last executing test programs: 1m55.282353204s ago: executing program 2 (id=313): socket$nl_route(0x10, 0x3, 0x0) epoll_create(0x6) fsopen(&(0x7f0000000580)='overlay\x00', 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r2, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x1, 0x1}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r2, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1}) 1m53.082897451s ago: executing program 2 (id=315): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x3000010, &(0x7f0000000040)={[{@errors_remount}, {@debug}]}, 0x1, 0x51a, &(0x7f00000001c0)="$eJzs3UFvI1cdAPD/jONtdjeLXUCoVKJUtChbwdpJQ9sIISgXOFUCyn0JiRNFseModsomqiAV3wAhgcSJExckPgBS1QMfAFWqBBfEAQECIdjCAQnoINtjmnXsJGydOI1/P+mt35uZvP97Y/l5Zvx2JoCp9WREvBgRhYh4JiJK+fI0T3HYS53t3r7/6monJZFlL/81iSRf1q+rU56JiJv5n81GxNe+HPHN5Hjc1v7B1kq9XtvNy9V2Y6fa2j+4s9lY2aht1LaXlhafX35h+bnlhSz3nvpZ7md+8qXPv/7pb/3u7p9vf7vTrM99JIox0I9x6nW92N0XfZ19tHsewSagkPenOOmGAABwJp1j/A9GxCe6x/+lKHSP5gYUJtEyAAAAYFyyLyTx7yQiAwAAAK6sNCLmIkkr+VyAuUjTa/m1gQ/HjbTebLU/td7c217rrIsoRzFd36zXFvK5wuUoJp3yYj7Htl9+dqC8FBGPRsT3S9e75cpqs7424WsfAAAAMC1uDpz//6OUdvOnG/L/BAAAAIDLqzyyAAAAAFwVTvkBAADg6hs8/399Qu0AAAAAzsVXXnqpk7L+86/XXtnf22q+cmet1tqqNPZWK6vN3Z3KRrO50b1nX+O0+urN5s5nYnvvXrVda7Wrrf2Du43m3nb77uYDj8AGAAAALtCjH3/j10lEHH72ejdFfh9AgAf8YdINAMapMOkGABPz8HfxLo61HcDF8ykGklPWm7wDAADvf/MfPf77f//5/64NwNVmrg8ATB9P8YbpVTQDEKZaGhEf6GUfGbXNyN//f3nWKFkW8Wbp6BLXFwEA4GLNdVOSVv53gJ+mlUrErYi0HMVkfbNeW8jPD35VKj7SKS92t0tOnTMMAAAAAAAAAAAAAAAAAAAAAAAAAPRkWRIZAAAAcKVFpH9Kunfzj5gvPT03eH3gWvLPUvwxL/zo5R/cW2m3dxc7y//WfZbXtYho/zBf/uzIx4cBAAAA45YcjlzVO0/PXxcvtFUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATIG377+62k9HlxfOOe5fvhgR5WHxZ2K2+zobxYi48fckZo78XTKmth2+FhGPDYufxDtZlpXzVgzGTyPi+jnHL3d3zej4N8cQH6bZG53x58Vhn780nuy+Dv/8zeTpvRo9/qV55Me649yw8e/WsdoaQ2M8/tbPqiPjvxbx+Mzw8ac//iYj4j91rLZ/ZVl2PMY3vn5wMCp+9uOI+aHfP8kDsartxk61tX9wZ7OxslHbqG0vLS0+v/zC8nPLC9X1zXot/3dojO997OfvnNT/G0Pi//Y3vfH3pP4/ParSAf956979D/WyxWHxbz819Pt3NkbEL+Tpk/n3QGf9fD9/2Msf9cRP33zipP6vjdj/p73/t8/Y/2e++t3fn3FTAOACtPYPtlbq9druCZnZU7dJz1TPZcv8YvZSNOP/zGTf6b1zl6U9D5vpHK2+u6Tfq4ev8NY5NDW7sL1RiPFV2BpLPRMdlgAAgHPw7kH/pFsCAAAAAAAAAAAAAAAAAAAA0+sibm82GPNwMl0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjRfwMAAP//UNfe0w==") 1m52.267978984s ago: executing program 2 (id=316): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, &(0x7f0000000100)=[{&(0x7f0000000900)="580000001400192360834b80043f679a10ff3d420000000001000000f61bcdf1194ad353e9cc853a804824cabece4b381effffffff0057e792945f80000000050028925aaa000000c600000004002e499391db0926f27805", 0x58}], 0x1) 1m50.168243015s ago: executing program 2 (id=326): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r3, 0x29, 0x1000000000021, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETLINK(r4, 0x400454cd, 0x30c) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x210) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c) r6 = socket(0x10, 0x2, 0x0) write(r6, &(0x7f0000000480)="1c0000001a009b8a140000003b000000000000000000000000000000fda35065733173ae72a0d270d958f739b6d44c893b03599f77a332b446ea93568ae2ff534952656c6a18b6c0fdcec321127ee28705f2496eb43654255c5cc688f71db82bab173f4e19361ac01c1b0a2d2229993c8308ab7721e4c33c5fc214cd64a17d552a0fa33011d3ccceb5", 0x89) recvmmsg(r6, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) 1m49.089467572s ago: executing program 2 (id=330): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x3, 0x0, &(0x7f0000000100)) 1m48.355147731s ago: executing program 2 (id=334): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x7, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) timer_create(0x0, &(0x7f0000000400)={0x0, 0x25, 0x4}, &(0x7f0000bbdffc)) r3 = userfaultfd(0x80801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x430}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000800000/0x800000)=nil, &(0x7f000022a000/0x4000)=nil, 0x800000}) 1m33.193603214s ago: executing program 32 (id=334): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x7, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) timer_create(0x0, &(0x7f0000000400)={0x0, 0x25, 0x4}, &(0x7f0000bbdffc)) r3 = userfaultfd(0x80801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x430}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000800000/0x800000)=nil, &(0x7f000022a000/0x4000)=nil, 0x800000}) 10.510572487s ago: executing program 3 (id=679): openat(0xffffffffffffff9c, 0x0, 0x101042, 0x15) prctl$PR_MCE_KILL(0x4e, 0x1, 0x1000000) mlockall(0x1) syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = pidfd_getfd(r0, r0, 0x0) setns(r1, 0x64000080) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r2, 0x0, 0x0) 9.414661875s ago: executing program 4 (id=685): syz_init_net_socket$x25(0x9, 0x5, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, &(0x7f0000000080)={'enc=', 'oaep', ' hash=', {'blake2s-224-generic\x00'}}, 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x103, 0x0, 0xe0, 0x0, 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r5, &(0x7f0000000400)={0x18, 0x0, {0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 'lo\x00'}}, 0x1e) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="300000001000010025bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'], 0x30}, 0x1, 0x0, 0x0, 0x810}, 0x0) 8.288698264s ago: executing program 4 (id=688): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="5000000010000104fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000300012800b0001006272696467650000200002800c0023000705000000000000080005000000000005002a00"], 0x50}}, 0x0) 8.155091871s ago: executing program 4 (id=690): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) fsopen(&(0x7f0000000180)='btrfs\x00', 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_getaffinity(r1, 0x8, &(0x7f0000000000)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="05000000000000007910900000000000630000000000000095000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000000)="fd", 0x0}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001500)=ANY=[@ANYBLOB="b702000010000000bfa300000000000007030000f0feffff7a0af0ff0000000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b2314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8dd63d4b77b206000000000000e254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3813e2c25a61ec45c3af9948f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469600241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c12e28ef97d9ebd9c77f1774cf4683c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f011000000f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497a6103876843ee04ed9ff002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd1304202274f20675eb781925440578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b96508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e25c89b552d7fcd116bce9c764c714c9402c21d1aac59efb28d4f91652f6000000000000000320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a575939206d0c0f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000ff0ffd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8000000edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db76cf059f40fa2640b6bfb74dd35391b8fa18479da9f4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r4, 0xd2, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe3b, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000380)="47ed81affa5ac5ae9296a47753b907a6f37210bc7d6eb4357e6a4b9fb342ad583c9b390ff71191df858d088e10cd39a0f168afa8010e61edf1fd", 0x3a, 0x10008095, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000001340)=ANY=[@ANYBLOB='umask=00000000000000000000010,nls=maciceland,umask=00000000000000000000003,umask=00000000000000000004000,part=0x0000000000000004,gid=', @ANYRESHEX=0x0, @ANYBLOB=',gid=', @ANYRESHEX=0x0, @ANYBLOB="2c756d61736b3d30303030dce9f10ec530303030303030303030303030303030"], 0xff, 0x5de, &(0x7f0000000d40)="$eJzs3cFvHFcdB/DvbGLHDlK6SZOmICSscgA1IrF3IxMkJKAUZKEKVeLSq5VsaiubNLK3yO0BAuLc/gvlYM4cOKEg5cCZf8GoRwR334xmdta7Sbau3TjeTfr5SLPvvX0zb37vl5nRzFjRBvjaWnkvM4/mk5Ur72yV7Z3tdndnu313UE9yJkkjmUtSlF//LcnnyYP0l3xz0DFSPqX4dOXm2sNPLvdbc/VSrV8ctN3h7MfS7Mdalcc1XuuZxxvOcCHJhbqEidsb+PfY7mc8LwGAaVYkp8Z930zO1jfr5XNA/664f4/9Qnsw6QAAAADgBLyym91s5dyk4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAXSf37/0W9NAb1hRSD3/+frb9LXX+hPZp0AAAAAAAAAABwDL6zm91s5dygvVdUf/N/o2pcrD6/kQ+zmU42cjVbWU0vvWxkKUlzZKDZrdVeb2PpEFu2xm7ZOpn5AgAAAAAAAMBL6o9ZGf79HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApkGRnOoX1XJxUG+mcTrJXJLZcr0HycNB/UX2aNIBAAAAwAl4ZTe72cq5QXuvqJ75X6ue++fyYe6ll/X00k0nt6p3Af2n/sbOdru7s92+Wy5Pj/uz/x0pjGrE9N89jN/zYrXGpf0tVvLL/CZXspB3s5H1/Dar6aWThbxd1VZTpFm/vWgO4hwf708fa737ZbG+XkUyn9tZr2K7mpv5IN3cSqOaQ7XOwXv8Q5md4ie1Q+boVl2WM/pVXU6HZpWRmf2MLNa5L7Nx/uBMHPE4eXJPS2nsv4O6+BxyfrYuy1y/PdU5b40cfa8dnIlksfXf+2vde3fWbm9emZ4pfUVPZqI9konLR87E3t7e7098Csdkts5G/yp6tKvlG9W257KeX+eD3EonN7KYG1nO9bSznB9leSSvlw5xrjWOdq599/t1ZSbJL+pyOpR5PT+S19ErXbPqG/1mmKULx39FOv2tulIerG9N3RXp/BPX5kEmXj04E3/eKz83u/fubKyt3j/k/r5Xl2UGfj5VmSiPlwvlP1bVevzoKPteHdu3VPVd3O9rPNV3ab/vy87U2foe7umRWlXf5bF97arv9ZG+cXc5AEy9s2+enZ3/z/y/5j+b/9P82vw7c2+duXHm27OZ+efpv5/6a+MvjR8Xb+az/G74/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHx1mx99fGe12+1sqKhMvjKX5LArD373adIxv6SVCV+YgOfuWu/u/WubH338g/W7q+933u/cu7603Lp+fXH5hzeu3V7vdhb7n5MOEwA4RsOb/klHAgAAAAAAAAAAAAAAfJGT+O/Ek54jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwclt5LzOPUmRp8epi2d7ZbnfLZVAfrjmXpCgr/0jyefIg/SXNkeGKL9pP8enKzbWHn1wejjU3WL84aLvDeSyWxhMxPet4rWcebzjDhSQX6hIm7v8BAAD//6YMAag=") 7.139292344s ago: executing program 0 (id=696): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="ac0100001700010000000000000000007f0000010000000000000000000000000000000000000000fe8000000000000000000000000000bbac1414bb000000000000000000000000ffffffff0000000000000000000000004e210000000000000000006400000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0200000000000000000000000000000000000000000000000000000000000100000000000000000a00802000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000200000000f9ffffff00000000000000000000000084000500"], 0x1ac}}, 0x0) 6.991097282s ago: executing program 3 (id=697): getpid() r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000280)) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x14, 0x0, 0x200, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4048011) ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x402, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x27) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xffffffffffffff15, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r3, &(0x7f0000000000)={0x1a, 0x33a, 0xf9, 0xff, 0x8, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}}, 0xc) 6.316644197s ago: executing program 0 (id=699): syz_init_net_socket$x25(0x9, 0x5, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, &(0x7f0000000080)={'enc=', 'oaep', ' hash=', {'blake2s-224-generic\x00'}}, 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x103, 0x0, 0xe0, 0x0, 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r5, &(0x7f0000000400)={0x18, 0x0, {0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 'lo\x00'}}, 0x1e) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="300000001000010025bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'], 0x30}, 0x1, 0x0, 0x0, 0x810}, 0x0) 6.203107913s ago: executing program 3 (id=700): syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x2, &(0x7f0000000040), 0x7, 0x4eb, &(0x7f0000000140)="$eJzs3EFsVEUfAPD/225pC+WjHx8fSkUtorHR2EJB4WBiMJp40MSIBz02bSFIoaatiRACS2LwaEi8GuPRqwevarwYTiZe8WhiSIjhAnha87pvu9vt26W02660v1+y3Zm3897M7Lx5O2+muwFsWUPpnySiPyJuRsSuiCg0JhiqPN27c2ni/p1LE1Eql0/+laS7xd00nkmy5x1ZZLgQUfgsqb1QZ+7CxbPj09NTs1l8dP7cx6NzFy6+dObc+Omp01Pnx44fP3rk8LFXxl5++Erl5JfW6+7g5Zn9+9768Po7E8Xq9t7sub4e7TIUQ3lFWfBcuzPrsJ114aTYKuVr618YViw9/9Pm6l7o/7uiK1o2HrCJlMvlck8W7l7+cqnc6OqyLcAjK4lOlwDojOoHfXr/W33kjRO2rd8QpKNun6jcAKX1vpc9Ip5e2FidB+luuL9tp6Eoxgelv79OH2m8uA7zEAAA9X48UR0JNoz/BiL21qX7T7aGMhAR/42I3RHxv4jYExH/j0raxyLi8Ybjd0VEuUX+Qw3x5ePPwq211bC1dPz3ara2VRv/Rf0q2EBXFtsZUR0wTx3K3pPh6O45dWZ66nCLPH5647cvmr2W1r86/ksfaf7VsWBWjlvFnqX7TI7Pj6+6wg1uX40YLDbWPylGJIsrAUlE7IuIwZ+/WvFxB+rCZ174dv9ipGGS8cH1X1DOXUdrw1JF+ZuI5yvtX4ol7V/LMWm9PjnaG9NTh0bTs+BQbh43fr32bt72ZCX1//6Pxt3ePPbDyaxnrV3a/tvrzv+ort/W6j+QRCSL67VzTQ50pXke137/vOk9zWrP/23J+31Rd1/66fj8/OzhiG3J27Fs+1ht32o8fY5Spf7DB/P7/+5sn/SdeCIi0pP4yYh4Kip3iENRvnIgIp6JiIPNqx+/vP7sR6uv//pK6z+Ze/1b0v619fo0kG6dXbJlfDopVVLXtiwGus4euHl/MD//lbX/0YXQcLYl//qXLLlELC9FfmCNbx8AAAA8EgoR0V83l9QfhcLISGUOaE9sL0zPzM2/mMx8cn6y8h2Bgbq0lfng7qQ6/zlQFx9riB/J5o2/7OpbiI9MzExPdqjOQMWOhT6fFEYWrwWV/p/6sz1TzMC/ma/8wNb1oP6/9/oGFQTYcD7/YauavVwXKTVJVPKfMrA5reTz31wgbE55/b/F/3O7YYBNoqw7w5b2MP1/adobu9peGGBDFeO9xXChoyUBNprxP2xJK/qS/KoD5Z78l3pjeeLobX3ArlhdMfpy8upIIB1ZdST3vtXsVf01haZpovBwB+yp/WREspY2PbX2t+X03naf/N3lbH2s3S343Yb007xA6+vGWP/6XZMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa6Z8AAAD//74s2nc=") r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) unshare(0x2c020400) ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="018d008dffff"}) 3.233173979s ago: executing program 0 (id=702): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x2c, 0x28, 0x4ee4e6a52ff56541, 0x70bd26, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0x4}, {0xffff}, {0x0, 0xfff3}}, [@TCA_EGRESS_BLOCK={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x811}, 0x0) 2.84259685s ago: executing program 1 (id=703): r0 = socket$igmp(0x2, 0x3, 0x2) bpf$PROG_BIND_MAP(0x1c, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff, 0x29}, 0xc) write(0xffffffffffffffff, 0x0, 0x0) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000100), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x4, 0x0, 0x0, 0x3, 0x1c58, {0x5, 0x4, 0x0, 0x7, 0x0, 0x65, 0xe, 0x4e, 0x24, 0xc, @empty, @dev={0xac, 0x14, 0x14, 0x44}}}}}}}, 0x0) close(r0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xffffeff7, 0x40, 0x40000006}, 0x3c) 2.571230984s ago: executing program 5 (id=704): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c00000002060108000000000000000000000000050005000a00000005000100070000000500040000000000090002007379"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.570931844s ago: executing program 4 (id=705): socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02080000040000000100000009000100000000", @ANYRES32, @ANYBLOB='\x00\x00'], 0x48) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2.545121566s ago: executing program 3 (id=706): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000080)=0x40000001) socket$kcm(0x2, 0xa, 0x2) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010200000000000000000000000014000780050014000700000008001240410500000900020073797a3200000000050001"], 0x60}}, 0x0) write$tun(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="000086dd03000a000020140000006c07010033d43afffec00000000000000000000000000010ff020000000000000000000000000001"], 0x340a) 2.361245836s ago: executing program 1 (id=707): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0xb, 0x3, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_COMPAT_NAME={0x5, 0x1, '\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x4040001}, 0x14) 2.195170324s ago: executing program 4 (id=708): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)={0x40, r1, 0x1, 0xfffffffd, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_DEVKEY={0x24, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4811}, 0x0) 2.134902177s ago: executing program 5 (id=709): r0 = io_uring_setup(0x45ff, &(0x7f0000000000)={0x0, 0xb8f4, 0x0, 0x9, 0x2}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r0, 0x11, &(0x7f0000000080)="e5e0", 0x2) 2.071658131s ago: executing program 1 (id=710): getpid() r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000280)) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x14, 0x0, 0x200, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4048011) ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x402, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x27) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xffffffffffffff15, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r3, &(0x7f0000000000)={0x1a, 0x33a, 0xf9, 0xff, 0x8, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}}, 0xc) 1.967372616s ago: executing program 3 (id=711): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0x68) io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0x20c8a1, 0x1c881, 0x8, 0xd1}) io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0x8, 0x7, 0x205}) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x2d, 0x0, 0x1f, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4) readv(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000004440)=@acquire={0x128, 0x17, 0x1, 0x10000000, 0xfffffffd, {{@in6=@remote, 0x200}, @in=@multicast1, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@broadcast, 0x0, 0x0, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x73}, {{@in=@multicast1, @in6=@loopback, 0x0, 0x0, 0xffff, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x3}, 0x0, 0x0, 0x120000}}, 0x128}}, 0x0) 1.924345488s ago: executing program 0 (id=712): bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x12, 0x7, 0x4, 0x1002}, 0x50) 1.786979066s ago: executing program 4 (id=713): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000340)={[{@noload}, {@stripe={'stripe', 0x3d, 0x30c}}, {@jqfmt_vfsv1}, {@nojournal_checksum}, {@jqfmt_vfsv1}, {@usrjquota}]}, 0xff, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v") r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) 1.598462575s ago: executing program 5 (id=714): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB], &(0x7f0000000340)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r0, 0x18000000000002a0, 0x204, 0xfffff000, &(0x7f0000000040)="5aee41dea43e63a3f7fb7f11c72b", 0x0, 0xf000, 0x6000, 0x0, 0x0, 0x0, 0x0}, 0x48) 1.211588606s ago: executing program 0 (id=715): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x0, &(0x7f0000001800)=ANY=[], 0xfb, 0x1236, &(0x7f0000000600)="$eJzs28Frm2UcB/Bfm3bdOttUndMNxAe9TJCw9uBFDxbpQBZRtlXYBOGdTTX0NSl9QyEiVk9e/UMEEbyIIN70YC/+B4q3XjxOEF9polsjiVt0NCKfzyUPeX7f5PfwJIE3PO/B8x+/s7VZ1DazTkxPTcX0dkS6lSLFdPzpg3j6uW++ffzq9RuXV+v1tSspXVq9tvxsSmnxia9ef++TJ7/unH7t88Uv52J/6Y2Dn1d+2j+7f+7gt2tvN4vULFKr3UlZutlud7KbeSNtNIutWkqv5o2saKRmq2jsDMxv5u3t7W7KWhsL89s7jaJIWaubthrd1Gmnzk43ZW9lzVaq1WppYT44avqeqmZuj16OW2VZRpTlbJyIsizLUzEfp+OBWIjFqMZSPBgPxcNxJh6Js/FoPBaf/fBp9zABAAAAAAAAAAAAAAAAAAAA3D/j3v9/rlc16a4BAAAAAAAAAAAAAAAAAADg/+Xq9RuXV+v1tSspnYzIP9pd313vP/bnVzejGXk04mJU49fo3f3f1x9feqm+djH1LMWH+d4f+b3d9cpgfjmq8czw/HI/nwbzczF/NL8S1TgzLD8bK0PzJ7+48NSRfO2Fanz/ZrQjj404zN55//eXU3rxlfpf8ud7daNVjmN7AAAA4L6opduGXr/XaqPm+/kx/h8YuL4+zJ6fmejSiYii++5WlueNHYOhgwv/jTZ6gxN3q6nEvb/gbESM18YvZVn+m1V892P/I/eP4jMx2S0Y/U2Zi4i7xCsjm5+KiONdzqkYeKbcG1U86V8mjsOdTZ90JwAAAAAAAAAAAIxj5FHBub87RVgZ68jhpNcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8zg4cCwAAAAAI87dOo2MDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICvAgAA//8AfMuR") mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) getdents64(r0, &(0x7f0000001a00)=""/231, 0xe7) 879.327984ms ago: executing program 3 (id=716): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) fsopen(&(0x7f0000000180)='btrfs\x00', 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_getaffinity(r1, 0x8, &(0x7f0000000000)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="05000000000000007910900000000000630000000000000095000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000000)="fd", 0x0}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001500)=ANY=[@ANYBLOB="b702000010000000bfa300000000000007030000f0feffff7a0af0ff0000000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b2314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8dd63d4b77b206000000000000e254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3813e2c25a61ec45c3af9948f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469600241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c12e28ef97d9ebd9c77f1774cf4683c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f011000000f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497a6103876843ee04ed9ff002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd1304202274f20675eb781925440578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b96508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e25c89b552d7fcd116bce9c764c714c9402c21d1aac59efb28d4f91652f6000000000000000320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a575939206d0c0f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000ff0ffd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8000000edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db76cf059f40fa2640b6bfb74dd35391b8fa18479da9f4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r4, 0xd2, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe3b, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000380)="47ed81affa5ac5ae9296a47753b907a6f37210bc7d6eb4357e6a4b9fb342ad583c9b390ff71191df858d088e10cd39a0f168afa8010e61edf1fd", 0x3a, 0x10008095, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000001340)=ANY=[@ANYBLOB='umask=00000000000000000000010,nls=maciceland,umask=00000000000000000000003,umask=00000000000000000004000,part=0x0000000000000004,gid=', @ANYRESHEX=0x0, @ANYBLOB=',gid=', @ANYRESHEX=0x0, @ANYBLOB="2c756d61736b3d30303030dce9f10ec530303030303030303030303030303030"], 0xff, 0x5de, &(0x7f0000000d40)="$eJzs3cFvHFcdB/DvbGLHDlK6SZOmICSscgA1IrF3IxMkJKAUZKEKVeLSq5VsaiubNLK3yO0BAuLc/gvlYM4cOKEg5cCZf8GoRwR334xmdta7Sbau3TjeTfr5SLPvvX0zb37vl5nRzFjRBvjaWnkvM4/mk5Ur72yV7Z3tdndnu313UE9yJkkjmUtSlF//LcnnyYP0l3xz0DFSPqX4dOXm2sNPLvdbc/VSrV8ctN3h7MfS7Mdalcc1XuuZxxvOcCHJhbqEidsb+PfY7mc8LwGAaVYkp8Z930zO1jfr5XNA/664f4/9Qnsw6QAAAADgBLyym91s5dyk4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAXSf37/0W9NAb1hRSD3/+frb9LXX+hPZp0AAAAAAAAAABwDL6zm91s5dygvVdUf/N/o2pcrD6/kQ+zmU42cjVbWU0vvWxkKUlzZKDZrdVeb2PpEFu2xm7ZOpn5AgAAAAAAAMBL6o9ZGf79HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApkGRnOoX1XJxUG+mcTrJXJLZcr0HycNB/UX2aNIBAAAAwAl4ZTe72cq5QXuvqJ75X6ue++fyYe6ll/X00k0nt6p3Af2n/sbOdru7s92+Wy5Pj/uz/x0pjGrE9N89jN/zYrXGpf0tVvLL/CZXspB3s5H1/Dar6aWThbxd1VZTpFm/vWgO4hwf708fa737ZbG+XkUyn9tZr2K7mpv5IN3cSqOaQ7XOwXv8Q5md4ie1Q+boVl2WM/pVXU6HZpWRmf2MLNa5L7Nx/uBMHPE4eXJPS2nsv4O6+BxyfrYuy1y/PdU5b40cfa8dnIlksfXf+2vde3fWbm9emZ4pfUVPZqI9konLR87E3t7e7098Csdkts5G/yp6tKvlG9W257KeX+eD3EonN7KYG1nO9bSznB9leSSvlw5xrjWOdq599/t1ZSbJL+pyOpR5PT+S19ErXbPqG/1mmKULx39FOv2tulIerG9N3RXp/BPX5kEmXj04E3/eKz83u/fubKyt3j/k/r5Xl2UGfj5VmSiPlwvlP1bVevzoKPteHdu3VPVd3O9rPNV3ab/vy87U2foe7umRWlXf5bF97arv9ZG+cXc5AEy9s2+enZ3/z/y/5j+b/9P82vw7c2+duXHm27OZ+efpv5/6a+MvjR8Xb+az/G74/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHx1mx99fGe12+1sqKhMvjKX5LArD373adIxv6SVCV+YgOfuWu/u/WubH338g/W7q+933u/cu7603Lp+fXH5hzeu3V7vdhb7n5MOEwA4RsOb/klHAgAAAAAAAAAAAAAAfJGT+O/Ek54jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwclt5LzOPUmRp8epi2d7ZbnfLZVAfrjmXpCgr/0jyefIg/SXNkeGKL9pP8enKzbWHn1wejjU3WL84aLvDeSyWxhMxPet4rWcebzjDhSQX6hIm7v8BAAD//6YMAag=") 811.119567ms ago: executing program 1 (id=717): r0 = socket(0x400000000010, 0x3, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1", 0x83}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e", 0x8b}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b", 0xcd}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e760", 0x4e}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2c2c04af73a6cb75b5d05d6037f91e8f4f08e90d5313fb91fbdc5acd212f7d8c800a837a0236309d25e82d5767d8df7512b2beb324c2a2fd6f4ed3a3eb7396f02d515396a3be574d721df257dbf0bc39c", 0x89}, {&(0x7f00000000c0)}], 0x6}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000bc0)}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91566b7f1725f3", 0x1b}], 0x3}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 810.806297ms ago: executing program 5 (id=718): r0 = socket(0x2b, 0x80801, 0x1) listen(r0, 0x7e5a) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000400)={0x9, 0x2, 0xf800, 0x78, 0x7f, 0x9, 0x8}, 0xc) 666.104955ms ago: executing program 1 (id=719): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c00000002060108000000000000000000000000050005000a00000005000100070000000500040000000000090002007379"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) 582.153829ms ago: executing program 0 (id=720): socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@min_batch_time={'min_batch_time', 0x3d, 0xd}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101041, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000100)='.\x00', 0x820b8, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000)) openat(0xffffffffffffff9c, 0x0, 0x42, 0x22) 323.047932ms ago: executing program 5 (id=721): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000080)=0x40000001) socket$kcm(0x2, 0xa, 0x2) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010200000000000000000000000014000780050014000700000008001240410500000900020073797a3200000000050001"], 0x60}}, 0x0) write$tun(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="000086dd03000a000020140000006c07010033d43afffec00000000000000000000000000010ff020000000000000000000000000001"], 0x340a) 229.370408ms ago: executing program 1 (id=722): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x2c, 0x28, 0x4ee4e6a52ff56541, 0x70bd26, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0x4}, {0xffff}, {0x0, 0xfff3}}, [@TCA_EGRESS_BLOCK={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x811}, 0x0) 0s ago: executing program 5 (id=723): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7dbbd18fa5533a6b0acc138c81a8acbcb2fb79a7d7857d41bca238e0548c5e955d74bbb106fe965274cbb3a29b895df0b4e028b6d65c115b81328e0b660253f1c9a359dde67917fa232e2f566483ddbb93ff9b103c1cac356c9f0f6ab5fe77ea4610f71ec6dc988fd", 0x12c}, {&(0x7f0000000fc0)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e34", 0x7b}], 0x2}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540e570891f6bf411cc16a18c4d34e522a1f003498f1a03ea1f8828b6c902286c71a9bc21923972dacfa74fef6a0fd3267e599c1dd33dff5d7b28f134bda4a29962fd5daa4fc9c515a1c3ee25ace1a9948c24b277d0c9c46f948f8a3f98b1a18eff685b7296457ba31632fea4d8f817817026eeb76460dad4f677de730436", 0xea}, {&(0x7f00000002c0)="b176d469f40900e206a2134ae64fde53dc0e68188d001032aa45811c0070fe4e0669fcec46606f53f7b1ba5275d354803f68b717d4af8adeec8b", 0x3a}], 0x2}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000440)="7cc9483e0b2212b8b5d0ab5223f9b22b4b5bd5036f55b4568dbffe5662e5c329dd834e", 0x23}, {&(0x7f0000000480)="92c8794113d179ef42460476d9b70f8462246800935f34795e1aeb9f", 0x1c}, {&(0x7f0000000880)="fb70b4c3828979137f8e899a032064ee15287cc8803ecee7b6203553b506e26c7d9d0bf628b2580352c6639716dcf515e2c2064edfd15755838f79f931eb9c11172d52729c2254544f874aae59c290a952e0ecc77fc3a0de141c9d400d745477bab96a1e7761f848770256982aca14bb8fa9c1376b86efb6b64f5659dd789559a0efb98f0ebd2742cbae22991d78c791f3c09542a7d7d72ec89d5222fefd5a8d582e5bd519708451504bf200358d6e6e2398c9063da16015b379f2904a2b18133b487cdcae86f4a2914350da88ee170fffdd97e5e02dc39c07e2174e5577", 0xde}, {&(0x7f0000000a40)="1b0e3813e98aa526313cd7628ccf3dd14f99127dc0efc5e66a5fad6b007e372ba5aaabbaabb6d4768d026ecd632dbb36eef65f51cc27d8b0dc415eeb5af46108cd4532c6ab1226", 0x47}], 0x4}}], 0x3, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) kernel console output (not intermixed with test programs): wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.046279][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.118583][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 82.147350][ T4271] device veth0_macvtap entered promiscuous mode [ 82.178880][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 82.197626][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 82.220886][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 82.229209][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 82.255523][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 82.275952][ T4271] device veth1_macvtap entered promiscuous mode [ 82.276445][ T38] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.297249][ T38] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.310308][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 82.319688][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 82.388651][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.389172][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.426431][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.430779][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.460756][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.475780][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.492896][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.513327][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.542808][ T4271] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.585421][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 82.618035][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 82.671666][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 82.681197][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 82.689931][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 82.721157][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 82.729358][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 82.760825][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.761845][ T4279] device veth0_vlan entered promiscuous mode [ 82.768826][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.794209][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.815971][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.833286][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.846637][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.860514][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.877395][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.889197][ T4271] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.912094][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 82.931320][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 82.952737][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 82.973936][ T4279] device veth1_vlan entered promiscuous mode [ 82.988129][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.993584][ T4271] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.006470][ T4271] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.008652][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.016292][ T4271] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.037930][ T4271] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.071807][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 83.133133][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.170396][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.218996][ T4279] device veth0_macvtap entered promiscuous mode [ 83.241673][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 83.254854][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 83.307827][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 83.373707][ T4279] device veth1_macvtap entered promiscuous mode [ 83.405673][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.414573][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 83.439440][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 83.456255][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.464948][ T4281] Bluetooth: hci2: command 0x0419 tx timeout [ 83.473046][ T48] Bluetooth: hci1: command 0x0419 tx timeout [ 83.473074][ T4278] Bluetooth: hci4: command 0x0419 tx timeout [ 83.473107][ T4278] Bluetooth: hci3: command 0x0419 tx timeout [ 83.479103][ T48] Bluetooth: hci0: command 0x0419 tx timeout [ 83.481700][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 83.578527][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.605915][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.633826][ T4279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.679193][ T4279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.693300][ T4279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.704638][ T4279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.716130][ T4279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.729971][ T4279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.758671][ T4279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.781118][ T4279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.794696][ T4279] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.816837][ T4279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.848249][ T4279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.865649][ T4279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.900551][ T4279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.901204][ T4371] netlink: 268 bytes leftover after parsing attributes in process `syz.2.7'. [ 83.911921][ T4279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.931574][ T4279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.938034][ T4371] netlink: 136 bytes leftover after parsing attributes in process `syz.2.7'. [ 83.944197][ T4279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.961100][ T4371] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7'. [ 83.976547][ T4279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.997940][ T4279] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.018609][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 84.037153][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 84.063125][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.087969][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 84.119884][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.158256][ T4279] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.180370][ T4279] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.202916][ T4279] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.232042][ T4279] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.369349][ T4375] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9'. [ 84.446102][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.477983][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.517914][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 84.570619][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.597053][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.648421][ T4375] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9'. [ 84.649699][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.366784][ T4409] netlink: 'syz.2.15': attribute type 4 has an invalid length. [ 86.387340][ T4409] netlink: 152 bytes leftover after parsing attributes in process `syz.2.15'. [ 86.593998][ T4409] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 86.748414][ T4383] loop3: detected capacity change from 0 to 32768 [ 86.781611][ T4383] ======================================================= [ 86.781611][ T4383] WARNING: The mand mount option has been deprecated and [ 86.781611][ T4383] and is ignored by this kernel. Remove the mand [ 86.781611][ T4383] option from the mount to silence this warning. [ 86.781611][ T4383] ======================================================= [ 86.908783][ T126] cfg80211: failed to load regulatory.db [ 86.930731][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 86.960714][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 86.970733][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 87.075031][ T4383] JBD2: Ignoring recovery information on journal [ 87.308417][ T4383] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 87.891545][ T4257] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 88.741385][ T4257] usb 1-1: Using ep0 maxpacket: 32 [ 88.758846][ T4257] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 88.793773][ T4257] usb 1-1: config 0 has no interface number 0 [ 88.806518][ T4437] loop1: detected capacity change from 0 to 1024 [ 88.820410][ T4257] usb 1-1: config 0 interface 184 has no altsetting 0 [ 88.870825][ T4257] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 88.899467][ T4257] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.930571][ T4437] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000c01c, mo2=0002] [ 88.939304][ T4257] usb 1-1: Product: syz [ 88.968875][ T4257] usb 1-1: Manufacturer: syz [ 88.973988][ T4257] usb 1-1: SerialNumber: syz [ 88.986988][ T4437] System zones: 0-1, 3-36 [ 88.987434][ T4257] usb 1-1: config 0 descriptor?? [ 89.008645][ T4257] smsc75xx v1.0.0 [ 89.085941][ T4437] EXT4-fs error (device loop1): ext4_orphan_get:1431: comm syz.1.23: bad orphan inode 134217728 [ 89.152323][ T4437] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 89.495764][ T4270] EXT4-fs (loop1): unmounting filesystem. [ 89.618603][ T4257] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 89.656297][ T4257] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 90.140792][ T4271] ocfs2: Unmounting device (7,3) on (node local) [ 90.583868][ T4427] Zero length message leads to an empty skb [ 90.725663][ T4257] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 90.987441][ T4257] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to write PMT_CTL: -71 [ 91.137987][ T4257] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 91.301937][ T4257] smsc75xx: probe of 1-1:0.184 failed with error -71 [ 91.623256][ T4257] usb 1-1: USB disconnect, device number 2 [ 91.790630][ T4462] loop5: detected capacity change from 0 to 7 [ 91.805723][ T4462] Dev loop5: unable to read RDB block 7 [ 91.811879][ T4462] loop5: unable to read partition table [ 91.818606][ T4462] loop5: partition table beyond EOD, truncated [ 91.825269][ T4462] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 91.843617][ T4462] binder: 4458:4462 ioctl c0285840 200000000000 returned -22 [ 92.670717][ T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!! [ 92.690705][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 92.700702][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 93.094120][ T4481] loop1: detected capacity change from 0 to 4096 [ 93.443113][ T4270] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22. [ 93.480110][ T4270] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 93.701159][ T4489] loop1: detected capacity change from 0 to 256 [ 94.147480][ T4496] loop0: detected capacity change from 0 to 512 [ 94.227954][ T4496] EXT4-fs error (device loop0): ext4_iget_extra_inode:4763: inode #15: comm syz.0.40: corrupted in-inode xattr [ 94.254282][ T4497] loop1: detected capacity change from 0 to 2048 [ 94.273259][ T4497] EXT4-fs: Ignoring removed nobh option [ 94.284849][ T4496] EXT4-fs error (device loop0): ext4_orphan_get:1410: comm syz.0.40: couldn't read orphan inode 15 (err -117) [ 94.613366][ T4496] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 94.790368][ T4497] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 94.997530][ T4497] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.493100][ T4508] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 96.022944][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 96.053639][ T4270] EXT4-fs (loop1): unmounting filesystem. [ 97.041783][ T4515] loop5: detected capacity change from 0 to 7 [ 97.054535][ T4515] Dev loop5: unable to read RDB block 7 [ 97.060344][ T4515] loop5: unable to read partition table [ 97.067513][ T4515] loop5: partition table beyond EOD, truncated [ 97.073960][ T4515] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 97.090787][ T4515] binder: 4513:4515 ioctl c0285840 200000000000 returned -22 [ 97.682951][ T4523] loop3: detected capacity change from 0 to 256 [ 98.440703][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.460698][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.470694][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.480696][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.631523][ T4528] loop2: detected capacity change from 0 to 256 [ 98.697294][ T4523] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d) [ 98.756607][ T4532] loop1: detected capacity change from 0 to 512 [ 98.841748][ T4532] EXT4-fs error (device loop1): ext4_iget_extra_inode:4763: inode #15: comm syz.1.48: corrupted in-inode xattr [ 98.874095][ T4532] EXT4-fs error (device loop1): ext4_orphan_get:1410: comm syz.1.48: couldn't read orphan inode 15 (err -117) [ 98.902720][ T4537] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 98.938614][ T4537] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 98.968115][ T4532] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 99.400114][ T4547] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 100.084948][ T4270] EXT4-fs (loop1): unmounting filesystem. [ 100.224023][ T4257] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 100.431681][ T4257] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 100.463603][ T4257] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.507365][ T4257] usb 3-1: config 0 descriptor?? [ 101.796840][ T4257] ath6kl: Failed to read usb control message: -71 [ 101.860971][ T4257] ath6kl: Unable to read the bmi data from the device: -71 [ 101.887964][ T4257] ath6kl: Unable to recv target info: -71 [ 101.913294][ T4257] ath6kl: Failed to init ath6kl core: -71 [ 101.989244][ T4257] ath6kl_usb: probe of 3-1:0.0 failed with error -71 [ 102.029822][ T4257] usb 3-1: USB disconnect, device number 2 [ 102.286750][ T4574] loop0: detected capacity change from 0 to 256 [ 103.200532][ T4581] Bluetooth: MGMT ver 1.22 [ 108.497408][ T4640] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 108.604756][ T4642] loop4: detected capacity change from 0 to 1024 [ 108.629045][ T4642] EXT4-fs: Ignoring removed bh option [ 109.716954][ T4642] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 109.761368][ T4660] loop3: detected capacity change from 0 to 2048 [ 109.784065][ T4660] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 110.705037][ T4642] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2800: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 111.621990][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 111.750852][ T4365] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 111.985734][ T32] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 111.990777][ T4365] usb 1-1: Using ep0 maxpacket: 8 [ 112.017525][ T4365] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 112.045970][ T4365] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 112.075123][ T4365] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 112.090837][ T4365] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 112.101957][ T4365] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 112.138289][ T4365] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 112.150898][ T4365] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.192674][ T32] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 112.220922][ T32] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 112.287727][ T32] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 112.330872][ T32] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.407810][ T32] usb 2-1: config 0 descriptor?? [ 112.424057][ T4365] usb 1-1: usb_control_msg returned -32 [ 112.429788][ T4365] usbtmc 1-1:16.0: can't read capabilities [ 112.457347][ T32] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 114.695708][ T32] usb 1-1: USB disconnect, device number 3 [ 115.178990][ T4707] loop4: detected capacity change from 0 to 512 [ 115.255210][ T4707] EXT4-fs error (device loop4): ext4_iget_extra_inode:4763: inode #15: comm syz.4.100: corrupted in-inode xattr [ 115.268131][ T4707] EXT4-fs error (device loop4): ext4_orphan_get:1410: comm syz.4.100: couldn't read orphan inode 15 (err -117) [ 115.288387][ T4707] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 115.671277][ T4717] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 117.396777][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 117.556212][ T4336] usb 2-1: USB disconnect, device number 2 [ 117.778868][ T4720] loop0: detected capacity change from 0 to 2048 [ 119.128519][ T4720] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 119.241035][ T4720] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 120.673128][ T4739] netlink: 'syz.3.111': attribute type 4 has an invalid length. [ 120.710966][ T4739] netlink: 152 bytes leftover after parsing attributes in process `syz.3.111'. [ 120.918034][ T4739] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 124.156920][ T4278] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 124.167542][ T4278] CPU: 0 PID: 4278 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 124.175228][ T4278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 124.185327][ T4278] Workqueue: hci0 hci_rx_work [ 124.190078][ T4278] Call Trace: [ 124.193402][ T4278] [ 124.196384][ T4278] dump_stack_lvl+0x188/0x24e [ 124.201321][ T4278] ? show_regs_print_info+0x12/0x12 [ 124.206564][ T4278] ? load_image+0x400/0x400 [ 124.211124][ T4278] sysfs_create_dir_ns+0x26a/0x290 [ 124.216506][ T4278] ? sysfs_warn_dup+0xa0/0xa0 [ 124.221319][ T4278] ? do_raw_spin_unlock+0x11d/0x230 [ 124.226588][ T4278] kobject_add_internal+0x61c/0xcc0 [ 124.231925][ T4278] kobject_add+0x160/0x230 [ 124.236390][ T4278] ? kobject_init+0x1d0/0x1d0 [ 124.241112][ T4278] ? klist_children_get+0x50/0x50 [ 124.246278][ T4278] ? get_device_parent+0x121/0x3f0 [ 124.251525][ T4278] device_add+0x483/0xfb0 [ 124.255985][ T4278] ? kmem_cache_free+0xf7/0x290 [ 124.260884][ T4278] hci_conn_add_sysfs+0xd1/0x1e0 [ 124.265868][ T4278] le_conn_complete_evt+0x1062/0x1670 [ 124.271375][ T4278] ? le_conn_complete_evt+0xe9/0x1670 [ 124.276803][ T4278] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 124.283438][ T4278] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 124.289212][ T4278] ? skb_pull_data+0xf7/0x200 [ 124.293946][ T4278] hci_le_conn_complete_evt+0x183/0x440 [ 124.299741][ T4278] ? hci_remote_host_features_evt+0x270/0x270 [ 124.305880][ T4278] hci_event_packet+0x7b9/0x1280 [ 124.310894][ T4278] ? bis_list+0x280/0x280 [ 124.315462][ T4278] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 124.321499][ T4278] ? kcov_remote_start+0x4c7/0x7e0 [ 124.326653][ T4278] ? patch_conexant_auto+0x1260/0x1650 [ 124.332168][ T4278] ? hci_send_to_monitor+0x9c/0x4a0 [ 124.337422][ T4278] hci_rx_work+0x3eb/0xd40 [ 124.341969][ T4278] ? _raw_spin_unlock+0x40/0x40 [ 124.346866][ T4278] ? process_one_work+0x7b0/0x1160 [ 124.352013][ T4278] process_one_work+0x8a2/0x1160 [ 124.357042][ T4278] ? worker_detach_from_pool+0x240/0x240 [ 124.362737][ T4278] ? _raw_spin_lock_irq+0xb7/0xf0 [ 124.368019][ T4278] ? _raw_spin_lock_irqsave+0x100/0x100 [ 124.373629][ T4278] ? kthread_data+0x4b/0xc0 [ 124.378278][ T4278] worker_thread+0xaa2/0x1270 [ 124.383046][ T4278] kthread+0x29d/0x330 [ 124.387157][ T4278] ? worker_clr_flags+0x1a0/0x1a0 [ 124.392223][ T4278] ? kthread_blkcg+0xd0/0xd0 [ 124.397038][ T4278] ret_from_fork+0x1f/0x30 [ 124.401572][ T4278] [ 124.424505][ T4278] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 124.439466][ T4278] Bluetooth: hci0: failed to register connection device [ 126.510942][ T4278] Bluetooth: hci0: command 0x2016 tx timeout [ 128.996982][ T4817] loop3: detected capacity change from 0 to 256 [ 129.425518][ T4819] loop2: detected capacity change from 0 to 40427 [ 129.826682][ T4819] F2FS-fs (loop2): invalid crc value [ 129.847399][ T4819] F2FS-fs (loop2): Found nat_bits in checkpoint [ 129.877225][ T4819] F2FS-fs (loop2): Start checkpoint disabled! [ 129.900503][ T4819] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 130.011418][ T4816] netlink: 'syz.4.135': attribute type 2 has an invalid length. [ 130.019286][ T4816] netlink: 164 bytes leftover after parsing attributes in process `syz.4.135'. [ 132.127486][ T4278] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 132.137672][ T4278] CPU: 1 PID: 4278 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 132.145361][ T4278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 132.155546][ T4278] Workqueue: hci0 hci_rx_work [ 132.160280][ T4278] Call Trace: [ 132.163602][ T4278] [ 132.166566][ T4278] dump_stack_lvl+0x188/0x24e [ 132.171300][ T4278] ? show_regs_print_info+0x12/0x12 [ 132.176552][ T4278] ? load_image+0x400/0x400 [ 132.181378][ T4278] sysfs_create_dir_ns+0x26a/0x290 [ 132.186542][ T4278] ? sysfs_warn_dup+0xa0/0xa0 [ 132.191274][ T4278] ? do_raw_spin_unlock+0x11d/0x230 [ 132.196521][ T4278] kobject_add_internal+0x61c/0xcc0 [ 132.201875][ T4278] kobject_add+0x160/0x230 [ 132.206523][ T4278] ? kobject_init+0x1d0/0x1d0 [ 132.211600][ T4278] ? klist_children_get+0x50/0x50 [ 132.216674][ T4278] ? get_device_parent+0x121/0x3f0 [ 132.221857][ T4278] device_add+0x483/0xfb0 [ 132.226334][ T4278] ? kmem_cache_free+0xf7/0x290 [ 132.231253][ T4278] hci_conn_add_sysfs+0xd1/0x1e0 [ 132.236363][ T4278] le_conn_complete_evt+0x1062/0x1670 [ 132.241794][ T4278] ? le_conn_complete_evt+0xe9/0x1670 [ 132.247486][ T4278] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 132.253960][ T4278] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 132.259729][ T4278] ? skb_pull_data+0xf7/0x200 [ 132.264539][ T4278] hci_le_conn_complete_evt+0x183/0x440 [ 132.270312][ T4278] ? hci_remote_host_features_evt+0x270/0x270 [ 132.276432][ T4278] hci_event_packet+0x7b9/0x1280 [ 132.281430][ T4278] ? bis_list+0x280/0x280 [ 132.285871][ T4278] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 132.291570][ T4278] hci_rx_work+0x3eb/0xd40 [ 132.296401][ T4278] ? _raw_spin_unlock+0x40/0x40 [ 132.301413][ T4278] ? process_one_work+0x7b0/0x1160 [ 132.307116][ T4278] process_one_work+0x8a2/0x1160 [ 132.312373][ T4278] ? worker_detach_from_pool+0x240/0x240 [ 132.318224][ T4278] ? _raw_spin_lock_irq+0xb7/0xf0 [ 132.323487][ T4278] ? _raw_spin_lock_irqsave+0x100/0x100 [ 132.329256][ T4278] ? kthread_data+0x4b/0xc0 [ 132.333852][ T4278] worker_thread+0xaa2/0x1270 [ 132.338704][ T4278] kthread+0x29d/0x330 [ 132.342999][ T4278] ? worker_clr_flags+0x1a0/0x1a0 [ 132.348248][ T4278] ? kthread_blkcg+0xd0/0xd0 [ 132.353064][ T4278] ret_from_fork+0x1f/0x30 [ 132.357712][ T4278] [ 132.391417][ T4278] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 132.405773][ T4278] Bluetooth: hci0: failed to register connection device [ 132.984066][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.995888][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.420788][ T4278] Bluetooth: hci0: command 0x2016 tx timeout [ 135.322173][ T4838] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 135.414773][ T4670] kworker/u4:16: attempt to access beyond end of device [ 135.414773][ T4670] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 135.456774][ T4844] fuse: Unknown parameter '0xffffffffffffffff' [ 135.467636][ T4844] overlayfs: missing 'lowerdir' [ 136.239316][ T4857] loop4: detected capacity change from 0 to 512 [ 136.262403][ T4857] FAT-fs (loop4): Unrecognized mount option "" or missing value [ 137.580837][ T4855] sched: RT throttling activated [ 138.619935][ T4376] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 140.379081][ T4891] netlink: 8 bytes leftover after parsing attributes in process `syz.4.160'. [ 140.449122][ T4892] netlink: 'syz.3.159': attribute type 4 has an invalid length. [ 140.502436][ T4892] netlink: 152 bytes leftover after parsing attributes in process `syz.3.159'. [ 140.554502][ T4892] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 140.960777][ T26] audit: type=1326 audit(1777310803.833:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4903 comm="syz.1.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94d719cdd9 code=0x7ffc0000 [ 141.011031][ T26] audit: type=1326 audit(1777310803.873:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4903 comm="syz.1.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94d719cdd9 code=0x7ffc0000 [ 141.048668][ T4904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.164'. [ 141.089325][ T4906] loop2: detected capacity change from 0 to 512 [ 141.169724][ T26] audit: type=1326 audit(1777310803.873:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4903 comm="syz.1.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94d719cdd9 code=0x7ffc0000 [ 141.288331][ T4906] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 141.297896][ T4906] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 141.329514][ T26] audit: type=1326 audit(1777310803.863:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4903 comm="syz.1.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94d719cdd9 code=0x7ffc0000 [ 141.353599][ T26] audit: type=1326 audit(1777310803.873:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4903 comm="syz.1.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f94d719cdd9 code=0x7ffc0000 [ 141.382448][ T26] audit: type=1326 audit(1777310803.873:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4903 comm="syz.1.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94d719cdd9 code=0x7ffc0000 [ 141.424839][ T26] audit: type=1326 audit(1777310803.873:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4903 comm="syz.1.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94d719cdd9 code=0x7ffc0000 [ 141.485587][ T26] audit: type=1326 audit(1777310803.873:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4903 comm="syz.1.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94d719cdd9 code=0x7ffc0000 [ 141.519910][ T4906] EXT4-fs error (device loop2): ext4_get_first_dir_block:3583: inode #12: comm syz.2.163: Directory hole found for htree leaf block 0 [ 141.558238][ T26] audit: type=1326 audit(1777310803.873:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4903 comm="syz.1.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94d719cdd9 code=0x7ffc0000 [ 141.736870][ T26] audit: type=1326 audit(1777310803.883:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4903 comm="syz.1.164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=327 compat=0 ip=0x7f94d719cdd9 code=0x7ffc0000 [ 141.804224][ T4269] EXT4-fs (loop2): unmounting filesystem. [ 141.807621][ T4918] loop0: detected capacity change from 0 to 256 [ 142.104007][ T4921] loop2: detected capacity change from 0 to 1024 [ 142.249111][ T4921] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 142.352814][ T4921] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12687!=20869) [ 142.471226][ T4921] EXT4-fs (loop2): invalid journal inode [ 142.492403][ T4921] EXT4-fs (loop2): can't get journal size [ 142.555714][ T4921] EXT4-fs error (device loop2): ext4_protect_reserved_inode:182: inode #2: comm syz.2.169: blocks 3-3 from inode overlap system zone [ 142.631189][ T4921] EXT4-fs (loop2): failed to initialize system zone (-117) [ 142.638799][ T4921] EXT4-fs (loop2): mount failed [ 145.781199][ T4286] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 146.453484][ T4967] loop3: detected capacity change from 0 to 512 [ 146.564795][ T4967] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 146.589133][ T4965] loop4: detected capacity change from 0 to 1024 [ 146.700903][ T4965] hfsplus: unable to parse mount options [ 148.004295][ T4983] netlink: 'syz.1.188': attribute type 4 has an invalid length. [ 148.012312][ T4983] netlink: 152 bytes leftover after parsing attributes in process `syz.1.188'. [ 148.045826][ T4983] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 148.524228][ T4981] netlink: 204 bytes leftover after parsing attributes in process `syz.0.189'. [ 150.073185][ T4278] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 150.083574][ T4278] CPU: 0 PID: 4278 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 150.091315][ T4278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 150.101827][ T4278] Workqueue: hci3 hci_rx_work [ 150.106529][ T4278] Call Trace: [ 150.110058][ T4278] [ 150.113085][ T4278] dump_stack_lvl+0x188/0x24e [ 150.117808][ T4278] ? show_regs_print_info+0x12/0x12 [ 150.123237][ T4278] ? load_image+0x400/0x400 [ 150.127781][ T4278] sysfs_create_dir_ns+0x26a/0x290 [ 150.133107][ T4278] ? sysfs_warn_dup+0xa0/0xa0 [ 150.137993][ T4278] ? do_raw_spin_unlock+0x11d/0x230 [ 150.143300][ T4278] kobject_add_internal+0x61c/0xcc0 [ 150.148629][ T4278] kobject_add+0x160/0x230 [ 150.153059][ T4278] ? kobject_init+0x1d0/0x1d0 [ 150.157760][ T4278] ? klist_children_get+0x50/0x50 [ 150.162983][ T4278] ? get_device_parent+0x121/0x3f0 [ 150.168218][ T4278] device_add+0x483/0xfb0 [ 150.172571][ T4278] ? kmem_cache_free+0xf7/0x290 [ 150.177539][ T4278] hci_conn_add_sysfs+0xd1/0x1e0 [ 150.182882][ T4278] le_conn_complete_evt+0x1062/0x1670 [ 150.188394][ T4278] ? le_conn_complete_evt+0xe9/0x1670 [ 150.193910][ T4278] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 150.200441][ T4278] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 150.206297][ T4278] ? skb_pull_data+0xf7/0x200 [ 150.211195][ T4278] hci_le_conn_complete_evt+0x183/0x440 [ 150.216981][ T4278] ? hci_remote_host_features_evt+0x270/0x270 [ 150.223752][ T4278] hci_event_packet+0x7b9/0x1280 [ 150.228913][ T4278] ? bis_list+0x280/0x280 [ 150.233252][ T4278] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 150.239754][ T4278] ? kcov_remote_start+0x4c7/0x7e0 [ 150.244940][ T4278] ? patch_conexant_auto+0x1260/0x1650 [ 150.250520][ T4278] ? hci_send_to_monitor+0x9c/0x4a0 [ 150.255830][ T4278] hci_rx_work+0x3eb/0xd40 [ 150.260460][ T4278] ? _raw_spin_unlock+0x40/0x40 [ 150.265340][ T4278] ? process_one_work+0x7b0/0x1160 [ 150.270469][ T4278] process_one_work+0x8a2/0x1160 [ 150.275438][ T4278] ? worker_detach_from_pool+0x240/0x240 [ 150.281100][ T4278] ? _raw_spin_lock_irq+0xb7/0xf0 [ 150.286242][ T4278] ? _raw_spin_lock_irqsave+0x100/0x100 [ 150.291900][ T4278] ? kthread_data+0x4b/0xc0 [ 150.296532][ T4278] worker_thread+0xaa2/0x1270 [ 150.301360][ T4278] kthread+0x29d/0x330 [ 150.305784][ T4278] ? worker_clr_flags+0x1a0/0x1a0 [ 150.310828][ T4278] ? kthread_blkcg+0xd0/0xd0 [ 150.315572][ T4278] ret_from_fork+0x1f/0x30 [ 150.320111][ T4278] [ 150.331784][ T4278] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 150.345779][ T4278] Bluetooth: hci3: failed to register connection device [ 152.420873][ T4278] Bluetooth: hci3: command 0x2016 tx timeout [ 154.335851][ T5030] loop4: detected capacity change from 0 to 764 [ 154.467756][ T4376] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 154.598299][ T5035] binder: 5032:5035 ioctl c0285840 200000000000 returned -22 [ 156.578545][ T5047] loop0: detected capacity change from 0 to 512 [ 156.729294][ T5047] EXT4-fs error (device loop0): ext4_iget_extra_inode:4763: inode #15: comm syz.0.208: corrupted in-inode xattr [ 157.690027][ T5047] EXT4-fs error (device loop0): ext4_orphan_get:1410: comm syz.0.208: couldn't read orphan inode 15 (err -117) [ 157.779477][ T5047] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 157.820780][ T7] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 158.083366][ T7] usb 3-1: device descriptor read/64, error -71 [ 158.367347][ T5069] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 158.389831][ T7] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 158.768576][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 158.892003][ T7] usb 3-1: device descriptor read/64, error -71 [ 159.020946][ T7] usb usb3-port1: attempt power cycle [ 159.441874][ T7] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 159.483547][ T7] usb 3-1: device descriptor read/8, error -71 [ 159.770870][ T7] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 160.020826][ T7] usb 3-1: device not accepting address 6, error -71 [ 160.727727][ T7] usb usb3-port1: unable to enumerate USB device [ 160.847911][ T5085] ieee802154 phy0 wpan0: encryption failed: -22 [ 160.882985][ T5086] binder: 5082:5086 ioctl c0285840 200000000000 returned -22 [ 162.583698][ T4278] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 162.595171][ T4278] CPU: 1 PID: 4278 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 162.602861][ T4278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 162.613040][ T4278] Workqueue: hci1 hci_rx_work [ 162.618098][ T4278] Call Trace: [ 162.621495][ T4278] [ 162.624532][ T4278] dump_stack_lvl+0x188/0x24e [ 162.629264][ T4278] ? show_regs_print_info+0x12/0x12 [ 162.634598][ T4278] ? load_image+0x400/0x400 [ 162.639233][ T4278] sysfs_create_dir_ns+0x26a/0x290 [ 162.645107][ T4278] ? sysfs_warn_dup+0xa0/0xa0 [ 162.650084][ T4278] ? do_raw_spin_unlock+0x11d/0x230 [ 162.655402][ T4278] kobject_add_internal+0x61c/0xcc0 [ 162.660974][ T4278] kobject_add+0x160/0x230 [ 162.665417][ T4278] ? kobject_init+0x1d0/0x1d0 [ 162.670127][ T4278] ? klist_children_get+0x50/0x50 [ 162.675604][ T4278] ? get_device_parent+0x121/0x3f0 [ 162.680749][ T4278] device_add+0x483/0xfb0 [ 162.685269][ T4278] ? kmem_cache_free+0xf7/0x290 [ 162.690233][ T4278] hci_conn_add_sysfs+0xd1/0x1e0 [ 162.695463][ T4278] le_conn_complete_evt+0x1062/0x1670 [ 162.700961][ T4278] ? le_conn_complete_evt+0xe9/0x1670 [ 162.706467][ T4278] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 162.712918][ T4278] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 162.718635][ T4278] ? skb_pull_data+0xf7/0x200 [ 162.723421][ T4278] hci_le_conn_complete_evt+0x183/0x440 [ 162.729167][ T4278] ? hci_remote_host_features_evt+0x270/0x270 [ 162.735355][ T4278] hci_event_packet+0x7b9/0x1280 [ 162.740431][ T4278] ? bis_list+0x280/0x280 [ 162.744779][ T4278] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 162.750791][ T4278] ? kcov_remote_start+0x4c7/0x7e0 [ 162.756093][ T4278] ? patch_conexant_auto+0x1260/0x1650 [ 162.761805][ T4278] ? hci_send_to_monitor+0x9c/0x4a0 [ 162.767213][ T4278] hci_rx_work+0x3eb/0xd40 [ 162.771663][ T4278] ? _raw_spin_unlock+0x40/0x40 [ 162.776648][ T4278] ? process_one_work+0x7b0/0x1160 [ 162.781783][ T4278] process_one_work+0x8a2/0x1160 [ 162.786910][ T4278] ? worker_detach_from_pool+0x240/0x240 [ 162.792910][ T4278] ? _raw_spin_lock_irq+0xb7/0xf0 [ 162.797978][ T4278] ? _raw_spin_lock_irqsave+0x100/0x100 [ 162.803822][ T4278] ? kthread_data+0x4b/0xc0 [ 162.808357][ T4278] worker_thread+0xaa2/0x1270 [ 162.813164][ T4278] kthread+0x29d/0x330 [ 162.817316][ T4278] ? worker_clr_flags+0x1a0/0x1a0 [ 162.822617][ T4278] ? kthread_blkcg+0xd0/0xd0 [ 162.827236][ T4278] ret_from_fork+0x1f/0x30 [ 162.831757][ T4278] [ 162.957256][ T4278] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 162.971667][ T4278] Bluetooth: hci1: failed to register connection device [ 165.070907][ T4278] Bluetooth: hci1: command 0x2016 tx timeout [ 165.710787][ T4318] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 166.666661][ T5127] snd_dummy snd_dummy.0: control 6:65278:0:syz0:-259 is already present [ 167.364191][ T4318] usb 4-1: device descriptor read/64, error -71 [ 167.554033][ T5132] binder: 5130:5132 ioctl c0285840 200000000000 returned -22 [ 167.900837][ T4318] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 168.480790][ T4318] usb 4-1: device descriptor read/64, error -71 [ 168.600912][ T4318] usb usb4-port1: attempt power cycle [ 168.642188][ T5137] loop1: detected capacity change from 0 to 512 [ 168.695594][ T5137] EXT4-fs error (device loop1): ext4_iget_extra_inode:4763: inode #15: comm syz.1.240: corrupted in-inode xattr [ 168.717211][ T5137] EXT4-fs error (device loop1): ext4_orphan_get:1410: comm syz.1.240: couldn't read orphan inode 15 (err -117) [ 168.745336][ T5141] loop0: detected capacity change from 0 to 128 [ 168.781567][ T5137] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 169.503039][ T5144] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 169.512945][ T5139] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 170.255284][ T4270] EXT4-fs (loop1): unmounting filesystem. [ 170.461729][ T4278] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 170.475344][ T4278] CPU: 0 PID: 4278 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 170.483471][ T4278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 170.494023][ T4278] Workqueue: hci2 hci_rx_work [ 170.498808][ T4278] Call Trace: [ 170.502104][ T4278] [ 170.505054][ T4278] dump_stack_lvl+0x188/0x24e [ 170.509750][ T4278] ? show_regs_print_info+0x12/0x12 [ 170.515073][ T4278] ? load_image+0x400/0x400 [ 170.519675][ T4278] sysfs_create_dir_ns+0x26a/0x290 [ 170.524810][ T4278] ? sysfs_warn_dup+0xa0/0xa0 [ 170.529667][ T4278] ? do_raw_spin_unlock+0x11d/0x230 [ 170.534889][ T4278] kobject_add_internal+0x61c/0xcc0 [ 170.540213][ T4278] kobject_add+0x160/0x230 [ 170.544653][ T4278] ? kobject_init+0x1d0/0x1d0 [ 170.549350][ T4278] ? klist_children_get+0x50/0x50 [ 170.554396][ T4278] ? get_device_parent+0x121/0x3f0 [ 170.559514][ T4278] device_add+0x483/0xfb0 [ 170.563845][ T4278] ? kmem_cache_free+0xf7/0x290 [ 170.568730][ T4278] hci_conn_add_sysfs+0xd1/0x1e0 [ 170.573782][ T4278] le_conn_complete_evt+0x1062/0x1670 [ 170.579180][ T4278] ? le_conn_complete_evt+0xe9/0x1670 [ 170.584564][ T4278] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 170.590824][ T4278] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 170.596775][ T4278] ? skb_pull_data+0xf7/0x200 [ 170.601480][ T4278] hci_le_conn_complete_evt+0x183/0x440 [ 170.607219][ T4278] ? hci_remote_host_features_evt+0x270/0x270 [ 170.613672][ T4278] hci_event_packet+0x7b9/0x1280 [ 170.618736][ T4278] ? bis_list+0x280/0x280 [ 170.623180][ T4278] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 170.629095][ T4278] ? kcov_remote_start+0x4c7/0x7e0 [ 170.634930][ T4278] ? patch_conexant_auto+0x1260/0x1650 [ 170.640606][ T4278] ? hci_send_to_monitor+0x9c/0x4a0 [ 170.645921][ T4278] hci_rx_work+0x3eb/0xd40 [ 170.650540][ T4278] ? _raw_spin_unlock+0x40/0x40 [ 170.655435][ T4278] ? process_one_work+0x7b0/0x1160 [ 170.660664][ T4278] process_one_work+0x8a2/0x1160 [ 170.665752][ T4278] ? worker_detach_from_pool+0x240/0x240 [ 170.671409][ T4278] ? _raw_spin_lock_irq+0xb7/0xf0 [ 170.676463][ T4278] ? _raw_spin_lock_irqsave+0x100/0x100 [ 170.682122][ T4278] ? kthread_data+0x4b/0xc0 [ 170.686745][ T4278] worker_thread+0xaa2/0x1270 [ 170.691897][ T4278] kthread+0x29d/0x330 [ 170.695988][ T4278] ? worker_clr_flags+0x1a0/0x1a0 [ 170.701283][ T4278] ? kthread_blkcg+0xd0/0xd0 [ 170.706068][ T4278] ret_from_fork+0x1f/0x30 [ 170.710714][ T4278] [ 170.989329][ T4278] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 171.027334][ T4278] Bluetooth: hci2: failed to register connection device [ 173.244663][ T4278] Bluetooth: hci2: command 0x2016 tx timeout [ 174.474941][ T5171] device syzkaller0 entered promiscuous mode [ 174.618011][ T5179] binder: 5174:5179 ioctl c0285840 200000000000 returned -22 [ 174.690781][ T4348] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 175.520739][ T4348] usb 1-1: device descriptor read/64, error -71 [ 175.894344][ T4348] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 176.493007][ T5194] loop3: detected capacity change from 0 to 512 [ 176.639261][ T5194] EXT4-fs error (device loop3): ext4_iget_extra_inode:4763: inode #15: comm syz.3.256: corrupted in-inode xattr [ 176.741740][ T5194] EXT4-fs error (device loop3): ext4_orphan_get:1410: comm syz.3.256: couldn't read orphan inode 15 (err -117) [ 176.771310][ T5194] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 176.890707][ T4348] usb 1-1: device descriptor read/64, error -71 [ 177.011548][ T4348] usb usb1-port1: attempt power cycle [ 177.967646][ T5209] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 178.311083][ T5198] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 178.397026][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 178.516568][ T5214] syz.0.261 uses obsolete (PF_INET,SOCK_PACKET) [ 178.871301][ T5220] loop4: detected capacity change from 0 to 164 [ 179.064340][ T5225] loop0: detected capacity change from 0 to 128 [ 179.169049][ T26] kauditd_printk_skb: 61 callbacks suppressed [ 179.169066][ T26] audit: type=1800 audit(1777310842.043:73): pid=5225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.266" name="bus" dev="loop0" ino=1048641 res=0 errno=0 [ 179.211815][ T5227] sg_write: data in/out 455644/242 bytes for SCSI command 0x0-- guessing data in; [ 179.211815][ T5227] program syz.2.265 not setting count and/or reply_len properly [ 179.305039][ T5229] loop3: detected capacity change from 0 to 512 [ 179.377554][ T5229] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 179.429361][ T5230] syz.0.266: attempt to access beyond end of device [ 179.429361][ T5230] loop0: rw=2049, sector=769, nr_sectors = 272 limit=128 [ 179.497665][ T5229] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 179.541470][ T5229] System zones: 0-2, 18-18, 34-34 [ 179.662229][ T5237] loop2: detected capacity change from 0 to 512 [ 179.732995][ T5229] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 179.754441][ T5237] EXT4-fs: Ignoring removed mblk_io_submit option [ 179.794972][ T5229] EXT4-fs (loop3): Remounting filesystem read-only [ 179.795048][ T5237] EXT4-fs error (device loop2): ext4_iget_extra_inode:4763: inode #15: comm syz.2.269: corrupted in-inode xattr [ 179.824307][ T5237] EXT4-fs error (device loop2): ext4_orphan_get:1410: comm syz.2.269: couldn't read orphan inode 15 (err -117) [ 179.880404][ T5229] EXT4-fs error (device loop3): ext4_do_update_inode:5279: inode #16: comm syz.3.267: corrupted inode contents [ 179.902107][ T5237] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 179.977797][ T5229] EXT4-fs (loop3): Remounting filesystem read-only [ 179.997931][ T5229] EXT4-fs error (device loop3): ext4_dirty_inode:6156: inode #16: comm syz.3.267: mark_inode_dirty error [ 180.067084][ T5229] EXT4-fs (loop3): Remounting filesystem read-only [ 180.092444][ T5229] EXT4-fs error (device loop3): ext4_do_update_inode:5279: inode #16: comm syz.3.267: corrupted inode contents [ 180.163313][ T4269] EXT4-fs (loop2): unmounting filesystem. [ 180.172809][ T5229] EXT4-fs (loop3): Remounting filesystem read-only [ 180.179695][ T5229] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #16: comm syz.3.267: mark_inode_dirty error [ 180.204088][ T5242] loop0: detected capacity change from 0 to 512 [ 180.275463][ T5242] EXT4-fs error (device loop0): ext4_iget_extra_inode:4763: inode #15: comm syz.0.271: corrupted in-inode xattr [ 180.302581][ T5229] EXT4-fs (loop3): Remounting filesystem read-only [ 180.309555][ T5242] EXT4-fs error (device loop0): ext4_orphan_get:1410: comm syz.0.271: couldn't read orphan inode 15 (err -117) [ 180.329057][ T5229] EXT4-fs error (device loop3): ext4_do_update_inode:5279: inode #16: comm syz.3.267: corrupted inode contents [ 180.414236][ T5229] EXT4-fs (loop3): Remounting filesystem read-only [ 180.417498][ T5242] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 180.431433][ T5229] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #16: comm syz.3.267: mark_inode_dirty error [ 180.504171][ T5229] EXT4-fs (loop3): Remounting filesystem read-only [ 180.657594][ T5229] EXT4-fs error (device loop3): ext4_do_update_inode:5279: inode #16: comm syz.3.267: corrupted inode contents [ 180.682383][ T5229] EXT4-fs (loop3): Remounting filesystem read-only [ 180.689119][ T5229] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 180.763233][ T5253] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 181.214584][ T5229] EXT4-fs (loop3): Remounting filesystem read-only [ 181.224748][ T5229] EXT4-fs error (device loop3): ext4_do_update_inode:5279: inode #16: comm syz.3.267: corrupted inode contents [ 181.245434][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 181.302943][ T5229] EXT4-fs (loop3): Remounting filesystem read-only [ 181.325069][ T5229] EXT4-fs error (device loop3): ext4_truncate:4325: inode #16: comm syz.3.267: mark_inode_dirty error [ 181.379368][ T5229] EXT4-fs (loop3): Remounting filesystem read-only [ 181.430430][ T5229] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 181.467666][ T5229] EXT4-fs (loop3): Remounting filesystem read-only [ 181.586816][ T5257] netlink: 'syz.0.275': attribute type 1 has an invalid length. [ 181.702338][ T5229] EXT4-fs (loop3): 1 truncate cleaned up [ 181.716581][ T5229] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 181.725997][ T5229] ext4 filesystem being mounted at /57/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 181.745105][ T4392] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 181.822668][ T4392] EXT4-fs error (device loop3): ext4_release_dquot:6877: comm kworker/u4:7: Failed to release dquot type 1 [ 181.881690][ T4392] EXT4-fs (loop3): Remounting filesystem read-only [ 182.261820][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 182.334250][ T5269] loop5: detected capacity change from 0 to 7 [ 182.344839][ T5269] Dev loop5: unable to read RDB block 7 [ 182.351920][ T5269] loop5: unable to read partition table [ 182.358529][ T5269] loop5: partition table beyond EOD, truncated [ 182.365116][ T5269] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 182.378356][ T5269] binder: 5266:5269 ioctl c0285840 200000000000 returned -22 [ 182.724469][ T5271] netlink: 12 bytes leftover after parsing attributes in process `syz.0.281'. [ 182.919839][ T5271] netlink: 20 bytes leftover after parsing attributes in process `syz.0.281'. [ 183.151194][ T26] audit: type=1326 audit(1777310846.023:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5274 comm="syz.3.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0859cdd9 code=0x7ffc0000 [ 183.277423][ T26] audit: type=1326 audit(1777310846.063:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5274 comm="syz.3.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0859cdd9 code=0x7ffc0000 [ 183.401140][ T26] audit: type=1326 audit(1777310846.063:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5274 comm="syz.3.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0859cdd9 code=0x7ffc0000 [ 183.491228][ T26] audit: type=1326 audit(1777310846.063:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5274 comm="syz.3.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0859cdd9 code=0x7ffc0000 [ 183.761003][ T5288] loop3: detected capacity change from 0 to 1024 [ 183.867042][ T26] audit: type=1326 audit(1777310846.063:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5274 comm="syz.3.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=30 compat=0 ip=0x7f9f0859cdd9 code=0x7ffc0000 [ 183.917675][ T5288] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 183.979191][ T5293] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 184.076551][ T26] audit: type=1326 audit(1777310846.063:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5274 comm="syz.3.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0859cdd9 code=0x7ffc0000 [ 184.121746][ T26] audit: type=1326 audit(1777310846.063:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5274 comm="syz.3.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0859cdd9 code=0x7ffc0000 [ 184.148762][ T26] audit: type=1326 audit(1777310846.063:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5274 comm="syz.3.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f9f0859cdd9 code=0x7ffc0000 [ 184.184290][ T26] audit: type=1326 audit(1777310846.063:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5274 comm="syz.3.282" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f9f0859cdd9 code=0x7ffc0000 [ 184.403902][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 184.482753][ T5297] netlink: 'syz.1.290': attribute type 4 has an invalid length. [ 184.491585][ T5297] netlink: 152 bytes leftover after parsing attributes in process `syz.1.290'. [ 184.503750][ T5297] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 184.728041][ T5305] loop4: detected capacity change from 0 to 512 [ 185.233094][ T5305] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 185.307815][ T5305] System zones: 0-2, 18-18, 34-34 [ 185.414194][ T5305] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 185.505967][ T5305] EXT4-fs (loop4): Remounting filesystem read-only [ 185.516177][ T5305] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #16: comm syz.4.293: corrupted inode contents [ 185.544450][ T5305] EXT4-fs (loop4): Remounting filesystem read-only [ 185.588805][ T5305] EXT4-fs error (device loop4): ext4_dirty_inode:6156: inode #16: comm syz.4.293: mark_inode_dirty error [ 185.626021][ T5305] EXT4-fs (loop4): Remounting filesystem read-only [ 185.634667][ T5305] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #16: comm syz.4.293: corrupted inode contents [ 185.635226][ T5305] EXT4-fs (loop4): Remounting filesystem read-only [ 185.657097][ T5305] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz.4.293: mark_inode_dirty error [ 186.088832][ T5315] loop5: detected capacity change from 0 to 7 [ 186.112204][ T5315] Dev loop5: unable to read RDB block 7 [ 186.119106][ T5315] loop5: unable to read partition table [ 186.126664][ T5315] loop5: partition table beyond EOD, truncated [ 186.133401][ T5315] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 186.151451][ T5323] binder: 5313:5323 ioctl c0285840 200000000000 returned -22 [ 186.386937][ T5305] EXT4-fs (loop4): Remounting filesystem read-only [ 186.397651][ T5305] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #16: comm syz.4.293: corrupted inode contents [ 186.417698][ T5305] EXT4-fs (loop4): Remounting filesystem read-only [ 186.434048][ T5305] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz.4.293: mark_inode_dirty error [ 186.692575][ T5305] EXT4-fs (loop4): Remounting filesystem read-only [ 186.699234][ T5305] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #16: comm syz.4.293: corrupted inode contents [ 186.965098][ T5333] netlink: 8 bytes leftover after parsing attributes in process `syz.3.301'. [ 186.994892][ T5305] EXT4-fs (loop4): Remounting filesystem read-only [ 187.044078][ T5305] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 187.107126][ T5305] EXT4-fs (loop4): Remounting filesystem read-only [ 187.141239][ T5305] EXT4-fs error (device loop4): ext4_do_update_inode:5279: inode #16: comm syz.4.293: corrupted inode contents [ 187.221109][ T5305] EXT4-fs (loop4): Remounting filesystem read-only [ 187.253171][ T5305] EXT4-fs error (device loop4): ext4_truncate:4325: inode #16: comm syz.4.293: mark_inode_dirty error [ 187.320382][ T5305] EXT4-fs (loop4): Remounting filesystem read-only [ 187.359402][ T5305] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 187.415840][ T5305] EXT4-fs (loop4): Remounting filesystem read-only [ 187.456070][ T5305] EXT4-fs (loop4): 1 truncate cleaned up [ 187.685863][ T5305] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 187.728587][ T4392] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 187.771100][ T5305] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.785037][ T4392] EXT4-fs error (device loop4): ext4_release_dquot:6877: comm kworker/u4:7: Failed to release dquot type 1 [ 187.860553][ T5339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.949600][ T4392] EXT4-fs (loop4): Remounting filesystem read-only [ 188.043943][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 188.327566][ T5344] loop4: detected capacity change from 0 to 2048 [ 188.441696][ T5344] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 188.560582][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 188.751410][ T5352] netlink: 'syz.4.308': attribute type 27 has an invalid length. [ 188.816176][ T5354] loop4: detected capacity change from 0 to 256 [ 188.859886][ T5354] FAT-fs (loop4): Unrecognized mount option "ÿÿÿÿ0x0000000000000000" or missing value [ 188.987388][ T5358] loop5: detected capacity change from 0 to 7 [ 189.044804][ T5358] Dev loop5: unable to read RDB block 7 [ 189.050821][ T5358] loop5: unable to read partition table [ 189.057368][ T5358] loop5: partition table beyond EOD, truncated [ 189.064526][ T5358] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 189.081842][ T5360] binder: 5356:5360 ioctl c0285840 200000000000 returned -22 [ 189.811004][ T5355] loop3: detected capacity change from 0 to 4096 [ 190.115089][ T5355] af_packet: tpacket_rcv: packet too big, clamped from 27544 to 3942. macoff=106 [ 190.960007][ T5355] syz.3.309 (5355) used greatest stack depth: 20304 bytes left [ 191.054146][ T5352] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.063512][ T5352] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.919718][ T5352] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 193.049246][ T5352] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 193.274357][ T5379] loop2: detected capacity change from 0 to 512 [ 193.355784][ T5379] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002] [ 193.384625][ T5379] System zones: 0-2, 18-18, 34-34 [ 193.416949][ T5379] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters [ 193.442329][ T5379] EXT4-fs (loop2): Remounting filesystem read-only [ 193.450094][ T5379] EXT4-fs error (device loop2): ext4_do_update_inode:5279: inode #16: comm syz.2.315: corrupted inode contents [ 193.464601][ T5379] EXT4-fs (loop2): Remounting filesystem read-only [ 193.480122][ T5379] EXT4-fs error (device loop2): ext4_dirty_inode:6156: inode #16: comm syz.2.315: mark_inode_dirty error [ 193.495376][ T5379] EXT4-fs (loop2): Remounting filesystem read-only [ 193.502459][ T5379] EXT4-fs error (device loop2): ext4_do_update_inode:5279: inode #16: comm syz.2.315: corrupted inode contents [ 193.516007][ T5379] EXT4-fs (loop2): Remounting filesystem read-only [ 193.528540][ T5379] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #16: comm syz.2.315: mark_inode_dirty error [ 193.544113][ T5379] EXT4-fs (loop2): Remounting filesystem read-only [ 193.551141][ T5379] EXT4-fs error (device loop2): ext4_do_update_inode:5279: inode #16: comm syz.2.315: corrupted inode contents [ 193.563646][ T5379] EXT4-fs (loop2): Remounting filesystem read-only [ 193.570236][ T5379] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #16: comm syz.2.315: mark_inode_dirty error [ 193.583064][ T5379] EXT4-fs (loop2): Remounting filesystem read-only [ 193.589988][ T5379] EXT4-fs error (device loop2): ext4_do_update_inode:5279: inode #16: comm syz.2.315: corrupted inode contents [ 193.609183][ T5379] EXT4-fs (loop2): Remounting filesystem read-only [ 193.618882][ T5379] EXT4-fs error (device loop2) in ext4_orphan_del:303: Corrupt filesystem [ 193.640911][ T5379] EXT4-fs (loop2): Remounting filesystem read-only [ 193.647796][ T5379] EXT4-fs error (device loop2): ext4_do_update_inode:5279: inode #16: comm syz.2.315: corrupted inode contents [ 193.687359][ T5379] EXT4-fs (loop2): Remounting filesystem read-only [ 193.700977][ T5379] EXT4-fs error (device loop2): ext4_truncate:4325: inode #16: comm syz.2.315: mark_inode_dirty error [ 193.738200][ T5379] EXT4-fs (loop2): Remounting filesystem read-only [ 193.760846][ T5379] EXT4-fs error (device loop2) in ext4_process_orphan:345: Corrupt filesystem [ 193.770321][ T5379] EXT4-fs (loop2): Remounting filesystem read-only [ 193.791367][ T5379] EXT4-fs (loop2): 1 truncate cleaned up [ 193.797636][ T5379] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 193.806900][ T5379] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 193.825749][ T11] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 193.856647][ T11] EXT4-fs error (device loop2): ext4_release_dquot:6877: comm kworker/u4:1: Failed to release dquot type 1 [ 193.887016][ T11] EXT4-fs (loop2): Remounting filesystem read-only [ 193.896586][ T5352] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.910808][ T5352] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.939717][ T5352] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.955886][ T5352] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.972577][ T4269] EXT4-fs (loop2): unmounting filesystem. [ 194.331912][ T5359] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 194.371243][ T5359] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.379705][ T5359] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.405290][ T5359] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 194.434636][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.442683][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.451767][ T5377] netlink: 8 bytes leftover after parsing attributes in process `syz.3.314'. [ 194.721642][ T5359] syz.4.308 (5359) used greatest stack depth: 20240 bytes left [ 194.843177][ T5394] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 195.550887][ T951] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 195.763079][ T951] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 195.785802][ T951] usb 2-1: config 0 has no interfaces? [ 195.809292][ T951] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 195.844154][ T951] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.861595][ T951] usb 2-1: config 0 descriptor?? [ 196.729373][ T5420] netlink: 8 bytes leftover after parsing attributes in process `syz.4.328'. [ 197.612408][ T5419] loop3: detected capacity change from 0 to 1024 [ 197.666154][ T5425] loop0: detected capacity change from 0 to 512 [ 197.743156][ T5419] hfsplus: unable to parse mount options [ 197.769449][ T5425] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 197.806744][ T5425] ext4 filesystem being mounted at /62/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 198.856217][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 199.032615][ T14] usb 2-1: USB disconnect, device number 3 [ 199.217229][ T4278] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 199.228027][ T4278] CPU: 1 PID: 4278 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 199.235646][ T4278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 199.246097][ T4278] Workqueue: hci0 hci_rx_work [ 199.250800][ T4278] Call Trace: [ 199.254104][ T4278] [ 199.257142][ T4278] dump_stack_lvl+0x188/0x24e [ 199.261932][ T4278] ? show_regs_print_info+0x12/0x12 [ 199.267140][ T4278] ? load_image+0x400/0x400 [ 199.271698][ T4278] sysfs_create_dir_ns+0x26a/0x290 [ 199.277259][ T4278] ? sysfs_warn_dup+0xa0/0xa0 [ 199.282402][ T4278] ? do_raw_spin_unlock+0x11d/0x230 [ 199.287700][ T4278] kobject_add_internal+0x61c/0xcc0 [ 199.293537][ T4278] kobject_add+0x160/0x230 [ 199.297979][ T4278] ? kobject_init+0x1d0/0x1d0 [ 199.302851][ T4278] ? klist_children_get+0x50/0x50 [ 199.308178][ T4278] ? get_device_parent+0x121/0x3f0 [ 199.313744][ T4278] device_add+0x483/0xfb0 [ 199.318222][ T4278] ? kmem_cache_free+0xf7/0x290 [ 199.323280][ T4278] hci_conn_add_sysfs+0xd1/0x1e0 [ 199.328354][ T4278] le_conn_complete_evt+0x1062/0x1670 [ 199.334209][ T4278] ? le_conn_complete_evt+0xe9/0x1670 [ 199.339833][ T4278] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 199.346562][ T4278] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 199.352346][ T4278] ? skb_pull_data+0xf7/0x200 [ 199.357261][ T4278] hci_le_conn_complete_evt+0x183/0x440 [ 199.363051][ T4278] ? hci_remote_host_features_evt+0x270/0x270 [ 199.369319][ T4278] hci_event_packet+0x7b9/0x1280 [ 199.374478][ T4278] ? bis_list+0x280/0x280 [ 199.378829][ T4278] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 199.385014][ T4278] ? kcov_remote_start+0x4c7/0x7e0 [ 199.390144][ T4278] ? patch_conexant_auto+0x1260/0x1650 [ 199.395819][ T4278] ? hci_send_to_monitor+0x9c/0x4a0 [ 199.401168][ T4278] hci_rx_work+0x3eb/0xd40 [ 199.405641][ T4278] ? _raw_spin_unlock+0x40/0x40 [ 199.410634][ T4278] ? process_one_work+0x7b0/0x1160 [ 199.415879][ T4278] process_one_work+0x8a2/0x1160 [ 199.420950][ T4278] ? worker_detach_from_pool+0x240/0x240 [ 199.426605][ T4278] ? _raw_spin_lock_irq+0xb7/0xf0 [ 199.431767][ T4278] ? _raw_spin_lock_irqsave+0x100/0x100 [ 199.437736][ T4278] ? kthread_data+0x4b/0xc0 [ 199.442298][ T4278] worker_thread+0xaa2/0x1270 [ 199.447636][ T4278] kthread+0x29d/0x330 [ 199.451812][ T4278] ? worker_clr_flags+0x1a0/0x1a0 [ 199.457116][ T4278] ? kthread_blkcg+0xd0/0xd0 [ 199.461985][ T4278] ret_from_fork+0x1f/0x30 [ 199.466617][ T4278] [ 199.522754][ T4278] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 199.537018][ T4278] Bluetooth: hci0: failed to register connection device [ 201.396325][ T5450] loop1: detected capacity change from 0 to 512 [ 201.621026][ T4278] Bluetooth: hci0: command 0x2016 tx timeout [ 201.630923][ T4278] Bluetooth: hci3: command 0x0406 tx timeout [ 201.630982][ T4286] Bluetooth: hci1: command 0x0406 tx timeout [ 201.637489][ T4278] Bluetooth: hci2: command 0x0406 tx timeout [ 201.637522][ T4278] Bluetooth: hci4: command 0x0406 tx timeout [ 201.717840][ T5450] EXT4-fs error (device loop1): ext4_do_update_inode:5279: inode #16: comm syz.1.339: corrupted inode contents [ 201.835731][ T5450] EXT4-fs error (device loop1): ext4_dirty_inode:6156: inode #16: comm syz.1.339: mark_inode_dirty error [ 201.949389][ T5450] EXT4-fs error (device loop1): ext4_do_update_inode:5279: inode #16: comm syz.1.339: corrupted inode contents [ 202.081776][ T5450] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.339: mark_inode_dirty error [ 202.198590][ T5450] EXT4-fs error (device loop1): ext4_do_update_inode:5279: inode #16: comm syz.1.339: corrupted inode contents [ 202.273021][ T5450] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 202.286438][ T5450] EXT4-fs error (device loop1): ext4_do_update_inode:5279: inode #16: comm syz.1.339: corrupted inode contents [ 202.307074][ T5450] EXT4-fs error (device loop1): ext4_truncate:4325: inode #16: comm syz.1.339: mark_inode_dirty error [ 202.326583][ T5450] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 202.353449][ T5450] EXT4-fs (loop1): 1 truncate cleaned up [ 202.359286][ T5450] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 202.371396][ T4524] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 202.386322][ T4524] EXT4-fs error (device loop1): ext4_release_dquot:6877: comm kworker/u4:13: Failed to release dquot type 1 [ 202.454966][ T5450] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 202.603465][ T5462] netlink: 8 bytes leftover after parsing attributes in process `syz.0.342'. [ 203.503562][ T4270] EXT4-fs (loop1): unmounting filesystem. [ 203.700829][ T4286] Bluetooth: hci0: command 0x0406 tx timeout [ 204.291055][ T14] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 204.312492][ T5479] netlink: 2028 bytes leftover after parsing attributes in process `syz.1.349'. [ 204.357971][ T5479] netlink: 20 bytes leftover after parsing attributes in process `syz.1.349'. [ 204.463709][ T4286] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 204.474907][ T4286] CPU: 0 PID: 4286 Comm: kworker/u5:8 Not tainted syzkaller #0 [ 204.482773][ T4286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 204.493136][ T4286] Workqueue: hci3 hci_rx_work [ 204.497869][ T4286] Call Trace: [ 204.501269][ T4286] [ 204.504238][ T4286] dump_stack_lvl+0x188/0x24e [ 204.508967][ T4286] ? show_regs_print_info+0x12/0x12 [ 204.514297][ T4286] ? load_image+0x400/0x400 [ 204.518869][ T4286] sysfs_create_dir_ns+0x26a/0x290 [ 204.524208][ T4286] ? sysfs_warn_dup+0xa0/0xa0 [ 204.529023][ T4286] ? do_raw_spin_unlock+0x11d/0x230 [ 204.534272][ T4286] kobject_add_internal+0x61c/0xcc0 [ 204.539533][ T4286] kobject_add+0x160/0x230 [ 204.544173][ T4286] ? kobject_init+0x1d0/0x1d0 [ 204.548901][ T4286] ? klist_children_get+0x50/0x50 [ 204.554061][ T4286] ? get_device_parent+0x121/0x3f0 [ 204.559390][ T4286] device_add+0x483/0xfb0 [ 204.563841][ T4286] ? kmem_cache_free+0xf7/0x290 [ 204.568779][ T4286] hci_conn_add_sysfs+0xd1/0x1e0 [ 204.573854][ T4286] le_conn_complete_evt+0x1062/0x1670 [ 204.579389][ T4286] ? le_conn_complete_evt+0xe9/0x1670 [ 204.584816][ T4286] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 204.591111][ T4286] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 204.596888][ T4286] ? skb_pull_data+0xf7/0x200 [ 204.601610][ T4286] hci_le_conn_complete_evt+0x183/0x440 [ 204.607390][ T4286] ? hci_remote_host_features_evt+0x270/0x270 [ 204.613854][ T4286] hci_event_packet+0x7b9/0x1280 [ 204.618863][ T4286] ? bis_list+0x280/0x280 [ 204.623326][ T4286] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 204.629289][ T4286] ? kcov_remote_start+0x4c7/0x7e0 [ 204.634626][ T4286] ? patch_conexant_auto+0x1260/0x1650 [ 204.640374][ T4286] ? hci_send_to_monitor+0x9c/0x4a0 [ 204.645673][ T4286] hci_rx_work+0x3eb/0xd40 [ 204.650155][ T4286] ? _raw_spin_unlock+0x40/0x40 [ 204.655422][ T4286] ? process_one_work+0x7b0/0x1160 [ 204.660876][ T4286] process_one_work+0x8a2/0x1160 [ 204.666047][ T4286] ? worker_detach_from_pool+0x240/0x240 [ 204.671917][ T4286] ? _raw_spin_lock_irq+0xb7/0xf0 [ 204.677493][ T4286] ? _raw_spin_lock_irqsave+0x100/0x100 [ 204.683368][ T4286] ? kthread_data+0x4b/0xc0 [ 204.688047][ T4286] worker_thread+0xaa2/0x1270 [ 204.692816][ T4286] ? __kthread_parkme+0x162/0x1c0 [ 204.697906][ T4286] kthread+0x29d/0x330 [ 204.702016][ T4286] ? worker_clr_flags+0x1a0/0x1a0 [ 204.707363][ T4286] ? kthread_blkcg+0xd0/0xd0 [ 204.711990][ T4286] ret_from_fork+0x1f/0x30 [ 204.716650][ T4286] [ 204.800423][ T14] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 204.815302][ T4286] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 204.829922][ T4286] Bluetooth: hci3: failed to register connection device [ 204.941577][ T14] usb 1-1: config 0 has no interfaces? [ 205.021123][ T14] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 205.131478][ T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.409966][ T14] usb 1-1: config 0 descriptor?? [ 206.900826][ T4286] Bluetooth: hci3: command 0x2016 tx timeout [ 207.435263][ T4313] usb 1-1: USB disconnect, device number 7 [ 208.073403][ T5503] binder: 5501:5503 ioctl c0285840 200000000000 returned -22 [ 209.263822][ T5514] loop3: detected capacity change from 0 to 512 [ 209.338321][ T5514] EXT4-fs error (device loop3): ext4_orphan_get:1405: inode #15: comm syz.3.362: inode has both inline data and extents flags [ 209.355782][ T5516] loop4: detected capacity change from 0 to 512 [ 209.371110][ T5514] EXT4-fs error (device loop3): ext4_orphan_get:1410: comm syz.3.362: couldn't read orphan inode 15 (err -117) [ 209.439719][ T5514] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 209.466472][ T5516] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 209.598149][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 209.609888][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 209.833897][ T4286] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 209.844922][ T4286] CPU: 0 PID: 4286 Comm: kworker/u5:8 Not tainted syzkaller #0 [ 209.852520][ T4286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 209.862971][ T4286] Workqueue: hci3 hci_rx_work [ 209.867700][ T4286] Call Trace: [ 209.871235][ T4286] [ 209.874208][ T4286] dump_stack_lvl+0x188/0x24e [ 209.879033][ T4286] ? show_regs_print_info+0x12/0x12 [ 209.884283][ T4286] ? load_image+0x400/0x400 [ 209.889026][ T4286] sysfs_create_dir_ns+0x26a/0x290 [ 209.894885][ T4286] ? sysfs_warn_dup+0xa0/0xa0 [ 209.899699][ T4286] ? do_raw_spin_unlock+0x11d/0x230 [ 209.904949][ T4286] kobject_add_internal+0x61c/0xcc0 [ 209.910378][ T4286] kobject_add+0x160/0x230 [ 209.914852][ T4286] ? kobject_init+0x1d0/0x1d0 [ 209.919672][ T4286] ? klist_children_get+0x50/0x50 [ 209.925272][ T4286] ? get_device_parent+0x121/0x3f0 [ 209.930429][ T4286] device_add+0x483/0xfb0 [ 209.934885][ T4286] ? kmem_cache_free+0xf7/0x290 [ 209.939798][ T4286] hci_conn_add_sysfs+0xd1/0x1e0 [ 209.944786][ T4286] le_conn_complete_evt+0x1062/0x1670 [ 209.950385][ T4286] ? le_conn_complete_evt+0xe9/0x1670 [ 209.955991][ T4286] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 209.962366][ T4286] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 209.968052][ T4286] ? skb_pull_data+0xf7/0x200 [ 209.972777][ T4286] hci_le_conn_complete_evt+0x183/0x440 [ 209.978638][ T4286] ? hci_remote_host_features_evt+0x270/0x270 [ 209.985112][ T4286] hci_event_packet+0x7b9/0x1280 [ 209.990135][ T4286] ? bis_list+0x280/0x280 [ 209.994545][ T4286] ? lockdep_hardirqs_on+0x94/0x140 [ 209.999822][ T4286] ? hci_rx_work+0x280/0xd40 [ 210.004559][ T4286] hci_rx_work+0x3eb/0xd40 [ 210.009318][ T4286] ? _raw_spin_unlock+0x40/0x40 [ 210.014240][ T4286] ? process_one_work+0x7b0/0x1160 [ 210.019486][ T4286] process_one_work+0x8a2/0x1160 [ 210.024747][ T4286] ? worker_detach_from_pool+0x240/0x240 [ 210.030529][ T4286] ? _raw_spin_lock_irq+0xb7/0xf0 [ 210.036481][ T4286] ? _raw_spin_lock_irqsave+0x100/0x100 [ 210.042161][ T4286] ? kthread_data+0x4b/0xc0 [ 210.046810][ T4286] worker_thread+0xaa2/0x1270 [ 210.051726][ T4286] ? __kthread_parkme+0x162/0x1c0 [ 210.056988][ T4286] kthread+0x29d/0x330 [ 210.061354][ T4286] ? worker_clr_flags+0x1a0/0x1a0 [ 210.066677][ T4286] ? kthread_blkcg+0xd0/0xd0 [ 210.071324][ T4286] ret_from_fork+0x1f/0x30 [ 210.075805][ T4286] [ 210.129190][ T4286] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 210.163472][ T4286] Bluetooth: hci3: failed to register connection device [ 211.993266][ T5533] loop4: detected capacity change from 0 to 128 [ 212.180846][ T4286] Bluetooth: hci3: command 0x2016 tx timeout [ 213.600914][ T5550] loop3: detected capacity change from 0 to 2048 [ 213.665711][ T5550] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 213.864413][ T5550] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 214.647700][ T5550] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 214.714560][ T5550] EXT4-fs (loop3): shut down requested (0) [ 214.809772][ T5563] loop0: detected capacity change from 0 to 128 [ 215.023556][ T48] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 215.040899][ T48] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 215.050690][ T48] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 215.058625][ T48] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 215.067980][ T48] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 215.075933][ T48] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 215.154117][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 215.505243][ T5584] loop1: detected capacity change from 0 to 2048 [ 215.857748][ T5566] chnl_net:caif_netlink_parms(): no params data found [ 215.893423][ T5590] netlink: 'syz.1.389': attribute type 27 has an invalid length. [ 216.190182][ T5597] loop4: detected capacity change from 0 to 128 [ 216.438950][ T5590] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.447438][ T5590] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.117725][ T5590] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 217.141032][ T48] Bluetooth: hci5: command 0x0409 tx timeout [ 217.169986][ T5590] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 217.460000][ T5590] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.469555][ T5590] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.480129][ T5590] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.489216][ T5590] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.774627][ T38] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.168429][ T38] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.426690][ T38] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.467653][ T5566] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.479442][ T5566] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.499809][ T5566] device bridge_slave_0 entered promiscuous mode [ 218.564966][ T38] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.588741][ T5636] netlink: 'syz.3.399': attribute type 4 has an invalid length. [ 218.634388][ T5636] netlink: 152 bytes leftover after parsing attributes in process `syz.3.399'. [ 218.714823][ T5636] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 218.737526][ T5566] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.750199][ T5566] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.760024][ T5566] device bridge_slave_1 entered promiscuous mode [ 218.803547][ T5566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.833877][ T5566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.901347][ T5566] team0: Port device team_slave_0 added [ 218.918191][ T5566] team0: Port device team_slave_1 added [ 219.016905][ T5566] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.024405][ T5566] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.051949][ T5566] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.124938][ T5566] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.150966][ T5566] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.195784][ T5566] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.220786][ T48] Bluetooth: hci5: command 0x041b tx timeout [ 219.763003][ T5566] device hsr_slave_0 entered promiscuous mode [ 220.278764][ T5566] device hsr_slave_1 entered promiscuous mode [ 220.541123][ T5566] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 220.583893][ T5566] Cannot create hsr debugfs directory [ 221.301118][ T48] Bluetooth: hci5: command 0x040f tx timeout [ 221.615179][ T5664] netlink: 'syz.4.405': attribute type 27 has an invalid length. [ 224.136144][ T48] Bluetooth: hci5: command 0x0419 tx timeout [ 224.419611][ T5700] loop5: detected capacity change from 0 to 7 [ 224.431506][ T5700] Dev loop5: unable to read RDB block 7 [ 224.437841][ T5700] loop5: unable to read partition table [ 224.445757][ T5700] loop5: partition table beyond EOD, truncated [ 224.452434][ T5700] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 224.468623][ T5700] binder: 5694:5700 ioctl c0285840 200000000000 returned -22 [ 225.254295][ T5566] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 225.301401][ T5566] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 225.360190][ T5566] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 225.453413][ T5566] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 225.534155][ T5718] loop4: detected capacity change from 0 to 256 [ 225.899311][ T5716] netlink: 'syz.1.422': attribute type 4 has an invalid length. [ 225.907994][ T5716] netlink: 152 bytes leftover after parsing attributes in process `syz.1.422'. [ 225.917693][ T5716] .`: renamed from bond0 [ 226.485144][ T38] device hsr_slave_0 left promiscuous mode [ 226.528894][ T38] device hsr_slave_1 left promiscuous mode [ 226.676527][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 226.708957][ T38] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 226.730045][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 226.749914][ T38] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 226.781330][ T38] device bridge_slave_1 left promiscuous mode [ 226.791759][ T38] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.744433][ T38] device bridge_slave_0 left promiscuous mode [ 227.750907][ T38] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.786268][ T38] device veth1_macvtap left promiscuous mode [ 227.793139][ T38] device veth0_macvtap left promiscuous mode [ 227.799736][ T38] device veth1_vlan left promiscuous mode [ 227.812203][ T38] device veth0_vlan left promiscuous mode [ 228.536484][ T5757] loop0: detected capacity change from 0 to 128 [ 230.176375][ T38] team0 (unregistering): Port device team_slave_1 removed [ 230.224136][ T38] team0 (unregistering): Port device team_slave_0 removed [ 230.274624][ T38] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 230.322933][ T38] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 230.678686][ T38] bond0 (unregistering): Released all slaves [ 231.139933][ T5771] device syzkaller0 entered promiscuous mode [ 231.155931][ T5775] loop3: detected capacity change from 0 to 256 [ 231.530229][ T5566] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.630516][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 231.652994][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 231.880434][ T5566] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.946907][ T5792] netlink: 'syz.1.437': attribute type 4 has an invalid length. [ 231.955210][ T5792] netlink: 152 bytes leftover after parsing attributes in process `syz.1.437'. [ 232.295499][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.397515][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.477586][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.484820][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.551124][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 232.808773][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 232.842511][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 233.877545][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.885782][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.022201][ T7] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 234.105352][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 234.134346][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 234.195610][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 234.267741][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 234.312936][ T7] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 234.370915][ T7] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 234.377670][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 234.384687][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.415184][ T7] usb 2-1: config 0 descriptor?? [ 234.446381][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 234.481863][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 234.588991][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 234.607241][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 234.666402][ T5566] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 234.721896][ T5566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 234.780905][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 234.789639][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 234.880814][ T7] ath6kl: Unsupported hardware version: 0x0 [ 234.898268][ T7] ath6kl: Failed to init ath6kl core: -22 [ 235.055767][ T7] ath6kl_usb: probe of 2-1:0.0 failed with error -22 [ 235.112346][ T5840] netlink: 35 bytes leftover after parsing attributes in process `syz.0.452'. [ 235.257397][ T7] usb 2-1: USB disconnect, device number 4 [ 236.226239][ T5856] Cannot find add_set index 0 as target [ 236.380415][ T5181] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 236.398753][ T5181] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 236.441746][ T5566] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.639114][ T5866] ieee802154 phy0 wpan0: encryption failed: -22 [ 238.220732][ T4316] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 239.337453][ T4316] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 239.420822][ T4316] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 239.470871][ T4316] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.566022][ T4316] usb 5-1: config 0 descriptor?? [ 240.032746][ T4316] ath6kl: Unsupported hardware version: 0x0 [ 240.050830][ T4316] ath6kl: Failed to init ath6kl core: -22 [ 240.121212][ T4316] ath6kl_usb: probe of 5-1:0.0 failed with error -22 [ 240.138088][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 240.176002][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 240.186850][ T5914] ieee802154 phy0 wpan0: encryption failed: -22 [ 240.209758][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 240.238548][ T4316] usb 5-1: USB disconnect, device number 2 [ 240.272454][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 240.292821][ T5566] device veth0_vlan entered promiscuous mode [ 240.302180][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 240.321182][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 240.354072][ T5566] device veth1_vlan entered promiscuous mode [ 240.472427][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 240.519783][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 240.558973][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 240.598568][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 240.641715][ T5566] device veth0_macvtap entered promiscuous mode [ 240.669184][ T5924] netlink: 'syz.1.474': attribute type 4 has an invalid length. [ 240.688011][ T5924] netlink: 152 bytes leftover after parsing attributes in process `syz.1.474'. [ 240.706795][ T5566] device veth1_macvtap entered promiscuous mode [ 240.747608][ T5923] loop3: detected capacity change from 0 to 2048 [ 240.794825][ T5566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.871221][ T5566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.888022][ T5923] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 240.920253][ T5923] ext4 filesystem being mounted at /101/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 240.941398][ T5566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.964119][ T5566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.999064][ T5566] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 241.027674][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 241.153044][ T5930] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set [ 241.198896][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 241.311202][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 241.860900][ T5930] EXT4-fs (loop3): Remounting filesystem read-only [ 241.965047][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 242.018687][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 242.068610][ T5566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.120714][ T5566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.160838][ T5566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.203986][ T5566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.219059][ T5566] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.245073][ T5566] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.278989][ T5566] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.305127][ T5566] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.324168][ T5566] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.480019][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 242.508626][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 242.589100][ T5942] loop2: detected capacity change from 0 to 7 [ 242.619709][ T4376] Dev loop2: unable to read RDB block 7 [ 242.632225][ T4376] loop2: unable to read partition table [ 242.638292][ T4376] loop2: partition table beyond EOD, truncated [ 242.673610][ T5951] loop4: detected capacity change from 0 to 512 [ 242.791380][ T5951] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 244.511949][ T5942] Dev loop2: unable to read RDB block 7 [ 244.533881][ T5964] ieee802154 phy0 wpan0: encryption failed: -22 [ 244.561487][ T5942] loop2: unable to read partition table [ 244.567276][ T5942] loop2: partition table beyond EOD, truncated [ 244.620415][ T5942] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 244.773911][ T4467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.813352][ T4467] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.903098][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 244.930437][ T4343] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.969827][ T4343] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.993676][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 245.111004][ T4365] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 245.801538][ T4365] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 245.861623][ T4365] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 245.917434][ T4365] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 245.979719][ T4365] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.988594][ T5979] random: crng reseeded on system resumption [ 246.081283][ T4365] usb 4-1: config 0 descriptor?? [ 246.216635][ T5982] loop0: detected capacity change from 0 to 4096 [ 246.388306][ T5982] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 246.497345][ T4365] ath6kl: Unsupported hardware version: 0x0 [ 246.507352][ T4365] ath6kl: Failed to init ath6kl core: -22 [ 246.537556][ T5982] EXT4-fs: Ignoring removed nobh option [ 246.556901][ T5982] EXT4-fs: Ignoring removed mblk_io_submit option [ 246.606846][ T4365] ath6kl_usb: probe of 4-1:0.0 failed with error -22 [ 246.607478][ T5982] EXT4-fs: Cannot change journaled quota options when quota turned on [ 246.706553][ T4365] usb 4-1: USB disconnect, device number 5 [ 246.920419][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 247.457684][ T6006] loop1: detected capacity change from 0 to 512 [ 247.503096][ T6010] ieee802154 phy0 wpan0: encryption failed: -22 [ 247.524574][ T6009] loop3: detected capacity change from 0 to 128 [ 247.619798][ T6006] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 248.204418][ T6024] loop0: detected capacity change from 0 to 1024 [ 248.242668][ T6024] hfsplus: unable to parse mount options [ 249.286822][ T4270] EXT4-fs (loop1): unmounting filesystem. [ 249.402866][ T6038] netlink: 'syz.3.498': attribute type 27 has an invalid length. [ 249.464606][ T6042] loop1: detected capacity change from 0 to 512 [ 249.478493][ T6043] loop3: detected capacity change from 0 to 256 [ 249.524071][ T6043] FAT-fs (loop3): Unrecognized mount option "ÿÿÿÿ0x0000000000000000" or missing value [ 249.820826][ T4317] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 250.012835][ T4317] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 250.038431][ T4317] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 250.064548][ T4317] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 250.086665][ T4317] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.172261][ T4317] usb 5-1: config 0 descriptor?? [ 250.549233][ T6038] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.556768][ T6038] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.706011][ T4317] ath6kl: Unsupported hardware version: 0x0 [ 250.713381][ T4317] ath6kl: Failed to init ath6kl core: -22 [ 250.750456][ T4317] ath6kl_usb: probe of 5-1:0.0 failed with error -22 [ 251.539874][ T4317] usb 5-1: USB disconnect, device number 3 [ 252.264365][ T6076] loop4: detected capacity change from 0 to 128 [ 252.550466][ T6038] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 252.648731][ T6038] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 253.465133][ T6038] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.474614][ T6038] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.485277][ T6038] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.495100][ T6038] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.725370][ T6046] netlink: 'syz.0.503': attribute type 4 has an invalid length. [ 253.745120][ T6046] netlink: 152 bytes leftover after parsing attributes in process `syz.0.503'. [ 253.804323][ T6046] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 254.066205][ T6088] loop0: detected capacity change from 0 to 128 [ 254.106296][ T6094] loop5: detected capacity change from 0 to 512 [ 254.154650][ T6094] EXT4-fs: Ignoring removed oldalloc option [ 254.210868][ T6094] EXT4-fs: Ignoring removed nobh option [ 254.355137][ T6094] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: inode #11: comm syz.5.516: iget: bad extra_isize 90 (inode size 256) [ 254.367516][ T6095] loop3: detected capacity change from 0 to 1024 [ 254.497181][ T6094] EXT4-fs (loop5): Remounting filesystem read-only [ 254.529373][ T6094] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.516: error while reading EA inode 11 err=-117 [ 254.700432][ T6095] hfsplus: unable to parse mount options [ 254.722452][ T6094] EXT4-fs (loop5): Remounting filesystem read-only [ 254.730038][ T6094] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: inode #11: comm syz.5.516: iget: bad extra_isize 90 (inode size 256) [ 255.513428][ T6094] EXT4-fs (loop5): Remounting filesystem read-only [ 255.543868][ T6107] loop0: detected capacity change from 0 to 128 [ 255.561086][ T6094] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.516: error while reading EA inode 11 err=-117 [ 255.611260][ T6094] EXT4-fs (loop5): Remounting filesystem read-only [ 255.636086][ T6094] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: inode #18: comm syz.5.516: iget: bad extra_isize 90 (inode size 256) [ 255.685042][ T6094] EXT4-fs (loop5): Remounting filesystem read-only [ 255.726609][ T6094] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.516: error while reading EA inode 18 err=-117 [ 255.767358][ T6094] EXT4-fs (loop5): Remounting filesystem read-only [ 255.804686][ T6094] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: inode #18: comm syz.5.516: iget: bad extra_isize 90 (inode size 256) [ 255.865671][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.872191][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.878598][ T6094] EXT4-fs (loop5): Remounting filesystem read-only [ 255.970780][ T6094] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.516: error while reading EA inode 18 err=-117 [ 256.015602][ T6094] EXT4-fs (loop5): Remounting filesystem read-only [ 256.057795][ T6094] EXT4-fs (loop5): 1 orphan inode deleted [ 256.085685][ T6114] loop4: detected capacity change from 0 to 512 [ 256.096372][ T6094] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 256.170333][ T6114] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 256.191784][ T6114] ext4 filesystem being mounted at /100/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 256.275724][ T6114] EXT4-fs (loop4): shut down requested (1) [ 256.315984][ T6094] EXT4-fs error (device loop5): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.5.516: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 256.422263][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 256.443144][ T6094] EXT4-fs (loop5): Remounting filesystem read-only [ 256.636797][ T5566] EXT4-fs (loop5): unmounting filesystem. [ 256.844012][ T6128] netlink: 'syz.1.526': attribute type 27 has an invalid length. [ 256.926887][ T6131] loop1: detected capacity change from 0 to 256 [ 256.981830][ T6131] FAT-fs (loop1): Unrecognized mount option "ÿÿÿÿ0x0000000000000000" or missing value [ 257.085290][ T6136] netlink: 'syz.5.525': attribute type 4 has an invalid length. [ 257.093362][ T6136] netlink: 152 bytes leftover after parsing attributes in process `syz.5.525'. [ 257.367375][ T48] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 257.377706][ T48] CPU: 0 PID: 48 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 257.385197][ T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 257.395474][ T48] Workqueue: hci4 hci_rx_work [ 257.400256][ T48] Call Trace: [ 257.403628][ T48] [ 257.406668][ T48] dump_stack_lvl+0x188/0x24e [ 257.411380][ T48] ? show_regs_print_info+0x12/0x12 [ 257.416750][ T48] ? load_image+0x400/0x400 [ 257.421290][ T48] sysfs_create_dir_ns+0x26a/0x290 [ 257.426542][ T48] ? sysfs_warn_dup+0xa0/0xa0 [ 257.431402][ T48] ? do_raw_spin_unlock+0x11d/0x230 [ 257.436998][ T48] kobject_add_internal+0x61c/0xcc0 [ 257.442317][ T48] kobject_add+0x160/0x230 [ 257.447190][ T48] ? kobject_init+0x1d0/0x1d0 [ 257.452079][ T48] ? klist_children_get+0x50/0x50 [ 257.457628][ T48] ? get_device_parent+0x121/0x3f0 [ 257.462967][ T48] device_add+0x483/0xfb0 [ 257.467352][ T48] ? kmem_cache_free+0xf7/0x290 [ 257.472388][ T48] hci_conn_add_sysfs+0xd1/0x1e0 [ 257.477374][ T48] le_conn_complete_evt+0x1062/0x1670 [ 257.482886][ T48] ? le_conn_complete_evt+0xe9/0x1670 [ 257.488403][ T48] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 257.494836][ T48] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 257.500760][ T48] ? skb_pull_data+0xf7/0x200 [ 257.505536][ T48] hci_le_conn_complete_evt+0x183/0x440 [ 257.511244][ T48] ? hci_remote_host_features_evt+0x270/0x270 [ 257.517967][ T48] hci_event_packet+0x7b9/0x1280 [ 257.523162][ T48] ? bis_list+0x280/0x280 [ 257.527692][ T48] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 257.533911][ T48] ? kcov_remote_start+0x4c7/0x7e0 [ 257.539053][ T48] ? patch_conexant_auto+0x1260/0x1650 [ 257.544744][ T48] ? hci_send_to_monitor+0x9c/0x4a0 [ 257.550124][ T48] hci_rx_work+0x3eb/0xd40 [ 257.554653][ T48] ? _raw_spin_unlock+0x40/0x40 [ 257.559619][ T48] ? process_one_work+0x7b0/0x1160 [ 257.564748][ T48] process_one_work+0x8a2/0x1160 [ 257.569801][ T48] ? worker_detach_from_pool+0x240/0x240 [ 257.575538][ T48] ? _raw_spin_lock_irq+0xb7/0xf0 [ 257.580670][ T48] ? _raw_spin_lock_irqsave+0x100/0x100 [ 257.586272][ T48] ? kthread_data+0x4b/0xc0 [ 257.590974][ T48] worker_thread+0xaa2/0x1270 [ 257.595785][ T48] kthread+0x29d/0x330 [ 257.599981][ T48] ? worker_clr_flags+0x1a0/0x1a0 [ 257.605462][ T48] ? kthread_blkcg+0xd0/0xd0 [ 257.610245][ T48] ret_from_fork+0x1f/0x30 [ 257.614721][ T48] [ 257.620826][ T48] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 257.635727][ T48] Bluetooth: hci4: failed to register connection device [ 259.336095][ T6136] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 259.375430][ T6142] netlink: 8 bytes leftover after parsing attributes in process `syz.0.528'. [ 259.700739][ T48] Bluetooth: hci4: command 0x2016 tx timeout [ 262.517092][ T6168] netlink: 'syz.0.535': attribute type 13 has an invalid length. [ 262.799474][ T6168] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 262.828995][ T6168] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 262.857712][ T6168] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 262.913481][ T6168] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 263.003365][ T6168] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 263.997713][ T6188] netlink: 'syz.4.541': attribute type 27 has an invalid length. [ 264.011260][ T6188] loop4: detected capacity change from 0 to 256 [ 264.023005][ T6188] FAT-fs (loop4): Unrecognized mount option "ÿÿÿÿ0x0000000000000000" or missing value [ 265.135619][ T6211] loop0: detected capacity change from 0 to 2048 [ 265.169319][ T6211] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000802) [ 267.380048][ T6222] loop4: detected capacity change from 0 to 512 [ 267.445151][ T6225] loop5: detected capacity change from 0 to 256 [ 267.518478][ T6222] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 267.767029][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 267.841731][ T6234] loop3: detected capacity change from 0 to 512 [ 267.891345][ T6234] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 267.962367][ T6234] EXT4-fs (loop3): orphan cleanup on readonly fs [ 267.973321][ T6234] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:511: comm syz.3.552: Block bitmap for bg 0 marked uninitialized [ 268.103780][ T6239] loop4: detected capacity change from 0 to 512 [ 268.157519][ T6234] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6180: Corrupt filesystem [ 268.233711][ T6234] EXT4-fs (loop3): 1 orphan inode deleted [ 268.240083][ T6234] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 268.286457][ T6239] EXT4-fs error (device loop4): ext4_iget_extra_inode:4763: inode #15: comm syz.4.553: corrupted in-inode xattr [ 268.309932][ T6242] netlink: 'syz.5.554': attribute type 4 has an invalid length. [ 268.318660][ T6242] netlink: 152 bytes leftover after parsing attributes in process `syz.5.554'. [ 268.328387][ T6242] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 268.378161][ T6239] EXT4-fs error (device loop4): ext4_orphan_get:1410: comm syz.4.553: couldn't read orphan inode 15 (err -117) [ 268.431047][ T6234] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 268.467786][ T6239] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 268.470726][ T6234] EXT4-fs (loop3): re-mounted. Quota mode: none. [ 268.542290][ T6234] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:511: comm syz.3.552: Block bitmap for bg 0 marked uninitialized [ 268.691721][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 268.912207][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 269.274958][ T6261] netlink: 'syz.0.559': attribute type 27 has an invalid length. [ 269.346198][ T6263] loop0: detected capacity change from 0 to 256 [ 269.456424][ T6263] FAT-fs (loop0): Unrecognized mount option "ÿÿÿÿ0x0000000000000000" or missing value [ 272.277496][ T6261] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.285857][ T6261] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.989239][ T6285] loop3: detected capacity change from 0 to 256 [ 273.650538][ T6261] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 273.737404][ T6261] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 274.124805][ T6261] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.134675][ T6261] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.143876][ T6261] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.152875][ T6261] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.292466][ T6296] loop3: detected capacity change from 0 to 512 [ 274.342770][ T6296] EXT4-fs error (device loop3): ext4_iget_extra_inode:4763: inode #15: comm syz.3.567: corrupted in-inode xattr [ 274.406337][ T6296] EXT4-fs error (device loop3): ext4_orphan_get:1410: comm syz.3.567: couldn't read orphan inode 15 (err -117) [ 274.503311][ T6296] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 274.718944][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 275.208859][ T6309] process 'syz.5.572' launched './file0' with NULL argv: empty string added [ 275.613450][ T6322] loop0: detected capacity change from 0 to 1024 [ 275.764234][ T6322] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 275.951736][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 276.270967][ T6328] netlink: 'syz.0.576': attribute type 4 has an invalid length. [ 276.279088][ T6328] netlink: 152 bytes leftover after parsing attributes in process `syz.0.576'. [ 276.289213][ T6328] .`: renamed from bond0 [ 278.771964][ T6339] netlink: 'syz.1.578': attribute type 27 has an invalid length. [ 278.838617][ T6342] loop1: detected capacity change from 0 to 256 [ 278.895935][ T6341] device syzkaller0 entered promiscuous mode [ 278.911695][ T6342] FAT-fs (loop1): Unrecognized mount option "ÿÿÿÿ0x0000000000000000" or missing value [ 279.648876][ T6355] loop3: detected capacity change from 0 to 512 [ 279.817335][ T6355] EXT4-fs error (device loop3): ext4_iget_extra_inode:4763: inode #15: comm syz.3.581: corrupted in-inode xattr [ 279.950907][ T6364] netlink: 12 bytes leftover after parsing attributes in process `syz.4.582'. [ 279.962558][ T6364] netlink: 16 bytes leftover after parsing attributes in process `syz.4.582'. [ 279.972384][ T6355] EXT4-fs error (device loop3): ext4_orphan_get:1410: comm syz.3.581: couldn't read orphan inode 15 (err -117) [ 279.985023][ T6364] netlink: 16 bytes leftover after parsing attributes in process `syz.4.582'. [ 280.001790][ T6355] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 280.263936][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 280.548147][ T6370] loop3: detected capacity change from 0 to 512 [ 280.727169][ T6370] FAT-fs (loop3): FAT read failed (blocknr 128) [ 282.286122][ T6400] netlink: 'syz.0.591': attribute type 4 has an invalid length. [ 282.298248][ T6400] netlink: 152 bytes leftover after parsing attributes in process `syz.0.591'. [ 283.261757][ T6413] loop0: detected capacity change from 0 to 512 [ 283.329411][ T6413] EXT4-fs error (device loop0): ext4_iget_extra_inode:4763: inode #15: comm syz.0.594: corrupted in-inode xattr [ 283.350748][ T6413] EXT4-fs error (device loop0): ext4_orphan_get:1410: comm syz.0.594: couldn't read orphan inode 15 (err -117) [ 283.438676][ T6413] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 283.663668][ T26] audit: type=1326 audit(1777310946.543:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6420 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9da999cdd9 code=0x7ffc0000 [ 283.683698][ T6421] loop4: detected capacity change from 0 to 128 [ 283.761119][ T26] audit: type=1326 audit(1777310946.543:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6420 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9da999cdd9 code=0x7ffc0000 [ 283.818238][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 283.919045][ T26] audit: type=1326 audit(1777310946.543:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6420 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9da999cdd9 code=0x7ffc0000 [ 284.059412][ T26] audit: type=1326 audit(1777310946.553:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6420 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f9da999cdd9 code=0x7ffc0000 [ 284.133007][ T6430] netlink: 4 bytes leftover after parsing attributes in process `syz.3.600'. [ 284.147978][ T26] audit: type=1326 audit(1777310946.563:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6420 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9da999cb42 code=0x7ffc0000 [ 284.290870][ T26] audit: type=1326 audit(1777310946.563:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6420 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f9da995d60e code=0x7ffc0000 [ 284.372877][ T26] audit: type=1326 audit(1777310946.563:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6420 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f9da999cc07 code=0x7ffc0000 [ 284.386152][ T6439] loop0: detected capacity change from 0 to 512 [ 284.451648][ T26] audit: type=1326 audit(1777310946.563:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6420 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9da995d60e code=0x7ffc0000 [ 284.499260][ T6439] EXT4-fs error (device loop0): ext4_orphan_get:1405: inode #15: comm syz.0.603: inode has both inline data and extents flags [ 284.521116][ T6439] EXT4-fs error (device loop0): ext4_orphan_get:1410: comm syz.0.603: couldn't read orphan inode 15 (err -117) [ 284.552761][ T6439] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 284.573613][ T26] audit: type=1326 audit(1777310946.563:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6420 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9da999ca6b code=0x7ffc0000 [ 284.599267][ T26] audit: type=1326 audit(1777310946.633:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6420 comm="syz.4.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9da999cdd9 code=0x7ffc0000 [ 284.637002][ T6441] device syzkaller0 entered promiscuous mode [ 284.735151][ T6447] Bluetooth: hci1: Frame reassembly failed (-84) [ 284.758707][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 284.865536][ T6449] device syzkaller0 entered promiscuous mode [ 284.919611][ T6451] autofs4:pid:6451:autofs_fill_super: called with bogus options [ 285.020997][ T6447] netlink: 4 bytes leftover after parsing attributes in process `syz.4.606'. [ 285.403014][ T6458] loop5: detected capacity change from 0 to 7 [ 285.432658][ T6458] Dev loop5: unable to read RDB block 7 [ 285.438641][ T6458] loop5: unable to read partition table [ 285.490816][ T6458] loop5: partition table beyond EOD, truncated [ 285.508447][ T6458] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 285.508639][ T6461] binder: 6456:6461 ioctl c0285840 200000000000 returned -22 [ 286.078145][ T6479] loop0: detected capacity change from 0 to 256 [ 286.543674][ T6489] capability: warning: `syz.3.617' uses 32-bit capabilities (legacy support in use) [ 286.562871][ T6489] program syz.3.617 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 286.631175][ T6491] device syzkaller0 entered promiscuous mode [ 286.740743][ T4286] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 286.740914][ T48] Bluetooth: hci1: command 0x1003 tx timeout [ 287.460066][ T6501] loop5: detected capacity change from 0 to 7 [ 287.489362][ T6501] Dev loop5: unable to read RDB block 7 [ 287.588221][ T6501] loop5: unable to read partition table [ 287.588238][ T6502] binder: 6497:6502 ioctl c0285840 200000000000 returned -22 [ 287.609222][ T6516] netlink: 'syz.1.626': attribute type 27 has an invalid length. [ 287.679401][ T6501] loop5: partition table beyond EOD, truncated [ 287.733733][ T6513] loop1: detected capacity change from 0 to 256 [ 287.748933][ T6501] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 287.834839][ T6513] FAT-fs (loop1): Unrecognized mount option "ÿÿÿÿ0x0000000000000000" or missing value [ 288.451621][ T6531] device syzkaller0 entered promiscuous mode [ 288.877514][ T6538] loop1: detected capacity change from 0 to 1024 [ 288.966214][ T6538] hfsplus: unable to parse mount options [ 289.066293][ T6549] loop3: detected capacity change from 0 to 512 [ 289.129568][ T6549] EXT4-fs: Ignoring removed oldalloc option [ 289.193197][ T6549] EXT4-fs: Ignoring removed nobh option [ 289.242595][ T6549] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #11: comm syz.3.637: iget: bad extra_isize 90 (inode size 256) [ 289.329506][ T6549] EXT4-fs (loop3): Remounting filesystem read-only [ 289.397175][ T6549] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.637: error while reading EA inode 11 err=-117 [ 289.476689][ T6549] EXT4-fs (loop3): Remounting filesystem read-only [ 289.509480][ T6549] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #11: comm syz.3.637: iget: bad extra_isize 90 (inode size 256) [ 289.548243][ T6549] EXT4-fs (loop3): Remounting filesystem read-only [ 289.573680][ T6559] loop4: detected capacity change from 0 to 512 [ 289.682119][ T6549] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.637: error while reading EA inode 11 err=-117 [ 289.700837][ T6559] EXT4-fs (loop4): 1 truncate cleaned up [ 289.741108][ T6559] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 289.777710][ T6549] EXT4-fs (loop3): Remounting filesystem read-only [ 289.791502][ T6549] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #18: comm syz.3.637: iget: bad extra_isize 90 (inode size 256) [ 289.836660][ T6549] EXT4-fs (loop3): Remounting filesystem read-only [ 289.864582][ T6549] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.637: error while reading EA inode 18 err=-117 [ 289.881349][ T57] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x76 [ 289.915171][ T6549] EXT4-fs (loop3): Remounting filesystem read-only [ 289.941391][ T6549] EXT4-fs error (device loop3): ext4_xattr_inode_iget:401: inode #18: comm syz.3.637: iget: bad extra_isize 90 (inode size 256) [ 289.996685][ T6549] EXT4-fs (loop3): Remounting filesystem read-only [ 290.034040][ T6549] EXT4-fs error (device loop3): ext4_xattr_inode_iget:406: comm syz.3.637: error while reading EA inode 18 err=-117 [ 290.130115][ T6549] EXT4-fs (loop3): Remounting filesystem read-only [ 290.131142][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 290.162547][ T6549] EXT4-fs (loop3): 1 orphan inode deleted [ 290.188182][ T6549] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 290.339755][ T6549] EXT4-fs error (device loop3): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.3.637: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 290.482689][ T6549] EXT4-fs (loop3): Remounting filesystem read-only [ 290.668932][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 290.888689][ T6579] loop0: detected capacity change from 0 to 128 [ 291.448983][ T6579] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 291.557165][ T6579] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 291.709068][ T6579] EXT4-fs error (device loop0): htree_dirblock_to_tree:1083: inode #2: comm syz.0.643: Directory block failed checksum [ 291.980515][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 292.098966][ T6594] device syzkaller0 entered promiscuous mode [ 292.481060][ T6609] netlink: 'syz.0.652': attribute type 27 has an invalid length. [ 292.537145][ T6609] loop0: detected capacity change from 0 to 256 [ 292.578600][ T6609] FAT-fs (loop0): Unrecognized mount option "ÿÿÿÿ0x0000000000000000" or missing value [ 293.212809][ T6631] netlink: 'syz.1.656': attribute type 4 has an invalid length. [ 293.221986][ T6631] netlink: 152 bytes leftover after parsing attributes in process `syz.1.656'. [ 294.275666][ T6653] loop1: detected capacity change from 0 to 512 [ 294.447950][ T6653] EXT4-fs error (device loop1): ext4_iget_extra_inode:4763: inode #15: comm syz.1.666: corrupted in-inode xattr [ 294.488857][ T6653] EXT4-fs error (device loop1): ext4_orphan_get:1410: comm syz.1.666: couldn't read orphan inode 15 (err -117) [ 294.893704][ T6653] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 294.987060][ T6664] netlink: 'syz.3.669': attribute type 27 has an invalid length. [ 295.038122][ T6664] loop3: detected capacity change from 0 to 256 [ 295.082519][ T6664] FAT-fs (loop3): Unrecognized mount option "ÿÿÿÿ0x0000000000000000" or missing value [ 295.236705][ T4270] EXT4-fs (loop1): unmounting filesystem. [ 295.688761][ T6684] autofs4:pid:6684:autofs_fill_super: called with bogus options [ 296.030236][ T6696] loop5: detected capacity change from 0 to 512 [ 296.102183][ T6696] EXT4-fs error (device loop5): ext4_iget_extra_inode:4763: inode #15: comm syz.5.682: corrupted in-inode xattr [ 296.165413][ T6696] EXT4-fs error (device loop5): ext4_orphan_get:1410: comm syz.5.682: couldn't read orphan inode 15 (err -117) [ 296.182873][ T6696] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 296.640707][ T6661] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 296.992574][ T6714] netlink: 8 bytes leftover after parsing attributes in process `syz.4.685'. [ 297.954874][ T5566] EXT4-fs (loop5): unmounting filesystem. [ 299.135851][ T6739] loop1: detected capacity change from 0 to 128 [ 299.911057][ T6731] loop4: detected capacity change from 0 to 1024 [ 299.976750][ T6731] hfsplus: unable to parse mount options [ 300.148159][ T4286] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 300.158095][ T4286] CPU: 0 PID: 4286 Comm: kworker/u5:8 Not tainted syzkaller #0 [ 300.165708][ T4286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 300.175896][ T4286] Workqueue: hci2 hci_rx_work [ 300.180718][ T4286] Call Trace: [ 300.184088][ T4286] [ 300.187141][ T4286] dump_stack_lvl+0x188/0x24e [ 300.192086][ T4286] ? show_regs_print_info+0x12/0x12 [ 300.197435][ T4286] ? load_image+0x400/0x400 [ 300.202225][ T4286] sysfs_create_dir_ns+0x26a/0x290 [ 300.207400][ T4286] ? sysfs_warn_dup+0xa0/0xa0 [ 300.212143][ T4286] ? do_raw_spin_unlock+0x11d/0x230 [ 300.217517][ T4286] kobject_add_internal+0x61c/0xcc0 [ 300.222799][ T4286] kobject_add+0x160/0x230 [ 300.227636][ T4286] ? kobject_init+0x1d0/0x1d0 [ 300.232555][ T4286] ? klist_children_get+0x50/0x50 [ 300.237806][ T4286] ? get_device_parent+0x121/0x3f0 [ 300.242962][ T4286] device_add+0x483/0xfb0 [ 300.247417][ T4286] ? kmem_cache_free+0xf7/0x290 [ 300.252322][ T4286] hci_conn_add_sysfs+0xd1/0x1e0 [ 300.257576][ T4286] le_conn_complete_evt+0x1062/0x1670 [ 300.263002][ T4286] ? le_conn_complete_evt+0xe9/0x1670 [ 300.268510][ T4286] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 300.275063][ T4286] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 300.280756][ T4286] ? skb_pull_data+0xf7/0x200 [ 300.285568][ T4286] hci_le_conn_complete_evt+0x183/0x440 [ 300.291354][ T4286] ? hci_remote_host_features_evt+0x270/0x270 [ 300.297500][ T4286] hci_event_packet+0x7b9/0x1280 [ 300.302519][ T4286] ? bis_list+0x280/0x280 [ 300.306896][ T4286] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 300.312843][ T4286] ? kcov_remote_start+0x4c7/0x7e0 [ 300.318017][ T4286] ? patch_conexant_auto+0x1260/0x1650 [ 300.323537][ T4286] ? hci_send_to_monitor+0x9c/0x4a0 [ 300.328874][ T4286] hci_rx_work+0x3eb/0xd40 [ 300.333352][ T4286] ? process_one_work+0x7b0/0x1160 [ 300.338510][ T4286] process_one_work+0x8a2/0x1160 [ 300.343609][ T4286] ? worker_detach_from_pool+0x240/0x240 [ 300.350134][ T4286] ? _raw_spin_lock_irq+0xb7/0xf0 [ 300.355395][ T4286] ? _raw_spin_lock_irqsave+0x100/0x100 [ 300.361076][ T4286] ? kthread_data+0x4b/0xc0 [ 300.365748][ T4286] worker_thread+0xaa2/0x1270 [ 300.370496][ T4286] ? __kthread_parkme+0x162/0x1c0 [ 300.375665][ T4286] kthread+0x29d/0x330 [ 300.379770][ T4286] ? worker_clr_flags+0x1a0/0x1a0 [ 300.385310][ T4286] ? kthread_blkcg+0xd0/0xd0 [ 300.389949][ T4286] ret_from_fork+0x1f/0x30 [ 300.394557][ T4286] [ 300.413183][ T4286] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 300.429158][ T4286] Bluetooth: hci2: failed to register connection device [ 300.579118][ T6759] netlink: 8 bytes leftover after parsing attributes in process `syz.0.699'. [ 302.143300][ T6761] loop3: detected capacity change from 0 to 512 [ 302.443429][ T6761] EXT4-fs error (device loop3): ext4_iget_extra_inode:4763: inode #15: comm syz.3.700: corrupted in-inode xattr [ 302.500823][ T4286] Bluetooth: hci2: command 0x2016 tx timeout [ 302.654743][ T6761] EXT4-fs error (device loop3): ext4_orphan_get:1410: comm syz.3.700: couldn't read orphan inode 15 (err -117) [ 303.234130][ T6761] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 303.720929][ T4271] EXT4-fs (loop3): unmounting filesystem. [ 303.844881][ T6777] netlink: 36 bytes leftover after parsing attributes in process `syz.5.704'. [ 305.243101][ T6812] loop4: detected capacity change from 0 to 512 [ 305.452325][ T6812] EXT4-fs (loop4): 1 truncate cleaned up [ 305.458510][ T6812] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 305.499546][ T6813] loop0: detected capacity change from 0 to 8192 [ 305.732725][ T6829] netlink: 36 bytes leftover after parsing attributes in process `syz.1.719'. [ 305.737520][ T6825] loop3: detected capacity change from 0 to 1024 [ 305.942218][ T6825] hfsplus: unable to parse mount options [ 306.132948][ T6835] loop0: detected capacity change from 0 to 2048 [ 306.244310][ T6835] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 306.351881][ T6835] [ 306.354292][ T6835] ====================================================== [ 306.361521][ T6835] WARNING: possible circular locking dependency detected [ 306.369039][ T6835] syzkaller #0 Not tainted [ 306.373500][ T6835] ------------------------------------------------------ [ 306.380814][ T6835] syz.0.720/6835 is trying to acquire lock: [ 306.386987][ T6835] ffff888054c3a8e8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_destroy_inline_data+0x24/0xe0 [ 306.396989][ T6835] [ 306.396989][ T6835] but task is already holding lock: [ 306.404565][ T6835] ffff888057ed2c18 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x20f/0x2f40 [ 306.414812][ T6835] [ 306.414812][ T6835] which lock already depends on the new lock. [ 306.414812][ T6835] [ 306.425605][ T6835] [ 306.425605][ T6835] the existing dependency chain (in reverse order) is: [ 306.434914][ T6835] [ 306.434914][ T6835] -> #1 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 306.443920][ T6835] percpu_down_read+0x44/0x1a0 [ 306.449536][ T6835] ext4_writepages+0x20f/0x2f40 [ 306.455580][ T6835] do_writepages+0x3ba/0x640 [ 306.461369][ T6835] __writeback_single_inode+0x156/0x1160 [ 306.467762][ T6835] writeback_single_inode+0x3cb/0x8e0 [ 306.474074][ T6835] write_inode_now+0x17f/0x210 [ 306.479462][ T6835] iput+0x613/0x980 [ 306.484223][ T6835] ext4_xattr_block_set+0x273b/0x32b0 [ 306.490612][ T6835] ext4_expand_extra_isize_ea+0x120b/0x1dc0 [ 306.497210][ T6835] __ext4_expand_extra_isize+0x301/0x3e0 [ 306.503592][ T6835] __ext4_mark_inode_dirty+0x47f/0x770 [ 306.509809][ T6835] ext4_evict_inode+0xa7f/0x1110 [ 306.515332][ T6835] evict+0x4c9/0x8d0 [ 306.520022][ T6835] ext4_orphan_cleanup+0xbeb/0x1420 [ 306.525886][ T6835] ext4_fill_super+0x6ee3/0x78c0 [ 306.531393][ T6835] get_tree_bdev+0x3f1/0x610 [ 306.536554][ T6835] vfs_get_tree+0x88/0x270 [ 306.541820][ T6835] do_new_mount+0x24a/0xa40 [ 306.546978][ T6835] __se_sys_mount+0x2e3/0x3d0 [ 306.552492][ T6835] do_syscall_64+0x4c/0xa0 [ 306.557484][ T6835] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 306.563951][ T6835] [ 306.563951][ T6835] -> #0 (&ei->xattr_sem){++++}-{3:3}: [ 306.571651][ T6835] __lock_acquire+0x2d07/0x7d10 [ 306.577071][ T6835] lock_acquire+0x1bb/0x4a0 [ 306.582141][ T6835] down_write+0x36/0x60 [ 306.586962][ T6835] ext4_destroy_inline_data+0x24/0xe0 [ 306.593087][ T6835] ext4_writepages+0x670/0x2f40 [ 306.598600][ T6835] do_writepages+0x3ba/0x640 [ 306.604108][ T6835] filemap_fdatawrite_wbc+0x11e/0x180 [ 306.610096][ T6835] file_write_and_wait_range+0x159/0x230 [ 306.616394][ T6835] ext4_sync_file+0x23b/0xca0 [ 306.622423][ T6835] ext4_buffered_write_iter+0x2f6/0x390 [ 306.628537][ T6835] ext4_file_write_iter+0x1cf/0x1710 [ 306.634480][ T6835] vfs_write+0x4b1/0xa30 [ 306.639382][ T6835] __x64_sys_pwrite64+0x197/0x220 [ 306.644974][ T6835] do_syscall_64+0x4c/0xa0 [ 306.649974][ T6835] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 306.656531][ T6835] [ 306.656531][ T6835] other info that might help us debug this: [ 306.656531][ T6835] [ 306.666980][ T6835] Possible unsafe locking scenario: [ 306.666980][ T6835] [ 306.674569][ T6835] CPU0 CPU1 [ 306.680006][ T6835] ---- ---- [ 306.685414][ T6835] lock(&sbi->s_writepages_rwsem); [ 306.690658][ T6835] lock(&ei->xattr_sem); [ 306.697728][ T6835] lock(&sbi->s_writepages_rwsem); [ 306.705923][ T6835] lock(&ei->xattr_sem); [ 306.710358][ T6835] [ 306.710358][ T6835] *** DEADLOCK *** [ 306.710358][ T6835] [ 306.718917][ T6835] 2 locks held by syz.0.720/6835: [ 306.724169][ T6835] #0: ffff888057ed4460 (sb_writers#4){++++}-{0:0}, at: vfs_write+0x26b/0xa30 [ 306.733597][ T6835] #1: ffff888057ed2c18 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x20f/0x2f40 [ 306.744635][ T6835] [ 306.744635][ T6835] stack backtrace: [ 306.750822][ T6835] CPU: 1 PID: 6835 Comm: syz.0.720 Not tainted syzkaller #0 [ 306.758435][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 306.768620][ T6835] Call Trace: [ 306.771939][ T6835] [ 306.775083][ T6835] dump_stack_lvl+0x188/0x24e [ 306.779833][ T6835] ? load_image+0x400/0x400 [ 306.785447][ T6835] ? show_regs_print_info+0x12/0x12 [ 306.790814][ T6835] ? print_circular_bug+0x12b/0x1a0 [ 306.796109][ T6835] check_noncircular+0x296/0x330 [ 306.801291][ T6835] ? add_chain_block+0x940/0x940 [ 306.806398][ T6835] ? lockdep_lock+0xf1/0x1f0 [ 306.811137][ T6835] ? _find_first_zero_bit+0xcf/0x100 [ 306.817085][ T6835] __lock_acquire+0x2d07/0x7d10 [ 306.822285][ T6835] ? verify_lock_unused+0x140/0x140 [ 306.828074][ T6835] ? mark_lock+0x94/0x320 [ 306.832730][ T6835] ? verify_lock_unused+0x140/0x140 [ 306.838216][ T6835] ? __lock_acquire+0x12f4/0x7d10 [ 306.843661][ T6835] lock_acquire+0x1bb/0x4a0 [ 306.848390][ T6835] ? ext4_destroy_inline_data+0x24/0xe0 [ 306.854184][ T6835] ? read_lock_is_recursive+0x10/0x10 [ 306.859624][ T6835] ? ext4_journal_check_start+0x17e/0x240 [ 306.865492][ T6835] down_write+0x36/0x60 [ 306.869706][ T6835] ? ext4_destroy_inline_data+0x24/0xe0 [ 306.875402][ T6835] ext4_destroy_inline_data+0x24/0xe0 [ 306.881030][ T6835] ext4_writepages+0x670/0x2f40 [ 306.886206][ T6835] ? __might_sleep+0xd0/0xd0 [ 306.890973][ T6835] ? ext4_get_group_desc+0x10a/0x4d0 [ 306.896582][ T6835] ? __lock_acquire+0x7d10/0x7d10 [ 306.901843][ T6835] ? mark_lock+0x94/0x320 [ 306.906341][ T6835] ? __might_sleep+0xd0/0xd0 [ 306.911065][ T6835] ? ext4_read_folio+0x370/0x370 [ 306.916082][ T6835] ? ext4_reserve_inode_write+0x244/0x290 [ 306.921858][ T6835] ? ext4_read_folio+0x370/0x370 [ 306.927020][ T6835] do_writepages+0x3ba/0x640 [ 306.932034][ T6835] ? filemap_fdatawrite_wbc+0x113/0x180 [ 306.937650][ T6835] ? __writepage+0x130/0x130 [ 306.942392][ T6835] ? __lock_acquire+0x7d10/0x7d10 [ 306.947711][ T6835] ? __rwlock_init+0x140/0x140 [ 306.952751][ T6835] ? do_raw_spin_unlock+0x11d/0x230 [ 306.958338][ T6835] filemap_fdatawrite_wbc+0x11e/0x180 [ 306.963851][ T6835] file_write_and_wait_range+0x159/0x230 [ 306.969808][ T6835] ? __filemap_set_wb_err+0x230/0x230 [ 306.975234][ T6835] ? __lock_acquire+0x7d10/0x7d10 [ 306.980322][ T6835] ? generic_file_direct_write+0x330/0x330 [ 306.986185][ T6835] ext4_sync_file+0x23b/0xca0 [ 306.991155][ T6835] ext4_buffered_write_iter+0x2f6/0x390 [ 306.996854][ T6835] ext4_file_write_iter+0x1cf/0x1710 [ 307.002306][ T6835] ? rcu_read_lock_any_held+0xb0/0x130 [ 307.008142][ T6835] ? ext4_file_read_iter+0x650/0x650 [ 307.013564][ T6835] ? end_current_label_crit_section+0x14b/0x170 [ 307.020034][ T6835] ? common_file_perm+0x171/0x1c0 [ 307.025223][ T6835] vfs_write+0x4b1/0xa30 [ 307.029715][ T6835] ? file_end_write+0x250/0x250 [ 307.035146][ T6835] ? __fget_files+0x43d/0x4b0 [ 307.039880][ T6835] ? __fdget+0x17c/0x200 [ 307.044526][ T6835] ? __x64_sys_pwrite64+0xf2/0x220 [ 307.049733][ T6835] __x64_sys_pwrite64+0x197/0x220 [ 307.054899][ T6835] ? ksys_pwrite64+0x1b0/0x1b0 [ 307.059748][ T6835] ? lockdep_hardirqs_on+0x94/0x140 [ 307.065171][ T6835] do_syscall_64+0x4c/0xa0 [ 307.070122][ T6835] ? clear_bhb_loop+0x60/0xb0 [ 307.074843][ T6835] ? clear_bhb_loop+0x60/0xb0 [ 307.079657][ T6835] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 307.085617][ T6835] RIP: 0033:0x7f3392d9cdd9 [ 307.090157][ T6835] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 307.111013][ T6835] RSP: 002b:00007f3393cad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 307.119683][ T6835] RAX: ffffffffffffffda RBX: 00007f3393015fa0 RCX: 00007f3392d9cdd9 [ 307.127990][ T6835] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000005 [ 307.136168][ T6835] RBP: 00007f3392e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 307.144706][ T6835] R10: 0000000000000e7c R11: 0000000000000246 R12: 0000000000000000 [ 307.152819][ T6835] R13: 00007f3393016038 R14: 00007f3393015fa0 R15: 00007fffb9d78c58 [ 307.161374][ T6835] [ 307.246179][ T6835] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 307.298018][ T6835] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 307.321285][ T6885] EXT4-fs (loop0): re-mounted. Quota mode: none. [ 307.337335][ T6835] EXT4-fs (loop0): This should not happen!! Data will be lost [ 307.337335][ T6835] [ 307.348610][ T6835] EXT4-fs (loop0): Total free blocks count 0 [ 307.359546][ T6835] EXT4-fs (loop0): Free/Dirty block details [ 307.381571][ T6835] EXT4-fs (loop0): free_blocks=66060288 [ 307.404425][ T6835] EXT4-fs (loop0): dirty_blocks=48 [ 307.423890][ T6835] EXT4-fs (loop0): Block reservation details [ 307.448941][ T6835] EXT4-fs (loop0): i_reserved_data_blocks=3 [ 307.650110][ T6806] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 307.731952][ T4279] EXT4-fs (loop4): unmounting filesystem.