496fe3799ebce4dbf2f99accb4db6ef7d6d2a69baee326c81b0d8e60293655abe85df130473f755e57870c42bab2e7539b9b666d67736b7bcb859aec8f04513fc85ead62bced4ed1604973c941da092341a4d74fa023081cfc65034ed38fab52d6676b4cd23b0000000000"], 0xb8}}, 0x10) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0) 3.878126092s ago: executing program 5 (id=773): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd000000000000000800034000010000050001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount(0x0, 0x0, 0x0, 0x2200020, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, &(0x7f00000018c0)={'IDLETIMER\x00'}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000000104050000000000000000000700000006000640000200000500010002"], 0x34}}, 0x2000004) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000080), &(0x7f00000000c0)={'L-', 0x1}, 0x16, 0x2) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000000)={0x40a, 0x85, 0x4}) 3.537498461s ago: executing program 0 (id=774): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="e990f79d13"], 0x48) 3.241292809s ago: executing program 2 (id=775): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1, 0x2}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000eb0626f50000000000080000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x4fa, &(0x7f0000000cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x1, 0x0, 0x0, 0x64, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000400)=ANY=[@ANYRES32=0x0, @ANYRES64], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x1) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0xd4}, 0x94) 2.814612055s ago: executing program 5 (id=776): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)=@ipv6_getaddrlabel={0x5c, 0x4a, 0x400, 0x70bd2d, 0x25dfdbff, {0xa, 0x0, 0x10, 0x0, 0x0, 0x6}, [@IFAL_LABEL={0x8, 0x2, 0xb}, @IFAL_ADDRESS={0x14, 0x1, @mcast1}, @IFAL_LABEL={0x8, 0x2, 0x4}, @IFAL_ADDRESS={0x14, 0x1, @local}, @IFAL_LABEL={0x8, 0x2, 0x7}]}, 0x5c}, 0x1, 0x0, 0x0, 0xc098971b9497eec5}, 0x4008000) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007d40)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c0000001000010025bd7000fddbdf2500000000", @ANYRES32=r1, @ANYBLOB="10080400895504002c001280110001006272696467655f736c6176650000000014000580050028"], 0x4c}, 0x1, 0x0, 0x0, 0x200404c1}, 0x4040010) 2.666089795s ago: executing program 2 (id=777): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x0, 0x1ffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) futex_waitv(&(0x7f0000001980)=[{0x4, 0x0, 0x2}, {0x81, 0x0, 0x2}, {0x1000, 0x0, 0x82}, {0xffffffffffffffff, 0x0, 0x2}, {0xe3, 0x0, 0x2}, {0xd34, 0x0, 0x82}, {0x100000000, 0x0, 0x82}, {0x8000000000000000, 0x0, 0x2}, {0x3ff, 0x0, 0x2}, {0x3, 0x0, 0x82}, {0x3, 0x0, 0x82}, {0x6, 0x0, 0x2}, {0x3, 0x0, 0x82}, {0x7, 0x0, 0x82}, {0x3, 0x0, 0x2}, {0x8000000000000000, 0x0, 0x2}, {0x9, 0x0, 0x82}, {0x3ff, 0x0, 0x2}, {0x0, 0x0, 0x82}, {0x1, 0x0, 0x2}, {0xd, 0x0, 0x82}, {0x3, 0x0, 0x2}, {0x10000, 0x0, 0x82}, {0x3, 0x0, 0x2}, {0x3, 0x0, 0x82}, {0xc, 0x0, 0x82}, {0x9, 0x0, 0x2}, {0xae, 0x0, 0x82}, {0x9, 0x0, 0x82}, {0x20, 0x0, 0x82}, {0x9, 0x0, 0x82}, {0x7, 0x0}, {0x3, 0x0, 0x82}, {0x0, 0x0, 0x2}, {0x6, 0x0, 0x2}], 0x23, 0x0, &(0x7f0000002380), 0x1) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000001a00)=""/122}, 0x20) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='htcp', 0x4) sendto$inet6(r0, &(0x7f0000000580)='\a', 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x6}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfdffa000) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) shutdown(r0, 0x1) 2.570367546s ago: executing program 4 (id=778): mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x200000c, 0x32, 0xffffffffffffffff, 0x41e90000) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x86}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e44dc3f2ddf07a1f4a987", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 2.480424704s ago: executing program 5 (id=779): socket$packet(0x11, 0x2, 0x300) r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f0000000280000012", 0x2d}], 0x1}, 0x0) 1.758481106s ago: executing program 2 (id=780): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) socket(0x28, 0x5, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x7a22, 0xc000, 0x7, 0x337}) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='9', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1.578716554s ago: executing program 2 (id=781): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ffffe}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2107, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 1.472155075s ago: executing program 4 (id=782): r0 = eventfd(0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x50, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x1ba20, 0x40a38}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}, @IFLA_GRE_ERSPAN_DIR={0x5, 0x17, 0x1}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_HWID={0x6, 0x18, 0x7}]}}}]}, 0x50}}, 0x8000002) r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) close(r2) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000500)='GPL\x00', 0x2, 0x0, 0x0, 0xe0e4f3ee43f6dc44, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r4, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000810}, 0x10) read$eventfd(r0, &(0x7f0000000240), 0x8) writev(r0, &(0x7f0000000080)=[{&(0x7f0000001100)="02965d1f5ec3de3d", 0x8}, {&(0x7f0000002180)="27a8104ce45cd4d5", 0x8}], 0x8) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r5, 0x58}, 0x10) syz_read_part_table(0x1056, &(0x7f0000001080)="$eJzsz7GNwkAUBNBZW/bZyekKuJ6IiAnIaAI3QCN0QiWkFIBkZGOgAyB4L/mj0WilDR9V2uw2dUnSJxme9XKbOZVXkfZ++uTwO4Xq79yUyzj7SXLaPpb19OIqybjP/3WuhnTTplsW1fr4nl8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHe7BQAA//+j4A+2") 1.423793122s ago: executing program 5 (id=783): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='wlan0\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20008046, &(0x7f0000000480)={0x2, 0x4e20, @multicast1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, 0x0, 0xc000) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000006c0)='net/igmp\x00') pread64(r5, &(0x7f0000000280)=""/86, 0x56, 0x4000000000000f3) write(r0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000200000000000000000000000850000004100000095000000000000004be98911ed5a3cf4451d51e400827eef4df9eb3fd52b8f0a456c3a6cfd127868ad3fe3f9a9b946c97f9fc091e4c3f4b0a0d7ed298717a480c48868562f04005972b6a5265519fee4cb1b8b93f0b164770fd40c7a8060ce72beff7cda177e28a1a97b2c8c56a3f15b2f7a9b7ae2cf52d08555d3c3315e95095217bff8c9441a45fd00000000000000979ed4e35d21d13d428af521c553b9420385390207dc1634aee0244045e5c380e6090329d37b29a56c16d5c7bee160b91246bd2c205047bd92581165c774b1fd46072c161f1d33e6d5c1a5db7a714e3ed5468408f279bd9f98ec3c5ffd79cd37810f03000000b65d147fa05253a600adfb03775847b220369339529d434f3190c81c3dd501a780cfaaaa916c8a33ee4b52d18e160428893f33d206d3a7195e7f69c831099bdc940000aa2c2e61509bf6c58b100000000000000000000000005e3210346531c1eb14fbec6eb35d6f3e3853512c6bf186bd8b75d17aeeaa07"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000000000000000000000a000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x32, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={r8, 0x124, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f0000001e40)}}, 0x10) r9 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r7, r6, 0x25, 0x0, @void}, 0x10) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x1a, &(0x7f0000000380)={[{@subsystem='cpuset'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]}) dup3(r9, r9, 0x80000) 1.321203918s ago: executing program 2 (id=784): socket$inet_udp(0x2, 0x2, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x60000726) r0 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x4, 0x312}, &(0x7f0000000440)=0x0, &(0x7f0000000300)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100}) io_uring_enter(r0, 0x7277, 0x0, 0x28, 0x0, 0x0) 1.158176366s ago: executing program 2 (id=785): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x579, &(0x7f0000000a40)="$eJzs3c9rHFUcAPDvbLL9rU2hFBWRgAcrtZsm8UcFD/WsxYLe65JsQ8mmW7Kb0sSC7cGepXgRC+JdPPdY/Ac8+DcUbKFICXrwEpnN7ObX5FezSbbdzwc2vDczu2++++a9vDdvlw2gZw2mfwoRr0fE90nE8YhIsn39ke0cXDxu/tmtsfSRxMLCl38nzePSfOu1Ws87mmVei4jfv4s4U1hbbn12brJcrVams/xQY+r6UH127uzVqfJEZaJybWR09PwHoyMff/Rhx2J999K/P37xsC/LnbiXxIU4luWWx7EDt5dnBmMwe0+KcWHVgcMdKKybJLlbf9vz82B7+rJ2Xoy0DzgefVmrB15+30bEAtCjkm23/z+Lu3MmwN5qjQNac/sOzYNfGE8/XZwArY2/f/HeSBxqzo2OzCcrZkbpfHegA+WnZTx4fP9e+ojO3YcA2NTtOxFxrr9/bf+XZP3f8zu3hWOWyli8g6j/g73zMB3/vJc3/im0xz+RM/45uqLtPr/Vr7G2/ReedKCYdaXjv09yx7/tRauBviz3SnPMV0yuXK1W0r7t1Yg4HcWDaX6j9Zzz848W1tu3fPz3oHD/Xlp+ayyYnceT/oMrnzNebpR3EvNyT+9EvJE7/k3a9Z/k1H/6flzaYhmnKvffytncHD6viP9xXvy7a+GXiHdy639pRSvZeH1yqHk9DLWuirX+uXvqj/XK3+/40/o/snH8A8ny9dr69sv4+dB/lWivJ6+0Iv7Y+vV/IPmqmT6QbbtZbjSmhyMOJJ+3txda20eWntvKt45P4z/99sb9X971fzgivt5i/HdP/vrmevu6of7Hc+u/PbtdVf/bTzz67Juf1it/8/jT+n+/mTqdbdlK/7fVE9zJewcAAAAAAADdphARxyIplNrpQqFUWvx8x8k4UqjW6o0zV2oz18aj+V3ZgSgWWivdx5d9HmI4WzFs5UdW5Ucj4kRE/NB3uJkvjdWq4/sdPAAAAAAAAAAAAAAAAAAAAHSJo+t8/z/1V99+nx2w6/zkN/SuTdt/J37pCehK/v9D79L+oXdp/9C7tH/oXdo/9C7tH3pXbvs/tPfnAew9//8BAAAAAAAAAAAAAAAAAAAAAAAAAACgoy5dvJg+Fuaf3RpL8+M3ZmcmazfOjlfqk6WpmbHSWG36emmiVpuoVkpjtanNXq9aq10fHomZm0ONSr0xVJ+duzxVm7nWuHx1qjxRuVwp7klUAAAAAAAAAAAAAAAAAAAA8GKpz85NlqvVyrTEy5xIImKXiujvigAlOp3Y754JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJb8HwAA//9jbDB1") setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), &(0x7f00000002c0)="30573472b621739991c336124406e8a5c812ca847e3bf9b837c91d46ab", 0x1d, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000000)=ANY=[], 0x361, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000000)=ANY=[], 0xfe37, 0x0) 726.284087ms ago: executing program 1 (id=786): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd00000000000000080003400001000005000100"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount(0x0, 0x0, 0x0, 0x2200020, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, &(0x7f00000018c0)={'IDLETIMER\x00'}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000000104050000000000000000000700000006000640000200000500010002"], 0x34}}, 0x2000004) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000080), &(0x7f00000000c0)={'L-', 0x1}, 0x16, 0x2) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000000)={0x40a, 0x85, 0x4}) 12.166778ms ago: executing program 4 (id=787): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x4}) ioctl$sock_netdev_private(r0, 0x89f6, &(0x7f0000000000)) 0s ago: executing program 0 (id=788): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200fffe540004802800018007000100637400001c0002800800014000000002080002400000000205000300010000002800018007000100637400001c0002800800024000000011080004400000000c05000300010000000900010073797a30000000000900020073797a32"], 0xa8}, 0x1, 0x0, 0x0, 0x840}, 0x0) kernel console output (not intermixed with test programs): no interfaces have a carrier Starting crond: [ 59.337773][ T5492] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.370510][ T5492] eql: remember to turn off Van-Jacobson compression on your slave devices OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.104' (ED25519) to the list of known hosts. syzkaller login: [ 86.088766][ T5812] cgroup: Unknown subsys name 'net' [ 86.255366][ T5812] cgroup: Unknown subsys name 'cpuset' [ 86.265139][ T5812] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.963310][ T5812] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.362215][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.382166][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.390265][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.398951][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.406959][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.612942][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.622910][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.637586][ T5840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.645471][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.654881][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.663093][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.672857][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.680275][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.688221][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.697778][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.706133][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.720073][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.728031][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.738560][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.747275][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.758849][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.767612][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.775568][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.785309][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.799972][ T5148] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.934122][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 91.154555][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.162464][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.170148][ T5827] bridge_slave_0: entered allmulticast mode [ 91.177787][ T5827] bridge_slave_0: entered promiscuous mode [ 91.224450][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.231812][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.239000][ T5827] bridge_slave_1: entered allmulticast mode [ 91.246914][ T5827] bridge_slave_1: entered promiscuous mode [ 91.333237][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.364738][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.519083][ T5827] team0: Port device team_slave_0 added [ 91.564845][ T5827] team0: Port device team_slave_1 added [ 91.645828][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 91.684901][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.691968][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.718623][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.732200][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.739186][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.765848][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.817180][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 91.898226][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 91.987545][ T5827] hsr_slave_0: entered promiscuous mode [ 91.994423][ T5827] hsr_slave_1: entered promiscuous mode [ 92.033579][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 92.265867][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.273517][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.281744][ T5838] bridge_slave_0: entered allmulticast mode [ 92.290291][ T5838] bridge_slave_0: entered promiscuous mode [ 92.355780][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.364475][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.373767][ T5838] bridge_slave_1: entered allmulticast mode [ 92.382632][ T5838] bridge_slave_1: entered promiscuous mode [ 92.418210][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.425784][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.433141][ T5836] bridge_slave_0: entered allmulticast mode [ 92.440831][ T5844] Bluetooth: hci0: command tx timeout [ 92.440836][ T5836] bridge_slave_0: entered promiscuous mode [ 92.490649][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.497990][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.505558][ T5836] bridge_slave_1: entered allmulticast mode [ 92.513268][ T5836] bridge_slave_1: entered promiscuous mode [ 92.533160][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.540437][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.547663][ T5834] bridge_slave_0: entered allmulticast mode [ 92.555314][ T5834] bridge_slave_0: entered promiscuous mode [ 92.610672][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.620321][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.628931][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.636372][ T5834] bridge_slave_1: entered allmulticast mode [ 92.643934][ T5834] bridge_slave_1: entered promiscuous mode [ 92.665596][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.673123][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.680844][ T5835] bridge_slave_0: entered allmulticast mode [ 92.688292][ T5835] bridge_slave_0: entered promiscuous mode [ 92.711332][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.743914][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.751231][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.758443][ T5835] bridge_slave_1: entered allmulticast mode [ 92.766513][ T5835] bridge_slave_1: entered promiscuous mode [ 92.776846][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.835487][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.845037][ T5845] Bluetooth: hci3: command tx timeout [ 92.850792][ T5148] Bluetooth: hci2: command tx timeout [ 92.856771][ T5844] Bluetooth: hci1: command tx timeout [ 92.896877][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.920440][ T5844] Bluetooth: hci4: command tx timeout [ 92.937506][ T5838] team0: Port device team_slave_0 added [ 92.945685][ T5836] team0: Port device team_slave_0 added [ 92.954078][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.974091][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.985905][ T5838] team0: Port device team_slave_1 added [ 93.004714][ T5836] team0: Port device team_slave_1 added [ 93.035632][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.109700][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.117602][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.144188][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.174553][ T5834] team0: Port device team_slave_0 added [ 93.184410][ T5834] team0: Port device team_slave_1 added [ 93.193607][ T5835] team0: Port device team_slave_0 added [ 93.213163][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.220543][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.248234][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.260874][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.268292][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.297774][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.331305][ T5835] team0: Port device team_slave_1 added [ 93.356806][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.364184][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.390515][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.423621][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.431269][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.457936][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.471142][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.478174][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.504929][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.587659][ T5838] hsr_slave_0: entered promiscuous mode [ 93.594458][ T5838] hsr_slave_1: entered promiscuous mode [ 93.601198][ T5838] debugfs: 'hsr0' already exists in 'hsr' [ 93.607125][ T5838] Cannot create hsr debugfs directory [ 93.630488][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.637480][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.663833][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.725377][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.732695][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.759588][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.798679][ T5836] hsr_slave_0: entered promiscuous mode [ 93.805762][ T5836] hsr_slave_1: entered promiscuous mode [ 93.812772][ T5836] debugfs: 'hsr0' already exists in 'hsr' [ 93.818560][ T5836] Cannot create hsr debugfs directory [ 93.848492][ T5834] hsr_slave_0: entered promiscuous mode [ 93.855893][ T5834] hsr_slave_1: entered promiscuous mode [ 93.862623][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 93.868494][ T5834] Cannot create hsr debugfs directory [ 93.955078][ T5827] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.981437][ T5835] hsr_slave_0: entered promiscuous mode [ 93.988202][ T5835] hsr_slave_1: entered promiscuous mode [ 93.995153][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 94.001262][ T5835] Cannot create hsr debugfs directory [ 94.032870][ T5827] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.077734][ T5827] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.109045][ T5827] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.520141][ T5844] Bluetooth: hci0: command tx timeout [ 94.568481][ T5834] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.586999][ T5834] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.598312][ T5834] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.628903][ T5834] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.734354][ T5838] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.745734][ T5838] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.779825][ T5838] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.801171][ T5838] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.900279][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.917225][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.920841][ T5845] Bluetooth: hci3: command tx timeout [ 94.925284][ T5148] Bluetooth: hci2: command tx timeout [ 94.929730][ T5844] Bluetooth: hci1: command tx timeout [ 94.949401][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.969548][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.990776][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.000389][ T5844] Bluetooth: hci4: command tx timeout [ 95.089524][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.145413][ T2945] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.152919][ T2945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.166476][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.192977][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.205996][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.219564][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.232739][ T3568] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.239989][ T3568] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.301857][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.357855][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.417532][ T2945] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.424739][ T2945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.467412][ T2945] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.475063][ T2945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.492697][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.618732][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.665635][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.689965][ T2975] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.697180][ T2975] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.712073][ T2975] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.719316][ T2975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.787556][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.815414][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.841834][ T2902] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.849105][ T2902] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.883938][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.891267][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.949353][ T5838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.982248][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.007174][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.086979][ T2975] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.094364][ T2975] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.157383][ T2975] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.164658][ T2975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.245147][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.345124][ T5827] veth0_vlan: entered promiscuous mode [ 96.378796][ T5827] veth1_vlan: entered promiscuous mode [ 96.546574][ T5827] veth0_macvtap: entered promiscuous mode [ 96.567906][ T5834] veth0_vlan: entered promiscuous mode [ 96.596869][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.603796][ T5844] Bluetooth: hci0: command tx timeout [ 96.614728][ T5834] veth1_vlan: entered promiscuous mode [ 96.643720][ T5827] veth1_macvtap: entered promiscuous mode [ 96.724924][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.763891][ T5834] veth0_macvtap: entered promiscuous mode [ 96.783156][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.815741][ T5834] veth1_macvtap: entered promiscuous mode [ 96.854770][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.911877][ T3568] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.935881][ T3568] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.966678][ T3568] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.982702][ T3568] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.000662][ T5844] Bluetooth: hci2: command tx timeout [ 97.002292][ T5148] Bluetooth: hci1: command tx timeout [ 97.006144][ T5844] Bluetooth: hci3: command tx timeout [ 97.075936][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.084298][ T5844] Bluetooth: hci4: command tx timeout [ 97.096740][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.105891][ T5836] veth0_vlan: entered promiscuous mode [ 97.134840][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.147756][ T5836] veth1_vlan: entered promiscuous mode [ 97.166985][ T796] cfg80211: failed to load regulatory.db [ 97.212923][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.224395][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.261850][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.272376][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.352966][ T2945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.365419][ T2945] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.443427][ T5836] veth0_macvtap: entered promiscuous mode [ 97.465009][ T5835] veth0_vlan: entered promiscuous mode [ 97.475782][ T5838] veth0_vlan: entered promiscuous mode [ 97.499544][ T5836] veth1_macvtap: entered promiscuous mode [ 97.512824][ T2945] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.524226][ T2945] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.544340][ T5838] veth1_vlan: entered promiscuous mode [ 97.559210][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.582131][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.592966][ T5835] veth1_vlan: entered promiscuous mode [ 97.640906][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.668329][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.695120][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.707321][ T3568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.734700][ T3568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.760845][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.771174][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.793567][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.850453][ T3568] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.924827][ T5835] veth0_macvtap: entered promiscuous mode [ 97.948601][ T5838] veth0_macvtap: entered promiscuous mode [ 98.033217][ T5835] veth1_macvtap: entered promiscuous mode [ 98.051950][ T5838] veth1_macvtap: entered promiscuous mode [ 98.181476][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.199366][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.201137][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.220846][ T87] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 98.264334][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.277588][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.316472][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.354335][ T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.369899][ T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.379028][ T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.388012][ T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.400352][ T87] usb 3-1: Using ep0 maxpacket: 32 [ 98.410070][ T87] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 98.430854][ T87] usb 3-1: config 0 has no interface number 0 [ 98.445576][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.459445][ T59] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.471260][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.479445][ T87] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 98.480613][ T59] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.498234][ T87] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.509332][ T87] usb 3-1: Product: syz [ 98.514566][ T87] usb 3-1: Manufacturer: syz [ 98.535837][ T87] usb 3-1: SerialNumber: syz [ 98.544311][ T59] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.556279][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.580198][ T87] usb 3-1: config 0 descriptor?? [ 98.608397][ T87] smsc95xx v2.0.0 [ 98.680371][ T5844] Bluetooth: hci0: command tx timeout [ 98.974834][ T2945] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.013582][ T2945] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.032050][ T87] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 99.071143][ T87] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 99.081437][ T5844] Bluetooth: hci3: command tx timeout [ 99.081479][ T5844] Bluetooth: hci1: command tx timeout [ 99.081502][ T5844] Bluetooth: hci2: command tx timeout [ 99.150983][ T143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.160387][ T5845] Bluetooth: hci4: command tx timeout [ 99.174301][ T143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.259912][ T143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.284487][ T143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.288161][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.322625][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.360747][ T5913] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 99.612491][ T5913] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 99.636513][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.683580][ T5913] usb 2-1: config 0 descriptor?? [ 99.715692][ T5845] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 99.728951][ T5845] CPU: 1 UID: 0 PID: 5845 Comm: kworker/u9:6 Not tainted syzkaller #0 PREEMPT(full) [ 99.728986][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 99.729000][ T5845] Workqueue: hci1 hci_rx_work [ 99.729039][ T5845] Call Trace: [ 99.729047][ T5845] [ 99.729057][ T5845] dump_stack_lvl+0xe8/0x150 [ 99.729087][ T5845] sysfs_create_dir_ns+0x271/0x2a0 [ 99.729112][ T5845] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 99.729136][ T5845] ? do_raw_spin_unlock+0xf5/0x210 [ 99.729163][ T5845] kobject_add_internal+0x62b/0xd00 [ 99.729200][ T5845] kobject_add+0x163/0x240 [ 99.729231][ T5845] ? __pfx_kobject_add+0x10/0x10 [ 99.729258][ T5845] ? _raw_spin_unlock+0x28/0x50 [ 99.729293][ T5845] ? get_device_parent+0x366/0x3a0 [ 99.729323][ T5845] device_add+0x408/0xb70 [ 99.729362][ T5845] hci_conn_add_sysfs+0xd5/0x210 [ 99.729392][ T5845] le_conn_complete_evt+0xf1d/0x1430 [ 99.729434][ T5845] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 99.729466][ T5845] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 99.729494][ T5845] ? __pfx___mutex_lock+0x10/0x10 [ 99.729517][ T5845] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 99.729539][ T5845] ? skb_pull_data+0xfb/0x200 [ 99.729571][ T5845] hci_le_conn_complete_evt+0x187/0x470 [ 99.729610][ T5845] hci_event_packet+0x7af/0x12c0 [ 99.729643][ T5845] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 99.729672][ T5845] ? __pfx_hci_event_packet+0x10/0x10 [ 99.729703][ T5845] ? kcov_remote_start+0x49a/0x7a0 [ 99.729736][ T5845] ? hci_send_to_monitor+0xe2/0x590 [ 99.729776][ T5845] hci_rx_work+0x3ee/0x1030 [ 99.729811][ T5845] ? process_one_work+0x87c/0x15a0 [ 99.729834][ T5845] process_one_work+0x949/0x15a0 [ 99.729882][ T5845] ? __pfx_process_one_work+0x10/0x10 [ 99.729905][ T5845] ? do_raw_spin_lock+0x12b/0x2f0 [ 99.729942][ T5845] worker_thread+0xb46/0x1140 [ 99.729977][ T5845] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 99.730024][ T5845] kthread+0x388/0x470 [ 99.730043][ T5845] ? __pfx_worker_thread+0x10/0x10 [ 99.730066][ T5845] ? __pfx_kthread+0x10/0x10 [ 99.730099][ T5845] ret_from_fork+0x51b/0xa40 [ 99.730127][ T5845] ? __pfx_ret_from_fork+0x10/0x10 [ 99.730150][ T5845] ? __switch_to+0xc7d/0x1400 [ 99.730177][ T5845] ? __pfx_kthread+0x10/0x10 [ 99.730208][ T5845] ret_from_fork_asm+0x1a/0x30 [ 99.730256][ T5845] [ 100.011942][ T5845] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 100.026211][ T5845] Bluetooth: hci1: failed to register connection device [ 100.235969][ T5913] cp210x 2-1:0.0: cp210x converter detected [ 100.340140][ T982] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 100.501123][ T982] usb 4-1: Using ep0 maxpacket: 32 [ 100.512297][ T982] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 100.550017][ T982] usb 4-1: config 0 has no interface number 0 [ 100.561974][ T982] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 100.591523][ T982] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 100.631616][ T982] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.653044][ T982] usb 4-1: Product: syz [ 100.657423][ T982] usb 4-1: Manufacturer: syz [ 100.676947][ T982] usb 4-1: SerialNumber: syz [ 100.698965][ T982] usb 4-1: config 0 descriptor?? [ 100.709066][ T5958] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 100.744805][ T5913] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 100.764896][ T5913] cp210x 2-1:0.0: querying part number failed [ 100.796753][ T5913] usb 2-1: cp210x converter now attached to ttyUSB0 [ 100.826579][ T5913] usb 2-1: USB disconnect, device number 2 [ 100.859310][ T5913] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 100.882328][ T5913] cp210x 2-1:0.0: device disconnected [ 100.888645][ T87] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000038: -71 [ 100.905163][ T87] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 100.947334][ T5958] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 100.959948][ T5948] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 100.988136][ T87] usb 3-1: USB disconnect, device number 2 [ 101.130177][ T5948] usb 1-1: Using ep0 maxpacket: 8 [ 101.145837][ T5948] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 101.170736][ T5948] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 101.201448][ T5948] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 101.212772][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 101.379933][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 101.450173][ T5948] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 101.469970][ T5948] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 101.496079][ T5948] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 101.517380][ T5948] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.559832][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 101.609828][ T0] NOHZ tick-stop error: local softirq work is pending, handler #102!!! [ 101.625323][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 101.929809][ T0] NOHZ tick-stop error: local softirq work is pending, handler #102!!! [ 102.060156][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 102.106580][ T5948] usb 1-1: GET_CAPABILITIES returned 0 [ 102.122072][ T5948] usbtmc 1-1:16.0: can't read capabilities [ 102.190240][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.316661][ T5948] usb 1-1: USB disconnect, device number 2 [ 102.355185][ T982] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 102.366503][ T982] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9 [ 102.391831][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.404168][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.412737][ T982] asix 4-1:0.188: probe with driver asix failed with error -71 [ 102.430381][ T982] usb 4-1: USB disconnect, device number 2 [ 102.549993][ T87] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 102.715439][ T87] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 102.730356][ T87] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.738497][ T87] usb 3-1: Product: syz [ 102.758378][ T87] usb 3-1: Manufacturer: syz [ 102.768603][ T87] usb 3-1: SerialNumber: syz [ 102.783901][ T87] usb 3-1: config 0 descriptor?? [ 102.996820][ T5844] Bluetooth: hci3: unknown advertising packet type: 0x17 [ 103.026035][ T87] usb-storage 3-1:0.0: USB Mass Storage device detected [ 103.233572][ T87] usb 3-1: USB disconnect, device number 3 [ 103.243626][ T5960] udevd[5960]: setting owner of /dev/bus/usb/003/003 to uid=0, gid=0 failed: No such file or directory [ 103.278232][ T5990] netlink: 'syz.3.15': attribute type 1 has an invalid length. [ 103.297719][ T5990] netlink: 224 bytes leftover after parsing attributes in process `syz.3.15'. [ 103.340275][ T5913] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 103.500492][ T5913] usb 1-1: Using ep0 maxpacket: 16 [ 103.517651][ T5913] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.539608][ T5913] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.567580][ T5913] usb 1-1: config 0 interface 0 has no altsetting 0 [ 103.582850][ T5913] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 103.614008][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.664140][ T5913] usb 1-1: config 0 descriptor?? [ 103.812015][ T6002] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 104.133686][ T5913] nzxt-smart2 0003:1E71:2009.0001: item fetching failed at offset 1/5 [ 104.134600][ T5913] nzxt-smart2 0003:1E71:2009.0001: probe with driver nzxt-smart2 failed with error -22 [ 104.317744][ T5913] usb 1-1: USB disconnect, device number 3 [ 104.616724][ T6020] netlink: 'syz.3.25': attribute type 10 has an invalid length. [ 104.672367][ T6020] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.681039][ T6020] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.733976][ T6020] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.741428][ T6020] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.749690][ T6020] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.756941][ T6020] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.251599][ T6020] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 105.638462][ T6026] netlink: 'syz.2.27': attribute type 1 has an invalid length. [ 105.686339][ T6026] netlink: 224 bytes leftover after parsing attributes in process `syz.2.27'. [ 106.722209][ T6064] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 110.246417][ T6083] loop4: detected capacity change from 0 to 512 [ 110.397222][ T6083] EXT4-fs: Ignoring removed orlov option [ 110.429978][ T6083] EXT4-fs: Ignoring removed mblk_io_submit option [ 111.272472][ T6083] EXT4-fs error (device loop4): ext4_iget_extra_inode:5052: inode #15: comm syz.4.44: corrupted in-inode xattr: e_value size too large [ 111.332591][ T6083] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 111.340058][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 111.356038][ C1] EXT4-fs (loop4): initial error at time 1769911025: ext4_iget_extra_inode:5052: inode 15 [ 111.366043][ C1] EXT4-fs (loop4): last error at time 1769911025: ext4_iget_extra_inode:5052: inode 15 [ 111.380222][ T6083] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.44: couldn't read orphan inode 15 (err -117) [ 111.393595][ T6091] loop2: detected capacity change from 0 to 1024 [ 111.412657][ T6083] loop4: lost filesystem error report for type 5 error -117 [ 111.417387][ T6092] netlink: 4 bytes leftover after parsing attributes in process `syz.0.46'. [ 111.436041][ T6083] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.437013][ T6091] EXT4-fs: Ignoring removed orlov option [ 111.521349][ T6091] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.578213][ T6083] EXT4-fs error (device loop4): ext4_append:79: inode #2: comm syz.4.44: Logical block already allocated [ 111.647465][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.725987][ T5834] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.195371][ T6111] tipc: Started in network mode [ 112.211576][ T6111] tipc: Node identity 9ad49eb079b3, cluster identity 4711 [ 112.219365][ T6111] tipc: Enabled bearer , priority 0 [ 112.228563][ T6111] syzkaller0: entered promiscuous mode [ 112.234288][ T6111] syzkaller0: entered allmulticast mode [ 112.282635][ T6111] tipc: Resetting bearer [ 112.293236][ T6110] tipc: Resetting bearer [ 112.309159][ T6110] tipc: Disabling bearer [ 113.474736][ T6122] kvm: kvm [6121]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xc934 [ 113.629058][ T6137] loop2: detected capacity change from 0 to 736 [ 113.824079][ T6141] netlink: 36 bytes leftover after parsing attributes in process `syz.3.65'. [ 115.189709][ T6155] syz.2.70 uses obsolete (PF_INET,SOCK_PACKET) [ 116.784358][ T6175] loop4: detected capacity change from 0 to 512 [ 116.847715][ T6175] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 116.878904][ T6178] netlink: 12 bytes leftover after parsing attributes in process `syz.2.78'. [ 116.926036][ T6182] loop3: detected capacity change from 0 to 128 [ 116.953623][ T6178] netlink: 12 bytes leftover after parsing attributes in process `syz.2.78'. [ 117.060444][ T6182] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 54) [ 117.069591][ T6178] netlink: 12 bytes leftover after parsing attributes in process `syz.2.78'. [ 117.097910][ T6182] FAT-fs (loop3): Filesystem has been set read-only [ 117.137875][ T6182] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 54) [ 117.160915][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.630377][ T6217] loop4: detected capacity change from 0 to 1024 [ 119.753106][ T6217] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 119.980726][ T6229] netlink: 256 bytes leftover after parsing attributes in process `syz.1.94'. [ 120.018025][ T6229] netlink: 72 bytes leftover after parsing attributes in process `syz.1.94'. [ 120.038979][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 121.086537][ T6244] loop1: detected capacity change from 0 to 1024 [ 121.122654][ T6244] ======================================================= [ 121.122654][ T6244] WARNING: The mand mount option has been deprecated and [ 121.122654][ T6244] and is ignored by this kernel. Remove the mand [ 121.122654][ T6244] option from the mount to silence this warning. [ 121.122654][ T6244] ======================================================= [ 121.225127][ T6244] EXT4-fs: Ignoring removed oldalloc option [ 121.235537][ T6244] EXT4-fs: Ignoring removed bh option [ 121.313902][ T6244] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.435891][ T30] audit: type=1804 audit(1769911035.940:2): pid=6244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.101" name="/newroot/20/bus/bus" dev="loop1" ino=18 res=1 errno=0 [ 121.522071][ T5892] IPVS: starting estimator thread 0... [ 121.650019][ T6262] IPVS: using max 30 ests per chain, 72000 per kthread [ 121.662451][ T6268] af_packet: tpacket_rcv: packet too big, clamped from 88 to 4294967272. macoff=96 [ 121.811088][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.887913][ T6275] netlink: 20 bytes leftover after parsing attributes in process `syz.4.111'. [ 121.959551][ T6275] netlink: 8 bytes leftover after parsing attributes in process `syz.4.111'. [ 122.103233][ T30] audit: type=1107 audit(1769911036.550:3): pid=6283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='Í%' [ 123.197664][ T6299] loop2: detected capacity change from 0 to 128 [ 123.320861][ T6306] netlink: 'syz.1.124': attribute type 10 has an invalid length. [ 123.329474][ T6299] Zero length message leads to an empty skb [ 123.362089][ T6299] xt_hashlimit: size too large, truncated to 1048576 [ 123.382537][ T6306] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.390430][ T6306] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.434166][ T6306] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.441570][ T6306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.449122][ T6306] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.456415][ T6306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.502297][ T6309] ALSA: seq fatal error: cannot create timer (-22) [ 123.591369][ T6306] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 123.619977][ T5892] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 123.930083][ T5892] usb 5-1: device descriptor read/64, error -71 [ 125.087038][ T5892] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 125.230653][ T5892] usb 5-1: device descriptor read/64, error -71 [ 125.362385][ T5892] usb usb5-port1: attempt power cycle [ 125.709914][ T5892] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 125.750538][ T5892] usb 5-1: device descriptor read/8, error -71 [ 126.400854][ T30] audit: type=1326 audit(1769911040.830:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6343 comm="syz.2.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bd639aeb9 code=0x7fc00000 [ 126.536115][ T5892] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 126.608346][ T5892] usb 5-1: device descriptor read/8, error -71 [ 126.750280][ T5892] usb usb5-port1: unable to enumerate USB device [ 126.798395][ T6364] loop4: detected capacity change from 0 to 512 [ 126.853293][ T6364] EXT4-fs: inline encryption not supported [ 126.933469][ T6364] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 127.167275][ T6373] fuse: Bad value for 'fd' [ 127.623865][ T6364] EXT4-fs (loop4): 1 orphan inode deleted [ 127.645518][ T6364] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.669325][ T6364] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.734786][ T2902] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 127.772688][ T2902] EXT4-fs error (device loop4): ext4_release_dquot:7042: comm kworker/u8:6: Failed to release dquot type 1 [ 127.785527][ T6372] serio: Serial port ptm0 [ 127.799956][ T30] audit: type=1800 audit(1769911042.300:5): pid=6364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.143" name="bus" dev="loop4" ino=16 res=0 errno=0 [ 128.018860][ T6372] serio: Serial port ptm0 [ 128.175643][ T6391] netlink: 'syz.1.152': attribute type 1 has an invalid length. [ 128.380879][ T6394] bond1: (slave geneve2): making interface the new active one [ 128.404566][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.419176][ T6394] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 128.448127][ T3568] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 128.463140][ T36] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 128.496589][ T36] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 128.517353][ T36] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 128.720899][ T6413] tipc: Started in network mode [ 128.756294][ T6413] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 128.813602][ T6413] tipc: Enabled bearer , priority 10 [ 128.951703][ T6421] loop2: detected capacity change from 0 to 128 [ 129.419330][ T6437] netlink: 'syz.4.170': attribute type 1 has an invalid length. [ 129.906185][ T6448] loop2: detected capacity change from 0 to 4096 [ 129.921696][ T6448] EXT4-fs: Ignoring removed i_version option [ 129.935205][ T5913] tipc: Node number set to 8432298 [ 130.004002][ T6448] EXT4-fs (loop2): Test dummy encryption mode enabled [ 130.103526][ T6448] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.517260][ T5834] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.180899][ T6488] netlink: 'syz.3.186': attribute type 1 has an invalid length. [ 132.245169][ T6490] loop4: detected capacity change from 0 to 256 [ 132.354257][ T6492] bond1: (slave geneve2): making interface the new active one [ 132.363862][ T6492] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 132.388818][ T3568] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 132.434428][ T3568] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 132.494272][ T3568] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 132.526048][ T2902] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 133.970141][ T6546] netlink: 'syz.4.205': attribute type 10 has an invalid length. [ 133.978873][ T6546] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.987001][ T6546] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.043597][ T6546] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.050918][ T6546] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.058607][ T6546] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.065919][ T6546] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.097914][ T6546] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 134.242600][ T6531] loop1: detected capacity change from 0 to 40427 [ 134.282087][ T6531] F2FS-fs (loop1): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288) [ 134.314746][ T6531] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 134.374504][ T6531] F2FS-fs (loop1): Image doesn't support compression [ 134.419861][ T6531] F2FS-fs (loop1): build fault injection rate: 690 [ 134.494863][ T6531] F2FS-fs (loop1): build fault injection type: 0x35f7 [ 134.541284][ T6531] F2FS-fs (loop1): invalid crc value [ 135.097606][ T6531] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 135.119297][ T6560] netlink: 28 bytes leftover after parsing attributes in process `syz.0.211'. [ 135.150059][ T6560] netlink: 28 bytes leftover after parsing attributes in process `syz.0.211'. [ 135.186290][ T6531] F2FS-fs (loop1): Start checkpoint disabled! [ 135.203165][ T6560] batadv0: entered promiscuous mode [ 135.220732][ T6560] dummy0: entered promiscuous mode [ 135.252546][ T6531] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 135.288746][ T6531] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 135.330069][ T6531] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 135.505290][ T6570] syz.1.201: attempt to access beyond end of device [ 135.505290][ T6570] loop1: rw=2049, sector=45096, nr_sectors = 136 limit=40427 [ 135.681077][ T6572] 9p: Bad value for 'rfdno' [ 136.025531][ T49] kworker/u8:3: attempt to access beyond end of device [ 136.025531][ T49] loop1: rw=2049, sector=45232, nr_sectors = 8 limit=40427 [ 136.071058][ T6584] fuse: Invalid rootmode [ 136.101118][ T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) [ 136.101146][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 136.101158][ T49] Workqueue: writeback wb_workfn (flush-7:1) [ 136.101208][ T49] Call Trace: [ 136.101215][ T49] [ 136.101223][ T49] dump_stack_lvl+0xe8/0x150 [ 136.101257][ T49] f2fs_handle_critical_error+0x37c/0x540 [ 136.101287][ T49] f2fs_write_end_io+0xcdb/0xff0 [ 136.101326][ T49] __submit_merged_bio+0x256/0x650 [ 136.101353][ T49] __submit_merged_write_cond+0x3c3/0x4e0 [ 136.101380][ T49] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 136.101419][ T49] f2fs_write_data_pages+0x2970/0x35e0 [ 136.101471][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 136.101508][ T49] ? unwind_next_frame+0xa5/0x23c0 [ 136.101559][ T49] ? unwind_next_frame+0xa5/0x23c0 [ 136.101593][ T49] ? unwind_next_frame+0xa5/0x23c0 [ 136.101617][ T49] ? ret_from_fork_asm+0x1a/0x30 [ 136.101640][ T49] ? ret_from_fork_asm+0x1a/0x30 [ 136.101676][ T49] ? __lock_acquire+0x6b5/0x2cf0 [ 136.101700][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 136.101724][ T49] do_writepages+0x32e/0x550 [ 136.101751][ T49] ? reacquire_held_locks+0x104/0x190 [ 136.101773][ T49] ? writeback_sb_inodes+0x42a/0x1940 [ 136.101797][ T49] __writeback_single_inode+0x133/0x1060 [ 136.101818][ T49] ? do_raw_spin_unlock+0xf5/0x210 [ 136.101837][ T49] writeback_sb_inodes+0x92e/0x1940 [ 136.101877][ T49] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 136.101894][ T49] ? do_raw_spin_lock+0x12b/0x2f0 [ 136.101941][ T49] ? rcu_is_watching+0x15/0xb0 [ 136.101970][ T49] wb_writeback+0x445/0xad0 [ 136.101992][ T49] ? queue_io+0x211/0x450 [ 136.102017][ T49] ? __pfx_wb_writeback+0x10/0x10 [ 136.102033][ T49] ? do_raw_spin_lock+0x12b/0x2f0 [ 136.102061][ T49] wb_workfn+0x3f8/0xef0 [ 136.102090][ T49] ? __lock_acquire+0x6b5/0x2cf0 [ 136.102107][ T49] ? look_up_lock_class+0x57/0x110 [ 136.102139][ T49] ? __pfx_wb_workfn+0x10/0x10 [ 136.102167][ T49] ? do_raw_spin_lock+0x12b/0x2f0 [ 136.102180][ T49] ? lock_acquire+0x106/0x330 [ 136.102201][ T49] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 136.102218][ T49] ? process_one_work+0x87c/0x15a0 [ 136.102239][ T49] ? process_one_work+0x87c/0x15a0 [ 136.102269][ T49] ? process_one_work+0x87c/0x15a0 [ 136.102287][ T49] process_one_work+0x949/0x15a0 [ 136.102324][ T49] ? __pfx_process_one_work+0x10/0x10 [ 136.102343][ T49] ? do_raw_spin_lock+0x12b/0x2f0 [ 136.102372][ T49] worker_thread+0xb46/0x1140 [ 136.102414][ T49] kthread+0x388/0x470 [ 136.102429][ T49] ? __pfx_worker_thread+0x10/0x10 [ 136.102447][ T49] ? __pfx_kthread+0x10/0x10 [ 136.102474][ T49] ret_from_fork+0x51b/0xa40 [ 136.102497][ T49] ? __pfx_ret_from_fork+0x10/0x10 [ 136.102516][ T49] ? __switch_to+0xc7d/0x1400 [ 136.102537][ T49] ? __pfx_kthread+0x10/0x10 [ 136.102563][ T49] ret_from_fork_asm+0x1a/0x30 [ 136.102601][ T49] [ 136.102612][ T49] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 136.602922][ T6598] netlink: 4 bytes leftover after parsing attributes in process `syz.2.229'. [ 136.723575][ T6603] capability: warning: `syz.3.230' uses 32-bit capabilities (legacy support in use) [ 137.180347][ T6619] netlink: 12 bytes leftover after parsing attributes in process `syz.3.237'. [ 138.031035][ T6645] xt_CONNSECMARK: invalid mode: 0 [ 138.146999][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.780778][ T6651] loop1: detected capacity change from 0 to 512 [ 138.864686][ T6651] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.962008][ T6651] ext4 filesystem being mounted at /39/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 139.082214][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.297171][ T6678] loop4: detected capacity change from 0 to 512 [ 139.321009][ T6678] msdos: Unknown parameter './file0' [ 140.553188][ T6702] loop2: detected capacity change from 0 to 512 [ 140.846910][ T6706] netlink: 104 bytes leftover after parsing attributes in process `syz.4.272'. [ 140.955195][ T6709] xt_CONNSECMARK: invalid mode: 0 [ 142.003185][ T6718] loop4: detected capacity change from 0 to 16 [ 142.135183][ T6718] erofs (device loop4): invalid ishare xattr prefix id 0 [ 142.158057][ T6718] netem: incorrect ge model size [ 142.163714][ T6718] netem: change failed [ 142.983762][ T6725] netlink: 'syz.0.276': attribute type 10 has an invalid length. [ 143.783813][ T6725] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.791813][ T6725] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.920740][ T6725] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.928027][ T6725] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.935717][ T6725] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.943022][ T6725] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.006538][ T30] audit: type=1326 audit(1769911058.490:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 144.106821][ T30] audit: type=1326 audit(1769911058.490:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 144.135062][ T6725] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 144.168192][ T30] audit: type=1326 audit(1769911058.490:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 144.231439][ T30] audit: type=1326 audit(1769911058.500:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 144.259859][ T30] audit: type=1326 audit(1769911058.500:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 144.318125][ T30] audit: type=1326 audit(1769911058.510:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 144.387728][ T30] audit: type=1326 audit(1769911058.510:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 144.452647][ T30] audit: type=1326 audit(1769911058.510:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 144.514669][ T30] audit: type=1326 audit(1769911058.510:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 144.593587][ T30] audit: type=1326 audit(1769911058.510:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6729 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 145.107242][ T6760] loop4: detected capacity change from 0 to 512 [ 145.130721][ T6760] msdos: Unknown parameter './file0' [ 146.457865][ T6772] netem: incorrect ge model size [ 146.463308][ T6772] netem: change failed [ 150.736573][ T6820] kvm: kvm [6819]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xc934 [ 151.096246][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802b383c00: rx timeout, send abort [ 151.117129][ T6824] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 151.402117][ T6824] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.410081][ T6824] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.605544][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802b383c00: abort rx timeout. Force session deactivation [ 152.372212][ T6815] loop1: detected capacity change from 0 to 40427 [ 152.413500][ T6815] F2FS-fs (loop1): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288) [ 152.440289][ T6815] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 152.480561][ T6815] F2FS-fs (loop1): Image doesn't support compression [ 152.487569][ T6815] F2FS-fs (loop1): build fault injection rate: 690 [ 152.535470][ T6815] F2FS-fs (loop1): build fault injection type: 0x35f7 [ 152.572038][ T6815] F2FS-fs (loop1): invalid crc value [ 152.861191][ T6815] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 152.883031][ T6815] F2FS-fs (loop1): Start checkpoint disabled! [ 152.898517][ T6815] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 152.910505][ T6824] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 152.918933][ T6815] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 152.934984][ T6815] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 152.951849][ T6824] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 153.089842][ T6839] syz.1.308: attempt to access beyond end of device [ 153.089842][ T6839] loop1: rw=2049, sector=45096, nr_sectors = 136 limit=40427 [ 153.592378][ T6466] kworker/u8:11: attempt to access beyond end of device [ 153.592378][ T6466] loop1: rw=2049, sector=45232, nr_sectors = 8 limit=40427 [ 153.633484][ T6466] CPU: 0 UID: 0 PID: 6466 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT(full) [ 153.633522][ T6466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 153.633536][ T6466] Workqueue: writeback wb_workfn (flush-7:1) [ 153.633580][ T6466] Call Trace: [ 153.633587][ T6466] [ 153.633596][ T6466] dump_stack_lvl+0xe8/0x150 [ 153.633627][ T6466] f2fs_handle_critical_error+0x37c/0x540 [ 153.633661][ T6466] f2fs_write_end_io+0xcdb/0xff0 [ 153.633711][ T6466] __submit_merged_bio+0x256/0x650 [ 153.633744][ T6466] __submit_merged_write_cond+0x3c3/0x4e0 [ 153.633780][ T6466] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 153.633831][ T6466] f2fs_write_data_pages+0x2970/0x35e0 [ 153.633900][ T6466] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 153.633943][ T6466] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 153.634011][ T6466] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 153.634055][ T6466] ? __lock_acquire+0x6b5/0x2cf0 [ 153.634097][ T6466] ? f2fs_update_inode+0x13d9/0x2620 [ 153.634128][ T6466] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 153.634157][ T6466] do_writepages+0x32e/0x550 [ 153.634192][ T6466] ? reacquire_held_locks+0x104/0x190 [ 153.634219][ T6466] ? writeback_sb_inodes+0x42a/0x1940 [ 153.634250][ T6466] __writeback_single_inode+0x133/0x1060 [ 153.634276][ T6466] ? do_raw_spin_unlock+0xf5/0x210 [ 153.634301][ T6466] writeback_sb_inodes+0x92e/0x1940 [ 153.634353][ T6466] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 153.634375][ T6466] ? do_raw_spin_lock+0x12b/0x2f0 [ 153.634438][ T6466] ? rcu_is_watching+0x15/0xb0 [ 153.634476][ T6466] wb_writeback+0x445/0xad0 [ 153.634504][ T6466] ? queue_io+0x211/0x450 [ 153.634542][ T6466] ? __pfx_wb_writeback+0x10/0x10 [ 153.634562][ T6466] ? do_raw_spin_lock+0x12b/0x2f0 [ 153.634600][ T6466] wb_workfn+0x3f8/0xef0 [ 153.634628][ T6466] ? __lock_acquire+0x6b5/0x2cf0 [ 153.634649][ T6466] ? look_up_lock_class+0x57/0x110 [ 153.634691][ T6466] ? __pfx_wb_workfn+0x10/0x10 [ 153.634726][ T6466] ? do_raw_spin_lock+0x12b/0x2f0 [ 153.634743][ T6466] ? lock_acquire+0x106/0x330 [ 153.634769][ T6466] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 153.634791][ T6466] ? process_one_work+0x87c/0x15a0 [ 153.634819][ T6466] ? process_one_work+0x87c/0x15a0 [ 153.634857][ T6466] ? process_one_work+0x87c/0x15a0 [ 153.634880][ T6466] process_one_work+0x949/0x15a0 [ 153.634930][ T6466] ? __pfx_process_one_work+0x10/0x10 [ 153.634952][ T6466] ? do_raw_spin_lock+0x12b/0x2f0 [ 153.634990][ T6466] worker_thread+0xb46/0x1140 [ 153.635027][ T6466] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 153.635074][ T6466] kthread+0x388/0x470 [ 153.635093][ T6466] ? __pfx_worker_thread+0x10/0x10 [ 153.635116][ T6466] ? __pfx_kthread+0x10/0x10 [ 153.635149][ T6466] ret_from_fork+0x51b/0xa40 [ 153.635178][ T6466] ? __pfx_ret_from_fork+0x10/0x10 [ 153.635202][ T6466] ? __switch_to+0xc7d/0x1400 [ 153.635228][ T6466] ? __pfx_kthread+0x10/0x10 [ 153.635260][ T6466] ret_from_fork_asm+0x1a/0x30 [ 153.635309][ T6466] [ 153.635317][ T6466] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 154.930003][ T3568] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.060162][ T3568] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 155.069239][ T3568] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.117461][ T3568] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 155.192064][ T3568] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.240403][ T3568] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 155.295587][ T3568] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.352472][ T3568] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 155.422712][ T6854] loop4: detected capacity change from 0 to 16 [ 155.746223][ T6859] netlink: 'syz.1.324': attribute type 1 has an invalid length. [ 155.768549][ T6860] netlink: 4 bytes leftover after parsing attributes in process `syz.4.322'. [ 155.778045][ T6860] netlink: 7 bytes leftover after parsing attributes in process `syz.4.322'. [ 156.308869][ T6864] netlink: 28 bytes leftover after parsing attributes in process `syz.1.324'. [ 156.374121][ T6866] netlink: 36 bytes leftover after parsing attributes in process `syz.4.325'. [ 156.547296][ T6866] netlink: 36 bytes leftover after parsing attributes in process `syz.4.325'. [ 157.105102][ T6866] netlink: 36 bytes leftover after parsing attributes in process `syz.4.325'. [ 159.292891][ T6896] loop4: detected capacity change from 0 to 512 [ 159.471016][ T6896] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 159.514569][ T6896] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 159.554555][ T6896] System zones: 1-12 [ 159.584034][ T6896] EXT4-fs (loop4): 1 truncate cleaned up [ 159.622071][ T6896] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 159.634227][ T6900] netlink: 'syz.1.337': attribute type 1 has an invalid length. [ 159.675567][ T6900] netlink: 28 bytes leftover after parsing attributes in process `syz.1.337'. [ 160.002686][ T6910] loop2: detected capacity change from 0 to 16 [ 160.292753][ T6914] netlink: 4 bytes leftover after parsing attributes in process `syz.2.335'. [ 160.302587][ T6914] netlink: 7 bytes leftover after parsing attributes in process `syz.2.335'. [ 160.364661][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.647736][ T6943] loop1: detected capacity change from 0 to 512 [ 161.681332][ T6943] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 161.956739][ T6947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.354'. [ 161.965746][ T6947] netlink: 7 bytes leftover after parsing attributes in process `syz.0.354'. [ 161.989203][ T6943] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 162.008004][ T6943] System zones: 1-12 [ 162.028362][ T6943] EXT4-fs (loop1): 1 truncate cleaned up [ 162.077929][ T6943] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.183807][ T6930] loop2: detected capacity change from 0 to 40427 [ 163.234387][ T6930] F2FS-fs (loop2): build fault injection rate: 19 [ 163.284400][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.296957][ T6930] F2FS-fs (loop2): build fault injection type: 0x3bfe8c [ 163.376506][ T6930] F2FS-fs (loop2): invalid crc value [ 163.418186][ T6930] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810 [ 163.772733][ T6930] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410 [ 163.835726][ T6930] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 163.865748][ T6930] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 164.922575][ T6981] netlink: 4 bytes leftover after parsing attributes in process `syz.3.366'. [ 164.931604][ T6981] netlink: 7 bytes leftover after parsing attributes in process `syz.3.366'. [ 165.196005][ T6930] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060 [ 165.506090][ C0] F2FS-fs (loop2): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60 [ 165.519938][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) [ 165.519969][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 165.519983][ C0] Call Trace: [ 165.519992][ C0] [ 165.520003][ C0] dump_stack_lvl+0xe8/0x150 [ 165.520039][ C0] f2fs_handle_critical_error+0x37c/0x540 [ 165.520074][ C0] f2fs_write_end_io+0xcdb/0xff0 [ 165.520109][ C0] ? blk_update_request+0x57e/0xe60 [ 165.520158][ C0] blk_update_request+0x57e/0xe60 [ 165.520203][ C0] blk_mq_end_request+0x3e/0x70 [ 165.520234][ C0] blk_flush_complete_seq+0x678/0xcc0 [ 165.520264][ C0] flush_end_io+0xbaa/0xe60 [ 165.520297][ C0] __blk_mq_end_request+0x4f8/0x630 [ 165.520333][ C0] blk_done_softirq+0x10a/0x160 [ 165.520363][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 165.520391][ C0] handle_softirqs+0x22a/0x7c0 [ 165.520419][ C0] ? run_ksoftirqd+0x36/0x60 [ 165.520453][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 165.520480][ C0] run_ksoftirqd+0x36/0x60 [ 165.520506][ C0] smpboot_thread_fn+0x541/0xa50 [ 165.520535][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 165.520573][ C0] kthread+0x388/0x470 [ 165.520592][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 165.520619][ C0] ? __pfx_kthread+0x10/0x10 [ 165.520665][ C0] ret_from_fork+0x51b/0xa40 [ 165.520703][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 165.520727][ C0] ? __switch_to+0xc7d/0x1400 [ 165.520754][ C0] ? __pfx_kthread+0x10/0x10 [ 165.520786][ C0] ret_from_fork_asm+0x1a/0x30 [ 165.520833][ C0] [ 165.520842][ C0] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 166.256830][ T5834] F2FS-fs (loop2): do_checkpoint failed err:-5, stop checkpoint [ 167.802316][ T7019] netlink: 4 bytes leftover after parsing attributes in process `syz.3.379'. [ 167.811400][ T7019] netlink: 7 bytes leftover after parsing attributes in process `syz.3.379'. [ 168.149434][ T5906] IPVS: starting estimator thread 0... [ 168.262570][ T7038] IPVS: using max 25 ests per chain, 60000 per kthread [ 168.604784][ T7056] loop4: detected capacity change from 0 to 16 [ 168.999583][ T7059] netlink: 4 bytes leftover after parsing attributes in process `syz.4.395'. [ 169.009979][ T7059] netlink: 7 bytes leftover after parsing attributes in process `syz.4.395'. [ 169.705697][ T7061] loop4: detected capacity change from 0 to 512 [ 170.111793][ T7071] xt_CONNSECMARK: invalid mode: 0 [ 170.671066][ T7074] loop2: detected capacity change from 0 to 512 [ 170.711693][ T7074] journal_path: Non-blockdev passed as './file1' [ 170.760046][ T7074] EXT4-fs: error: could not find journal device path [ 171.078917][ T7084] loop4: detected capacity change from 0 to 16 [ 171.482954][ T7088] netlink: 4 bytes leftover after parsing attributes in process `syz.4.406'. [ 171.491890][ T7088] netlink: 7 bytes leftover after parsing attributes in process `syz.4.406'. [ 172.630094][ T7101] netlink: 5 bytes leftover after parsing attributes in process `syz.0.413'. [ 172.665861][ T7105] netlink: 'syz.3.414': attribute type 1 has an invalid length. [ 172.672925][ T7101] ..0ªî{X¹¦: renamed from gretap0 (while UP) [ 172.707367][ T7101] ..0ªî{X¹¦: entered allmulticast mode [ 172.735942][ T7101] A link change request failed with some changes committed already. Interface ..0ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 172.771725][ T7111] netlink: 28 bytes leftover after parsing attributes in process `syz.3.414'. [ 173.235615][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 173.235635][ T30] audit: type=1326 audit(1769911087.740:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7122 comm="syz.3.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 173.329279][ T30] audit: type=1326 audit(1769911087.740:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7122 comm="syz.3.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 173.403050][ T30] audit: type=1326 audit(1769911087.780:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7122 comm="syz.3.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 173.494146][ T30] audit: type=1326 audit(1769911087.780:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7122 comm="syz.3.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 173.551923][ T30] audit: type=1326 audit(1769911087.780:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7122 comm="syz.3.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 173.665806][ T30] audit: type=1326 audit(1769911087.790:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7122 comm="syz.3.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=73 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 173.720071][ T30] audit: type=1326 audit(1769911087.790:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7122 comm="syz.3.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 173.843153][ T30] audit: type=1326 audit(1769911087.790:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7122 comm="syz.3.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9939aeb9 code=0x7ffc0000 [ 175.236015][ T7144] loop1: detected capacity change from 0 to 40427 [ 175.258540][ T7144] F2FS-fs (loop1): build fault injection rate: 19 [ 175.269648][ T7144] F2FS-fs (loop1): build fault injection type: 0x3bfe8c [ 175.293509][ T7144] F2FS-fs (loop1): invalid crc value [ 175.328758][ T7144] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810 [ 175.610773][ T7144] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410 [ 175.667061][ T7144] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 175.721029][ T7144] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 175.969528][ T7144] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060 [ 176.112950][ C1] F2FS-fs (loop1): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60 [ 176.123525][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) [ 176.123547][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 176.123556][ C1] Call Trace: [ 176.123563][ C1] [ 176.123569][ C1] dump_stack_lvl+0xe8/0x150 [ 176.123597][ C1] f2fs_handle_critical_error+0x37c/0x540 [ 176.123624][ C1] f2fs_write_end_io+0xcdb/0xff0 [ 176.123655][ C1] ? blk_update_request+0x57e/0xe60 [ 176.123691][ C1] blk_update_request+0x57e/0xe60 [ 176.123725][ C1] blk_mq_end_request+0x3e/0x70 [ 176.123749][ C1] blk_flush_complete_seq+0x678/0xcc0 [ 176.123771][ C1] flush_end_io+0xbaa/0xe60 [ 176.123795][ C1] __blk_mq_end_request+0x4f8/0x630 [ 176.123823][ C1] blk_done_softirq+0x10a/0x160 [ 176.123846][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 176.123867][ C1] handle_softirqs+0x22a/0x7c0 [ 176.123889][ C1] ? run_ksoftirqd+0x36/0x60 [ 176.123916][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 176.123936][ C1] run_ksoftirqd+0x36/0x60 [ 176.123956][ C1] smpboot_thread_fn+0x541/0xa50 [ 176.123979][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 176.124007][ C1] kthread+0x388/0x470 [ 176.124022][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 176.124042][ C1] ? __pfx_kthread+0x10/0x10 [ 176.124067][ C1] ret_from_fork+0x51b/0xa40 [ 176.124090][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 176.124108][ C1] ? __switch_to+0xc7d/0x1400 [ 176.124129][ C1] ? __pfx_kthread+0x10/0x10 [ 176.124153][ C1] ret_from_fork_asm+0x1a/0x30 [ 176.124189][ C1] [ 176.124195][ C1] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 176.307087][ T5827] F2FS-fs (loop1): do_checkpoint failed err:-5, stop checkpoint [ 176.947714][ T7205] netlink: 16 bytes leftover after parsing attributes in process `syz.0.455'. [ 178.100337][ T7222] fuse: Unknown parameter '0x0000000000000003' [ 178.243478][ T7228] netlink: 28 bytes leftover after parsing attributes in process `syz.4.465'. [ 178.259441][ T7228] netlink: 28 bytes leftover after parsing attributes in process `syz.4.465'. [ 178.900252][ T7242] netlink: 16 bytes leftover after parsing attributes in process `syz.4.468'. [ 179.674113][ T7248] loop4: detected capacity change from 0 to 8192 [ 180.192195][ T7264] fuse: Bad value for 'group_id' [ 180.207445][ T7264] fuse: Bad value for 'group_id' [ 181.915759][ T7286] netlink: 16 bytes leftover after parsing attributes in process `syz.1.483'. [ 182.542879][ T7303] fuse: Unknown parameter 'fd0x0000000000000003' [ 182.583282][ T7304] loop4: detected capacity change from 0 to 512 [ 182.628833][ T7304] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 182.662594][ T7304] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 182.680383][ T7304] System zones: 1-12 [ 182.693844][ T7304] EXT4-fs (loop4): 1 truncate cleaned up [ 182.715273][ T7304] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 184.112496][ T7317] netlink: 4 bytes leftover after parsing attributes in process `syz.0.494'. [ 184.124118][ T7317] netlink: 7 bytes leftover after parsing attributes in process `syz.0.494'. [ 184.358630][ T7319] loop2: detected capacity change from 0 to 8192 [ 184.485193][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.802678][ T7330] netlink: 24 bytes leftover after parsing attributes in process `syz.4.498'. [ 185.000650][ T7337] fuse: Unknown parameter 'fd0x0000000000000003' [ 185.307002][ T7344] netlink: 28 bytes leftover after parsing attributes in process `syz.4.505'. [ 185.384945][ T7346] netlink: 16 bytes leftover after parsing attributes in process `syz.3.503'. [ 185.498720][ T7344] netlink: 28 bytes leftover after parsing attributes in process `syz.4.505'. [ 187.784372][ T7379] loop4: detected capacity change from 0 to 512 [ 188.049122][ T7382] netlink: 16 bytes leftover after parsing attributes in process `syz.2.516'. [ 188.938740][ T7388] loop2: detected capacity change from 0 to 8192 [ 190.181041][ T7395] loop4: detected capacity change from 0 to 1024 [ 190.220018][ T7395] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 190.272883][ T7395] EXT4-fs (loop4): orphan cleanup on readonly fs [ 190.286373][ T7395] EXT4-fs warning (device loop4): ext4_enable_quotas:7241: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 190.365075][ T7395] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 190.421039][ T7395] EXT4-fs error (device loop4): ext4_free_blocks:6726: comm syz.4.522: Freeing blocks not in datazone - block = 0, count = 4096 [ 190.469888][ T7395] loop4: lost filesystem error report for type 5 error -117 [ 190.477036][ T7395] EXT4-fs (loop4): 1 orphan inode deleted [ 190.484469][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 190.484504][ C0] EXT4-fs (loop4): initial error at time 2000000010: ext4_free_blocks:6726 [ 190.484530][ C0] EXT4-fs (loop4): last error at time 2000000010: ext4_free_blocks:6726 [ 190.557610][ T7395] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 191.077471][ T7413] loop2: detected capacity change from 0 to 512 [ 191.103895][ T7413] EXT4-fs: Ignoring removed bh option [ 191.149563][ T7413] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 191.233086][ T7413] EXT4-fs (loop2): 1 truncate cleaned up [ 191.272070][ T7413] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.435045][ T5834] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.344300][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.438901][ T7436] netlink: 'syz.1.534': attribute type 18 has an invalid length. [ 193.319713][ T7442] loop4: detected capacity change from 0 to 40427 [ 193.361940][ T7442] F2FS-fs (loop4): build fault injection rate: 19 [ 193.390309][ T7442] F2FS-fs (loop4): build fault injection type: 0x3bfe8c [ 193.434630][ T7442] F2FS-fs (loop4): invalid crc value [ 193.495607][ T7442] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810 [ 193.828701][ T7472] netlink: 4 bytes leftover after parsing attributes in process `syz.3.545'. [ 193.838166][ T7472] netlink: 7 bytes leftover after parsing attributes in process `syz.3.545'. [ 194.009274][ T7442] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410 [ 194.326063][ T7442] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 194.420221][ T7442] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 194.776165][ T7442] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060 [ 194.932803][ C1] F2FS-fs (loop4): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60 [ 194.943400][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) [ 194.943428][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 194.943441][ C1] Call Trace: [ 194.943448][ C1] [ 194.943457][ C1] dump_stack_lvl+0xe8/0x150 [ 194.943492][ C1] f2fs_handle_critical_error+0x37c/0x540 [ 194.943527][ C1] f2fs_write_end_io+0xcdb/0xff0 [ 194.943556][ C1] ? blk_update_request+0x57e/0xe60 [ 194.943604][ C1] blk_update_request+0x57e/0xe60 [ 194.943648][ C1] blk_mq_end_request+0x3e/0x70 [ 194.943679][ C1] blk_flush_complete_seq+0x678/0xcc0 [ 194.943709][ C1] flush_end_io+0xbaa/0xe60 [ 194.943749][ C1] __blk_mq_end_request+0x4f8/0x630 [ 194.943786][ C1] blk_done_softirq+0x10a/0x160 [ 194.943821][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 194.943849][ C1] handle_softirqs+0x22a/0x7c0 [ 194.943878][ C1] ? run_ksoftirqd+0x36/0x60 [ 194.943913][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 194.943939][ C1] run_ksoftirqd+0x36/0x60 [ 194.943965][ C1] smpboot_thread_fn+0x541/0xa50 [ 194.944053][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 194.944091][ C1] kthread+0x388/0x470 [ 194.944111][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 194.944138][ C1] ? __pfx_kthread+0x10/0x10 [ 194.944171][ C1] ret_from_fork+0x51b/0xa40 [ 194.944200][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 194.944224][ C1] ? __switch_to+0xc7d/0x1400 [ 194.944251][ C1] ? __pfx_kthread+0x10/0x10 [ 194.944283][ C1] ret_from_fork_asm+0x1a/0x30 [ 194.944332][ C1] [ 194.944341][ C1] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 195.112817][ T5838] F2FS-fs (loop4): do_checkpoint failed err:-5, stop checkpoint [ 195.367671][ T7494] loop1: detected capacity change from 0 to 256 [ 196.109370][ T7497] loop4: detected capacity change from 0 to 1024 [ 196.195705][ T7497] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.409300][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.426937][ T7505] loop1: detected capacity change from 0 to 16 [ 196.750493][ T7512] netlink: 4 bytes leftover after parsing attributes in process `syz.1.557'. [ 196.760674][ T7512] netlink: 7 bytes leftover after parsing attributes in process `syz.1.557'. [ 198.422180][ T12] bridge_slave_1: left allmulticast mode [ 198.438385][ T12] bridge_slave_1: left promiscuous mode [ 198.446331][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.468735][ T12] bridge_slave_0: left allmulticast mode [ 198.485900][ T12] bridge_slave_0: left promiscuous mode [ 198.497816][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.580957][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 198.591583][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 198.603566][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 198.613421][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 198.621562][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 199.033168][ T7549] loop2: detected capacity change from 0 to 8192 [ 199.201389][ T12] bond1 (unregistering): (slave geneve2): Releasing active interface [ 199.388271][ T12] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 199.461721][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 199.475936][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 199.489349][ T12] bond0 (unregistering): Released all slaves [ 199.504058][ T12] bond1 (unregistering): Released all slaves [ 199.573114][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.965398][ T12] hsr_slave_0: left promiscuous mode [ 199.995150][ T12] hsr_slave_1: left promiscuous mode [ 200.007114][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 200.041822][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 200.454409][ T7591] loop1: detected capacity change from 0 to 512 [ 200.466966][ T7591] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 200.517973][ T7591] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 200.560499][ T7591] System zones: 1-12 [ 200.600830][ T7591] EXT4-fs (loop1): 1 truncate cleaned up [ 200.622659][ T7591] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.770164][ T5844] Bluetooth: hci2: command tx timeout [ 200.968642][ T12] team0 (unregistering): Port device team_slave_1 removed [ 201.007905][ T12] team0 (unregistering): Port device team_slave_0 removed [ 201.268633][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.832408][ T7538] chnl_net:caif_netlink_parms(): no params data found [ 202.276862][ T12] IPVS: stop unused estimator thread 0... [ 202.324062][ T7538] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.339721][ T7538] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.354117][ T7538] bridge_slave_0: entered allmulticast mode [ 202.364010][ T7538] bridge_slave_0: entered promiscuous mode [ 202.425473][ T7538] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.450208][ T7538] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.465641][ T7538] bridge_slave_1: entered allmulticast mode [ 202.478827][ T7538] bridge_slave_1: entered promiscuous mode [ 202.557952][ T7644] netlink: 28 bytes leftover after parsing attributes in process `syz.2.606'. [ 202.589186][ T7644] netlink: 28 bytes leftover after parsing attributes in process `syz.2.606'. [ 202.686135][ T7538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.728835][ T7538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 202.828913][ T7538] team0: Port device team_slave_0 added [ 202.840802][ T5844] Bluetooth: hci2: command tx timeout [ 202.973978][ T7538] team0: Port device team_slave_1 added [ 203.096751][ T7538] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 203.110507][ T7538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 203.208202][ T7538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 203.245365][ T7538] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 203.261630][ T7538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 203.289943][ T7538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 203.380935][ T7538] hsr_slave_0: entered promiscuous mode [ 203.388125][ T7538] hsr_slave_1: entered promiscuous mode [ 203.395585][ T7538] debugfs: 'hsr0' already exists in 'hsr' [ 203.407476][ T7538] Cannot create hsr debugfs directory [ 203.800160][ T5913] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 203.973643][ T5913] usb 2-1: device descriptor read/64, error -71 [ 204.118813][ T7684] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 204.178899][ T7538] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 204.243116][ T5913] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 204.258580][ T7538] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 204.305027][ T7538] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 204.313449][ T7691] netlink: 'syz.2.623': attribute type 1 has an invalid length. [ 204.342317][ T7538] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 204.367222][ T7698] netlink: 28 bytes leftover after parsing attributes in process `syz.2.623'. [ 204.400453][ T5913] usb 2-1: device descriptor read/64, error -71 [ 204.458366][ T7698] 8021q: adding VLAN 0 to HW filter on device bond1 [ 204.545719][ T5913] usb usb2-port1: attempt power cycle [ 204.619004][ T7538] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.691269][ T7538] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.768016][ T3016] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.775355][ T3016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.807883][ T3016] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.815159][ T3016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.919922][ T5913] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 204.920028][ T5844] Bluetooth: hci2: command tx timeout [ 204.997769][ T5913] usb 2-1: device descriptor read/8, error -71 [ 205.242900][ T5913] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 205.301096][ T5913] usb 2-1: device descriptor read/8, error -71 [ 205.462720][ T5913] usb usb2-port1: unable to enumerate USB device [ 205.737731][ T7538] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.574057][ T7538] veth0_vlan: entered promiscuous mode [ 206.611898][ T7538] veth1_vlan: entered promiscuous mode [ 206.693765][ T7538] veth0_macvtap: entered promiscuous mode [ 206.735808][ T7538] veth1_macvtap: entered promiscuous mode [ 206.785083][ T7538] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 206.817582][ T7538] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 206.872798][ T7763] netlink: 'syz.0.635': attribute type 1 has an invalid length. [ 206.922824][ T7763] netlink: 28 bytes leftover after parsing attributes in process `syz.0.635'. [ 206.957073][ T7763] 8021q: adding VLAN 0 to HW filter on device bond1 [ 206.990933][ T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.010929][ T5844] Bluetooth: hci2: command tx timeout [ 207.050943][ T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.120749][ T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.141290][ T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.472171][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.504690][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.637342][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.669114][ T7788] netlink: 8 bytes leftover after parsing attributes in process `syz.2.643'. [ 207.679425][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.160588][ T7796] netlink: 16 bytes leftover after parsing attributes in process `syz.2.643'. [ 208.791867][ T7799] netlink: 'syz.2.646': attribute type 1 has an invalid length. [ 208.939053][ T7799] netlink: 28 bytes leftover after parsing attributes in process `syz.2.646'. [ 209.032626][ T7799] 8021q: adding VLAN 0 to HW filter on device bond2 [ 209.671852][ T7826] netlink: 8 bytes leftover after parsing attributes in process `syz.5.655'. [ 210.039428][ T7836] netlink: 16 bytes leftover after parsing attributes in process `syz.5.655'. [ 211.571317][ T7872] netlink: 16 bytes leftover after parsing attributes in process `syz.5.671'. [ 212.302998][ T7881] netlink: 4 bytes leftover after parsing attributes in process `syz.5.677'. [ 212.750874][ T7898] netlink: 'syz.4.684': attribute type 1 has an invalid length. [ 212.991884][ T7901] bond1: (slave geneve2): making interface the new active one [ 213.021373][ T7901] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 213.048772][ T36] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 213.071247][ T36] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 213.099980][ T36] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 213.126420][ T36] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 213.484233][ T7919] xt_CT: No such helper "netbios-ns" [ 213.761372][ T7927] loop5: detected capacity change from 0 to 1024 [ 213.779500][ T7927] EXT4-fs: Ignoring removed bh option [ 213.894824][ T7927] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 214.003893][ T7538] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.499326][ T7944] netlink: 'syz.5.700': attribute type 1 has an invalid length. [ 215.230831][ T7972] netlink: 28 bytes leftover after parsing attributes in process `syz.4.712'. [ 215.273877][ T7972] netlink: 28 bytes leftover after parsing attributes in process `syz.4.712'. [ 215.545419][ T7978] netlink: 12 bytes leftover after parsing attributes in process `syz.4.715'. [ 216.493838][ T7988] loop2: detected capacity change from 0 to 1024 [ 216.585212][ T7988] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 216.744907][ T7988] EXT4-fs error (device loop2): ext4_xattr_inode_iget:441: inode #11: comm syz.2.716: missing EA_INODE flag [ 216.827548][ T7988] EXT4-fs (loop2): Remounting filesystem read-only [ 216.858280][ T7988] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 216.935016][ T5834] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.003466][ T5840] Bluetooth: hci1: command 0x0406 tx timeout [ 217.011843][ T5840] Bluetooth: hci4: command 0x0406 tx timeout [ 217.018239][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 217.021847][ T5842] Bluetooth: hci3: command 0x0406 tx timeout [ 217.964407][ T8030] netlink: 12 bytes leftover after parsing attributes in process `syz.0.727'. [ 218.288399][ T8038] netlink: 24 bytes leftover after parsing attributes in process `syz.0.730'. [ 218.693994][ T8049] random: crng reseeded on system resumption [ 219.120714][ T8065] netlink: 5 bytes leftover after parsing attributes in process `syz.4.739'. [ 219.156652][ T8065] ..0ªî{X¹¦: renamed from gretap0 (while UP) [ 219.206813][ T8065] ..0ªî{X¹¦: entered allmulticast mode [ 219.233417][ T8065] A link change request failed with some changes committed already. Interface ..0ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 219.713773][ T8081] netlink: 28 bytes leftover after parsing attributes in process `syz.1.743'. [ 219.766794][ T8081] netlink: 28 bytes leftover after parsing attributes in process `syz.1.743'. [ 221.361529][ T8111] fuse: Invalid rootmode [ 221.935444][ T8120] netlink: 5 bytes leftover after parsing attributes in process `syz.5.752'. [ 221.951183][ T8120] ..0ªî{X¹¦: renamed from gretap0 (while UP) [ 221.975309][ T8120] ..0ªî{X¹¦: entered allmulticast mode [ 222.023000][ T8120] A link change request failed with some changes committed already. Interface ..0ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 222.502695][ T8141] loop2: detected capacity change from 0 to 512 [ 222.580654][ T8141] EXT4-fs: Ignoring removed i_version option [ 222.587420][ T8141] EXT4-fs: Ignoring removed bh option [ 222.620462][ T8145] fuse: Bad value for 'rootmode' [ 222.648446][ T8150] loop5: detected capacity change from 0 to 512 [ 222.697427][ T8150] EXT4-fs: Ignoring removed bh option [ 222.711865][ T8141] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 222.743985][ T8141] ext4 filesystem being mounted at /149/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 222.775873][ T8150] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 222.863639][ T8141] netlink: 8 bytes leftover after parsing attributes in process `syz.2.759'. [ 222.880048][ T8141] netlink: 36 bytes leftover after parsing attributes in process `syz.2.759'. [ 222.951354][ T8150] EXT4-fs (loop5): 1 truncate cleaned up [ 222.959123][ T8150] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 223.034040][ T5834] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.339838][ T7538] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.597036][ T8178] netlink: 12 bytes leftover after parsing attributes in process `syz.5.767'. [ 223.758587][ T8178] netlink: 5 bytes leftover after parsing attributes in process `syz.5.767'. [ 223.844671][ T8178] ..1ªî{X¹¦: renamed from ..0ªî{X¹¦ (while UP) [ 223.921046][ T8178] A link change request failed with some changes committed already. Interface ..1ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 224.488699][ T8198] netlink: 16 bytes leftover after parsing attributes in process `syz.5.773'. [ 225.322750][ T8205] netlink: 8 bytes leftover after parsing attributes in process `syz.5.776'. [ 225.481302][ T8210] Driver unsupported XDP return value 0 on prog (id 40) dev N/A, expect packet loss! [ 226.614181][ T8222] erspan1: entered allmulticast mode [ 226.899671][ T8229] loop2: detected capacity change from 0 to 1024 [ 227.772681][ T8229] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 227.974029][ T8229] ================================================================== [ 227.982354][ T8229] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x8e9/0x1e20 [ 227.990162][ T8229] Read of size 18446744073709551588 at addr ffff88807c391840 by task syz.2.785/8229 [ 227.999670][ T8229] [ 228.002051][ T8229] CPU: 1 UID: 0 PID: 8229 Comm: syz.2.785 Not tainted syzkaller #0 PREEMPT(full) [ 228.002078][ T8229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 228.002091][ T8229] Call Trace: [ 228.002100][ T8229] [ 228.002109][ T8229] dump_stack_lvl+0xe8/0x150 [ 228.002144][ T8229] print_report+0xba/0x230 [ 228.002169][ T8229] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 228.002199][ T8229] kasan_report+0x117/0x150 [ 228.002221][ T8229] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 228.002253][ T8229] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 228.002283][ T8229] kasan_check_range+0x264/0x2c0 [ 228.002304][ T8229] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 228.002334][ T8229] __asan_memmove+0x29/0x70 [ 228.002362][ T8229] ext4_xattr_set_entry+0x8e9/0x1e20 [ 228.002404][ T8229] ext4_xattr_block_set+0x878/0x2ad0 [ 228.002433][ T8229] ? __pfx_ext4_free_in_core_inode+0x10/0x10 [ 228.002464][ T8229] ? __pfx_evict+0x10/0x10 [ 228.002483][ T8229] ? do_raw_spin_unlock+0xf5/0x210 [ 228.002503][ T8229] ? _raw_spin_unlock+0x28/0x50 [ 228.002532][ T8229] ? iput+0xb25/0xe80 [ 228.002561][ T8229] ? __pfx_ext4_xattr_block_set+0x10/0x10 [ 228.002589][ T8229] ? ext4_xattr_ibody_set+0x510/0x6a0 [ 228.002622][ T8229] ext4_xattr_set_handle+0x1286/0x14c0 [ 228.002663][ T8229] ? __pfx_ext4_xattr_set_handle+0x10/0x10 [ 228.002691][ T8229] ? ext4_journal_check_start+0x1c/0x2b0 [ 228.002725][ T8229] ? __ext4_journal_start_sb+0x259/0x570 [ 228.002756][ T8229] ext4_xattr_set+0x255/0x340 [ 228.002799][ T8229] ? __pfx_ext4_xattr_set+0x10/0x10 [ 228.002830][ T8229] ? __pfx_evm_protect_xattr+0x10/0x10 [ 228.002854][ T8229] ? __pfx_ext4_xattr_trusted_set+0x10/0x10 [ 228.002874][ T8229] __vfs_setxattr+0x43c/0x480 [ 228.002907][ T8229] __vfs_setxattr_noperm+0x12d/0x660 [ 228.002936][ T8229] vfs_setxattr+0x163/0x360 [ 228.002965][ T8229] ? __pfx_vfs_setxattr+0x10/0x10 [ 228.002995][ T8229] filename_setxattr+0x296/0x630 [ 228.003027][ T8229] ? __pfx_filename_setxattr+0x10/0x10 [ 228.003057][ T8229] ? do_getname+0x151/0x250 [ 228.003081][ T8229] path_setxattrat+0x3eb/0x440 [ 228.003105][ T8229] ? __pfx_path_setxattrat+0x10/0x10 [ 228.003123][ T8229] ? do_futex+0x333/0x420 [ 228.003162][ T8229] ? rcu_is_watching+0x15/0xb0 [ 228.003191][ T8229] __x64_sys_lsetxattr+0xbf/0xe0 [ 228.003220][ T8229] do_syscall_64+0xe2/0xf80 [ 228.003241][ T8229] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.003260][ T8229] ? trace_irq_disable+0x37/0x100 [ 228.003287][ T8229] ? clear_bhb_loop+0x40/0x90 [ 228.003309][ T8229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.003330][ T8229] RIP: 0033:0x7f4bd639aeb9 [ 228.003364][ T8229] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 228.003382][ T8229] RSP: 002b:00007f4bd7293028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 228.003406][ T8229] RAX: ffffffffffffffda RBX: 00007f4bd6615fa0 RCX: 00007f4bd639aeb9 [ 228.003421][ T8229] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 228.003435][ T8229] RBP: 00007f4bd6408c1f R08: 0000000000000000 R09: 0000000000000000 [ 228.003447][ T8229] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 228.003460][ T8229] R13: 00007f4bd6616038 R14: 00007f4bd6615fa0 R15: 00007ffe6ad00488 [ 228.003484][ T8229] [ 228.003492][ T8229] [ 228.331786][ T8229] Allocated by task 8229: [ 228.336156][ T8229] kasan_save_track+0x3e/0x80 [ 228.340939][ T8229] __kasan_kmalloc+0x93/0xb0 [ 228.345588][ T8229] __kmalloc_node_track_caller_noprof+0x4db/0x7b0 [ 228.352167][ T8229] kmemdup_noprof+0x2b/0x70 [ 228.356719][ T8229] ext4_xattr_block_set+0x787/0x2ad0 [ 228.362304][ T8229] ext4_xattr_set_handle+0x1286/0x14c0 [ 228.368490][ T8229] ext4_xattr_set+0x255/0x340 [ 228.373409][ T8229] __vfs_setxattr+0x43c/0x480 [ 228.378446][ T8229] __vfs_setxattr_noperm+0x12d/0x660 [ 228.384050][ T8229] vfs_setxattr+0x163/0x360 [ 228.388720][ T8229] filename_setxattr+0x296/0x630 [ 228.394095][ T8229] path_setxattrat+0x3eb/0x440 [ 228.399141][ T8229] __x64_sys_lsetxattr+0xbf/0xe0 [ 228.404307][ T8229] do_syscall_64+0xe2/0xf80 [ 228.409163][ T8229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.415340][ T8229] [ 228.417873][ T8229] The buggy address belongs to the object at ffff88807c391800 [ 228.417873][ T8229] which belongs to the cache kmalloc-1k of size 1024 [ 228.432645][ T8229] The buggy address is located 64 bytes inside of [ 228.432645][ T8229] 1024-byte region [ffff88807c391800, ffff88807c391c00) [ 228.446171][ T8229] [ 228.448670][ T8229] The buggy address belongs to the physical page: [ 228.455292][ T8229] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c390 [ 228.464346][ T8229] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 228.473408][ T8229] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 228.481495][ T8229] page_type: f5(slab) [ 228.485530][ T8229] raw: 00fff00000000040 ffff88813ffa6dc0 dead000000000100 dead000000000122 [ 228.494321][ T8229] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 228.503292][ T8229] head: 00fff00000000040 ffff88813ffa6dc0 dead000000000100 dead000000000122 [ 228.512427][ T8229] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 228.521301][ T8229] head: 00fff00000000003 ffffea0001f0e401 00000000ffffffff 00000000ffffffff [ 228.530156][ T8229] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 228.539190][ T8229] page dumped because: kasan: bad access detected [ 228.545810][ T8229] page_owner tracks the page as allocated [ 228.551547][ T8229] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 49, tgid 49 (kworker/u8:3), ts 152117361765, free_ts 142702845846 [ 228.571023][ T8229] post_alloc_hook+0x231/0x280 [ 228.575924][ T8229] get_page_from_freelist+0x24dc/0x2580 [ 228.581511][ T8229] __alloc_frozen_pages_noprof+0x18d/0x380 [ 228.587437][ T8229] alloc_pages_mpol+0x232/0x4a0 [ 228.592322][ T8229] allocate_slab+0x87/0x660 [ 228.597104][ T8229] ___slab_alloc+0x150/0x6a0 [ 228.601726][ T8229] __kmalloc_noprof+0x18a/0x760 [ 228.606611][ T8229] ieee802_11_parse_elems_full+0x159/0x2ab0 [ 228.612971][ T8229] ieee80211_inform_bss+0x161/0x1160 [ 228.618298][ T8229] cfg80211_inform_single_bss_data+0xcf9/0x1ab0 [ 228.624563][ T8229] cfg80211_inform_bss_data+0x23f/0x3c20 [ 228.630330][ T8229] cfg80211_inform_bss_frame_data+0x3c7/0x710 [ 228.636508][ T8229] ieee80211_bss_info_update+0x794/0xa40 [ 228.642348][ T8229] ieee80211_ibss_rx_queued_mgmt+0x1901/0x2c80 [ 228.648608][ T8229] ieee80211_iface_work+0x85e/0x12a0 [ 228.653926][ T8229] cfg80211_wiphy_work+0x2ab/0x450 [ 228.659071][ T8229] page last free pid 5960 tgid 5960 stack trace: [ 228.665498][ T8229] __free_frozen_pages+0xc01/0xd80 [ 228.670640][ T8229] __slab_free+0x263/0x2b0 [ 228.675263][ T8229] qlist_free_all+0x97/0x100 [ 228.679900][ T8229] kasan_quarantine_reduce+0x148/0x160 [ 228.685593][ T8229] __kasan_slab_alloc+0x22/0x80 [ 228.690562][ T8229] __kmalloc_noprof+0x316/0x760 [ 228.695449][ T8229] tomoyo_realpath_from_path+0xe3/0x5d0 [ 228.701832][ T8229] tomoyo_path_perm+0x283/0x560 [ 228.707031][ T8229] security_file_truncate+0xa9/0x240 [ 228.712454][ T8229] path_openat+0x2f32/0x3860 [ 228.717181][ T8229] do_file_open+0x23e/0x4a0 [ 228.721924][ T8229] do_sys_openat2+0x113/0x200 [ 228.726658][ T8229] __x64_sys_openat+0x138/0x170 [ 228.731557][ T8229] do_syscall_64+0xe2/0xf80 [ 228.736343][ T8229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.742612][ T8229] [ 228.745038][ T8229] Memory state around the buggy address: [ 228.750874][ T8229] ffff88807c391700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 228.758993][ T8229] ffff88807c391780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 228.767158][ T8229] >ffff88807c391800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 228.775414][ T8229] ^ [ 228.781695][ T8229] ffff88807c391880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 228.790165][ T8229] ffff88807c391900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 228.799089][ T8229] ================================================================== [ 228.848163][ T8229] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 228.855452][ T8229] CPU: 0 UID: 0 PID: 8229 Comm: syz.2.785 Not tainted syzkaller #0 PREEMPT(full) [ 228.864785][ T8229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 228.875058][ T8229] Call Trace: [ 228.878541][ T8229] [ 228.882052][ T8229] vpanic+0x56c/0xa60 [ 228.886179][ T8229] ? __pfx_vpanic+0x10/0x10 [ 228.890814][ T8229] ? __pfx___schedule+0x10/0x10 [ 228.895812][ T8229] panic+0xc5/0xd0 [ 228.899668][ T8229] ? __pfx_panic+0x10/0x10 [ 228.904360][ T8229] ? preempt_schedule_thunk+0x16/0x30 [ 228.909775][ T8229] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 228.915548][ T8229] check_panic_on_warn+0x89/0xb0 [ 228.920643][ T8229] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 228.926361][ T8229] end_report+0x6f/0x140 [ 228.930765][ T8229] kasan_report+0x128/0x150 [ 228.935528][ T8229] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 228.941146][ T8229] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 228.946741][ T8229] kasan_check_range+0x264/0x2c0 [ 228.951740][ T8229] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 228.957305][ T8229] __asan_memmove+0x29/0x70 [ 228.961864][ T8229] ext4_xattr_set_entry+0x8e9/0x1e20 [ 228.967236][ T8229] ext4_xattr_block_set+0x878/0x2ad0 [ 228.972666][ T8229] ? __pfx_ext4_free_in_core_inode+0x10/0x10 [ 228.978706][ T8229] ? __pfx_evict+0x10/0x10 [ 228.983605][ T8229] ? do_raw_spin_unlock+0xf5/0x210 [ 228.988860][ T8229] ? _raw_spin_unlock+0x28/0x50 [ 228.994743][ T8229] ? iput+0xb25/0xe80 [ 228.999051][ T8229] ? __pfx_ext4_xattr_block_set+0x10/0x10 [ 229.004942][ T8229] ? ext4_xattr_ibody_set+0x510/0x6a0 [ 229.010388][ T8229] ext4_xattr_set_handle+0x1286/0x14c0 [ 229.015934][ T8229] ? __pfx_ext4_xattr_set_handle+0x10/0x10 [ 229.021808][ T8229] ? ext4_journal_check_start+0x1c/0x2b0 [ 229.027690][ T8229] ? __ext4_journal_start_sb+0x259/0x570 [ 229.033406][ T8229] ext4_xattr_set+0x255/0x340 [ 229.038249][ T8229] ? __pfx_ext4_xattr_set+0x10/0x10 [ 229.043681][ T8229] ? __pfx_evm_protect_xattr+0x10/0x10 [ 229.049181][ T8229] ? __pfx_ext4_xattr_trusted_set+0x10/0x10 [ 229.055289][ T8229] __vfs_setxattr+0x43c/0x480 [ 229.060191][ T8229] __vfs_setxattr_noperm+0x12d/0x660 [ 229.065623][ T8229] vfs_setxattr+0x163/0x360 [ 229.070306][ T8229] ? __pfx_vfs_setxattr+0x10/0x10 [ 229.075471][ T8229] filename_setxattr+0x296/0x630 [ 229.080464][ T8229] ? __pfx_filename_setxattr+0x10/0x10 [ 229.085989][ T8229] ? do_getname+0x151/0x250 [ 229.090551][ T8229] path_setxattrat+0x3eb/0x440 [ 229.095366][ T8229] ? __pfx_path_setxattrat+0x10/0x10 [ 229.100796][ T8229] ? do_futex+0x333/0x420 [ 229.105291][ T8229] ? rcu_is_watching+0x15/0xb0 [ 229.110288][ T8229] __x64_sys_lsetxattr+0xbf/0xe0 [ 229.115453][ T8229] do_syscall_64+0xe2/0xf80 [ 229.120007][ T8229] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.126119][ T8229] ? trace_irq_disable+0x37/0x100 [ 229.131314][ T8229] ? clear_bhb_loop+0x40/0x90 [ 229.136432][ T8229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.142476][ T8229] RIP: 0033:0x7f4bd639aeb9 [ 229.147026][ T8229] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 229.166934][ T8229] RSP: 002b:00007f4bd7293028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 229.175492][ T8229] RAX: ffffffffffffffda RBX: 00007f4bd6615fa0 RCX: 00007f4bd639aeb9 [ 229.183510][ T8229] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 229.191662][ T8229] RBP: 00007f4bd6408c1f R08: 0000000000000000 R09: 0000000000000000 [ 229.199942][ T8229] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 229.209140][ T8229] R13: 00007f4bd6616038 R14: 00007f4bd6615fa0 R15: 00007ffe6ad00488 [ 229.218137][ T8229] [ 229.221825][ T8229] Kernel Offset: disabled [ 229.226357][ T8229] Rebooting in 86400 seconds..