last executing test programs: 5.402482094s ago: executing program 3 (id=583): syz_mount_image$ext4(&(0x7f0000000d80)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x21881e, &(0x7f00000000c0)={[{@user_xattr}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@stripe={'stripe', 0x3d, 0x6}}]}, 0x1, 0x50f, &(0x7f0000000dc0)="$eJzs3c9vI1cdAPCvnThxsmmTlh4AQbu0hQWt1km8bVT1AOUCQqgSokeQtiHxRlHsOIqd0oQ9pGeuSFTiBEf+AG5IPSFx5ILgxqUckPgRgRokDoNmPMk6WbuJNokdxZ+PNJr35s36+32bnffWL4lfACPrdkTsR8RERLwbEbP59UJ+xFudI73vk4NHK4cHj1YKkSTv/LOQtafXouvPpG7lr1mOiO9/O+JHhSfjtnb3Npbr9dp2Xp9vN7bmW7t799Yby2u1tdpmtbq0uLTwxv3Xq5fW15caE3npix//Yf9rP0nTmsmvdPfjMnW6XjqOkxqPiO9eRbAhGMv7MzHsRHgqxYh4PiJezp7/2RjLvpoAwE2WJLORzHbXAYCbrpitgRWKlXwtYCaKxUqls4b3QkwX681W++7D5s7mametbC5KxYfr9dpCvlY4F6VCWl/Myo/r1VP1+xHxXET8bHIqq1dWmvXVYf7HBwBG2K1T8/9/JjvzPwBww5WHnQAAMHDmfwAYPeZ/ABg95n8AGD2d+X9q2GkAAAPk/T8AjB7zPwCMlO+9/XZ6JIf551+vvre7s9F8795qrbVRaeysVFaa21uVtWZzLfvMnsZZr1dvNrcWX4ud9+e+vtVqz7d29x40mjub7QfZ53o/qJWyu/YH0DMAoJ/nXvroz4V0Rn5zKjuiay+H0lAzA65acdgJAEMzNuwEgKGx2xeMrgu8x7c8ADdEjy16j/3+W0lS7vULQkmSJFebFnCF7nzO+j+Mqq71fz8FDCPG+j+MLuv/MLqSpHDePf/jvDcCANebNX6gz/f/n8/Pv86/OfDD1dN3fHiVWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD1drT/byXfC3wmisVKJeKZiJiLUuHher22EBHPRsSfJkuTaX1xyDkDABdV/Fsh3//rzuyrMyeaXrx1XJyIiB//4p2fv7/cbm//MWKi8K/Jo+vtD/Pr1cFnDwCc7Wiezs5db+Q/OXi0cnQMMp+/fzMiyp34hwcTcXgcfzzGs3M5ShEx/e9CXu8odK1dXMT+BxHx2V79L8RMtgbS2fn0dPw09jMDjV88Eb+YtXXO6d/FZy4hFxg1H6Xjz1u9nr9i3M7OvZ//cjZCXVw+/qUvtXKYjYGP4x+Nf2N9xr/b543x2u++0ylNPdn2QcTnxyOOYh92jT9H8Qt94r96+sX6DIh/+cKLL/fLLfllxJ3oHb871ny7sTXf2t27t95YXqut1Tar1aXFpYU37r9enc/WqOf7zwb/ePPus/3a0v5P94lfPqP/X+4b8aRf/e/dH3zpU+J/9ZVe8YvxwqfET+fEr5wz/vL0b8r92tL4q336f9bX/+4543/8170ntg0HAIantbu3sVyv17b7Fn47ffY9CgoDKaT/ZK9BGj0L3xhUrIno3fTTVzrP9KmmJHmqWCfHicfvHC9j1Q24Do4f+oj477CTAQAAAAAAAAAAAAAAehrEbywNu48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcXP8PAAD//9140jY=") syz_usb_connect(0x6, 0x1b, &(0x7f0000000a00)={{0x12, 0x1, 0x110, 0x69, 0xad, 0x98, 0xdf, 0x1b3d, 0x16f, 0xacd0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9, 0x0, 0x5, 0x6, 0x30}}]}}, 0x0) open(&(0x7f00000000c0)='./file1\x00', 0x66842, 0x21) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) socket$inet6(0xa, 0x80002, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x8000000004) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000001d00)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @broadcast, @void, {@mpls_uc={0x8847, {[], @ipv6=@udp={0x9, 0x6, "8ac07f", 0x8, 0x11, 0x0, @mcast2, @dev={0xfe, 0x80, '\x00', 0x40}, {[], {0x4e21, 0x4e21, 0x8}}}}}}}, 0x0) 4.397752622s ago: executing program 3 (id=596): syz_mount_image$ext4(&(0x7f0000000780)='ext2\x00', &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f0000000000), 0x1, 0x478, &(0x7f0000000300)="$eJzs3M9vVEUcAPDv2/7gt62IP0CUKhobjS0tqBw8gNHEgyYmesBjbQsiCzW0GiFEVw94NCTeiUcT/wJPejHqycSr3g0JMVxAvTzzdt8ru8vuupStC+znkyydefOWme/Om+2bmd0GMLAmsn+SiK0R8VtEjNWyjSdM1H5cu3Ju/q8r5+aTSNM3/0yq5129cm6+OLV43pYiU2k8Xm/5zNkTc+Xy4uk8P71y8v3p5TNnnz1+cu7Y4rHFU7MHDx7YP/PC87PP9STOrE1Xd328tHvnq29feH3+yIV3fvomKeJviOPD7v/TjR1LJ1ocGyoST3Zfyx1hW106Ge5jQ7gp70ZE1l0j1fE/FkNxvfPG4pXP+to4YF2laZpuaF9cSYG7WBL9bgHQH/nv+SSikk395+vn84Pg8uHaBCiL+1r+qJUMR6mWGL/YNL/tpWy2daTy98XsEU3rKQAA6+G7w7Wf2X1H8agdKTWs4h/K94bGI+LeiNgeEfdFxI6IuD8iHoiIByPiobrntNr3ada8SXLj/U/p0poC61J2//divrfVeP9XKk4ZH8pz26rxjyRHj5cX90XEPRExGSMbsvxMhzq+f/nXL9qVTdTd/2WPrP7iXjBvx6XhpgW6hbmVuVuJud7lTyN2DbeKP1ndCcj6cWdE7NqztjqOP/317nZl/x1/Bz3YZ0q/iniq1v+VaIq/kHTen5zeGOXFfdPFVXGjn385/0a7+m8p/h7I+n9zy+t/Nf7xpH6/dvnm6zj/++dt5zRdXv+j9c/Jrv/R5K1quij4aG5l5fRMxGjyWn78UH68sb7qebPXz8/in9zbevxvj+uvxMMRkV3Ej0TEoxGxJ2/7YxHxeETs7RD/jy898d7a419fWfwLN9X/bRPF3vYNRUMnfvi2WlJ01niH+JNo0f8HqqnJ/Eg3738dW3r6Vq5mAAAAuPOUImJrJKWp1XSpNDVV+7z8jthcKi8trzxzdOmDUwu17wiMx0ipWOkaW10PjcpMPq0v1kdnm/L783XjL4c2VfNT80vlhX4HDwNuS5vxn/ljqN+tA9ZXh0//A3e/te6jp2n6SY+bAvzPfF8bBpfxD4Orxfjf1JS3SgB3qVa//03sYTC4/4fBZfzD4DL+YXAZ/zCQ8m/CD3fzBf91S2TvP/2rvZtENLQwTfvUjNHb49WoJqLUt9pjjU+f7NMr9k/+xzZvj47rMtHvdyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDe+DcAAP//dZ3gaQ==") setreuid(0x0, 0xee00) lchown(0x0, 0xee00, 0x0) 4.027771802s ago: executing program 2 (id=598): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$XFS_IOC_ERROR_CLEARALL(r0, 0x40085875) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000080)={0x84, @private=0xa010101, 0x15, 0x3, 'sh\x00', 0x2e, 0x5, 0x72}, 0x2c) gettid() r2 = socket$kcm(0xa, 0x2, 0x0) sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 3.503255505s ago: executing program 3 (id=601): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000440)=ANY=[@ANYRES16=r1, @ANYBLOB="010000000000fedbdf25030000005800018044000400200001000a000000000000000047a2b78a000000000000000000000100000000200002000a00000000000000fe8000000000000000000000000000bb000000000d0001007564703a73"], 0x6c}}, 0x0) 3.258163503s ago: executing program 3 (id=603): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000022c0)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe58, 0x2, [@TCA_MATCHALL_ACT={0xe54, 0x2, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x0, 0x5, 0x5, 0x9206, 0x5}, 0x3, 0x4}, [{0xe, 0x7, 0x3, 0x8, 0x3, 0x4df}, {0x8, 0x8, 0x40, 0x8, 0x5, 0x1}, {0x7e12f9c5, 0xffffff61, 0x0, 0x6b5, 0x80000000, 0x101}, {0x9, 0xb1f, 0x3, 0x1, 0x1, 0x2}, {0xfffffe01, 0x5, 0xb91, 0x8, 0x6, 0x4}, {0x1, 0x0, 0x0, 0xe49, 0x4, 0x15}, {0x1, 0xa, 0xc79, 0x5, 0x401, 0xfffffff4}, {0x7, 0x8c0, 0x5, 0xffffffff, 0x2, 0x10001}, {0xfffffffa, 0x1, 0x7, 0xffffffff, 0x1, 0xffffffff}, {0x1, 0x100, 0x0, 0x80000000, 0x7f6b, 0x1}, {0x154, 0x8, 0xb, 0x2, 0x7fffffff, 0xb3e4}, {0x36, 0x7, 0xffff, 0xfffffff7, 0x10, 0xf7bb}, {0x8, 0x7, 0x401, 0x1, 0x400, 0x8565}, {0x5, 0x4, 0x80000000, 0xc50, 0x7, 0xfffffffd}, {0x4, 0x101, 0x2, 0x6, 0x6, 0x2}, {0x1000, 0x800, 0xe, 0x1, 0x7ff, 0xe}, {0x1, 0x9, 0x7, 0x3, 0xfffffff9, 0x4}, {0x1, 0x200, 0x975f, 0x2, 0x400, 0x3dc4}, {0x100, 0x200, 0x98, 0xf9d6, 0xb}, {0x1, 0x83, 0xf9, 0x5, 0x3}, {0x8000, 0x7, 0x1, 0x9, 0xc9d, 0x2}, {0x81, 0x7fffffff, 0x2, 0x7fff, 0x7, 0x5}, {0x80, 0x4, 0x2, 0x1, 0xf403, 0xfffffff1}, {0xffff, 0xedf, 0xc, 0x8, 0x5, 0x1}, {0x0, 0x4, 0x8000, 0xfa8, 0x6, 0x1}, {0xa7d, 0x6, 0x6, 0x80, 0x3f9, 0x9}, {0x2f, 0xdfb, 0x8, 0x4b, 0x7, 0x1}, {0x9, 0x7ff, 0xa, 0x280000, 0x2, 0x1}, {0x138, 0x51d, 0xf, 0x6, 0x4, 0x7}, {0x10001, 0x6, 0x8, 0x8, 0x4, 0xb}, {0x4, 0x2be2, 0x79f29323, 0x3ff, 0x2, 0x4}, {0xd4, 0x5, 0x5, 0x7, 0xea4c, 0xa4b1}, {0x993, 0x4, 0xfff, 0x23b06916, 0x6, 0xfffffffc}, {0x6, 0x4a6, 0x3, 0x80, 0x7ff, 0xa}, {0x7, 0xfffffffb, 0x0, 0xffffffff, 0x1, 0xfb3}, {0x5, 0xe6, 0xfff, 0x0, 0x1, 0x400}, {0xfffff1a2, 0xa, 0x7, 0xa1, 0xfffff800, 0x4}, {0xbe, 0x2000, 0xffffffff, 0xfffffc00, 0xe06, 0x6}, {0x100, 0x2, 0x8, 0x4, 0x4, 0x9497}, {0xd, 0x8001, 0xf2b, 0xffffffff, 0x3, 0xfffffff3}, {0x2, 0x80000000, 0x5a, 0x1, 0x5, 0x6}, {0x4, 0xc378, 0x8, 0xf, 0x7, 0x8144}, {0x6, 0x81, 0x5, 0x5, 0x3}, {0x9, 0x8001, 0xe10, 0x783, 0x7, 0x3}, {0x7fff, 0x1, 0xe05, 0xffffad2a, 0x4, 0x99c}, {0x99eb, 0x6, 0x5, 0x2, 0x2, 0x1fe0000}, {0x800, 0x9, 0x2a3b, 0x4, 0x7, 0x9}, {0x2, 0x6, 0x0, 0x9, 0xe, 0xe}, {0x65d, 0x8000, 0x6, 0xfffffffe, 0x400, 0x1}, {0xfffffff8, 0x7, 0x6, 0xd4, 0x1000, 0x4}, {0x0, 0xc, 0x5, 0x3, 0xb9, 0x3}, {0x5, 0xfffffffd, 0x9, 0x4, 0x4, 0x6}, {0x1, 0x0, 0x4, 0x100, 0x9, 0xa}, {0x3, 0x2, 0x10, 0x2, 0x5, 0x3}, {0xfffffff8, 0xe, 0xfd0, 0x9, 0x0, 0x7fff}, {0xb, 0x7ff, 0x7, 0xffffff81, 0x9, 0x3}, {0x4, 0xff, 0x10001, 0x0, 0x3, 0x4}, {0x8, 0x8, 0x3ff, 0xbf, 0x7, 0x10}, {0x2f, 0xfffffe00, 0xc6000000, 0x81, 0x6, 0xffffff01}, {0x5, 0x44bd, 0x3, 0x8, 0x0, 0xffffffff}, {0x800000, 0xd, 0x4737, 0xf0000, 0x8405, 0x3}, {0xa4, 0x7, 0x7, 0x7, 0x6, 0xda73}, {0x9, 0x0, 0x7, 0x8971, 0x8, 0x8}, {0x8, 0x1, 0x6, 0x68, 0x7fff, 0x4}, {0x1, 0xf9c3, 0x5, 0x9, 0x0, 0x6c}, {0x5, 0x6, 0x5, 0x1, 0xf, 0x9}, {0x1, 0xf580, 0x3ff, 0x6, 0x6e, 0x6}, {0xad, 0x9, 0x7fff, 0x6, 0x8}, {0x862, 0x0, 0x2800000, 0x2, 0x8, 0x8}, {0x4, 0x90000, 0x2, 0x8d1, 0x1, 0x4}, {0x200, 0xb, 0x40, 0x9, 0xfffffff9, 0x2}, {0x8, 0xdbb, 0x4, 0x3, 0x7, 0xfff}, {0x7, 0x4, 0xce, 0x9, 0x6, 0x4}, {0x5ae2, 0x8, 0x8, 0x8, 0xfffffff0, 0x3ff}, {0x1, 0x5, 0x8, 0x7ff, 0x101, 0xffffffff}, {0x12, 0xa7, 0x6, 0x0, 0xc6, 0x4}, {0x4, 0x9, 0x9, 0xa, 0x9}, {0x84d5, 0xfffffffe, 0x7fffffff, 0x5, 0xf}, {0x5, 0x40, 0x8, 0xa, 0x6, 0x2}, {0x4, 0x100, 0x4d90, 0xf, 0xffffffd7, 0xffffffff}, {0x3, 0x10001, 0x2, 0x8, 0x82dc, 0xffff}, {0x6, 0x1, 0x2, 0xfffff402, 0x2}, {0x4, 0x6, 0xca6, 0x6, 0xb, 0xa}, {0xa, 0x4, 0x9, 0x8ec1, 0x1, 0x10000}, {0x2, 0x2, 0x1ff, 0x171a9022, 0xf4, 0x9000000}, {0x313, 0xfffffff8, 0x1, 0x0, 0x2, 0x1}, {0x5841, 0xfffffffb, 0x3, 0x4, 0x3ff, 0x9f}, {0x10f, 0xca1c, 0x5, 0x8001, 0xa, 0x4}, {0x766, 0x7, 0x7, 0x7, 0x1, 0x5}, {0x7, 0xba, 0xfffffffd, 0x8001, 0x7ffd}, {0x1, 0x23, 0x3, 0x335, 0x4, 0x5}, {0x2, 0xc, 0x9, 0x0, 0x4, 0x8000}, {0x1, 0x8, 0xb7, 0x3, 0x9, 0x4}, {0x3c, 0x4, 0x1000, 0x2, 0xfff, 0x80000001}, {0x24, 0xffff, 0xd513, 0x748, 0x6eea, 0x4}, {0x57, 0x3, 0x40, 0xb, 0x3080d7c0}, {0x5, 0x7, 0x7, 0x48, 0x9, 0x5}, {0x5, 0xf01, 0x2, 0x80001d, 0x2, 0x7}, {0x7fff, 0x66019165, 0x8, 0x6, 0x4}, {0x22, 0x0, 0x0, 0x168b, 0x9, 0x5}, {0x4, 0x9, 0x3, 0x3, 0x7fffffff, 0x3}, {0x6, 0x7, 0xfffffff5, 0x4, 0x9, 0x9}, {0x4, 0x8, 0x4, 0x8000, 0x8, 0x4}, {0x16, 0x6, 0x7, 0xc00, 0xede, 0x5}, {0x9, 0x4, 0x7fffffff, 0x5, 0x7, 0x6125d06a}, {0xfff, 0x9, 0xda1, 0x521, 0x101, 0xd}, {0xdb2b, 0x1, 0x1, 0x9, 0x5, 0x800}, {0x3, 0x200, 0xfffffffe, 0xff, 0xff, 0x2}, {0x2, 0x5, 0x7, 0x62d, 0x5, 0x3ff}, {0x600, 0x4, 0x3, 0xb42f, 0x5, 0x3}, {0x401, 0x9, 0xc44, 0x3, 0x2, 0x6ea9894}, {0x624, 0xecdb, 0x8000, 0x6, 0x1b, 0x7}, {0x9, 0x2, 0x8, 0xf71, 0xfb0, 0x5}, {0x3, 0x4, 0x5908c254, 0x45c8, 0x2, 0x4}, {0x6, 0xff, 0x20000, 0x2, 0x221, 0x30000}, {0x8, 0x59bc, 0x7, 0x4, 0x0, 0x6}, {0xfffff001, 0x80000000, 0x8, 0x4, 0x644, 0x2}, {0x7, 0x2, 0x6, 0x9, 0xe, 0x3}, {0x2, 0x5, 0x101, 0x9199, 0x694, 0x66c}, {0x4, 0x2, 0x7, 0xc2, 0x69, 0xe5}, {0x8, 0x205a52ca, 0xdc, 0x3, 0x5, 0x4}, {0x2, 0x7, 0x7, 0xf47e, 0x8, 0x8}, {0x787, 0x2, 0x9, 0x3ff, 0x7, 0x5}, {0x0, 0x80000000, 0x5, 0x100, 0x6, 0x400}, {0x7, 0x3f8, 0x4, 0x0, 0x7, 0xfffffff9}, {0x7bce, 0xfffffffc, 0xfffffff8, 0x8001, 0x5, 0xf16}, {0xe, 0x3, 0x34b1, 0xb9a, 0x81, 0x800}, {0x101, 0x7, 0x4, 0x10000, 0x68063168, 0x81}], [{0x4, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x4}, {0x86f1faf2efed1208}, {0x4}, {0x2}, {0x5, 0x1}, {0x3, 0x1}, {}, {0x5, 0x1}, {}, {0x4}, {0x1, 0x1}, {0x3}, {0x5, 0x1}, {0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x2}, {0x2, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x2}, {}, {0x4}, {0x2}, {0x4}, {0x4}, {0x2}, {0x4, 0x1}, {0x4}, {0x1, 0x1}, {0x1}, {0x3}, {0x3, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x3}, {0x2, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x1}, {0x1, 0x1}, {}, {0x2}, {0x5}, {}, {0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x2}, {0x3}, {0x1, 0x1}, {}, {0x1}, {}, {0x2, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {}, {0x4, 0x1}, {0x1, 0x1}, {0x2}, {0x2}, {0x4, 0x1}, {0x0, 0xa22732b51f90c34a}, {0x1, 0x1}, {0x3, 0x1}, {0x2}, {0x6, 0x1}, {0x1, 0xa77fa159ed31b0c3}, {0x2}, {0x4, 0x1}, {0x3, 0x1}, {0x4}, {0x3, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {}, {0x4}, {0x2}, {0x1}, {0x5}, {0x4}, {0x0, 0x1}, {0x7}, {0x1, 0x1}, {0x2}, {0x4, 0x1}, {0x4}, {0x4}, {0x4, 0x1}, {0x3}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x5, 0x1}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x3}, {0x5}, {0x2}, {0x0, 0x1}, {0x4, 0xa845cf6605cfc9f5}, {0x1, 0x222ada2ec63376b7}, {0x1, 0x1}, {0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {}, {0x1}, {0x0, 0x1}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 3.173402135s ago: executing program 2 (id=604): syz_mount_image$ext4(&(0x7f0000000d80)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x21881e, &(0x7f00000000c0)={[{@user_xattr}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@stripe={'stripe', 0x3d, 0x6}}]}, 0x1, 0x50f, &(0x7f0000000dc0)="$eJzs3c9vI1cdAPCvnThxsmmTlh4AQbu0hQWt1km8bVT1AOUCQqgSokeQtiHxRlHsOIqd0oQ9pGeuSFTiBEf+AG5IPSFx5ILgxqUckPgRgRokDoNmPMk6WbuJNokdxZ+PNJr35s36+32bnffWL4lfACPrdkTsR8RERLwbEbP59UJ+xFudI73vk4NHK4cHj1YKkSTv/LOQtafXouvPpG7lr1mOiO9/O+JHhSfjtnb3Npbr9dp2Xp9vN7bmW7t799Yby2u1tdpmtbq0uLTwxv3Xq5fW15caE3npix//Yf9rP0nTmsmvdPfjMnW6XjqOkxqPiO9eRbAhGMv7MzHsRHgqxYh4PiJezp7/2RjLvpoAwE2WJLORzHbXAYCbrpitgRWKlXwtYCaKxUqls4b3QkwX681W++7D5s7mametbC5KxYfr9dpCvlY4F6VCWl/Myo/r1VP1+xHxXET8bHIqq1dWmvXVYf7HBwBG2K1T8/9/JjvzPwBww5WHnQAAMHDmfwAYPeZ/ABg95n8AGD2d+X9q2GkAAAPk/T8AjB7zPwCMlO+9/XZ6JIf551+vvre7s9F8795qrbVRaeysVFaa21uVtWZzLfvMnsZZr1dvNrcWX4ud9+e+vtVqz7d29x40mjub7QfZ53o/qJWyu/YH0DMAoJ/nXvroz4V0Rn5zKjuiay+H0lAzA65acdgJAEMzNuwEgKGx2xeMrgu8x7c8ADdEjy16j/3+W0lS7vULQkmSJFebFnCF7nzO+j+Mqq71fz8FDCPG+j+MLuv/MLqSpHDePf/jvDcCANebNX6gz/f/n8/Pv86/OfDD1dN3fHiVWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD1drT/byXfC3wmisVKJeKZiJiLUuHher22EBHPRsSfJkuTaX1xyDkDABdV/Fsh3//rzuyrMyeaXrx1XJyIiB//4p2fv7/cbm//MWKi8K/Jo+vtD/Pr1cFnDwCc7Wiezs5db+Q/OXi0cnQMMp+/fzMiyp34hwcTcXgcfzzGs3M5ShEx/e9CXu8odK1dXMT+BxHx2V79L8RMtgbS2fn0dPw09jMDjV88Eb+YtXXO6d/FZy4hFxg1H6Xjz1u9nr9i3M7OvZ//cjZCXVw+/qUvtXKYjYGP4x+Nf2N9xr/b543x2u++0ylNPdn2QcTnxyOOYh92jT9H8Qt94r96+sX6DIh/+cKLL/fLLfllxJ3oHb871ny7sTXf2t27t95YXqut1Tar1aXFpYU37r9enc/WqOf7zwb/ePPus/3a0v5P94lfPqP/X+4b8aRf/e/dH3zpU+J/9ZVe8YvxwqfET+fEr5wz/vL0b8r92tL4q336f9bX/+4543/8170ntg0HAIantbu3sVyv17b7Fn47ffY9CgoDKaT/ZK9BGj0L3xhUrIno3fTTVzrP9KmmJHmqWCfHicfvHC9j1Q24Do4f+oj477CTAQAAAAAAAAAAAAAAehrEbywNu48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcXP8PAAD//9140jY=") syz_usb_connect(0x6, 0x1b, &(0x7f0000000a00)={{0x12, 0x1, 0x110, 0x69, 0xad, 0x98, 0xdf, 0x1b3d, 0x16f, 0xacd0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9, 0x0, 0x5, 0x6, 0x30}}]}}, 0x0) open(&(0x7f00000000c0)='./file1\x00', 0x66842, 0x21) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) socket$inet6(0xa, 0x80002, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x8000000004) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000001d00)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @broadcast, @void, {@mpls_uc={0x8847, {[], @ipv6=@udp={0x9, 0x6, "8ac07f", 0x8, 0x11, 0x0, @mcast2, @dev={0xfe, 0x80, '\x00', 0x40}, {[], {0x4e21, 0x4e21, 0x8}}}}}}}, 0x0) 2.410804755s ago: executing program 3 (id=609): quotactl$Q_GETFMT(0xffffffff80000401, 0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x28602, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x400448c9, &(0x7f0000000240)) 1.85004445s ago: executing program 2 (id=611): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000440)=ANY=[@ANYRES16=r1, @ANYBLOB="010000000000fedbdf25030000005800018044000400200001000a000000000000000047a2b78a000000000000000000000100000000200002000a00000000000000fe8000000000000000000000000000bb000000000d0001007564703a73"], 0x6c}}, 0x0) 1.792576092s ago: executing program 1 (id=612): bpf$MAP_CREATE(0x300000000000018, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) socket(0x2b, 0x1, 0x1) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x40000) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0xa340}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ES={0x5}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x24008000}, 0x0) 1.433131621s ago: executing program 2 (id=614): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x2, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x2a, 0x8001, 0x2, 0x6, 0x6, 0x5, 0x3, 0x200, 0xfffffffb}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x24004800}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0x2, 0xb}, {0xffe0, 0x1}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x30004001}, 0x4008800) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.201291288s ago: executing program 1 (id=616): socket$inet6(0xa, 0x2, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000000000/0xc000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r2 = io_uring_setup(0x7f9, &(0x7f0000000040)={0x0, 0xc8df, 0xfc00, 0x4, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x300, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xfff1, 0xffff}, {0xe, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x20040000) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc) connect(r0, &(0x7f0000000080)=@un=@file={0x0, './file0\x00'}, 0x80) 1.10476846s ago: executing program 1 (id=617): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2}, 0x80, &(0x7f0000000140)=[{&(0x7f00000006c0)="62042700920101000001ad2f1eafbcf706e12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247345af215542f41ddf82f618438a34f90186cee8441e23", 0x48}], 0x1}, 0x0) 977.189584ms ago: executing program 1 (id=618): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000022c0)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe58, 0x2, [@TCA_MATCHALL_ACT={0xe54, 0x2, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x0, 0x5, 0x5, 0x9206, 0x5}, 0x3, 0x4}, [{0xe, 0x7, 0x3, 0x8, 0x3, 0x4df}, {0x8, 0x8, 0x40, 0x8, 0x5, 0x1}, {0x7e12f9c5, 0xffffff61, 0x0, 0x6b5, 0x80000000, 0x101}, {0x9, 0xb1f, 0x3, 0x1, 0x1, 0x2}, {0xfffffe01, 0x5, 0xb91, 0x8, 0x6, 0x4}, {0x1, 0x0, 0x0, 0xe49, 0x4, 0x15}, {0x1, 0xa, 0xc79, 0x5, 0x401, 0xfffffff4}, {0x7, 0x8c0, 0x5, 0xffffffff, 0x2, 0x10001}, {0xfffffffa, 0x1, 0x7, 0xffffffff, 0x1, 0xffffffff}, {0x1, 0x100, 0x0, 0x80000000, 0x7f6b, 0x1}, {0x154, 0x8, 0xb, 0x2, 0x7fffffff, 0xb3e4}, {0x36, 0x7, 0xffff, 0xfffffff7, 0x10, 0xf7bb}, {0x8, 0x7, 0x401, 0x1, 0x400, 0x8565}, {0x5, 0x4, 0x80000000, 0xc50, 0x7, 0xfffffffd}, {0x4, 0x101, 0x2, 0x6, 0x6, 0x2}, {0x1000, 0x800, 0xe, 0x1, 0x7ff, 0xe}, {0x1, 0x9, 0x7, 0x3, 0xfffffff9, 0x4}, {0x1, 0x200, 0x975f, 0x2, 0x400, 0x3dc4}, {0x100, 0x200, 0x98, 0xf9d6, 0xb}, {0x1, 0x83, 0xf9, 0x5, 0x3}, {0x8000, 0x7, 0x1, 0x9, 0xc9d, 0x2}, {0x81, 0x7fffffff, 0x2, 0x7fff, 0x7, 0x5}, {0x80, 0x4, 0x2, 0x1, 0xf403, 0xfffffff1}, {0xffff, 0xedf, 0xc, 0x8, 0x5, 0x1}, {0x0, 0x4, 0x8000, 0xfa8, 0x6, 0x1}, {0xa7d, 0x6, 0x6, 0x80, 0x3f9, 0x9}, {0x2f, 0xdfb, 0x8, 0x4b, 0x7, 0x1}, {0x9, 0x7ff, 0xa, 0x280000, 0x2, 0x1}, {0x138, 0x51d, 0xf, 0x6, 0x4, 0x7}, {0x10001, 0x6, 0x8, 0x8, 0x4, 0xb}, {0x4, 0x2be2, 0x79f29323, 0x3ff, 0x2, 0x4}, {0xd4, 0x5, 0x5, 0x7, 0xea4c, 0xa4b1}, {0x993, 0x4, 0xfff, 0x23b06916, 0x6, 0xfffffffc}, {0x6, 0x4a6, 0x3, 0x80, 0x7ff, 0xa}, {0x7, 0xfffffffb, 0x0, 0xffffffff, 0x1, 0xfb3}, {0x5, 0xe6, 0xfff, 0x0, 0x1, 0x400}, {0xfffff1a2, 0xa, 0x7, 0xa1, 0xfffff800, 0x4}, {0xbe, 0x2000, 0xffffffff, 0xfffffc00, 0xe06, 0x6}, {0x100, 0x2, 0x8, 0x4, 0x4, 0x9497}, {0xd, 0x8001, 0xf2b, 0xffffffff, 0x3, 0xfffffff3}, {0x2, 0x80000000, 0x5a, 0x1, 0x5, 0x6}, {0x4, 0xc378, 0x8, 0xf, 0x7, 0x8144}, {0x6, 0x81, 0x5, 0x5, 0x3}, {0x9, 0x8001, 0xe10, 0x783, 0x7, 0x3}, {0x7fff, 0x1, 0xe05, 0xffffad2a, 0x4, 0x99c}, {0x99eb, 0x6, 0x5, 0x2, 0x2, 0x1fe0000}, {0x800, 0x9, 0x2a3b, 0x4, 0x7, 0x9}, {0x2, 0x6, 0x0, 0x9, 0xe, 0xe}, {0x65d, 0x8000, 0x6, 0xfffffffe, 0x400, 0x1}, {0xfffffff8, 0x7, 0x6, 0xd4, 0x1000, 0x4}, {0x0, 0xc, 0x5, 0x3, 0xb9, 0x3}, {0x5, 0xfffffffd, 0x9, 0x4, 0x4, 0x6}, {0x1, 0x0, 0x4, 0x100, 0x9, 0xa}, {0x3, 0x2, 0x10, 0x2, 0x5, 0x3}, {0xfffffff8, 0xe, 0xfd0, 0x9, 0x0, 0x7fff}, {0xb, 0x7ff, 0x7, 0xffffff81, 0x9, 0x3}, {0x4, 0xff, 0x10001, 0x0, 0x3, 0x4}, {0x8, 0x8, 0x3ff, 0xbf, 0x7, 0x10}, {0x2f, 0xfffffe00, 0xc6000000, 0x81, 0x6, 0xffffff01}, {0x5, 0x44bd, 0x3, 0x8, 0x0, 0xffffffff}, {0x800000, 0xd, 0x4737, 0xf0000, 0x8405, 0x3}, {0xa4, 0x7, 0x7, 0x7, 0x6, 0xda73}, {0x9, 0x0, 0x7, 0x8971, 0x8, 0x8}, {0x8, 0x1, 0x6, 0x68, 0x7fff, 0x4}, {0x1, 0xf9c3, 0x5, 0x9, 0x0, 0x6c}, {0x5, 0x6, 0x5, 0x1, 0xf, 0x9}, {0x1, 0xf580, 0x3ff, 0x6, 0x6e, 0x6}, {0xad, 0x9, 0x7fff, 0x6, 0x8}, {0x862, 0x0, 0x2800000, 0x2, 0x8, 0x8}, {0x4, 0x90000, 0x2, 0x8d1, 0x1, 0x4}, {0x200, 0xb, 0x40, 0x9, 0xfffffff9, 0x2}, {0x8, 0xdbb, 0x4, 0x3, 0x7, 0xfff}, {0x7, 0x4, 0xce, 0x9, 0x6, 0x4}, {0x5ae2, 0x8, 0x8, 0x8, 0xfffffff0, 0x3ff}, {0x1, 0x5, 0x8, 0x7ff, 0x101, 0xffffffff}, {0x12, 0xa7, 0x6, 0x0, 0xc6, 0x4}, {0x4, 0x9, 0x9, 0xa, 0x9}, {0x84d5, 0xfffffffe, 0x7fffffff, 0x5, 0xf}, {0x5, 0x40, 0x8, 0xa, 0x6, 0x2}, {0x4, 0x100, 0x4d90, 0xf, 0xffffffd7, 0xffffffff}, {0x3, 0x10001, 0x2, 0x8, 0x82dc, 0xffff}, {0x6, 0x1, 0x2, 0xfffff402, 0x2}, {0x4, 0x6, 0xca6, 0x6, 0xb, 0xa}, {0xa, 0x4, 0x9, 0x8ec1, 0x1, 0x10000}, {0x2, 0x2, 0x1ff, 0x171a9022, 0xf4, 0x9000000}, {0x313, 0xfffffff8, 0x1, 0x0, 0x2, 0x1}, {0x5841, 0xfffffffb, 0x3, 0x4, 0x3ff, 0x9f}, {0x10f, 0xca1c, 0x5, 0x8001, 0xa, 0x4}, {0x766, 0x7, 0x7, 0x7, 0x1, 0x5}, {0x7, 0xba, 0xfffffffd, 0x8001, 0x7ffd}, {0x1, 0x23, 0x3, 0x335, 0x4, 0x5}, {0x2, 0xc, 0x9, 0x0, 0x4, 0x8000}, {0x1, 0x8, 0xb7, 0x3, 0x9, 0x4}, {0x3c, 0x4, 0x1000, 0x2, 0xfff, 0x80000001}, {0x24, 0xffff, 0xd513, 0x748, 0x6eea, 0x4}, {0x57, 0x3, 0x40, 0xb, 0x3080d7c0}, {0x5, 0x7, 0x7, 0x48, 0x9, 0x5}, {0x5, 0xf01, 0x2, 0x80001d, 0x2, 0x7}, {0x7fff, 0x66019165, 0x8, 0x6, 0x4}, {0x22, 0x0, 0x0, 0x168b, 0x9, 0x5}, {0x4, 0x9, 0x3, 0x3, 0x7fffffff, 0x3}, {0x6, 0x7, 0xfffffff5, 0x4, 0x9, 0x9}, {0x4, 0x8, 0x4, 0x8000, 0x8, 0x4}, {0x16, 0x6, 0x7, 0xc00, 0xede, 0x5}, {0x9, 0x4, 0x7fffffff, 0x5, 0x7, 0x6125d06a}, {0xfff, 0x9, 0xda1, 0x521, 0x101, 0xd}, {0xdb2b, 0x1, 0x1, 0x9, 0x5, 0x800}, {0x3, 0x200, 0xfffffffe, 0xff, 0xff, 0x2}, {0x2, 0x5, 0x7, 0x62d, 0x5, 0x3ff}, {0x600, 0x4, 0x3, 0xb42f, 0x5, 0x3}, {0x401, 0x9, 0xc44, 0x3, 0x2, 0x6ea9894}, {0x624, 0xecdb, 0x8000, 0x6, 0x1b, 0x7}, {0x9, 0x2, 0x8, 0xf71, 0xfb0, 0x5}, {0x3, 0x4, 0x5908c254, 0x45c8, 0x2, 0x4}, {0x6, 0xff, 0x20000, 0x2, 0x221, 0x30000}, {0x8, 0x59bc, 0x7, 0x4, 0x0, 0x6}, {0xfffff001, 0x80000000, 0x8, 0x4, 0x644, 0x2}, {0x7, 0x2, 0x6, 0x9, 0xe, 0x3}, {0x2, 0x5, 0x101, 0x9199, 0x694, 0x66c}, {0x4, 0x2, 0x7, 0xc2, 0x69, 0xe5}, {0x8, 0x205a52ca, 0xdc, 0x3, 0x5, 0x4}, {0x2, 0x7, 0x7, 0xf47e, 0x8, 0x8}, {0x787, 0x2, 0x9, 0x3ff, 0x7, 0x5}, {0x0, 0x80000000, 0x5, 0x100, 0x6, 0x400}, {0x7, 0x3f8, 0x4, 0x0, 0x7, 0xfffffff9}, {0x7bce, 0xfffffffc, 0xfffffff8, 0x8001, 0x5, 0xf16}, {0xe, 0x3, 0x34b1, 0xb9a, 0x81, 0x800}, {0x101, 0x7, 0x4, 0x10000, 0x68063168, 0x81}], [{0x4, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x4}, {0x86f1faf2efed1208}, {0x4}, {0x2}, {0x5, 0x1}, {0x3, 0x1}, {}, {0x5, 0x1}, {}, {0x4}, {0x1, 0x1}, {0x3}, {0x5, 0x1}, {0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x2}, {0x2, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x2}, {}, {0x4}, {0x2}, {0x4}, {0x4}, {0x2}, {0x4, 0x1}, {0x4}, {0x1, 0x1}, {0x1}, {0x3}, {0x3, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x3}, {0x2, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x1}, {0x1, 0x1}, {}, {0x2}, {0x5}, {}, {0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x2}, {0x3}, {0x1, 0x1}, {}, {0x1}, {}, {0x2, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {}, {0x4, 0x1}, {0x1, 0x1}, {0x2}, {0x2}, {0x4, 0x1}, {0x0, 0xa22732b51f90c34a}, {0x1, 0x1}, {0x3, 0x1}, {0x2}, {0x6, 0x1}, {0x1, 0xa77fa159ed31b0c3}, {0x2}, {0x4, 0x1}, {0x3, 0x1}, {0x4}, {0x3, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {}, {0x4}, {0x2}, {0x1}, {0x5}, {0x4}, {0x0, 0x1}, {0x7}, {0x1, 0x1}, {0x2}, {0x4, 0x1}, {0x4}, {0x4}, {0x4, 0x1}, {0x3}, {0x1, 0x1}, {0x4, 0x1}, {0x4}, {0x5, 0x1}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x3}, {0x5}, {0x2}, {0x0, 0x1}, {0x4, 0xa845cf6605cfc9f5}, {0x1, 0x222ada2ec63376b7}, {0x1, 0x1}, {0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x3}, {0x3, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {}, {0x1}, {0x0, 0x1}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 862.709887ms ago: executing program 2 (id=619): syz_mount_image$ext4(&(0x7f0000000d80)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x21881e, &(0x7f00000000c0)={[{@user_xattr}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@stripe={'stripe', 0x3d, 0x6}}]}, 0x1, 0x50f, &(0x7f0000000dc0)="$eJzs3c9vI1cdAPCvnThxsmmTlh4AQbu0hQWt1km8bVT1AOUCQqgSokeQtiHxRlHsOIqd0oQ9pGeuSFTiBEf+AG5IPSFx5ILgxqUckPgRgRokDoNmPMk6WbuJNokdxZ+PNJr35s36+32bnffWL4lfACPrdkTsR8RERLwbEbP59UJ+xFudI73vk4NHK4cHj1YKkSTv/LOQtafXouvPpG7lr1mOiO9/O+JHhSfjtnb3Npbr9dp2Xp9vN7bmW7t799Yby2u1tdpmtbq0uLTwxv3Xq5fW15caE3npix//Yf9rP0nTmsmvdPfjMnW6XjqOkxqPiO9eRbAhGMv7MzHsRHgqxYh4PiJezp7/2RjLvpoAwE2WJLORzHbXAYCbrpitgRWKlXwtYCaKxUqls4b3QkwX681W++7D5s7mametbC5KxYfr9dpCvlY4F6VCWl/Myo/r1VP1+xHxXET8bHIqq1dWmvXVYf7HBwBG2K1T8/9/JjvzPwBww5WHnQAAMHDmfwAYPeZ/ABg95n8AGD2d+X9q2GkAAAPk/T8AjB7zPwCMlO+9/XZ6JIf551+vvre7s9F8795qrbVRaeysVFaa21uVtWZzLfvMnsZZr1dvNrcWX4ud9+e+vtVqz7d29x40mjub7QfZ53o/qJWyu/YH0DMAoJ/nXvroz4V0Rn5zKjuiay+H0lAzA65acdgJAEMzNuwEgKGx2xeMrgu8x7c8ADdEjy16j/3+W0lS7vULQkmSJFebFnCF7nzO+j+Mqq71fz8FDCPG+j+MLuv/MLqSpHDePf/jvDcCANebNX6gz/f/n8/Pv86/OfDD1dN3fHiVWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD1drT/byXfC3wmisVKJeKZiJiLUuHher22EBHPRsSfJkuTaX1xyDkDABdV/Fsh3//rzuyrMyeaXrx1XJyIiB//4p2fv7/cbm//MWKi8K/Jo+vtD/Pr1cFnDwCc7Wiezs5db+Q/OXi0cnQMMp+/fzMiyp34hwcTcXgcfzzGs3M5ShEx/e9CXu8odK1dXMT+BxHx2V79L8RMtgbS2fn0dPw09jMDjV88Eb+YtXXO6d/FZy4hFxg1H6Xjz1u9nr9i3M7OvZ//cjZCXVw+/qUvtXKYjYGP4x+Nf2N9xr/b543x2u++0ylNPdn2QcTnxyOOYh92jT9H8Qt94r96+sX6DIh/+cKLL/fLLfllxJ3oHb871ny7sTXf2t27t95YXqut1Tar1aXFpYU37r9enc/WqOf7zwb/ePPus/3a0v5P94lfPqP/X+4b8aRf/e/dH3zpU+J/9ZVe8YvxwqfET+fEr5wz/vL0b8r92tL4q336f9bX/+4543/8170ntg0HAIantbu3sVyv17b7Fn47ffY9CgoDKaT/ZK9BGj0L3xhUrIno3fTTVzrP9KmmJHmqWCfHicfvHC9j1Q24Do4f+oj477CTAQAAAAAAAAAAAAAAehrEbywNu48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcXP8PAAD//9140jY=") syz_usb_connect(0x6, 0x1b, &(0x7f0000000a00)={{0x12, 0x1, 0x110, 0x69, 0xad, 0x98, 0xdf, 0x1b3d, 0x16f, 0xacd0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9, 0x0, 0x5, 0x6, 0x30}}]}}, 0x0) open(&(0x7f00000000c0)='./file1\x00', 0x66842, 0x21) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) socket$inet6(0xa, 0x80002, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x8000000004) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000001d00)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @broadcast, @void, {@mpls_uc={0x8847, {[], @ipv6=@udp={0x9, 0x6, "8ac07f", 0x8, 0x11, 0x0, @mcast2, @dev={0xfe, 0x80, '\x00', 0x40}, {[], {0x4e21, 0x4e21, 0x8}}}}}}}, 0x0) 819.932138ms ago: executing program 0 (id=620): bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) setuid(0xee01) ioctl$KDDELIO(r0, 0x7040, 0x6) 699.051591ms ago: executing program 1 (id=621): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) syz_read_part_table(0x593, &(0x7f00000005c0)="$eJzs0r1LK2kUB+A3A5c0e4lcLli4hWCwigqx0CIpRGJIY0RcsbAWLLQQLCwkEq39+AcUv0BsxD6lGEEUYiUpxXpBsUmVZdfZxmplUdnleZrhPefMHF5+E/hPi8Lv7XY7EUJoJ9//9m+nhbFS98TI5FQIiTAbQij8+stfnUQ88fdXz+NzOT6XktnG/vXo82nHTc9dPX0Yxf1aFMJaCGHh4Sj1b+/G/99Z/jK1vrFU3FzJz98XVx8H5/oKXVuFxZ2hg1xlujM3E/9Ytehz9qcbw8e37fLT7vf+b/VGK3sVz2USH7Ofr/U2/72f1Wa1Nd57sjyQ+dG8qGzHub/IHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GBn+cvU+sZScXMlP39fXH0cnOsrdG0VFneGDnKV6c7cTPQ6V4s+Z3+6MXx82y4/7X7v/1ZvtLJX8Vwm8TH7+Vpv89/7WW1WW+O9J8sDmR/Ni8p2nPuL/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf6gwVuqeGJmcCiERZkMIo1HH0Z/1dvK1n4jnzuNnOa6XktnG/vXo82nHTc9dPX04EddrUQhrIYSFh6PUp1+Gd/sjAAD///tch0s=") openat(0xffffffffffffff9c, 0x0, 0x0, 0x17) close(0xffffffffffffffff) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003f00), 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x40400) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x25f56157, 0xffffffff, 0x0, 'queue0\x00', 0x200000}) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000240), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000300)={{0x0, 0x2, 0x80000001, 0x1}}) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) r3 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) bind$netlink(r6, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r6, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r5, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r7, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x4}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x1, 0x803, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x44}}, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000480)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x7, 0x4, 0x0, 0x0, 0x30, 0x64, 0x0, 0x0, 0x6, 0x0, @local, @private=0xa010102, {[@generic={0x7, 0x8, "044158a35b9e"}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) 517.380866ms ago: executing program 0 (id=622): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000fedbdf25030000005800018044000400200001000a000000000000000047a2b78a000000000000000000000100000000200002000a00000000000000fe8000000000000000000000000000bb000000000d0001007564703a73"], 0x6c}}, 0x0) 466.136727ms ago: executing program 0 (id=623): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) setuid(0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, 0x0, 0x0) 252.121593ms ago: executing program 0 (id=624): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r2, r1, 0x25, 0x0, @val=@perf_event={0x200}}, 0x14) syz_emit_ethernet(0x16, &(0x7f00000001c0)={@random="ccd6ee000e73", @broadcast, @void, {@llc_tr={0x11, {@snap={0xaa, 0x155, "7f", "e32fdf", 0x890d}}}}}, 0x0) 250.032633ms ago: executing program 1 (id=625): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) unshare(0x30000000) write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB='P', @ANYRES16], 0x14) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)={[{@data_err_ignore}, {@dioread_nolock}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@grpid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x3c}}, {@min_batch_time={'min_batch_time', 0x3d, 0x3}}]}, 0x1, 0x47a, &(0x7f00000006c0)="$eJzs28uPFMUfAPBv9z6AH4/lh/gAUVeJyUbjLrugcvCi0cQYjCZ6wOM6O5ANA2vY1QgSWYzxZGJI9Ew8Gv0LvBkTo55MuHryZEiIcgE8remebpgdZni4M8yy8/kkPVPVXT1VNdWP6qqZAPrWaPaSRGyKiN8jYqQeXZ5gtP525dKpytVLpypJLC299VeSp7t86VSlTFrut7GIjKUR6adJkcly8ydOHpmu1arHi/jEwtH3JuZPnHzmg6PTh6uHq8em9u/ft3fy+eemnu1IPbN6Xd758dyuHa++c/b1ysGz7/7yXVbeTcX2xnp0ymhW8b+Xcs3bnux0Zj22uSGcDPawINyRgYjImmsoP/9HYiCuN95IvPJJTwsHdFV2b1rXfvPiErCGJdHrEgC9Ud7os+ffcrlLXY9V4eKL9QegrN5XiqW+ZTDSIs1Q0/NtJ41GxMHFf85lS3RpHAIAoNHnla8ODEfER1e/fS3re4xERDke9ED++kf+uqWYQ9kaEf+PiG0RcV9EbI+I+4u0D0bEQyssz439n/TCCj/yprL+3wvF3Nby/l/Z+4utA0Vsc17/oeTQbK26J9bl38lYDK3L4pM3yeOHl89/0W5bY/8vW7L8y75gUY4Lg00DdDPTC9N5p7QDLp6J2DnYqv7JtZmAJCJ2RMTOO/voLWVg9qlvdrVL1Lr+l8/dVg4dmGda+jqr3mJW/8Voqn8paZyfnL1hfnJifdSqeybqR0Urv/722Zvt8r91+3fXxWr9vaH9m5NsTRrna+c7m/9/PP7T4eTtfJ55uFj34fTCwvHJiOHkQB5ftn7q+r5lvEyfHf9ju1uf/9uKfbL6PxwR2UH8SEQ8GhGPFWV/PCKeiIjdN6njzy/duv6R9qj9z0TMtLz+XTv+m9r/zgMDR376vl3+t9f++/LQWLEmv/7dQqviZJeL5gKu5LsDAACAe0Wa/wY+ScevhdN0fLz+G/7t8b+0Nje/8PShufePzcT5LfXxz7Qc6RopxkNrs7XqZLJYfGJ9fHSqGCsux0v3FuPGXw5syOPjlbnaTI/rDv1uY5vzP/PnQK9LB3TZhpZrp4bvekGAHmieR0+XR0+/ES4GsFb5vzb0r/L8b/O83/g/GGCNcf+H/tXq/D/dFDcXAGuT+z/0L+c/9Kn0xxXs7KkA7nXu/9CXVvK//i4G1q+OYvQmsFobJQ9ElIF0VZRHoEuBXl+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOuPfAAAA//+Pc+dq") 91.375308ms ago: executing program 0 (id=626): unshare(0x24020400) r0 = socket(0xa, 0x2, 0x0) getsockopt$sock_buf(r0, 0x1, 0x19, 0x0, &(0x7f0000000280)) 1.50419ms ago: executing program 3 (id=627): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000140)={'hsr0\x00', 0x2000}) 1.26563ms ago: executing program 0 (id=628): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000fc0)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295499abbcb388d291aa83e93db6cf9ab0954e6a8dfc19c3c1533a11d81e0382999bd736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0cc07a9a26ee794e4", 0xd0}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540e570891f6bf411cc16a18c4d34e522a1f003498f1a03ea1f8828b6c902286c71a9bc21923972dacfa74fef6a0fd3267e599c1dd33dff5d7b28f134bda4a29962fd5daa4fc9c515a1c3ee25ace1a9948c24b277d0c9c46f948f8a3f98b1a18eff685b7296457ba31632fea4d8f8178170", 0xdd}], 0x1}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000440)="7cc9483e0b2212b8b5d0ab5223f9b22b4b5bd5036f55b4568dbffe5662e5c329dd83", 0x22}, {&(0x7f0000000480)="92c8794113d179ef42460476d9b70f8462246800935f34795e1aeb9f22", 0x1d}, {&(0x7f0000000880)="fb70b4c3828979137f8e899a032064ee15287cc8803ecee7b6203553b506e26c7d9d0bf628b2580352c6639716dcf515e2c2064edfd15755838f79f931eb9c11172d52729c2254544f874aae59c290a952e0ecc77fc3a0de141c9d400d745477bab96a1e7761f848770256982aca14bb8fa9c1376b86efb6b64f5659dd789559a0efb98f0ebd2742cbae22991d78c791f3c09542a7d7d72ec89d5222fefd5a8d582e5bd519708451504bf200358d6e6e2398c9063da16015b379f2904a2b18133b487cdcae86f4a2914350da88ee170fffdd97e5e02dc39c07e2", 0xda}, {&(0x7f0000000a40)="1b0e3813e98aa526313cd7628ccf3dd14f99127dc0efc5e66a5fad6b007e372ba5aaabbaabb6d4768d026ecd632dbb36eef65f51cc27d8b0dc415eeb5af46108cd4532c6ab1226eb33835b7d71d30fbac14f6af5c434bbb263ef7297618e7a437b167596509f773bc636b36d1dc609f3d2e6f3422edc804124442e13956c5aba2777b66bd5d293b47827fd7d83064f38a223a7bab3922d7336d4397833", 0x9d}], 0x4}}, {{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000200)="db97f5edaebce00000000000000000040000060c8c0bf7e1dc340a4d4d88c11230d7876f51ec22fffbcc8f77c2d2ab36291a18ba85080899be1148aa", 0x3c}, {&(0x7f0000000f40)="e66682ccc8e0a1a6135a56905dec98880e2dd7a128", 0x15}], 0x2}}], 0x4, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 0s ago: executing program 2 (id=629): r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) ioctl$BLKGETSIZE64(r0, 0x80081272, 0x0) kernel console output (not intermixed with test programs): batadv0: Interface activated: batadv_slave_1 [ 89.290343][ T5768] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.319881][ T5768] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.334255][ T5768] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.343250][ T5768] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.362460][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.377436][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.393156][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.404819][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.418401][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.429160][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.442716][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.455509][ T5775] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.469872][ T5775] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.496422][ T5775] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.508106][ T5775] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.546272][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.562595][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.572806][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.584857][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.595798][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.606469][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.619463][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.627359][ T5083] Bluetooth: hci0: command tx timeout [ 89.676585][ T5777] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.687916][ T5777] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.699041][ T5777] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.707243][ T5083] Bluetooth: hci1: command tx timeout [ 89.711013][ T5777] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.787887][ T5083] Bluetooth: hci2: command tx timeout [ 89.867384][ T5083] Bluetooth: hci3: command tx timeout [ 89.907823][ T998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.916312][ T998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.984956][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.001819][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.050968][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.063270][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.160206][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.178184][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.202734][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.223124][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.356110][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.386538][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.392983][ T5846] syz.2.3[5846]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 90.417936][ T5846] loop2: detected capacity change from 0 to 512 [ 90.457688][ T5846] EXT4-fs: Ignoring removed nomblk_io_submit option [ 90.531775][ T5846] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 90.620376][ T5846] EXT4-fs (loop2): 1 truncate cleaned up [ 90.637751][ T5848] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2'. [ 90.658759][ T5846] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.908958][ T5857] loop1: detected capacity change from 0 to 256 [ 91.713710][ T5083] Bluetooth: hci0: command tx timeout [ 91.788248][ T5083] Bluetooth: hci1: command tx timeout [ 91.869542][ T5083] Bluetooth: hci2: command tx timeout [ 91.922098][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.947400][ T5083] Bluetooth: hci3: command tx timeout [ 92.109527][ T28] cfg80211: failed to load regulatory.db [ 92.140432][ T5866] loop2: detected capacity change from 0 to 512 [ 92.214399][ T5866] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.264959][ T5866] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.464541][ T5866] EXT4-fs (loop2): shut down requested (1) [ 92.479709][ T5877] tipc: Started in network mode [ 92.505273][ T5877] tipc: Node identity 0047a2b78a0000000000000000000001, cluster identity 4711 [ 92.516987][ T5877] tipc: Enabling of bearer rejected, failed to enable media [ 92.535390][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.622837][ T5879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21'. [ 92.665525][ T5879] netlink: 24 bytes leftover after parsing attributes in process `syz.1.21'. [ 92.726530][ T5881] loop2: detected capacity change from 0 to 1024 [ 92.737964][ T5883] loop3: detected capacity change from 0 to 164 [ 92.807697][ T5881] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.193202][ T5893] netlink: 100 bytes leftover after parsing attributes in process `syz.3.26'. [ 93.223272][ T5893] netlink: 40 bytes leftover after parsing attributes in process `syz.3.26'. [ 93.256808][ T5893] netlink: 20 bytes leftover after parsing attributes in process `syz.3.26'. [ 93.377224][ T5895] loop1: detected capacity change from 0 to 1024 [ 93.389108][ T5897] loop0: detected capacity change from 0 to 512 [ 93.405345][ T5895] EXT4-fs: Ignoring removed bh option [ 93.467196][ T5895] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.492980][ T5897] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.547146][ T5897] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.623719][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.659405][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.721837][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.059353][ T5915] loop2: detected capacity change from 0 to 512 [ 94.078894][ T5915] ======================================================= [ 94.078894][ T5915] WARNING: The mand mount option has been deprecated and [ 94.078894][ T5915] and is ignored by this kernel. Remove the mand [ 94.078894][ T5915] option from the mount to silence this warning. [ 94.078894][ T5915] ======================================================= [ 94.330719][ T5921] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 94.642716][ T5931] loop1: detected capacity change from 0 to 512 [ 94.738525][ T5931] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.772718][ T5931] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.942421][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.165288][ T5950] loop3: detected capacity change from 0 to 512 [ 95.629252][ T5967] process 'syz.0.48' launched './file0' with NULL argv: empty string added [ 95.713050][ T5967] loop0: detected capacity change from 0 to 512 [ 95.729312][ T5967] ext2: Unknown parameter 'permit_directio' [ 96.318769][ T5759] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 96.814676][ T5978] loop2: detected capacity change from 0 to 1024 [ 96.822828][ T5978] EXT4-fs: Ignoring removed orlov option [ 96.855655][ T5985] loop3: detected capacity change from 0 to 512 [ 97.001860][ T5978] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.029437][ T5985] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.083460][ T5985] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.293468][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.304358][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.909345][ T5983] loop0: detected capacity change from 0 to 131072 [ 97.970862][ T5983] F2FS-fs (loop0): Found nat_bits in checkpoint [ 98.164516][ T5996] loop1: detected capacity change from 0 to 512 [ 98.179097][ T5996] ext2: Unknown parameter 'permit_directio' [ 98.383009][ T5983] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 99.166697][ T27] audit: type=1804 audit(1777479851.511:2): pid=6003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.56" name="/newroot/14/file1/bus" dev="loop0" ino=10 res=1 errno=0 [ 99.428314][ T6004] F2FS-fs (loop0): access invalid blkaddr:0 [ 99.434708][ T6004] CPU: 1 PID: 6004 Comm: syz.0.56 Not tainted syzkaller #0 [ 99.441968][ T6004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 99.452080][ T6004] Call Trace: [ 99.455415][ T6004] [ 99.458390][ T6004] dump_stack_lvl+0x18c/0x250 [ 99.463142][ T6004] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 99.468832][ T6004] ? show_regs_print_info+0x20/0x20 [ 99.474086][ T6004] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 99.479775][ T6004] ? f2fs_is_valid_blkaddr+0xeeb/0x1580 [ 99.485377][ T6004] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 99.490818][ T6004] sanity_check_extent_cache+0xfc/0x1f0 [ 99.496423][ T6004] f2fs_iget+0x33c5/0x47e0 [ 99.500957][ T6004] f2fs_lookup+0x37f/0x780 [ 99.505435][ T6004] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 99.511552][ T6004] ? from_kgid+0x465/0x690 [ 99.516029][ T6004] ? make_vfsuid+0x51/0xb0 [ 99.520513][ T6004] ? inode_permission+0xf3/0x480 [ 99.525517][ T6004] ? bpf_lsm_inode_create+0x9/0x10 [ 99.530676][ T6004] ? security_inode_create+0xb7/0x100 [ 99.536109][ T6004] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 99.542241][ T6004] path_openat+0x10e4/0x3230 [ 99.546910][ T6004] ? do_filp_open+0x430/0x430 [ 99.551657][ T6004] do_filp_open+0x1f5/0x430 [ 99.556212][ T6004] ? vfs_tmpfile+0x490/0x490 [ 99.560852][ T6004] ? preempt_schedule_common+0x82/0xc0 [ 99.566399][ T6004] ? _raw_spin_unlock+0x3a/0x40 [ 99.571318][ T6004] ? alloc_fd+0x58f/0x630 [ 99.575713][ T6004] do_sys_openat2+0x134/0x1d0 [ 99.580458][ T6004] ? do_sys_open+0xe0/0xe0 [ 99.584924][ T6004] ? lockdep_hardirqs_on+0x98/0x150 [ 99.590180][ T6004] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 99.595870][ T6004] __x64_sys_open+0x11f/0x140 [ 99.600605][ T6004] do_syscall_64+0x55/0xa0 [ 99.605058][ T6004] ? clear_bhb_loop+0x40/0x90 [ 99.609782][ T6004] ? clear_bhb_loop+0x40/0x90 [ 99.614505][ T6004] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 99.620467][ T6004] RIP: 0033:0x7f7654b9cdd9 [ 99.624941][ T6004] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.644623][ T6004] RSP: 002b:00007f7652991028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 99.653199][ T6004] RAX: ffffffffffffffda RBX: 00007f7654e16270 RCX: 00007f7654b9cdd9 [ 99.661221][ T6004] RDX: 0000000000000002 RSI: 0000000000060840 RDI: 00002000009e1000 [ 99.669242][ T6004] RBP: 00007f7654c32d69 R08: 0000000000000000 R09: 0000000000000000 [ 99.677295][ T6004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.685317][ T6004] R13: 00007f7654e16308 R14: 00007f7654e16270 R15: 00007ffcf99288e8 [ 99.693382][ T6004] [ 99.697859][ T6004] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 99.764534][ T6005] F2FS-fs (loop0): access invalid blkaddr:0 [ 99.770846][ T6005] CPU: 1 PID: 6005 Comm: syz.0.56 Not tainted syzkaller #0 [ 99.778092][ T6005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 99.788187][ T6005] Call Trace: [ 99.791505][ T6005] [ 99.794472][ T6005] dump_stack_lvl+0x18c/0x250 [ 99.799221][ T6005] ? show_regs_print_info+0x20/0x20 [ 99.804521][ T6005] ? lock_chain_count+0x20/0x20 [ 99.809433][ T6005] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 99.815155][ T6005] ? lockdep_hardirqs_on+0x98/0x150 [ 99.820402][ T6005] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 99.825826][ T6005] sanity_check_extent_cache+0xfc/0x1f0 [ 99.831431][ T6005] f2fs_iget+0x33c5/0x47e0 [ 99.835960][ T6005] f2fs_lookup+0x37f/0x780 [ 99.840433][ T6005] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 99.846570][ T6005] ? d_hash_and_lookup+0x1b0/0x1b0 [ 99.851744][ T6005] ? __init_waitqueue_head+0xa9/0x150 [ 99.857178][ T6005] __lookup_slow+0x2a1/0x400 [ 99.861827][ T6005] ? lookup_one_len+0x2e0/0x2e0 [ 99.866742][ T6005] ? try_to_unlazy+0x34c/0x5a0 [ 99.871561][ T6005] ? down_read+0x1ac/0x2e0 [ 99.876020][ T6005] lookup_slow+0x53/0x70 [ 99.880313][ T6005] walk_component+0x2be/0x3f0 [ 99.885034][ T6005] ? path_lookupat+0x15c/0x440 [ 99.889852][ T6005] path_lookupat+0x169/0x440 [ 99.894506][ T6005] filename_lookup+0x228/0x560 [ 99.899474][ T6005] ? hashlen_string+0x110/0x110 [ 99.904408][ T6005] ? strncpy_from_user+0x197/0x2d0 [ 99.909584][ T6005] ? getname_flags+0x20a/0x500 [ 99.914410][ T6005] user_path_at_empty+0x42/0x60 [ 99.919328][ T6005] __se_sys_mount+0x2a8/0x3d0 [ 99.924057][ T6005] ? __x64_sys_mount+0xc0/0xc0 [ 99.928874][ T6005] ? lockdep_hardirqs_on+0x98/0x150 [ 99.934209][ T6005] ? __x64_sys_mount+0x20/0xc0 [ 99.939106][ T6005] do_syscall_64+0x55/0xa0 [ 99.943575][ T6005] ? clear_bhb_loop+0x40/0x90 [ 99.948316][ T6005] ? clear_bhb_loop+0x40/0x90 [ 99.953051][ T6005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 99.958997][ T6005] RIP: 0033:0x7f7654b9cdd9 [ 99.963454][ T6005] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.983101][ T6005] RSP: 002b:00007f765256e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 99.991560][ T6005] RAX: ffffffffffffffda RBX: 00007f7654e16360 RCX: 00007f7654b9cdd9 [ 99.999569][ T6005] RDX: 0000200000000040 RSI: 00002000000001c0 RDI: 0000000000000000 [ 100.007578][ T6005] RBP: 00007f7654c32d69 R08: 0000200000000080 R09: 0000000000000000 [ 100.015592][ T6005] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000 [ 100.023607][ T6005] R13: 00007f7654e163f8 R14: 00007f7654e16360 R15: 00007ffcf99288e8 [ 100.032079][ T6005] [ 100.040298][ T6005] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 100.090933][ T6004] F2FS-fs (loop0): access invalid blkaddr:0 [ 100.097010][ T6004] CPU: 1 PID: 6004 Comm: syz.0.56 Not tainted syzkaller #0 [ 100.104251][ T6004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 100.114342][ T6004] Call Trace: [ 100.117659][ T6004] [ 100.120628][ T6004] dump_stack_lvl+0x18c/0x250 [ 100.125367][ T6004] ? show_regs_print_info+0x20/0x20 [ 100.130652][ T6004] ? lock_chain_count+0x20/0x20 [ 100.135565][ T6004] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 100.141265][ T6004] ? lockdep_hardirqs_on+0x98/0x150 [ 100.146540][ T6004] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 100.151975][ T6004] sanity_check_extent_cache+0xfc/0x1f0 [ 100.157604][ T6004] f2fs_iget+0x33c5/0x47e0 [ 100.162101][ T6004] f2fs_lookup+0x37f/0x780 [ 100.166657][ T6004] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 100.172791][ T6004] ? d_hash_and_lookup+0x1b0/0x1b0 [ 100.177956][ T6004] ? __lookup_slow+0x11b/0x400 [ 100.182779][ T6004] __lookup_slow+0x2a1/0x400 [ 100.187437][ T6004] ? lookup_one_len+0x2e0/0x2e0 [ 100.192485][ T6004] ? try_to_unlazy+0x34c/0x5a0 [ 100.197349][ T6004] ? down_read+0x1ac/0x2e0 [ 100.201813][ T6004] lookup_slow+0x53/0x70 [ 100.206098][ T6004] walk_component+0x2be/0x3f0 [ 100.210821][ T6004] ? path_lookupat+0x15c/0x440 [ 100.215640][ T6004] path_lookupat+0x169/0x440 [ 100.220298][ T6004] filename_lookup+0x228/0x560 [ 100.225121][ T6004] ? hashlen_string+0x110/0x110 [ 100.230061][ T6004] ? strncpy_from_user+0x197/0x2d0 [ 100.235229][ T6004] ? getname_flags+0x20a/0x500 [ 100.240059][ T6004] user_path_at_empty+0x42/0x60 [ 100.244957][ T6004] do_fchmodat+0xde/0x1e0 [ 100.249337][ T6004] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 100.255020][ T6004] ? do_faccessat+0xd00/0xd00 [ 100.259755][ T6004] __x64_sys_chmod+0x62/0x70 [ 100.264390][ T6004] do_syscall_64+0x55/0xa0 [ 100.268846][ T6004] ? clear_bhb_loop+0x40/0x90 [ 100.273568][ T6004] ? clear_bhb_loop+0x40/0x90 [ 100.276648][ C0] sched: RT throttling activated [ 100.283254][ T6004] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 100.289242][ T6004] RIP: 0033:0x7f7654b9cdd9 [ 100.293717][ T6004] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 100.313549][ T6004] RSP: 002b:00007f7652991028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 100.322000][ T6004] RAX: ffffffffffffffda RBX: 00007f7654e16270 RCX: 00007f7654b9cdd9 [ 100.330024][ T6004] RDX: 0000000000000000 RSI: 00000000000003dc RDI: 0000200000000100 [ 100.338027][ T6004] RBP: 00007f7654c32d69 R08: 0000000000000000 R09: 0000000000000000 [ 100.346127][ T6004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.354130][ T6004] R13: 00007f7654e16308 R14: 00007f7654e16270 R15: 00007ffcf99288e8 [ 100.362147][ T6004] [ 100.367771][ T6004] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 100.546147][ T6005] F2FS-fs (loop0): access invalid blkaddr:0 [ 100.552520][ T6005] CPU: 1 PID: 6005 Comm: syz.0.56 Not tainted syzkaller #0 [ 100.559769][ T6005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 100.569861][ T6005] Call Trace: [ 100.573194][ T6005] [ 100.576159][ T6005] dump_stack_lvl+0x18c/0x250 [ 100.580915][ T6005] ? show_regs_print_info+0x20/0x20 [ 100.586182][ T6005] ? lock_chain_count+0x20/0x20 [ 100.591105][ T6005] ? lockdep_hardirqs_on+0x98/0x150 [ 100.596384][ T6005] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 100.601830][ T6005] sanity_check_extent_cache+0xfc/0x1f0 [ 100.607444][ T6005] f2fs_iget+0x33c5/0x47e0 [ 100.611944][ T6005] f2fs_lookup+0x37f/0x780 [ 100.616419][ T6005] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 100.622566][ T6005] ? d_hash_and_lookup+0x1b0/0x1b0 [ 100.627738][ T6005] ? __init_waitqueue_head+0xa9/0x150 [ 100.633170][ T6005] __lookup_slow+0x2a1/0x400 [ 100.637819][ T6005] ? lookup_one_len+0x2e0/0x2e0 [ 100.642737][ T6005] ? try_to_unlazy+0x34c/0x5a0 [ 100.647557][ T6005] ? down_read+0x1ac/0x2e0 [ 100.652032][ T6005] lookup_slow+0x53/0x70 [ 100.656328][ T6005] walk_component+0x2be/0x3f0 [ 100.661063][ T6005] ? path_lookupat+0x15c/0x440 [ 100.665884][ T6005] path_lookupat+0x169/0x440 [ 100.670675][ T6005] filename_lookup+0x228/0x560 [ 100.675578][ T6005] ? hashlen_string+0x110/0x110 [ 100.680539][ T6005] ? strncpy_from_user+0x197/0x2d0 [ 100.685708][ T6005] ? getname_flags+0x20a/0x500 [ 100.690535][ T6005] user_path_at_empty+0x42/0x60 [ 100.695432][ T6005] do_fchmodat+0xde/0x1e0 [ 100.699813][ T6005] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 100.705507][ T6005] ? do_faccessat+0xd00/0xd00 [ 100.710244][ T6005] __x64_sys_chmod+0x62/0x70 [ 100.714881][ T6005] do_syscall_64+0x55/0xa0 [ 100.719341][ T6005] ? clear_bhb_loop+0x40/0x90 [ 100.724066][ T6005] ? clear_bhb_loop+0x40/0x90 [ 100.728799][ T6005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 100.734737][ T6005] RIP: 0033:0x7f7654b9cdd9 [ 100.739196][ T6005] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 100.759113][ T6005] RSP: 002b:00007f765256e028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 100.767585][ T6005] RAX: ffffffffffffffda RBX: 00007f7654e16360 RCX: 00007f7654b9cdd9 [ 100.775595][ T6005] RDX: 0000000000000000 RSI: 0000000000000050 RDI: 0000200000000000 [ 100.783615][ T6005] RBP: 00007f7654c32d69 R08: 0000000000000000 R09: 0000000000000000 [ 100.791649][ T6005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.799653][ T6005] R13: 00007f7654e163f8 R14: 00007f7654e16360 R15: 00007ffcf99288e8 [ 100.807777][ T6005] [ 100.812051][ T6005] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 101.116943][ T28] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 102.107701][ T28] usb 1-1: string descriptor 0 read error: -71 [ 102.110423][ T28] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 102.110460][ T28] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.165104][ T28] usb 1-1: can't set config #1, error -71 [ 102.209087][ T28] usb 1-1: USB disconnect, device number 2 [ 103.371130][ T6025] usb usb7: usbfs: process 6025 (syz.2.64) did not claim interface 16 before use [ 103.385691][ T6027] loop1: detected capacity change from 0 to 128 [ 103.434721][ T6029] tipc: Enabling of bearer rejected, failed to enable media [ 103.493692][ T27] audit: type=1800 audit(1777479855.891:3): pid=6027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.65" name="file2" dev="loop1" ino=1048596 res=0 errno=0 [ 103.644279][ T6036] loop2: detected capacity change from 0 to 512 [ 103.864188][ T6036] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.884758][ T6036] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.993702][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.316759][ T6051] program syz.3.69 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 104.936916][ T8] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 105.128755][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 105.144833][ T8] usb 4-1: unable to get BOS descriptor or descriptor too short [ 105.164405][ T8] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 105.175748][ T8] usb 4-1: can't read configurations, error -71 [ 105.186097][ T6072] tipc: Enabling of bearer rejected, failed to enable media [ 105.570597][ T6086] loop1: detected capacity change from 0 to 128 [ 105.606468][ T27] audit: type=1800 audit(1777479857.009:4): pid=6086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.79" name="file2" dev="loop1" ino=1048597 res=0 errno=0 [ 106.476851][ T6108] tipc: Enabling of bearer rejected, failed to enable media [ 107.302704][ T6134] loop1: detected capacity change from 0 to 512 [ 107.317700][ T6134] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 107.330939][ T6134] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 107.377784][ T6134] EXT4-fs (loop1): 1 truncate cleaned up [ 107.384807][ T6134] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.745804][ T6144] loop0: detected capacity change from 0 to 512 [ 107.800707][ T6144] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 107.856565][ T6144] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.906835][ T6144] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.965634][ T6147] syzkaller0: entered promiscuous mode [ 107.971262][ T6147] syzkaller0: entered allmulticast mode [ 108.075673][ T6152] loop2: detected capacity change from 0 to 128 [ 108.137640][ T27] audit: type=1800 audit(1777479859.539:5): pid=6152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.97" name="file2" dev="loop2" ino=1048598 res=0 errno=0 [ 108.165679][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.702874][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.197364][ T6163] tipc: Enabling of bearer rejected, failed to enable media [ 110.903461][ T6188] netlink: 'syz.3.106': attribute type 2 has an invalid length. [ 110.911559][ T6188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.106'. [ 111.084666][ T6194] loop3: detected capacity change from 0 to 512 [ 111.368351][ T6201] loop2: detected capacity change from 0 to 128 [ 112.182663][ T27] audit: type=1800 audit(1777479863.419:6): pid=6201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.111" name="file2" dev="loop2" ino=1048599 res=0 errno=0 [ 112.537507][ T6212] tipc: Enabling of bearer rejected, failed to enable media [ 112.557354][ T6216] loop3: detected capacity change from 0 to 512 [ 112.665051][ T6216] Quota error (device loop3): do_check_range: Getting dqdh_next_free 256 out of range 0-7 [ 112.677854][ T6216] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 112.703932][ T6223] loop2: detected capacity change from 0 to 512 [ 112.753916][ T6216] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.113: Failed to acquire dquot type 1 [ 112.783076][ T6229] sctp: [Deprecated]: syz.1.117 (pid 6229) Use of int in maxseg socket option. [ 112.783076][ T6229] Use struct sctp_assoc_value instead [ 112.854816][ T6223] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.886876][ T6223] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.956148][ T6216] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #16: comm syz.3.113: corrupted inode contents [ 113.012454][ T6216] EXT4-fs error (device loop3): ext4_dirty_inode:6143: inode #16: comm syz.3.113: mark_inode_dirty error [ 113.092641][ T6216] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #16: comm syz.3.113: corrupted inode contents [ 113.127671][ T6216] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.113: mark_inode_dirty error [ 113.143364][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.151724][ T6216] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #16: comm syz.3.113: corrupted inode contents [ 113.172532][ T6216] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 113.182545][ T6216] EXT4-fs error (device loop3): ext4_do_update_inode:5255: inode #16: comm syz.3.113: corrupted inode contents [ 113.250665][ T6216] EXT4-fs error (device loop3): ext4_truncate:4301: inode #16: comm syz.3.113: mark_inode_dirty error [ 113.268401][ T6216] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 113.299977][ T6216] EXT4-fs (loop3): 1 truncate cleaned up [ 113.307796][ T6216] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.320611][ T6216] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.591161][ T6216] xt_hashlimit: size too large, truncated to 1048576 [ 113.942130][ T6246] loop0: detected capacity change from 0 to 512 [ 114.085256][ T5763] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 114.160033][ T6251] netlink: 20 bytes leftover after parsing attributes in process `syz.1.123'. [ 114.439593][ T6254] loop1: detected capacity change from 0 to 128 [ 114.766335][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.848974][ T27] audit: type=1800 audit(1777479866.259:7): pid=6254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.124" name="file2" dev="loop1" ino=1048600 res=0 errno=0 [ 115.454679][ T6262] tipc: Enabling of bearer rejected, failed to enable media [ 116.233238][ T6295] loop0: detected capacity change from 0 to 128 [ 116.259317][ T6291] loop1: detected capacity change from 0 to 512 [ 116.276125][ T27] audit: type=1800 audit(1777479867.679:8): pid=6295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.137" name="file2" dev="loop0" ino=1048601 res=0 errno=0 [ 117.513557][ T6303] loop1: detected capacity change from 0 to 256 [ 117.761229][ T6311] loop1: detected capacity change from 0 to 512 [ 117.790679][ T6311] EXT4-fs: Ignoring removed mblk_io_submit option [ 117.833035][ T6311] EXT4-fs error (device loop1): ext4_orphan_get:1404: inode #15: comm syz.1.142: inode has both inline data and extents flags [ 117.849133][ T6311] EXT4-fs error (device loop1): ext4_orphan_get:1409: comm syz.1.142: couldn't read orphan inode 15 (err -117) [ 117.864971][ T6313] tipc: Enabling of bearer rejected, failed to enable media [ 117.892474][ T6311] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.068490][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.916551][ T6334] loop3: detected capacity change from 0 to 512 [ 119.376106][ T5763] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 119.465054][ T6327] loop1: detected capacity change from 0 to 131072 [ 119.583294][ T6327] F2FS-fs (loop1): Found nat_bits in checkpoint [ 119.644486][ T6327] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 121.815742][ T6348] F2FS-fs (loop1): access invalid blkaddr:0 [ 121.821929][ T6348] CPU: 1 PID: 6348 Comm: syz.1.144 Not tainted syzkaller #0 [ 121.829354][ T6348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 121.839456][ T6348] Call Trace: [ 121.842771][ T6348] [ 121.845747][ T6348] dump_stack_lvl+0x18c/0x250 [ 121.850520][ T6348] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 121.856228][ T6348] ? show_regs_print_info+0x20/0x20 [ 121.861508][ T6348] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 121.867226][ T6348] ? f2fs_is_valid_blkaddr+0xeeb/0x1580 [ 121.872844][ T6348] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 121.878279][ T6348] sanity_check_extent_cache+0xfc/0x1f0 [ 121.883921][ T6348] f2fs_iget+0x33c5/0x47e0 [ 121.888454][ T6348] f2fs_lookup+0x37f/0x780 [ 121.892932][ T6348] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 121.899066][ T6348] ? lockdep_hardirqs_on+0x98/0x150 [ 121.904310][ T6348] ? make_vfsuid+0x51/0xb0 [ 121.908785][ T6348] ? inode_permission+0xf3/0x480 [ 121.913779][ T6348] ? bpf_lsm_inode_create+0x9/0x10 [ 121.918936][ T6348] ? security_inode_create+0xb7/0x100 [ 121.924358][ T6348] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 121.930489][ T6348] path_openat+0x10e4/0x3230 [ 121.935167][ T6348] ? do_filp_open+0x430/0x430 [ 121.939913][ T6348] do_filp_open+0x1f5/0x430 [ 121.944474][ T6348] ? vfs_tmpfile+0x490/0x490 [ 121.949107][ T6348] ? preempt_schedule_common+0x82/0xc0 [ 121.954652][ T6348] ? _raw_spin_unlock+0x3a/0x40 [ 121.959559][ T6348] ? alloc_fd+0x58f/0x630 [ 121.963955][ T6348] do_sys_openat2+0x134/0x1d0 [ 121.968685][ T6348] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 121.974363][ T6348] ? do_sys_open+0xe0/0xe0 [ 121.978839][ T6348] __x64_sys_open+0x11f/0x140 [ 121.983564][ T6348] do_syscall_64+0x55/0xa0 [ 121.988058][ T6348] ? clear_bhb_loop+0x40/0x90 [ 121.992788][ T6348] ? clear_bhb_loop+0x40/0x90 [ 121.997519][ T6348] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 122.003457][ T6348] RIP: 0033:0x7fc74a39cdd9 [ 122.007928][ T6348] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.027589][ T6348] RSP: 002b:00007fc74b2a9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 122.036083][ T6348] RAX: ffffffffffffffda RBX: 00007fc74a616360 RCX: 00007fc74a39cdd9 [ 122.044102][ T6348] RDX: 0000000000000002 RSI: 0000000000060840 RDI: 00002000009e1000 [ 122.052115][ T6348] RBP: 00007fc74a432d69 R08: 0000000000000000 R09: 0000000000000000 [ 122.060125][ T6348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.068133][ T6348] R13: 00007fc74a6163f8 R14: 00007fc74a616360 R15: 00007ffd0f0f0878 [ 122.076175][ T6348] [ 122.080474][ T6348] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 122.135568][ T6346] F2FS-fs (loop1): access invalid blkaddr:0 [ 122.141760][ T6346] CPU: 1 PID: 6346 Comm: syz.1.144 Not tainted syzkaller #0 [ 122.149086][ T6346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 122.159274][ T6346] Call Trace: [ 122.162597][ T6346] [ 122.165578][ T6346] dump_stack_lvl+0x18c/0x250 [ 122.170326][ T6346] ? show_regs_print_info+0x20/0x20 [ 122.175599][ T6346] ? lock_chain_count+0x20/0x20 [ 122.180540][ T6346] ? lockdep_hardirqs_on+0x98/0x150 [ 122.185828][ T6346] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 122.191277][ T6346] sanity_check_extent_cache+0xfc/0x1f0 [ 122.196909][ T6346] f2fs_iget+0x33c5/0x47e0 [ 122.201506][ T6346] f2fs_lookup+0x37f/0x780 [ 122.205980][ T6346] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 122.212113][ T6346] ? d_hash_and_lookup+0x1b0/0x1b0 [ 122.217294][ T6346] ? __init_waitqueue_head+0xa9/0x150 [ 122.222746][ T6346] __lookup_slow+0x2a1/0x400 [ 122.227396][ T6346] ? lookup_one_len+0x2e0/0x2e0 [ 122.232312][ T6346] ? try_to_unlazy+0x34c/0x5a0 [ 122.237190][ T6346] ? down_read+0x1ac/0x2e0 [ 122.241651][ T6346] lookup_slow+0x53/0x70 [ 122.245934][ T6346] walk_component+0x2be/0x3f0 [ 122.250657][ T6346] ? path_lookupat+0x15c/0x440 [ 122.255498][ T6346] path_lookupat+0x169/0x440 [ 122.260156][ T6346] filename_lookup+0x228/0x560 [ 122.264979][ T6346] ? hashlen_string+0x110/0x110 [ 122.269914][ T6346] ? strncpy_from_user+0x197/0x2d0 [ 122.275102][ T6346] ? getname_flags+0x20a/0x500 [ 122.279926][ T6346] user_path_at_empty+0x42/0x60 [ 122.284846][ T6346] __se_sys_mount+0x2a8/0x3d0 [ 122.289586][ T6346] ? __x64_sys_mount+0xc0/0xc0 [ 122.294400][ T6346] ? __x64_sys_mount+0x20/0xc0 [ 122.299238][ T6346] do_syscall_64+0x55/0xa0 [ 122.303694][ T6346] ? clear_bhb_loop+0x40/0x90 [ 122.308414][ T6346] ? clear_bhb_loop+0x40/0x90 [ 122.313154][ T6346] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 122.319117][ T6346] RIP: 0033:0x7fc74a39cdd9 [ 122.323602][ T6346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.343280][ T6346] RSP: 002b:00007fc74b2eb028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 122.352080][ T6346] RAX: ffffffffffffffda RBX: 00007fc74a616180 RCX: 00007fc74a39cdd9 [ 122.360782][ T6346] RDX: 0000200000000040 RSI: 00002000000001c0 RDI: 0000000000000000 [ 122.368776][ T6346] RBP: 00007fc74a432d69 R08: 0000200000000080 R09: 0000000000000000 [ 122.376771][ T6346] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000 [ 122.384783][ T6346] R13: 00007fc74a616218 R14: 00007fc74a616180 R15: 00007ffd0f0f0878 [ 122.392797][ T6346] [ 122.397958][ T6346] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 122.437430][ T6347] F2FS-fs (loop1): access invalid blkaddr:0 [ 122.443449][ T6347] CPU: 1 PID: 6347 Comm: syz.1.144 Not tainted syzkaller #0 [ 122.450799][ T6347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 122.460935][ T6347] Call Trace: [ 122.464268][ T6347] [ 122.467248][ T6347] dump_stack_lvl+0x18c/0x250 [ 122.471991][ T6347] ? show_regs_print_info+0x20/0x20 [ 122.477247][ T6347] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 122.482936][ T6347] ? f2fs_is_valid_blkaddr+0x6d8/0x1580 [ 122.488562][ T6347] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 122.493998][ T6347] sanity_check_extent_cache+0xfc/0x1f0 [ 122.499603][ T6347] f2fs_iget+0x33c5/0x47e0 [ 122.504097][ T6347] f2fs_lookup+0x37f/0x780 [ 122.508559][ T6347] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 122.514678][ T6347] ? d_hash_and_lookup+0x1b0/0x1b0 [ 122.519933][ T6347] ? __init_waitqueue_head+0xa9/0x150 [ 122.525363][ T6347] __lookup_slow+0x2a1/0x400 [ 122.530013][ T6347] ? lookup_one_len+0x2e0/0x2e0 [ 122.534928][ T6347] ? try_to_unlazy+0x34c/0x5a0 [ 122.539744][ T6347] ? down_read+0x1ac/0x2e0 [ 122.544209][ T6347] lookup_slow+0x53/0x70 [ 122.548492][ T6347] walk_component+0x2be/0x3f0 [ 122.553237][ T6347] ? path_lookupat+0x15c/0x440 [ 122.558078][ T6347] path_lookupat+0x169/0x440 [ 122.562742][ T6347] filename_lookup+0x228/0x560 [ 122.567570][ T6347] ? hashlen_string+0x110/0x110 [ 122.572524][ T6347] ? strncpy_from_user+0x197/0x2d0 [ 122.577737][ T6347] ? getname_flags+0x20a/0x500 [ 122.582558][ T6347] user_path_at_empty+0x42/0x60 [ 122.587454][ T6347] do_fchmodat+0xde/0x1e0 [ 122.591835][ T6347] ? do_faccessat+0xd00/0xd00 [ 122.596573][ T6347] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 122.602634][ T6347] ? syscall_enter_from_user_mode+0x25/0x80 [ 122.608590][ T6347] __x64_sys_chmod+0x62/0x70 [ 122.613225][ T6347] do_syscall_64+0x55/0xa0 [ 122.617690][ T6347] ? clear_bhb_loop+0x40/0x90 [ 122.622412][ T6347] ? clear_bhb_loop+0x40/0x90 [ 122.627175][ T6347] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 122.633137][ T6347] RIP: 0033:0x7fc74a39cdd9 [ 122.637680][ T6347] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.657352][ T6347] RSP: 002b:00007fc74b2ca028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 122.665909][ T6347] RAX: ffffffffffffffda RBX: 00007fc74a616270 RCX: 00007fc74a39cdd9 [ 122.673931][ T6347] RDX: 0000000000000000 RSI: 00000000000003dc RDI: 0000200000000100 [ 122.681943][ T6347] RBP: 00007fc74a432d69 R08: 0000000000000000 R09: 0000000000000000 [ 122.689954][ T6347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.698048][ T6347] R13: 00007fc74a616308 R14: 00007fc74a616270 R15: 00007ffd0f0f0878 [ 122.706075][ T6347] [ 122.710806][ T6347] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 122.796854][ T27] audit: type=1804 audit(1777479873.149:9): pid=6347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.144" name="/newroot/39/file1/bus" dev="loop1" ino=10 res=1 errno=0 [ 123.034164][ T6346] F2FS-fs (loop1): access invalid blkaddr:0 [ 123.040323][ T6346] CPU: 1 PID: 6346 Comm: syz.1.144 Not tainted syzkaller #0 [ 123.047657][ T6346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 123.057749][ T6346] Call Trace: [ 123.061092][ T6346] [ 123.064065][ T6346] dump_stack_lvl+0x18c/0x250 [ 123.068814][ T6346] ? show_regs_print_info+0x20/0x20 [ 123.074070][ T6346] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 123.079764][ T6346] ? f2fs_is_valid_blkaddr+0x660/0x1580 [ 123.085379][ T6346] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 123.090822][ T6346] sanity_check_extent_cache+0xfc/0x1f0 [ 123.096467][ T6346] f2fs_iget+0x33c5/0x47e0 [ 123.101140][ T6346] f2fs_lookup+0x37f/0x780 [ 123.105626][ T6346] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 123.111762][ T6346] ? d_hash_and_lookup+0x1b0/0x1b0 [ 123.116947][ T6346] ? __init_waitqueue_head+0xa9/0x150 [ 123.122368][ T6346] __lookup_slow+0x2a1/0x400 [ 123.127033][ T6346] ? lookup_one_len+0x2e0/0x2e0 [ 123.131947][ T6346] ? try_to_unlazy+0x34c/0x5a0 [ 123.136762][ T6346] ? down_read+0x1ac/0x2e0 [ 123.141228][ T6346] lookup_slow+0x53/0x70 [ 123.145511][ T6346] walk_component+0x2be/0x3f0 [ 123.150341][ T6346] ? path_lookupat+0x15c/0x440 [ 123.155171][ T6346] path_lookupat+0x169/0x440 [ 123.159844][ T6346] filename_lookup+0x228/0x560 [ 123.164666][ T6346] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 123.170351][ T6346] ? hashlen_string+0x110/0x110 [ 123.175282][ T6346] ? strncpy_from_user+0x197/0x2d0 [ 123.180468][ T6346] ? getname_flags+0x20a/0x500 [ 123.185296][ T6346] user_path_at_empty+0x42/0x60 [ 123.190215][ T6346] do_fchmodat+0xde/0x1e0 [ 123.194599][ T6346] ? do_faccessat+0xd00/0xd00 [ 123.199330][ T6346] ? __secure_computing+0x43/0x2f0 [ 123.204506][ T6346] __x64_sys_chmod+0x62/0x70 [ 123.209143][ T6346] do_syscall_64+0x55/0xa0 [ 123.213599][ T6346] ? clear_bhb_loop+0x40/0x90 [ 123.218325][ T6346] ? clear_bhb_loop+0x40/0x90 [ 123.223053][ T6346] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 123.228999][ T6346] RIP: 0033:0x7fc74a39cdd9 [ 123.233457][ T6346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 123.253101][ T6346] RSP: 002b:00007fc74b2eb028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 123.261597][ T6346] RAX: ffffffffffffffda RBX: 00007fc74a616180 RCX: 00007fc74a39cdd9 [ 123.269628][ T6346] RDX: 0000000000000000 RSI: 0000000000000050 RDI: 0000200000000000 [ 123.277645][ T6346] RBP: 00007fc74a432d69 R08: 0000000000000000 R09: 0000000000000000 [ 123.285670][ T6346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.293712][ T6346] R13: 00007fc74a616218 R14: 00007fc74a616180 R15: 00007ffd0f0f0878 [ 123.301762][ T6346] [ 123.306508][ T6346] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 123.488014][ T5758] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 124.500714][ T6363] tipc: Started in network mode [ 124.536842][ T6363] tipc: Node identity c2f8956d70ca, cluster identity 4711 [ 124.549698][ T6363] tipc: Enabled bearer , priority 0 [ 124.642780][ T6363] tipc: Resetting bearer [ 124.777695][ T6362] tipc: Disabling bearer [ 124.984837][ T6377] loop0: detected capacity change from 0 to 512 [ 126.471170][ T6383] loop2: detected capacity change from 0 to 131072 [ 126.814469][ T6383] F2FS-fs (loop2): Found nat_bits in checkpoint [ 126.877058][ T6383] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 127.427531][ T27] audit: type=1804 audit(1777479878.819:10): pid=6394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.161" name="/newroot/41/file1/bus" dev="loop2" ino=10 res=1 errno=0 [ 127.560813][ T6394] F2FS-fs (loop2): access invalid blkaddr:0 [ 127.567110][ T6394] CPU: 1 PID: 6394 Comm: syz.2.161 Not tainted syzkaller #0 [ 127.574446][ T6394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 127.584548][ T6394] Call Trace: [ 127.587864][ T6394] [ 127.590872][ T6394] dump_stack_lvl+0x18c/0x250 [ 127.595627][ T6394] ? show_regs_print_info+0x20/0x20 [ 127.600926][ T6394] ? __up_read+0x2b6/0x6b0 [ 127.605393][ T6394] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 127.610846][ T6394] sanity_check_extent_cache+0xfc/0x1f0 [ 127.616462][ T6394] f2fs_iget+0x33c5/0x47e0 [ 127.620972][ T6394] f2fs_lookup+0x37f/0x780 [ 127.625437][ T6394] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 127.631553][ T6394] ? make_vfsuid+0x8/0xb0 [ 127.635932][ T6394] ? make_vfsuid+0x51/0xb0 [ 127.640421][ T6394] ? inode_permission+0xf3/0x480 [ 127.645420][ T6394] ? bpf_lsm_inode_create+0x9/0x10 [ 127.650586][ T6394] ? security_inode_create+0xb7/0x100 [ 127.656094][ T6394] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 127.662218][ T6394] path_openat+0x10e4/0x3230 [ 127.666895][ T6394] ? do_filp_open+0x430/0x430 [ 127.671621][ T6394] do_filp_open+0x1f5/0x430 [ 127.676171][ T6394] ? vfs_tmpfile+0x490/0x490 [ 127.680892][ T6394] ? preempt_schedule_common+0x82/0xc0 [ 127.686597][ T6394] ? _raw_spin_unlock+0x3a/0x40 [ 127.691506][ T6394] ? alloc_fd+0x58f/0x630 [ 127.695895][ T6394] do_sys_openat2+0x134/0x1d0 [ 127.700626][ T6394] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 127.706304][ T6394] ? do_sys_open+0xe0/0xe0 [ 127.710781][ T6394] __x64_sys_open+0x11f/0x140 [ 127.715522][ T6394] do_syscall_64+0x55/0xa0 [ 127.720166][ T6394] ? clear_bhb_loop+0x40/0x90 [ 127.724887][ T6394] ? clear_bhb_loop+0x40/0x90 [ 127.729616][ T6394] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 127.735560][ T6394] RIP: 0033:0x7f665a39cdd9 [ 127.740210][ T6394] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 127.759859][ T6394] RSP: 002b:00007f665b1bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 127.768339][ T6394] RAX: ffffffffffffffda RBX: 00007f665a616270 RCX: 00007f665a39cdd9 [ 127.776350][ T6394] RDX: 0000000000000002 RSI: 0000000000060840 RDI: 00002000009e1000 [ 127.784374][ T6394] RBP: 00007f665a432d69 R08: 0000000000000000 R09: 0000000000000000 [ 127.792410][ T6394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.800419][ T6394] R13: 00007f665a616308 R14: 00007f665a616270 R15: 00007fffed87f768 [ 127.808445][ T6394] [ 127.812673][ T6394] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 127.862368][ T6393] F2FS-fs (loop2): access invalid blkaddr:0 [ 127.868576][ T6393] CPU: 1 PID: 6393 Comm: syz.2.161 Not tainted syzkaller #0 [ 127.875907][ T6393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 127.886008][ T6393] Call Trace: [ 127.889325][ T6393] [ 127.892299][ T6393] dump_stack_lvl+0x18c/0x250 [ 127.897055][ T6393] ? show_regs_print_info+0x20/0x20 [ 127.902320][ T6393] ? __up_read+0x2b6/0x6b0 [ 127.906781][ T6393] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 127.912227][ T6393] sanity_check_extent_cache+0xfc/0x1f0 [ 127.917826][ T6393] f2fs_iget+0x33c5/0x47e0 [ 127.922313][ T6393] f2fs_lookup+0x37f/0x780 [ 127.926788][ T6393] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 127.932901][ T6393] ? d_hash_and_lookup+0x1b0/0x1b0 [ 127.938074][ T6393] ? __init_waitqueue_head+0xa9/0x150 [ 127.943499][ T6393] __lookup_slow+0x2a1/0x400 [ 127.948146][ T6393] ? lookup_one_len+0x2e0/0x2e0 [ 127.953052][ T6393] ? try_to_unlazy+0x34c/0x5a0 [ 127.957871][ T6393] ? down_read+0x1ac/0x2e0 [ 127.962327][ T6393] lookup_slow+0x53/0x70 [ 127.966608][ T6393] walk_component+0x2be/0x3f0 [ 127.971414][ T6393] ? path_lookupat+0x15c/0x440 [ 127.976336][ T6393] path_lookupat+0x169/0x440 [ 127.980992][ T6393] filename_lookup+0x228/0x560 [ 127.985811][ T6393] ? hashlen_string+0x110/0x110 [ 127.990726][ T6393] ? lockdep_hardirqs_on+0x98/0x150 [ 127.996013][ T6393] ? strncpy_from_user+0x197/0x2d0 [ 128.001176][ T6393] ? getname_flags+0x20a/0x500 [ 128.005993][ T6393] user_path_at_empty+0x42/0x60 [ 128.010890][ T6393] __se_sys_mount+0x2a8/0x3d0 [ 128.015630][ T6393] ? __x64_sys_mount+0xc0/0xc0 [ 128.020444][ T6393] ? __x64_sys_mount+0x20/0xc0 [ 128.025251][ T6393] do_syscall_64+0x55/0xa0 [ 128.029704][ T6393] ? clear_bhb_loop+0x40/0x90 [ 128.034426][ T6393] ? clear_bhb_loop+0x40/0x90 [ 128.039153][ T6393] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 128.045095][ T6393] RIP: 0033:0x7f665a39cdd9 [ 128.049553][ T6393] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.069196][ T6393] RSP: 002b:00007f665b1e0028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 128.077673][ T6393] RAX: ffffffffffffffda RBX: 00007f665a616180 RCX: 00007f665a39cdd9 [ 128.085772][ T6393] RDX: 0000200000000040 RSI: 00002000000001c0 RDI: 0000000000000000 [ 128.093791][ T6393] RBP: 00007f665a432d69 R08: 0000200000000080 R09: 0000000000000000 [ 128.101924][ T6393] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000 [ 128.109941][ T6393] R13: 00007f665a616218 R14: 00007f665a616180 R15: 00007fffed87f768 [ 128.118055][ T6393] [ 128.122882][ T6393] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 128.289761][ T6393] F2FS-fs (loop2): access invalid blkaddr:0 [ 128.296929][ T6393] CPU: 1 PID: 6393 Comm: syz.2.161 Not tainted syzkaller #0 [ 128.304285][ T6393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 128.314374][ T6393] Call Trace: [ 128.317697][ T6393] [ 128.320665][ T6393] dump_stack_lvl+0x18c/0x250 [ 128.325409][ T6393] ? show_regs_print_info+0x20/0x20 [ 128.330678][ T6393] ? __up_read+0x2b6/0x6b0 [ 128.335261][ T6393] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 128.340700][ T6393] sanity_check_extent_cache+0xfc/0x1f0 [ 128.346309][ T6393] f2fs_iget+0x33c5/0x47e0 [ 128.350809][ T6393] f2fs_lookup+0x37f/0x780 [ 128.355294][ T6393] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 128.361413][ T6393] ? d_hash_and_lookup+0x1b0/0x1b0 [ 128.367037][ T6393] ? __init_waitqueue_head+0xa9/0x150 [ 128.372476][ T6393] __lookup_slow+0x2a1/0x400 [ 128.377126][ T6393] ? lookup_one_len+0x2e0/0x2e0 [ 128.382036][ T6393] ? try_to_unlazy+0x34c/0x5a0 [ 128.386853][ T6393] ? down_read+0x1ac/0x2e0 [ 128.391316][ T6393] lookup_slow+0x53/0x70 [ 128.395610][ T6393] walk_component+0x2be/0x3f0 [ 128.400389][ T6393] ? path_lookupat+0x15c/0x440 [ 128.405218][ T6393] path_lookupat+0x169/0x440 [ 128.409876][ T6393] filename_lookup+0x228/0x560 [ 128.414713][ T6393] ? hashlen_string+0x110/0x110 [ 128.419647][ T6393] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 128.425354][ T6393] user_path_at_empty+0x42/0x60 [ 128.430269][ T6393] do_fchmodat+0xde/0x1e0 [ 128.434679][ T6393] ? do_faccessat+0xd00/0xd00 [ 128.439438][ T6393] __x64_sys_chmod+0x62/0x70 [ 128.444079][ T6393] do_syscall_64+0x55/0xa0 [ 128.448531][ T6393] ? clear_bhb_loop+0x40/0x90 [ 128.453269][ T6393] ? clear_bhb_loop+0x40/0x90 [ 128.458007][ T6393] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 128.463949][ T6393] RIP: 0033:0x7f665a39cdd9 [ 128.468411][ T6393] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.488056][ T6393] RSP: 002b:00007f665b1e0028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 128.496528][ T6393] RAX: ffffffffffffffda RBX: 00007f665a616180 RCX: 00007f665a39cdd9 [ 128.504722][ T6393] RDX: 0000000000000000 RSI: 00000000000003dc RDI: 0000200000000100 [ 128.512736][ T6393] RBP: 00007f665a432d69 R08: 0000000000000000 R09: 0000000000000000 [ 128.520738][ T6393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.528824][ T6393] R13: 00007f665a616218 R14: 00007f665a616180 R15: 00007fffed87f768 [ 128.536865][ T6393] [ 128.541503][ T6393] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 128.571267][ T6394] F2FS-fs (loop2): access invalid blkaddr:0 [ 128.577354][ T6394] CPU: 1 PID: 6394 Comm: syz.2.161 Not tainted syzkaller #0 [ 128.584676][ T6394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 128.594763][ T6394] Call Trace: [ 128.598084][ T6394] [ 128.601061][ T6394] dump_stack_lvl+0x18c/0x250 [ 128.605898][ T6394] ? show_regs_print_info+0x20/0x20 [ 128.611184][ T6394] ? lock_chain_count+0x20/0x20 [ 128.616101][ T6394] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 128.621918][ T6394] ? lockdep_hardirqs_on+0x98/0x150 [ 128.627186][ T6394] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 128.632628][ T6394] sanity_check_extent_cache+0xfc/0x1f0 [ 128.638245][ T6394] f2fs_iget+0x33c5/0x47e0 [ 128.642750][ T6394] f2fs_lookup+0x37f/0x780 [ 128.647217][ T6394] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 128.653344][ T6394] ? d_hash_and_lookup+0x1b0/0x1b0 [ 128.658520][ T6394] ? __init_waitqueue_head+0xa9/0x150 [ 128.663951][ T6394] __lookup_slow+0x2a1/0x400 [ 128.668596][ T6394] ? lookup_one_len+0x2e0/0x2e0 [ 128.673510][ T6394] ? try_to_unlazy+0x34c/0x5a0 [ 128.678319][ T6394] ? down_read+0x1ac/0x2e0 [ 128.682780][ T6394] lookup_slow+0x53/0x70 [ 128.687064][ T6394] walk_component+0x2be/0x3f0 [ 128.691787][ T6394] ? path_lookupat+0x15c/0x440 [ 128.696605][ T6394] path_lookupat+0x169/0x440 [ 128.701259][ T6394] filename_lookup+0x228/0x560 [ 128.706183][ T6394] ? hashlen_string+0x110/0x110 [ 128.711105][ T6394] ? strncpy_from_user+0x197/0x2d0 [ 128.716267][ T6394] ? getname_flags+0x20a/0x500 [ 128.721119][ T6394] user_path_at_empty+0x42/0x60 [ 128.726012][ T6394] do_fchmodat+0xde/0x1e0 [ 128.730396][ T6394] ? do_faccessat+0xd00/0xd00 [ 128.735131][ T6394] __x64_sys_chmod+0x62/0x70 [ 128.739782][ T6394] do_syscall_64+0x55/0xa0 [ 128.744266][ T6394] ? clear_bhb_loop+0x40/0x90 [ 128.748994][ T6394] ? clear_bhb_loop+0x40/0x90 [ 128.753722][ T6394] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 128.759661][ T6394] RIP: 0033:0x7f665a39cdd9 [ 128.764123][ T6394] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.783817][ T6394] RSP: 002b:00007f665b1bf028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 128.792289][ T6394] RAX: ffffffffffffffda RBX: 00007f665a616270 RCX: 00007f665a39cdd9 [ 128.800313][ T6394] RDX: 0000000000000000 RSI: 0000000000000050 RDI: 0000200000000000 [ 128.808341][ T6394] RBP: 00007f665a432d69 R08: 0000000000000000 R09: 0000000000000000 [ 128.816356][ T6394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.824387][ T6394] R13: 00007f665a616308 R14: 00007f665a616270 R15: 00007fffed87f768 [ 128.832418][ T6394] [ 128.837477][ T6394] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 129.446882][ T5805] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 129.950293][ T6403] af_packet: tpacket_rcv: packet too big, clamped from 248 to 4294967272. macoff=96 [ 130.218686][ T6407] loop1: detected capacity change from 0 to 512 [ 130.321826][ T6407] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 130.422858][ T6407] [EXT4 FS bs=1024, gc=1, bpg=2304, ipg=32, mo=a803c018, mo2=0100] [ 130.469789][ T6407] System zones: 2-12, 7-7 [ 130.474555][ T6407] EXT4-fs (loop1): orphan cleanup on readonly fs [ 130.538151][ T6407] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:512: comm syz.1.167: Block bitmap for bg 0 marked uninitialized [ 130.680620][ T6407] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 130.881890][ T6407] EXT4-fs (loop1): 1 orphan inode deleted [ 131.138072][ T6407] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 131.266957][ T6407] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 131.300775][ T6415] loop0: detected capacity change from 0 to 128 [ 131.327081][ T6407] [EXT4 FS bs=1024, gc=1, bpg=2304, ipg=32, mo=a803c018, mo2=0100] [ 131.392013][ T6407] EXT4-fs error (device loop1): __ext4_remount:6756: comm syz.1.167: Abort forced by user [ 131.529226][ T27] audit: type=1800 audit(1777479882.809:11): pid=6415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.171" name="file2" dev="loop0" ino=1048602 res=0 errno=0 [ 131.567648][ T6407] EXT4-fs (loop1): Remounting filesystem read-only [ 131.615713][ T6407] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 132.307908][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.630471][ T6426] netlink: 52 bytes leftover after parsing attributes in process `syz.0.174'. [ 133.081894][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.089291][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.218401][ T6437] tipc: Enabled bearer , priority 0 [ 133.276089][ T6437] tipc: Resetting bearer [ 133.370285][ T6436] tipc: Disabling bearer [ 133.555739][ T6446] loop1: detected capacity change from 0 to 128 [ 134.053812][ T27] audit: type=1800 audit(1777479885.439:12): pid=6446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.182" name="file2" dev="loop1" ino=1048603 res=0 errno=0 [ 134.235437][ T6451] loop2: detected capacity change from 0 to 512 [ 134.435823][ T6451] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 134.538972][ T6451] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.627454][ T6451] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.908136][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.420301][ T6472] xt_hashlimit: size too large, truncated to 1048576 [ 137.052992][ T6491] netlink: 'syz.3.197': attribute type 1 has an invalid length. [ 137.066774][ T6491] netlink: 'syz.3.197': attribute type 4 has an invalid length. [ 137.084327][ T6491] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.197'. [ 137.189940][ T6496] loop3: detected capacity change from 0 to 128 [ 137.244683][ T27] audit: type=1800 audit(1777479888.649:13): pid=6496 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.200" name="file2" dev="loop3" ino=1048604 res=0 errno=0 [ 138.570520][ T6506] loop3: detected capacity change from 0 to 512 [ 138.587698][ T6506] EXT4-fs: Ignoring removed nobh option [ 138.595111][ T6506] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 138.621721][ T6506] EXT4-fs (loop3): 1 truncate cleaned up [ 138.648144][ T6506] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.752263][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.986738][ T5083] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 138.993361][ T5772] Bluetooth: hci4: command 0x1003 tx timeout [ 139.613760][ T6521] syzkaller0: entered promiscuous mode [ 139.627423][ T6521] syzkaller0: entered allmulticast mode [ 139.751530][ T6524] loop2: detected capacity change from 0 to 128 [ 139.808498][ T27] audit: type=1800 audit(1777479891.209:14): pid=6524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.210" name="file2" dev="loop2" ino=1048605 res=0 errno=0 [ 139.872289][ T6526] loop3: detected capacity change from 0 to 512 [ 139.884552][ T6526] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 140.008884][ T6526] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters [ 140.078841][ T6526] Quota error (device loop3): write_blk: dquota write failed [ 140.086318][ T6526] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5 [ 140.124588][ T6526] Quota error (device loop3): write_blk: dquota write failed [ 140.191541][ T6526] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 140.298846][ T6526] EXT4-fs error (device loop3): ext4_acquire_dquot:6953: comm syz.3.211: Failed to acquire dquot type 1 [ 140.537175][ T6526] EXT4-fs (loop3): 1 truncate cleaned up [ 140.697336][ T6526] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.992140][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.103564][ T6556] xt_TPROXY: Can be used only with -p tcp or -p udp [ 142.118610][ T6556] netlink: 68 bytes leftover after parsing attributes in process `syz.3.218'. [ 142.244281][ T6554] syz.2.221 uses obsolete (PF_INET,SOCK_PACKET) [ 142.682267][ T6561] loop0: detected capacity change from 0 to 128 [ 142.714663][ T27] audit: type=1800 audit(1777479894.119:15): pid=6561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.222" name="file2" dev="loop0" ino=1048606 res=0 errno=0 [ 144.621071][ T6594] xt_TPROXY: Can be used only with -p tcp or -p udp [ 144.629472][ T6594] netlink: 68 bytes leftover after parsing attributes in process `syz.0.232'. [ 145.151447][ T6597] Invalid option length (64054) for dns_resolver key [ 145.309780][ T6601] netlink: 104 bytes leftover after parsing attributes in process `syz.1.234'. [ 145.467291][ T6605] loop0: detected capacity change from 0 to 128 [ 145.531463][ T27] audit: type=1800 audit(1777479896.929:16): pid=6605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.237" name="file2" dev="loop0" ino=1048607 res=0 errno=0 [ 145.775040][ T6607] loop1: detected capacity change from 0 to 8192 [ 148.348385][ T6630] xt_TPROXY: Can be used only with -p tcp or -p udp [ 149.193194][ T6636] loop2: detected capacity change from 0 to 4096 [ 149.243983][ T6636] journal_path: Lookup failure for './file0' [ 149.304814][ T6636] EXT4-fs: error: could not find journal device path [ 149.572833][ T6647] loop2: detected capacity change from 0 to 128 [ 149.668126][ T27] audit: type=1800 audit(1777479901.079:17): pid=6647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.250" name="file2" dev="loop2" ino=1048608 res=0 errno=0 [ 151.898032][ T6662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.255'. [ 151.942272][ T6662] netlink: 4 bytes leftover after parsing attributes in process `syz.3.255'. [ 152.271380][ T6668] loop0: detected capacity change from 0 to 512 [ 152.289074][ T6668] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 152.305905][ T6668] EXT4-fs (loop0): 1 truncate cleaned up [ 152.322044][ T6668] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.414330][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.705359][ T6676] loop1: detected capacity change from 0 to 128 [ 153.176659][ T27] audit: type=1800 audit(1777479904.319:18): pid=6676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.262" name="file2" dev="loop1" ino=1048609 res=0 errno=0 [ 153.604119][ T6674] loop3: detected capacity change from 0 to 131072 [ 154.041253][ T6674] F2FS-fs (loop3): Found nat_bits in checkpoint [ 154.125495][ T6674] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 154.487981][ T6692] tmpfs: Bad value for 'mpol' [ 155.139303][ T27] audit: type=1804 audit(1777479906.539:19): pid=6694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.260" name="/newroot/77/file1/bus" dev="loop3" ino=10 res=1 errno=0 [ 155.167847][ T6696] F2FS-fs (loop3): access invalid blkaddr:0 [ 155.173908][ T6696] CPU: 1 PID: 6696 Comm: syz.3.260 Not tainted syzkaller #0 [ 155.181235][ T6696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 155.191332][ T6696] Call Trace: [ 155.194646][ T6696] [ 155.197627][ T6696] dump_stack_lvl+0x18c/0x250 [ 155.202402][ T6696] ? show_regs_print_info+0x20/0x20 [ 155.207670][ T6696] ? lock_chain_count+0x20/0x20 [ 155.212577][ T6696] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 155.218276][ T6696] ? lockdep_hardirqs_on+0x98/0x150 [ 155.223543][ T6696] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 155.228985][ T6696] sanity_check_extent_cache+0xfc/0x1f0 [ 155.234603][ T6696] f2fs_iget+0x33c5/0x47e0 [ 155.239124][ T6696] f2fs_lookup+0x37f/0x780 [ 155.243688][ T6696] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 155.249820][ T6696] ? d_hash_and_lookup+0x1b0/0x1b0 [ 155.254994][ T6696] ? __init_waitqueue_head+0xa9/0x150 [ 155.260433][ T6696] __lookup_slow+0x2a1/0x400 [ 155.265087][ T6696] ? lookup_one_len+0x2e0/0x2e0 [ 155.269997][ T6696] ? try_to_unlazy+0x34c/0x5a0 [ 155.274815][ T6696] ? down_read+0x1ac/0x2e0 [ 155.279281][ T6696] lookup_slow+0x53/0x70 [ 155.283564][ T6696] walk_component+0x2be/0x3f0 [ 155.288284][ T6696] ? path_lookupat+0x15c/0x440 [ 155.293104][ T6696] path_lookupat+0x169/0x440 [ 155.297787][ T6696] filename_lookup+0x228/0x560 [ 155.302605][ T6696] ? hashlen_string+0x110/0x110 [ 155.307504][ T6696] ? lockdep_hardirqs_on+0x98/0x150 [ 155.312801][ T6696] ? strncpy_from_user+0x197/0x2d0 [ 155.317967][ T6696] ? getname_flags+0x20a/0x500 [ 155.322793][ T6696] user_path_at_empty+0x42/0x60 [ 155.327693][ T6696] __se_sys_mount+0x2a8/0x3d0 [ 155.332424][ T6696] ? __x64_sys_mount+0xc0/0xc0 [ 155.337239][ T6696] ? lockdep_hardirqs_on+0x98/0x150 [ 155.342480][ T6696] ? __x64_sys_mount+0x20/0xc0 [ 155.347294][ T6696] do_syscall_64+0x55/0xa0 [ 155.351762][ T6696] ? clear_bhb_loop+0x40/0x90 [ 155.356485][ T6696] ? clear_bhb_loop+0x40/0x90 [ 155.361212][ T6696] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 155.367149][ T6696] RIP: 0033:0x7fed7d39cdd9 [ 155.371607][ T6696] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 155.391251][ T6696] RSP: 002b:00007fed7e22a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 155.399713][ T6696] RAX: ffffffffffffffda RBX: 00007fed7d616450 RCX: 00007fed7d39cdd9 [ 155.407744][ T6696] RDX: 0000200000000040 RSI: 00002000000001c0 RDI: 0000000000000000 [ 155.415763][ T6696] RBP: 00007fed7d432d69 R08: 0000200000000080 R09: 0000000000000000 [ 155.423776][ T6696] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000 [ 155.431789][ T6696] R13: 00007fed7d6164e8 R14: 00007fed7d616450 R15: 00007ffe72b49d98 [ 155.439819][ T6696] [ 155.444114][ T6696] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 155.462902][ T6697] F2FS-fs (loop3): access invalid blkaddr:0 [ 155.471027][ T6697] CPU: 1 PID: 6697 Comm: syz.3.260 Not tainted syzkaller #0 [ 155.478366][ T6697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 155.488468][ T6697] Call Trace: [ 155.491869][ T6697] [ 155.494838][ T6697] dump_stack_lvl+0x18c/0x250 [ 155.499573][ T6697] ? show_regs_print_info+0x20/0x20 [ 155.504827][ T6697] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 155.510520][ T6697] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 155.515945][ T6697] sanity_check_extent_cache+0xfc/0x1f0 [ 155.521732][ T6697] f2fs_iget+0x33c5/0x47e0 [ 155.526222][ T6697] f2fs_lookup+0x37f/0x780 [ 155.530704][ T6697] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 155.536868][ T6697] ? d_hash_and_lookup+0x1b0/0x1b0 [ 155.542049][ T6697] ? __init_waitqueue_head+0xa9/0x150 [ 155.547507][ T6697] __lookup_slow+0x2a1/0x400 [ 155.552160][ T6697] ? lookup_one_len+0x2e0/0x2e0 [ 155.557115][ T6697] ? try_to_unlazy+0x34c/0x5a0 [ 155.561950][ T6697] ? down_read+0x1ac/0x2e0 [ 155.566427][ T6697] lookup_slow+0x53/0x70 [ 155.570719][ T6697] walk_component+0x2be/0x3f0 [ 155.575454][ T6697] ? path_lookupat+0x15c/0x440 [ 155.580277][ T6697] path_lookupat+0x169/0x440 [ 155.584932][ T6697] filename_lookup+0x228/0x560 [ 155.589927][ T6697] ? hashlen_string+0x110/0x110 [ 155.594860][ T6697] ? strncpy_from_user+0x197/0x2d0 [ 155.600022][ T6697] ? getname_flags+0x20a/0x500 [ 155.604842][ T6697] user_path_at_empty+0x42/0x60 [ 155.609750][ T6697] do_fchmodat+0xde/0x1e0 [ 155.614133][ T6697] ? do_faccessat+0xd00/0xd00 [ 155.618860][ T6697] ? syscall_enter_from_user_mode+0x25/0x80 [ 155.624921][ T6697] __x64_sys_chmod+0x62/0x70 [ 155.629588][ T6697] do_syscall_64+0x55/0xa0 [ 155.634060][ T6697] ? clear_bhb_loop+0x40/0x90 [ 155.638782][ T6697] ? clear_bhb_loop+0x40/0x90 [ 155.643510][ T6697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 155.649449][ T6697] RIP: 0033:0x7fed7d39cdd9 [ 155.653904][ T6697] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 155.673551][ T6697] RSP: 002b:00007fed7e209028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 155.682030][ T6697] RAX: ffffffffffffffda RBX: 00007fed7d616540 RCX: 00007fed7d39cdd9 [ 155.690047][ T6697] RDX: 0000000000000000 RSI: 0000000000000050 RDI: 0000200000000000 [ 155.698060][ T6697] RBP: 00007fed7d432d69 R08: 0000000000000000 R09: 0000000000000000 [ 155.706070][ T6697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 155.714079][ T6697] R13: 00007fed7d6165d8 R14: 00007fed7d616540 R15: 00007ffe72b49d98 [ 155.722101][ T6697] [ 155.727369][ T6697] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 155.745057][ T6695] F2FS-fs (loop3): access invalid blkaddr:0 [ 155.751284][ T6695] CPU: 1 PID: 6695 Comm: syz.3.260 Not tainted syzkaller #0 [ 155.758622][ T6695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 155.768729][ T6695] Call Trace: [ 155.772055][ T6695] [ 155.775025][ T6695] dump_stack_lvl+0x18c/0x250 [ 155.779764][ T6695] ? show_regs_print_info+0x20/0x20 [ 155.785030][ T6695] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 155.790721][ T6695] ? f2fs_is_valid_blkaddr+0x6d8/0x1580 [ 155.796322][ T6695] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 155.801786][ T6695] sanity_check_extent_cache+0xfc/0x1f0 [ 155.807396][ T6695] f2fs_iget+0x33c5/0x47e0 [ 155.811899][ T6695] f2fs_lookup+0x37f/0x780 [ 155.816367][ T6695] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 155.822493][ T6695] ? security_inode_permission+0x78/0xf0 [ 155.828190][ T6695] ? bpf_lsm_inode_create+0x9/0x10 [ 155.833345][ T6695] ? security_inode_create+0xb7/0x100 [ 155.839023][ T6695] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 155.845143][ T6695] path_openat+0x10e4/0x3230 [ 155.849827][ T6695] ? do_filp_open+0x430/0x430 [ 155.854657][ T6695] do_filp_open+0x1f5/0x430 [ 155.859209][ T6695] ? vfs_tmpfile+0x490/0x490 [ 155.863840][ T6695] ? preempt_schedule_common+0x82/0xc0 [ 155.869365][ T6695] ? _raw_spin_unlock+0x3a/0x40 [ 155.874256][ T6695] ? alloc_fd+0x58f/0x630 [ 155.878642][ T6695] do_sys_openat2+0x134/0x1d0 [ 155.883369][ T6695] ? do_sys_open+0xe0/0xe0 [ 155.887827][ T6695] ? lockdep_hardirqs_on+0x98/0x150 [ 155.893071][ T6695] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 155.898773][ T6695] __x64_sys_open+0x11f/0x140 [ 155.903525][ T6695] do_syscall_64+0x55/0xa0 [ 155.907983][ T6695] ? clear_bhb_loop+0x40/0x90 [ 155.912709][ T6695] ? clear_bhb_loop+0x40/0x90 [ 155.917443][ T6695] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 155.923393][ T6695] RIP: 0033:0x7fed7d39cdd9 [ 155.927849][ T6695] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 155.947505][ T6695] RSP: 002b:00007fed7e24b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 155.955972][ T6695] RAX: ffffffffffffffda RBX: 00007fed7d616360 RCX: 00007fed7d39cdd9 [ 155.963983][ T6695] RDX: 0000000000000002 RSI: 0000000000060840 RDI: 00002000009e1000 [ 155.971992][ T6695] RBP: 00007fed7d432d69 R08: 0000000000000000 R09: 0000000000000000 [ 155.980010][ T6695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 155.988017][ T6695] R13: 00007fed7d6163f8 R14: 00007fed7d616360 R15: 00007ffe72b49d98 [ 155.996044][ T6695] [ 156.000313][ T6695] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 156.291462][ T5805] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 157.738951][ T6705] loop2: detected capacity change from 0 to 2048 [ 157.865184][ T6707] netlink: 'syz.2.267': attribute type 10 has an invalid length. [ 157.893240][ T6705] loop2: p2 p3 p7 [ 157.940730][ T6707] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 158.080110][ T6713] loop0: detected capacity change from 0 to 4096 [ 158.101425][ T6713] EXT4-fs: Ignoring removed bh option [ 158.263785][ T6713] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 158.369261][ T6712] 8021q: adding VLAN 0 to HW filter on device bond1 [ 158.388357][ T6715] syzkaller0: entered promiscuous mode [ 158.393915][ T6715] syzkaller0: entered allmulticast mode [ 158.777010][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.066125][ T6726] loop2: detected capacity change from 0 to 128 [ 159.087137][ T27] audit: type=1800 audit(1777479910.499:20): pid=6726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.272" name="file2" dev="loop2" ino=1048610 res=0 errno=0 [ 160.072487][ T6732] netlink: 36 bytes leftover after parsing attributes in process `syz.0.274'. [ 161.666001][ T6758] loop1: detected capacity change from 0 to 128 [ 161.734123][ T27] audit: type=1800 audit(1777479913.139:21): pid=6758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.284" name="file2" dev="loop1" ino=1048611 res=0 errno=0 [ 163.255406][ T6779] loop2: detected capacity change from 0 to 512 [ 163.287224][ T6779] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 163.389274][ T6779] EXT4-fs (loop2): 1 orphan inode deleted [ 163.395197][ T6779] EXT4-fs (loop2): 1 truncate cleaned up [ 163.414447][ T6779] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 163.525981][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.877967][ T6793] syzkaller0: entered promiscuous mode [ 163.883540][ T6793] syzkaller0: entered allmulticast mode [ 164.723750][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.735561][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.745372][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.760612][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.771469][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.783853][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.793185][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.810707][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.824557][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.834958][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.847629][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.867760][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.875520][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.890134][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.900459][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.915529][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.925207][ T5803] hid-generic 0000:0000:000E.0001: unknown main item tag 0x0 [ 164.950067][ T5803] hid-generic 0000:0000:000E.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 165.262001][ T6816] fido_id[6816]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 165.593708][ T6828] loop2: detected capacity change from 0 to 512 [ 165.696396][ T6828] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 165.752384][ T6828] ext4 filesystem being mounted at /77/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.138328][ T6838] loop3: detected capacity change from 0 to 1024 [ 166.156243][ T6838] EXT4-fs: inline encryption not supported [ 166.209814][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 166.233756][ T6838] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 166.316729][ T6838] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.446731][ T27] audit: type=1800 audit(1777479917.849:22): pid=6838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.316" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 166.474454][ T6838] EXT4-fs error (device loop3): ext4_map_blocks:720: inode #15: block 4: comm syz.3.316: lblock 4 mapped to illegal pblock 4 (length 2) [ 166.597743][ T6844] loop0: detected capacity change from 0 to 512 [ 166.620621][ T6838] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2 with error 117 [ 166.690162][ T6838] EXT4-fs (loop3): This should not happen!! Data will be lost [ 166.690162][ T6838] [ 166.762395][ T6844] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.779822][ T2998] EXT4-fs error (device loop3): ext4_map_blocks:720: inode #15: block 8: comm kworker/u4:10: lblock 8 mapped to illegal pblock 8 (length 4) [ 166.815056][ T6844] ext4 filesystem being mounted at /76/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 166.838695][ T2998] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 4 with error 117 [ 166.851153][ T2998] EXT4-fs (loop3): This should not happen!! Data will be lost [ 166.851153][ T2998] [ 166.865379][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 166.945506][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.613980][ T6872] loop3: detected capacity change from 0 to 128 [ 167.646907][ T6872] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 167.783148][ T2942] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 168.772734][ T27] audit: type=1326 audit(1777479920.179:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc74a39cdd9 code=0x7ffc0000 [ 168.817229][ T27] audit: type=1326 audit(1777479920.209:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc74a39cdd9 code=0x7ffc0000 [ 168.841029][ T27] audit: type=1326 audit(1777479920.209:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc74a39cdd9 code=0x7ffc0000 [ 169.046709][ T27] audit: type=1326 audit(1777479920.209:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc74a39cdd9 code=0x7ffc0000 [ 169.159491][ T27] audit: type=1326 audit(1777479920.219:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=106 compat=0 ip=0x7fc74a39cdd9 code=0x7ffc0000 [ 169.296363][ T27] audit: type=1326 audit(1777479920.219:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc74a39cdd9 code=0x7ffc0000 [ 169.324350][ T27] audit: type=1326 audit(1777479920.219:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc74a39cdd9 code=0x7ffc0000 [ 169.539691][ T27] audit: type=1326 audit(1777479920.219:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fc74a39cdd9 code=0x7ffc0000 [ 169.646272][ T27] audit: type=1326 audit(1777479920.219:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6904 comm="syz.1.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fc74a39cdd9 code=0x7ffc0000 [ 169.788739][ T6927] netlink: 12 bytes leftover after parsing attributes in process `syz.1.353'. [ 169.804199][ T6927] ipvlan2: entered allmulticast mode [ 169.816690][ T6927] syz_tun: entered allmulticast mode [ 170.330473][ T6936] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.523039][ T6951] syzkaller0: entered promiscuous mode [ 170.528988][ T6951] syzkaller0: entered allmulticast mode [ 170.735294][ T6936] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.085906][ T6936] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.145081][ T6960] loop1: detected capacity change from 0 to 2048 [ 171.207404][ T6960] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 171.234681][ T6936] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.460906][ T6746] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 171.512144][ T6746] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 171.531617][ T6746] EXT4-fs (loop1): This should not happen!! Data will be lost [ 171.531617][ T6746] [ 171.559297][ T6746] EXT4-fs (loop1): Total free blocks count 0 [ 171.565421][ T6746] EXT4-fs (loop1): Free/Dirty block details [ 171.571568][ T6746] EXT4-fs (loop1): free_blocks=2415919504 [ 171.578089][ T6746] EXT4-fs (loop1): dirty_blocks=16 [ 171.583491][ T6746] EXT4-fs (loop1): Block reservation details [ 171.589681][ T6746] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 171.599122][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.680513][ T6936] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.750522][ T6936] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.764831][ T6971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.368'. [ 171.829143][ T6936] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.911378][ T6936] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.450703][ T6993] loop2: detected capacity change from 0 to 512 [ 172.480254][ T6993] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 172.574650][ T6993] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm syz.2.378: bg 0: block 104: invalid block bitmap [ 172.601502][ T6993] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 172.614160][ T6993] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.378: invalid indirect mapped block 1 (level 1) [ 172.634261][ T6993] EXT4-fs (loop2): 1 truncate cleaned up [ 172.643294][ T6993] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.804949][ T7003] netlink: 20 bytes leftover after parsing attributes in process `syz.3.383'. [ 172.862393][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.740635][ T7030] loop0: detected capacity change from 0 to 1024 [ 173.752184][ T7030] EXT4-fs (loop0): unsupported descriptor size 320 [ 173.903954][ T7032] loop3: detected capacity change from 0 to 1024 [ 173.928968][ T7032] EXT4-fs: Ignoring removed nobh option [ 173.953094][ T7032] EXT4-fs: Ignoring removed i_version option [ 174.012419][ T7032] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 174.189144][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.561697][ T7055] syzkaller0: entered promiscuous mode [ 174.573073][ T7055] syzkaller0: entered allmulticast mode [ 175.006520][ T7067] loop0: detected capacity change from 0 to 164 [ 175.631074][ T7092] syzkaller0: entered promiscuous mode [ 175.636914][ T7092] syzkaller0: entered allmulticast mode [ 176.282800][ T7112] loop3: detected capacity change from 0 to 512 [ 176.297050][ T7112] ext4: Unknown parameter 'smackfstransmute' [ 176.839040][ T7128] loop2: detected capacity change from 0 to 512 [ 176.942187][ T7130] syzkaller0: entered promiscuous mode [ 176.963457][ T7130] syzkaller0: entered allmulticast mode [ 177.238212][ T7135] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 177.248867][ T7135] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 178.051683][ T7144] program syz.2.430 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 178.555672][ T7162] loop1: detected capacity change from 0 to 512 [ 178.571030][ T7162] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 178.602007][ T7162] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.435: bg 0: block 393: padding at end of block bitmap is not set [ 178.620005][ T7162] EXT4-fs (loop1): Remounting filesystem read-only [ 178.627631][ T7162] EXT4-fs (loop1): 2 truncates cleaned up [ 178.635027][ T7162] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.754405][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.965784][ T7169] loop0: detected capacity change from 0 to 512 [ 179.029783][ T5763] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 179.515654][ T7182] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 179.524860][ T7182] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 180.798601][ T7208] loop2: detected capacity change from 0 to 256 [ 180.857502][ T7208] FAT-fs (loop2): Directory bread(block 64) failed [ 180.864733][ T7208] FAT-fs (loop2): Directory bread(block 65) failed [ 180.873721][ T7208] FAT-fs (loop2): Directory bread(block 66) failed [ 180.880928][ T7208] FAT-fs (loop2): Directory bread(block 67) failed [ 180.888061][ T7208] FAT-fs (loop2): Directory bread(block 68) failed [ 180.894893][ T7208] FAT-fs (loop2): Directory bread(block 69) failed [ 180.904119][ T7208] FAT-fs (loop2): Directory bread(block 70) failed [ 180.911778][ T7208] FAT-fs (loop2): Directory bread(block 71) failed [ 180.919408][ T7208] FAT-fs (loop2): Directory bread(block 72) failed [ 180.926391][ T7208] FAT-fs (loop2): Directory bread(block 73) failed [ 181.130147][ T7212] loop1: detected capacity change from 0 to 2048 [ 181.199054][ T7212] loop1: p2 p3 p7 [ 181.297128][ T7212] netlink: 'syz.1.451': attribute type 10 has an invalid length. [ 181.321557][ T7216] loop2: detected capacity change from 0 to 512 [ 181.357545][ T7212] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 181.555486][ T7219] netlink: 16 bytes leftover after parsing attributes in process `syz.0.455'. [ 181.645565][ T6014] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 181.658830][ T7212] 8021q: adding VLAN 0 to HW filter on device bond1 [ 181.944105][ T7225] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 181.953772][ T7225] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 182.419542][ T7217] bond_slave_0: entered promiscuous mode [ 182.425495][ T7217] bond_slave_1: entered promiscuous mode [ 182.431369][ T7217] syz_tun: entered promiscuous mode [ 182.464967][ T7217] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 182.474716][ T7217] bond1: (slave macvlan2): unknown ethtool speed (30000) for port 1 (set it to 0) [ 182.484486][ T7217] bond1: (slave macvlan2): speed changed to 0 on port 1 [ 182.494139][ T7217] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 183.056234][ T7239] loop0: detected capacity change from 0 to 4096 [ 183.120362][ T7239] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.633524][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.310823][ T7259] loop2: detected capacity change from 0 to 512 [ 184.742636][ T7269] overlayfs: missing 'lowerdir' [ 185.624182][ T7277] loop2: detected capacity change from 0 to 512 [ 185.628632][ T7279] netlink: 24 bytes leftover after parsing attributes in process `syz.1.472'. [ 185.666212][ T7277] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 185.725277][ T7277] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm syz.2.471: bg 0: block 104: invalid block bitmap [ 185.766743][ T7277] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 185.817889][ T7277] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.471: invalid indirect mapped block 1 (level 1) [ 185.872616][ T7287] loop1: detected capacity change from 0 to 512 [ 185.884765][ T7287] EXT4-fs error (device loop1): ext4_orphan_get:1404: inode #15: comm syz.1.475: iget: bad i_size value: 38620345925642 [ 185.900062][ T7277] EXT4-fs (loop2): 1 truncate cleaned up [ 185.932369][ T7277] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 185.958349][ T7287] EXT4-fs error (device loop1): ext4_orphan_get:1409: comm syz.1.475: couldn't read orphan inode 15 (err -117) [ 186.039833][ T7287] EXT4-fs (loop1): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.095554][ T27] audit: type=1800 audit(1777479937.499:32): pid=7287 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.475" name="file1" dev="loop1" ino=18 res=0 errno=0 [ 186.256360][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 186.278160][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.444296][ T7298] loop0: detected capacity change from 0 to 512 [ 186.703146][ T7301] loop2: detected capacity change from 0 to 2048 [ 186.815196][ T7301] loop2: p2 p3 p7 [ 187.151598][ T5775] __loop_clr_fd: partition scan of loop2 failed (rc=-16) [ 187.164020][ T6014] I/O error, dev loop2, sector 408 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 187.183176][ T6006] I/O error, dev loop2, sector 208 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 187.196999][ T5763] I/O error, dev loop2, sector 608 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 187.231986][ T6014] I/O error, dev loop2, sector 408 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.252216][ T6006] I/O error, dev loop2, sector 208 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.261967][ T5763] I/O error, dev loop2, sector 608 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.313983][ T6014] Buffer I/O error on dev loop2p7, logical block 8, async page read [ 187.322647][ T6006] Buffer I/O error on dev loop2p3, logical block 8, async page read [ 187.337265][ T5763] Buffer I/O error on dev loop2p2, logical block 8, async page read [ 187.374502][ T6014] I/O error, dev loop2, sector 409 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.395199][ T6006] I/O error, dev loop2, sector 209 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.416859][ T5763] I/O error, dev loop2, sector 609 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.439933][ T6014] Buffer I/O error on dev loop2p7, logical block 9, async page read [ 187.448476][ T6006] Buffer I/O error on dev loop2p3, logical block 9, async page read [ 187.466906][ T5763] Buffer I/O error on dev loop2p2, logical block 9, async page read [ 187.472879][ T6014] I/O error, dev loop2, sector 410 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 187.485569][ T6014] Buffer I/O error on dev loop2p7, logical block 10, async page read [ 187.493879][ T6014] Buffer I/O error on dev loop2p7, logical block 11, async page read [ 187.517243][ T6014] Buffer I/O error on dev loop2p7, logical block 12, async page read [ 187.525457][ T6014] Buffer I/O error on dev loop2p7, logical block 13, async page read [ 187.548781][ T7311] netlink: 4 bytes leftover after parsing attributes in process `syz.2.483'. [ 187.616505][ T7295] loop3: detected capacity change from 0 to 131072 [ 187.727619][ T7295] F2FS-fs (loop3): Found nat_bits in checkpoint [ 187.788878][ T7295] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 187.798271][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805e835c00: rx timeout, send abort [ 187.971199][ T7318] overlayfs: missing 'lowerdir' [ 188.799486][ T6006] udevd[6006]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 188.816511][ T5763] udevd[5763]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 188.831712][ T6014] udevd[6014]: inotify_add_watch(7, /dev/loop2p7, 10) failed: No such file or directory [ 188.948101][ T27] audit: type=1804 audit(1777479940.339:33): pid=7323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.477" name="/newroot/136/file1/bus" dev="loop3" ino=10 res=1 errno=0 [ 189.111730][ T7324] F2FS-fs (loop3): access invalid blkaddr:0 [ 189.117873][ T7324] CPU: 1 PID: 7324 Comm: syz.3.477 Not tainted syzkaller #0 [ 189.125297][ T7324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 189.135402][ T7324] Call Trace: [ 189.138730][ T7324] [ 189.141855][ T7324] dump_stack_lvl+0x18c/0x250 [ 189.146595][ T7324] ? show_regs_print_info+0x20/0x20 [ 189.151860][ T7324] ? lockdep_hardirqs_on+0x98/0x150 [ 189.157119][ T7324] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 189.162804][ T7324] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 189.168257][ T7324] sanity_check_extent_cache+0xfc/0x1f0 [ 189.173881][ T7324] f2fs_iget+0x33c5/0x47e0 [ 189.178386][ T7324] f2fs_lookup+0x37f/0x780 [ 189.182852][ T7324] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 189.189006][ T7324] ? make_vfsuid+0x51/0xb0 [ 189.193482][ T7324] ? inode_permission+0xf3/0x480 [ 189.198481][ T7324] ? bpf_lsm_inode_create+0x9/0x10 [ 189.203630][ T7324] ? security_inode_create+0xb7/0x100 [ 189.209055][ T7324] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 189.215172][ T7324] path_openat+0x10e4/0x3230 [ 189.219879][ T7324] ? do_filp_open+0x430/0x430 [ 189.224623][ T7324] do_filp_open+0x1f5/0x430 [ 189.229196][ T7324] ? vfs_tmpfile+0x490/0x490 [ 189.233832][ T7324] ? preempt_schedule_common+0x82/0xc0 [ 189.239359][ T7324] ? _raw_spin_unlock+0x3a/0x40 [ 189.244257][ T7324] ? alloc_fd+0x58f/0x630 [ 189.248651][ T7324] do_sys_openat2+0x134/0x1d0 [ 189.253468][ T7324] ? do_sys_open+0xe0/0xe0 [ 189.257928][ T7324] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 189.263957][ T7324] ? lock_chain_count+0x20/0x20 [ 189.268875][ T7324] __x64_sys_open+0x11f/0x140 [ 189.273622][ T7324] do_syscall_64+0x55/0xa0 [ 189.278078][ T7324] ? clear_bhb_loop+0x40/0x90 [ 189.282812][ T7324] ? clear_bhb_loop+0x40/0x90 [ 189.287558][ T7324] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 189.293505][ T7324] RIP: 0033:0x7fed7d39cdd9 [ 189.297957][ T7324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 189.317653][ T7324] RSP: 002b:00007fed7e26c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 189.326118][ T7324] RAX: ffffffffffffffda RBX: 00007fed7d616270 RCX: 00007fed7d39cdd9 [ 189.334138][ T7324] RDX: 0000000000000002 RSI: 0000000000060840 RDI: 00002000009e1000 [ 189.342150][ T7324] RBP: 00007fed7d432d69 R08: 0000000000000000 R09: 0000000000000000 [ 189.350165][ T7324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 189.358188][ T7324] R13: 00007fed7d616308 R14: 00007fed7d616270 R15: 00007ffe72b49d98 [ 189.366308][ T7324] [ 189.370760][ T7324] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 189.421697][ T7323] F2FS-fs (loop3): access invalid blkaddr:0 [ 189.428607][ T7323] CPU: 1 PID: 7323 Comm: syz.3.477 Not tainted syzkaller #0 [ 189.435940][ T7323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 189.446144][ T7323] Call Trace: [ 189.449467][ T7323] [ 189.452450][ T7323] dump_stack_lvl+0x18c/0x250 [ 189.457199][ T7323] ? show_regs_print_info+0x20/0x20 [ 189.462561][ T7323] ? __up_read+0x2b6/0x6b0 [ 189.467029][ T7323] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 189.472506][ T7323] sanity_check_extent_cache+0xfc/0x1f0 [ 189.478162][ T7323] f2fs_iget+0x33c5/0x47e0 [ 189.482669][ T7323] f2fs_lookup+0x37f/0x780 [ 189.487153][ T7323] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 189.493281][ T7323] ? d_hash_and_lookup+0x1b0/0x1b0 [ 189.498454][ T7323] ? __init_waitqueue_head+0xa9/0x150 [ 189.503881][ T7323] __lookup_slow+0x2a1/0x400 [ 189.508535][ T7323] ? lookup_one_len+0x2e0/0x2e0 [ 189.513451][ T7323] ? try_to_unlazy+0x34c/0x5a0 [ 189.518275][ T7323] ? down_read+0x1ac/0x2e0 [ 189.522742][ T7323] lookup_slow+0x53/0x70 [ 189.527053][ T7323] walk_component+0x2be/0x3f0 [ 189.531819][ T7323] ? path_lookupat+0x15c/0x440 [ 189.536642][ T7323] path_lookupat+0x169/0x440 [ 189.541295][ T7323] filename_lookup+0x228/0x560 [ 189.546119][ T7323] ? hashlen_string+0x110/0x110 [ 189.551051][ T7323] ? strncpy_from_user+0x197/0x2d0 [ 189.556222][ T7323] ? getname_flags+0x20a/0x500 [ 189.561048][ T7323] user_path_at_empty+0x42/0x60 [ 189.565946][ T7323] __se_sys_mount+0x2a8/0x3d0 [ 189.570712][ T7323] ? __x64_sys_mount+0xc0/0xc0 [ 189.575523][ T7323] ? __x64_sys_mount+0x20/0xc0 [ 189.580330][ T7323] do_syscall_64+0x55/0xa0 [ 189.584798][ T7323] ? clear_bhb_loop+0x40/0x90 [ 189.589518][ T7323] ? clear_bhb_loop+0x40/0x90 [ 189.594240][ T7323] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 189.600181][ T7323] RIP: 0033:0x7fed7d39cdd9 [ 189.604655][ T7323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 189.624425][ T7323] RSP: 002b:00007fed7e28d028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 189.632903][ T7323] RAX: ffffffffffffffda RBX: 00007fed7d616180 RCX: 00007fed7d39cdd9 [ 189.640929][ T7323] RDX: 0000200000000040 RSI: 00002000000001c0 RDI: 0000000000000000 [ 189.648961][ T7323] RBP: 00007fed7d432d69 R08: 0000200000000080 R09: 0000000000000000 [ 189.657071][ T7323] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000 [ 189.665098][ T7323] R13: 00007fed7d616218 R14: 00007fed7d616180 R15: 00007ffe72b49d98 [ 189.673147][ T7323] [ 189.677559][ T7323] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 189.852930][ T7323] F2FS-fs (loop3): access invalid blkaddr:0 [ 189.859165][ T7323] CPU: 1 PID: 7323 Comm: syz.3.477 Not tainted syzkaller #0 [ 189.866498][ T7323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 189.876597][ T7323] Call Trace: [ 189.879955][ T7323] [ 189.882933][ T7323] dump_stack_lvl+0x18c/0x250 [ 189.887689][ T7323] ? show_regs_print_info+0x20/0x20 [ 189.892950][ T7323] ? lock_chain_count+0x20/0x20 [ 189.897858][ T7323] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 189.903563][ T7323] ? lockdep_hardirqs_on+0x98/0x150 [ 189.908826][ T7323] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 189.914262][ T7323] sanity_check_extent_cache+0xfc/0x1f0 [ 189.919953][ T7323] f2fs_iget+0x33c5/0x47e0 [ 189.924465][ T7323] f2fs_lookup+0x37f/0x780 [ 189.928952][ T7323] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 189.935086][ T7323] ? d_hash_and_lookup+0x1b0/0x1b0 [ 189.940246][ T7323] ? __init_waitqueue_head+0xa9/0x150 [ 189.945852][ T7323] __lookup_slow+0x2a1/0x400 [ 189.950498][ T7323] ? lookup_one_len+0x2e0/0x2e0 [ 189.955412][ T7323] ? try_to_unlazy+0x34c/0x5a0 [ 189.960228][ T7323] ? down_read+0x1ac/0x2e0 [ 189.964691][ T7323] lookup_slow+0x53/0x70 [ 189.969153][ T7323] walk_component+0x2be/0x3f0 [ 189.973926][ T7323] ? path_lookupat+0x15c/0x440 [ 189.978753][ T7323] path_lookupat+0x169/0x440 [ 189.983491][ T7323] filename_lookup+0x228/0x560 [ 189.988331][ T7323] ? hashlen_string+0x110/0x110 [ 189.993277][ T7323] ? strncpy_from_user+0x197/0x2d0 [ 189.998479][ T7323] ? getname_flags+0x20a/0x500 [ 190.003392][ T7323] user_path_at_empty+0x42/0x60 [ 190.008288][ T7323] do_fchmodat+0xde/0x1e0 [ 190.012694][ T7323] ? do_faccessat+0xd00/0xd00 [ 190.017429][ T7323] __x64_sys_chmod+0x62/0x70 [ 190.022077][ T7323] do_syscall_64+0x55/0xa0 [ 190.026543][ T7323] ? clear_bhb_loop+0x40/0x90 [ 190.031273][ T7323] ? clear_bhb_loop+0x40/0x90 [ 190.036092][ T7323] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 190.042049][ T7323] RIP: 0033:0x7fed7d39cdd9 [ 190.046516][ T7323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 190.066262][ T7323] RSP: 002b:00007fed7e28d028 EFLAGS: 00000246 ORIG_RAX: 000000000000005a [ 190.074817][ T7323] RAX: ffffffffffffffda RBX: 00007fed7d616180 RCX: 00007fed7d39cdd9 [ 190.082833][ T7323] RDX: 0000000000000000 RSI: 0000000000000050 RDI: 0000200000000000 [ 190.090957][ T7323] RBP: 00007fed7d432d69 R08: 0000000000000000 R09: 0000000000000000 [ 190.098989][ T7323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 190.107010][ T7323] R13: 00007fed7d616218 R14: 00007fed7d616180 R15: 00007ffe72b49d98 [ 190.115049][ T7323] [ 190.119401][ T7323] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 190.357034][ T5805] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 190.852306][ T5805] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 191.139980][ T5805] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.259209][ T5805] usb 4-1: Product: syz [ 191.277512][ T5805] usb 4-1: Manufacturer: syz [ 191.287808][ T5805] usb 4-1: SerialNumber: syz [ 191.778444][ T7328] netlink: 60 bytes leftover after parsing attributes in process `syz.0.487'. [ 191.848005][ T5805] usb 4-1: can't set config #1, error -71 [ 191.895690][ T5805] usb 4-1: USB disconnect, device number 5 [ 191.979852][ T7332] loop2: detected capacity change from 0 to 512 [ 192.001953][ T7332] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 192.123314][ T7332] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm syz.2.489: bg 0: block 104: invalid block bitmap [ 192.171854][ T7332] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 192.194090][ T7332] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.489: invalid indirect mapped block 1 (level 1) [ 192.243624][ T7332] EXT4-fs (loop2): 1 truncate cleaned up [ 192.254886][ T7338] netlink: 'syz.0.492': attribute type 83 has an invalid length. [ 192.269023][ T7332] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 192.334147][ T7340] netlink: 'syz.1.493': attribute type 3 has an invalid length. [ 192.357771][ T7340] netlink: 'syz.1.493': attribute type 3 has an invalid length. [ 192.397921][ T7338] syz.0.492 (7338) used greatest stack depth: 20240 bytes left [ 192.443552][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.613516][ T7346] loop2: detected capacity change from 0 to 512 [ 193.748240][ T7351] overlayfs: missing 'lowerdir' [ 194.473135][ T7362] loop2: detected capacity change from 0 to 512 [ 194.511212][ T7362] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 194.521272][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.527711][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.561585][ T7362] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm syz.2.503: bg 0: block 104: invalid block bitmap [ 194.588913][ T7362] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 194.658752][ T7362] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.503: invalid indirect mapped block 1 (level 1) [ 194.725647][ T7362] EXT4-fs (loop2): 1 truncate cleaned up [ 194.748228][ T7362] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 195.000276][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.025273][ T7374] loop3: detected capacity change from 0 to 512 [ 195.099948][ T7374] EXT4-fs error (device loop3): ext4_orphan_get:1404: inode #15: comm syz.3.506: iget: bad i_size value: 38620345925642 [ 195.126721][ T7374] EXT4-fs error (device loop3): ext4_orphan_get:1409: comm syz.3.506: couldn't read orphan inode 15 (err -117) [ 195.180735][ T7374] EXT4-fs (loop3): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 195.257279][ T7381] netlink: 916 bytes leftover after parsing attributes in process `syz.0.509'. [ 195.267214][ T27] audit: type=1800 audit(1777479946.659:34): pid=7374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.506" name="file1" dev="loop3" ino=18 res=0 errno=0 [ 195.358522][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 195.621169][ T7389] loop3: detected capacity change from 0 to 512 [ 195.676162][ T5763] blk_print_req_error: 18 callbacks suppressed [ 195.676180][ T5763] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 196.041852][ T7395] overlayfs: missing 'workdir' [ 196.519254][ T7396] loop1: detected capacity change from 0 to 512 [ 196.564915][ T7398] loop0: detected capacity change from 0 to 1024 [ 196.578003][ T7396] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 196.628649][ T7398] EXT4-fs: inline encryption not supported [ 196.701386][ T7396] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm syz.1.515: bg 0: block 104: invalid block bitmap [ 196.754467][ T7398] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 196.759333][ T7396] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 196.780725][ T7396] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.515: invalid indirect mapped block 1 (level 1) [ 196.794735][ T7396] EXT4-fs (loop1): 1 truncate cleaned up [ 196.800809][ T7398] ext4 filesystem being mounted at /131/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 196.858254][ T7396] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.897131][ T27] audit: type=1800 audit(1777479948.289:35): pid=7398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.516" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 196.922368][ T7405] loop3: detected capacity change from 0 to 512 [ 196.987705][ T7405] EXT4-fs error (device loop3): ext4_orphan_get:1404: inode #15: comm syz.3.518: iget: bad i_size value: 38620345925642 [ 197.038380][ T7405] EXT4-fs error (device loop3): ext4_orphan_get:1409: comm syz.3.518: couldn't read orphan inode 15 (err -117) [ 197.070618][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 197.088922][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.109000][ T7405] EXT4-fs (loop3): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 197.192917][ T27] audit: type=1800 audit(1777479948.599:36): pid=7405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.518" name="file1" dev="loop3" ino=18 res=0 errno=0 [ 197.294351][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 197.565391][ T7412] loop2: detected capacity change from 0 to 512 [ 197.690718][ T7412] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 197.778987][ T7412] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.520: bg 0: block 288: padding at end of block bitmap is not set [ 197.802275][ T7412] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 197.828610][ T7412] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.520: attempt to clear invalid blocks 1024 len 1 [ 197.874185][ T7412] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.520: invalid indirect mapped block 1819239214 (level 0) [ 197.893286][ T7412] EXT4-fs (loop2): 1 truncate cleaned up [ 197.909331][ T7412] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 198.921521][ T7422] loop1: detected capacity change from 0 to 256 [ 199.007273][ T7422] FAT-fs (loop1): Directory bread(block 1285) failed [ 199.076116][ T7422] FAT-fs (loop1): Directory bread(block 1286) failed [ 199.118281][ T7422] FAT-fs (loop1): Directory bread(block 1287) failed [ 199.187256][ T7422] FAT-fs (loop1): Directory bread(block 1288) failed [ 199.305101][ T7422] FAT-fs (loop1): Directory bread(block 1285) failed [ 199.356765][ T7422] FAT-fs (loop1): Directory bread(block 1286) failed [ 199.438652][ T7422] FAT-fs (loop1): Directory bread(block 1287) failed [ 199.490562][ T7422] FAT-fs (loop1): Directory bread(block 1288) failed [ 199.537714][ T7427] FAT-fs (loop1): Directory bread(block 1285) failed [ 199.584359][ T7427] FAT-fs (loop1): Directory bread(block 1286) failed [ 199.834125][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.984249][ T7437] loop3: detected capacity change from 0 to 2048 [ 200.120246][ T7437] loop3: p2 p3 p7 [ 200.203715][ T7437] netlink: 'syz.3.529': attribute type 10 has an invalid length. [ 200.309308][ T7437] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 200.409687][ T7448] 8021q: adding VLAN 0 to HW filter on device bond1 [ 200.478936][ T7437] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 200.493376][ T7437] bond1: (slave macvlan2): speed changed to 0 on port 1 [ 200.502167][ T7437] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 200.684886][ T7459] loop2: detected capacity change from 0 to 164 [ 200.951985][ T7468] loop3: detected capacity change from 0 to 512 [ 201.040756][ T7468] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.102891][ T7468] ext4 filesystem being mounted at /147/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 201.129466][ T27] audit: type=1800 audit(1777479952.539:37): pid=7468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.543" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 201.154522][ T7475] loop0: detected capacity change from 0 to 512 [ 201.191987][ T7475] EXT4-fs: Ignoring removed nobh option [ 201.233280][ T7475] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 201.288982][ T7475] EXT4-fs (loop0): 1 truncate cleaned up [ 201.296135][ T7475] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 201.359054][ T7479] loop2: detected capacity change from 0 to 512 [ 201.417543][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.444959][ T7479] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 201.463406][ T7479] ext4 filesystem being mounted at /129/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 201.495432][ T7479] Quota error (device loop2): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 201.571208][ T7479] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 201.614991][ T7479] EXT4-fs error (device loop2): ext4_acquire_dquot:6953: comm syz.2.548: Failed to acquire dquot type 0 [ 201.781815][ T7492] loop0: detected capacity change from 0 to 2048 [ 201.857852][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 201.860968][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.940619][ T7492] loop0: p2 p3 p7 [ 202.022001][ T7492] netlink: 'syz.0.552': attribute type 10 has an invalid length. [ 202.094055][ T7492] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 202.109749][ T7497] loop2: detected capacity change from 0 to 164 [ 202.307572][ T7495] 8021q: adding VLAN 0 to HW filter on device bond1 [ 202.380757][ T7492] bond_slave_0: entered promiscuous mode [ 202.386511][ T7492] bond_slave_1: entered promiscuous mode [ 202.392282][ T7492] syz_tun: entered promiscuous mode [ 202.465740][ T7492] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 202.546720][ T7492] bond1: (slave macvlan2): speed changed to 0 on port 1 [ 202.581327][ T7492] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 202.623075][ T7507] loop1: detected capacity change from 0 to 128 [ 202.756412][ T27] audit: type=1800 audit(1777479954.159:38): pid=7507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.558" name="file1" dev="loop1" ino=1048613 res=0 errno=0 [ 203.012725][ T7518] loop1: detected capacity change from 0 to 512 [ 203.076117][ T7518] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 203.113659][ T7518] ext4 filesystem being mounted at /132/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.162007][ T7526] loop2: detected capacity change from 0 to 512 [ 203.207231][ T7526] EXT4-fs error (device loop2): ext4_orphan_get:1404: inode #15: comm syz.2.566: iget: bad i_size value: 38620345925642 [ 203.222495][ T27] audit: type=1800 audit(1777479954.619:39): pid=7518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.563" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 203.254664][ T7526] EXT4-fs error (device loop2): ext4_orphan_get:1409: comm syz.2.566: couldn't read orphan inode 15 (err -117) [ 203.296855][ T7526] EXT4-fs (loop2): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 203.436024][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 204.258568][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.300390][ T7566] loop0: detected capacity change from 0 to 512 [ 207.333889][ T7568] loop3: detected capacity change from 0 to 512 [ 207.340499][ T7566] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 207.410139][ T7566] EXT4-fs error (device loop0): ext4_validate_block_bitmap:430: comm syz.0.582: bg 0: block 104: invalid block bitmap [ 207.438831][ T7568] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.467678][ T7568] ext4 filesystem being mounted at /156/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 207.497041][ T7566] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 207.536727][ T7566] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.582: invalid indirect mapped block 1 (level 1) [ 207.580268][ T7566] EXT4-fs (loop0): 1 truncate cleaned up [ 207.600655][ T7566] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 207.771325][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.947879][ T7550] Bluetooth: hci0: command 0x0406 tx timeout [ 207.956258][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 207.964474][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 208.027478][ T5772] Bluetooth: hci3: command 0x0406 tx timeout [ 208.079410][ T7591] SET target dimension over the limit! [ 208.264090][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.288237][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.301965][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.311132][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.340860][ T7601] random: crng reseeded on system resumption [ 208.351782][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.383586][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.411250][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.438276][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.445942][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.469200][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.492113][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.512088][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.529507][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.546178][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.565001][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.592626][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.613541][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.639799][ T5758] hid-generic 0000:0000:000E.0002: unknown main item tag 0x0 [ 208.652557][ T7608] loop3: detected capacity change from 0 to 512 [ 208.688399][ T7608] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 208.700006][ T5758] hid-generic 0000:0000:000E.0002: hidraw0: HID v0.00 Device [syz0] on syz0 [ 208.750944][ T7608] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm syz.3.596: bg 0: block 104: invalid block bitmap [ 208.861789][ T7608] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 208.926215][ T7608] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.596: invalid indirect mapped block 1 (level 1) [ 208.991940][ T5758] IPVS: starting estimator thread 0... [ 209.007982][ T7616] IPVS: sh: FWM 3 0x00000003 - no destination available [ 209.033379][ T7614] fido_id[7614]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 209.047042][ T7608] EXT4-fs (loop3): 1 truncate cleaned up [ 209.054172][ T7608] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.078636][ C1] IPVS: sh: FWM 3 0x00000003 - no destination available [ 209.120142][ T7617] IPVS: using max 21 ests per chain, 50400 per kthread [ 209.210195][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.272713][ T7622] syzkaller0: entered promiscuous mode [ 209.279110][ T7622] syzkaller0: entered allmulticast mode [ 209.429262][ T7628] loop0: detected capacity change from 0 to 1024 [ 209.448343][ T7628] EXT4-fs: Ignoring removed mblk_io_submit option [ 209.478324][ T7628] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 209.529997][ T7628] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.590542][ T7628] EXT4-fs error (device loop0): ext4_iget_extra_inode:4739: inode #15: comm syz.0.602: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 209.690194][ T7635] loop2: detected capacity change from 0 to 512 [ 209.699236][ T7628] EXT4-fs (loop0): Remounting filesystem read-only [ 209.799370][ T7635] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.854206][ T7635] ext4 filesystem being mounted at /148/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 209.875563][ T7644] netlink: 36 bytes leftover after parsing attributes in process `syz.1.605'. [ 209.899270][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.969668][ T27] audit: type=1800 audit(1777479961.379:40): pid=7635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.604" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 210.147299][ T7649] loop1: detected capacity change from 0 to 2048 [ 210.258479][ T7649] loop1: p2 p3 p7 [ 210.434538][ T7649] netlink: 'syz.1.607': attribute type 10 has an invalid length. [ 210.613456][ T7654] bond1: option mode: unable to set because the bond device has slaves [ 210.642453][ T7656] loop0: detected capacity change from 0 to 512 [ 210.673309][ T7649] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 210.684496][ T7656] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 210.723749][ T7656] EXT4-fs error (device loop0): ext4_validate_block_bitmap:430: comm syz.0.610: bg 0: block 104: invalid block bitmap [ 210.833309][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.870057][ T7656] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 210.903028][ T7656] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.610: invalid indirect mapped block 1 (level 1) [ 210.924874][ T7656] EXT4-fs (loop0): 1 truncate cleaned up [ 210.964736][ T7656] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 211.062403][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.155604][ T7662] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.171251][ T7662] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.181569][ T7662] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.207058][ T7662] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.236702][ T7662] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.266739][ T7662] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.296716][ T7662] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.323261][ T7662] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.351673][ T7662] macsec1: entered promiscuous mode [ 211.357233][ T7662] macsec1: entered allmulticast mode [ 211.375094][ T7668] loop0: detected capacity change from 0 to 512 [ 211.387776][ T7667] syzkaller0: entered promiscuous mode [ 211.393569][ T7667] syzkaller0: entered allmulticast mode [ 211.443769][ T7668] EXT4-fs warning (device loop0): ext4_xattr_inode_get:546: inode #11: comm syz.0.615: ea_inode file size=16777216 entry size=6 [ 211.472004][ T7668] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 211.538055][ T7668] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #11: comm syz.0.615: iget: bad extra_isize 90 (inode size 256) [ 211.664188][ T7668] EXT4-fs (loop0): Remounting filesystem read-only [ 211.673103][ T7668] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -5) [ 211.686078][ T7668] EXT4-fs (loop0): 1 orphan inode deleted [ 211.694321][ T7668] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.760114][ T7676] Zero length message leads to an empty skb [ 211.857766][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.876535][ T7678] loop2: detected capacity change from 0 to 512 [ 211.934402][ T7678] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.968329][ T7678] ext4 filesystem being mounted at /151/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 212.037977][ T27] audit: type=1800 audit(1777479963.449:41): pid=7678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.619" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 212.092036][ T7684] loop1: detected capacity change from 0 to 2048 [ 212.164372][ T7684] loop1: p2 p3 p7 [ 212.214776][ T7684] netlink: 'syz.1.621': attribute type 10 has an invalid length. [ 212.238121][ T7684] bond1: option mode: unable to set because the bond device has slaves [ 212.263308][ T7684] bond1: (slave macvlan3): Error -98 calling set_mac_address [ 212.297590][ T7688] ucma_write: process 407 (syz.0.623) changed security contexts after opening file descriptor, this is not allowed. [ 212.509374][ T5773] Bluetooth: hci4: command 0x1003 tx timeout [ 212.516193][ T5772] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 212.696094][ T7701] loop1: detected capacity change from 0 to 512 [ 212.709346][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.733279][ T7701] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 212.808669][ T7701] [ 212.811092][ T7701] ====================================================== [ 212.818151][ T7701] WARNING: possible circular locking dependency detected [ 212.825222][ T7701] syzkaller #0 Not tainted [ 212.829672][ T7701] ------------------------------------------------------ [ 212.836725][ T7701] syz.1.625/7701 is trying to acquire lock: [ 212.842652][ T7701] ffff888141b08c58 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1a4/0x350 [ 212.852758][ T7701] [ 212.852758][ T7701] but task is already holding lock: [ 212.860139][ T7701] ffff88805efb00c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3dc/0x6e0 [ 212.870031][ T7701] [ 212.870031][ T7701] which lock already depends on the new lock. [ 212.870031][ T7701] [ 212.880484][ T7701] [ 212.880484][ T7701] the existing dependency chain (in reverse order) is: [ 212.889531][ T7701] [ 212.889531][ T7701] -> #1 (&ei->xattr_sem){++++}-{3:3}: [ 212.897158][ T7701] down_write+0x97/0x200 [ 212.902011][ T7701] ext4_destroy_inline_data+0x28/0xe0 [ 212.907966][ T7701] ext4_do_writepages+0x4f0/0x3990 [ 212.913665][ T7701] ext4_writepages+0x1dd/0x350 [ 212.919117][ T7701] do_writepages+0x3b3/0x630 [ 212.924320][ T7701] __writeback_single_inode+0x153/0xec0 [ 212.930571][ T7701] writeback_sb_inodes+0x7cd/0xf50 [ 212.936272][ T7701] wb_writeback+0x46a/0xbf0 [ 212.941348][ T7701] wb_workfn+0x400/0xe60 [ 212.946156][ T7701] process_scheduled_works+0xa5d/0x15d0 [ 212.952275][ T7701] worker_thread+0xa55/0xfc0 [ 212.957429][ T7701] kthread+0x2fa/0x390 [ 212.962073][ T7701] ret_from_fork+0x48/0x80 [ 212.967062][ T7701] ret_from_fork_asm+0x11/0x20 [ 212.972397][ T7701] [ 212.972397][ T7701] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 212.980871][ T7701] __lock_acquire+0x2df1/0x7d40 [ 212.986297][ T7701] lock_acquire+0x19e/0x420 [ 212.991372][ T7701] percpu_down_read+0x44/0x1a0 [ 212.996709][ T7701] ext4_writepages+0x1a4/0x350 [ 213.002054][ T7701] do_writepages+0x3b3/0x630 [ 213.007238][ T7701] __writeback_single_inode+0x153/0xec0 [ 213.013364][ T7701] writeback_single_inode+0x21f/0x760 [ 213.019308][ T7701] write_inode_now+0x183/0x210 [ 213.024642][ T7701] iput+0x5ae/0x920 [ 213.029050][ T7701] ext4_xattr_block_set+0x249e/0x32b0 [ 213.035010][ T7701] ext4_expand_extra_isize_ea+0x12c5/0x1e80 [ 213.041481][ T7701] __ext4_expand_extra_isize+0x306/0x400 [ 213.047707][ T7701] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 213.053779][ T7701] ext4_evict_inode+0x7f3/0xea0 [ 213.059200][ T7701] evict+0x4ca/0x8d0 [ 213.063659][ T7701] ext4_orphan_cleanup+0xbec/0x1420 [ 213.069513][ T7701] ext4_fill_super+0x5eea/0x67b0 [ 213.075018][ T7701] get_tree_bdev+0x3f3/0x520 [ 213.080173][ T7701] vfs_get_tree+0x8c/0x280 [ 213.085152][ T7701] do_new_mount+0x24b/0xa40 [ 213.090226][ T7701] __se_sys_mount+0x2e7/0x3d0 [ 213.095493][ T7701] do_syscall_64+0x55/0xa0 [ 213.100466][ T7701] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 213.106927][ T7701] [ 213.106927][ T7701] other info that might help us debug this: [ 213.106927][ T7701] [ 213.117190][ T7701] Possible unsafe locking scenario: [ 213.117190][ T7701] [ 213.124683][ T7701] CPU0 CPU1 [ 213.130187][ T7701] ---- ---- [ 213.135586][ T7701] lock(&ei->xattr_sem); [ 213.139975][ T7701] lock(&sbi->s_writepages_rwsem); [ 213.147746][ T7701] lock(&ei->xattr_sem); [ 213.154640][ T7701] rlock(&sbi->s_writepages_rwsem); [ 213.159983][ T7701] [ 213.159983][ T7701] *** DEADLOCK *** [ 213.159983][ T7701] [ 213.168155][ T7701] 3 locks held by syz.1.625/7701: [ 213.173212][ T7701] #0: ffff888141b0c0e0 (&type->s_umount_key#31){++++}-{3:3}, at: get_tree_bdev+0x353/0x520 [ 213.183379][ T7701] #1: ffff888141b0c608 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x2bf/0xea0 [ 213.192850][ T7701] #2: ffff88805efb00c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3dc/0x6e0 [ 213.203188][ T7701] [ 213.203188][ T7701] stack backtrace: [ 213.209111][ T7701] CPU: 1 PID: 7701 Comm: syz.1.625 Not tainted syzkaller #0 [ 213.216438][ T7701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 213.226531][ T7701] Call Trace: [ 213.229850][ T7701] [ 213.232823][ T7701] dump_stack_lvl+0x18c/0x250 [ 213.237565][ T7701] ? load_image+0x420/0x420 [ 213.242124][ T7701] ? show_regs_print_info+0x20/0x20 [ 213.247427][ T7701] ? print_circular_bug+0x12b/0x1a0 [ 213.252690][ T7701] check_noncircular+0x2fc/0x400 [ 213.257694][ T7701] ? look_up_lock_class+0x75/0x140 [ 213.262870][ T7701] ? print_deadlock_bug+0x5d0/0x5d0 [ 213.268142][ T7701] ? lockdep_lock+0xf5/0x230 [ 213.272908][ T7701] ? mark_lock+0x94/0x320 [ 213.277284][ T7701] ? _find_first_zero_bit+0xd3/0x100 [ 213.282631][ T7701] __lock_acquire+0x2df1/0x7d40 [ 213.287553][ T7701] ? mark_lock+0x94/0x320 [ 213.291934][ T7701] ? verify_lock_unused+0x140/0x140 [ 213.297182][ T7701] ? __lock_acquire+0x1347/0x7d40 [ 213.302276][ T7701] lock_acquire+0x19e/0x420 [ 213.306835][ T7701] ? ext4_writepages+0x1a4/0x350 [ 213.311828][ T7701] ? __might_sleep+0xe0/0xe0 [ 213.316463][ T7701] ? read_lock_is_recursive+0x20/0x20 [ 213.321874][ T7701] ? mark_lock+0x94/0x320 [ 213.326247][ T7701] ? __lock_acquire+0x1347/0x7d40 [ 213.331317][ T7701] percpu_down_read+0x44/0x1a0 [ 213.336131][ T7701] ? ext4_writepages+0x1a4/0x350 [ 213.341128][ T7701] ext4_writepages+0x1a4/0x350 [ 213.345947][ T7701] ? ext4_read_folio+0x2f0/0x2f0 [ 213.350943][ T7701] ? __rwlock_init+0x150/0x150 [ 213.355757][ T7701] ? do_raw_spin_unlock+0x121/0x230 [ 213.361005][ T7701] ? ext4_read_folio+0x2f0/0x2f0 [ 213.365998][ T7701] do_writepages+0x3b3/0x630 [ 213.370657][ T7701] ? folio_clear_dirty_for_io+0xc30/0xc30 [ 213.376459][ T7701] ? writeback_single_inode+0x214/0x760 [ 213.382062][ T7701] ? __lock_acquire+0x7d40/0x7d40 [ 213.387131][ T7701] ? do_raw_spin_lock+0x11f/0x2c0 [ 213.392211][ T7701] __writeback_single_inode+0x153/0xec0 [ 213.397817][ T7701] writeback_single_inode+0x21f/0x760 [ 213.403244][ T7701] ? write_inode_now+0x210/0x210 [ 213.408270][ T7701] ? ext4_xattr_inode_update_ref+0x468/0x590 [ 213.414316][ T7701] write_inode_now+0x183/0x210 [ 213.419138][ T7701] ? bdi_split_work_to_wbs+0x910/0x910 [ 213.424714][ T7701] ? do_raw_spin_unlock+0x121/0x230 [ 213.429981][ T7701] iput+0x5ae/0x920 [ 213.433836][ T7701] ext4_xattr_block_set+0x249e/0x32b0 [ 213.439356][ T7701] ? ext4_xattr_block_find+0x350/0x350 [ 213.444832][ T7701] ? xattr_find_entry+0x2a6/0x2f0 [ 213.449898][ T7701] ? ext4_xattr_block_find+0xea/0x350 [ 213.455313][ T7701] ext4_expand_extra_isize_ea+0x12c5/0x1e80 [ 213.461243][ T7701] __ext4_expand_extra_isize+0x306/0x400 [ 213.466908][ T7701] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 213.472414][ T7701] ext4_evict_inode+0x7f3/0xea0 [ 213.477281][ T7701] ? _raw_spin_unlock+0x28/0x40 [ 213.482153][ T7701] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 213.488073][ T7701] ? do_raw_spin_unlock+0x121/0x230 [ 213.493351][ T7701] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 213.499264][ T7701] evict+0x4ca/0x8d0 [ 213.503187][ T7701] ? proc_nr_inodes+0x230/0x230 [ 213.508057][ T7701] ? do_raw_spin_unlock+0x121/0x230 [ 213.513304][ T7701] ? _raw_spin_unlock+0x28/0x40 [ 213.518192][ T7701] ? iput+0x706/0x920 [ 213.522196][ T7701] ext4_orphan_cleanup+0xbec/0x1420 [ 213.527419][ T7701] ? ext4_orphan_del+0xbf0/0xbf0 [ 213.532385][ T7701] ? ext4_register_li_request+0x183/0x940 [ 213.538123][ T7701] ? errseq_check_and_advance+0x66/0x120 [ 213.543783][ T7701] ext4_fill_super+0x5eea/0x67b0 [ 213.548775][ T7701] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 213.555077][ T7701] ? __might_sleep+0xe0/0xe0 [ 213.559684][ T7701] ? read_lock_is_recursive+0x20/0x20 [ 213.565088][ T7701] ? snprintf+0xe9/0x140 [ 213.569354][ T7701] ? down_read_killable+0x340/0x340 [ 213.574578][ T7701] ? setup_bdev_super+0x56b/0x660 [ 213.579654][ T7701] get_tree_bdev+0x3f3/0x520 [ 213.584260][ T7701] ? vfs_parse_fs_string+0x170/0x170 [ 213.589567][ T7701] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 213.595825][ T7701] ? setup_bdev_super+0x660/0x660 [ 213.600864][ T7701] ? apparmor_capable+0x137/0x1a0 [ 213.605908][ T7701] ? bpf_lsm_capable+0x9/0x10 [ 213.610649][ T7701] ? security_capable+0x89/0xb0 [ 213.615552][ T7701] vfs_get_tree+0x8c/0x280 [ 213.619998][ T7701] do_new_mount+0x24b/0xa40 [ 213.624519][ T7701] __se_sys_mount+0x2e7/0x3d0 [ 213.629233][ T7701] ? __x64_sys_mount+0xc0/0xc0 [ 213.634010][ T7701] ? lockdep_hardirqs_on+0x98/0x150 [ 213.639226][ T7701] ? __x64_sys_mount+0x20/0xc0 [ 213.644042][ T7701] do_syscall_64+0x55/0xa0 [ 213.648481][ T7701] ? clear_bhb_loop+0x40/0x90 [ 213.653221][ T7701] ? clear_bhb_loop+0x40/0x90 [ 213.657966][ T7701] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 213.663897][ T7701] RIP: 0033:0x7fc74a39e04a [ 213.668339][ T7701] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 213.688257][ T7701] RSP: 002b:00007fc74b30be58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 213.696723][ T7701] RAX: ffffffffffffffda RBX: 00007fc74b30bee0 RCX: 00007fc74a39e04a [ 213.704734][ T7701] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 00007fc74b30bea0 [ 213.712809][ T7701] RBP: 0000200000000180 R08: 00007fc74b30bee0 R09: 0000000000000000 [ 213.720813][ T7701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000000 [ 213.728808][ T7701] R13: 00007fc74b30bea0 R14: 000000000000047a R15: 00002000000001c0 [ 213.736813][ T7701] [ 213.745799][ T7701] ------------[ cut here ]------------ [ 213.751773][ T7701] EA inode 11 i_nlink=0 [ 213.752439][ T7701] WARNING: CPU: 0 PID: 7701 at fs/ext4/xattr.c:1059 ext4_xattr_inode_update_ref+0x53c/0x590 [ 213.766888][ T7701] Modules linked in: [ 213.770867][ T7701] CPU: 0 PID: 7701 Comm: syz.1.625 Not tainted syzkaller #0 [ 213.778353][ T7701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 213.788733][ T7701] RIP: 0010:ext4_xattr_inode_update_ref+0x53c/0x590 [ 213.795468][ T7701] Code: 8d 7e 50 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 35 d5 98 ff 49 8b 37 48 c7 c7 20 d8 de 8a 89 da e8 74 54 0a ff <0f> 0b 4c 8b 74 24 08 4c 8b 7c 24 10 e9 ab fe ff ff e8 be f5 3f 08 [ 213.816257][ T7701] RSP: 0018:ffffc9000b97f1a0 EFLAGS: 00010246 [ 213.822579][ T7701] RAX: 5c9976b57ab87000 RBX: 0000000000000000 RCX: 0000000000080000 [ 213.830685][ T7701] RDX: ffffc9000d77c000 RSI: 000000000007ffff RDI: 0000000000080000 [ 213.838747][ T7701] RBP: ffffc9000b97f298 R08: ffffc9000b97eda7 R09: 1ffff9200172fdb4 [ 213.846981][ T7701] R10: dffffc0000000000 R11: fffff5200172fdb5 R12: dffffc0000000000 [ 213.855366][ T7701] R13: ffff88805ef854a8 R14: ffff88805ef852b0 R15: ffff88805ef85300 [ 213.863522][ T7701] FS: 00007fc74b30c6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 213.872629][ T7701] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 213.879316][ T7701] CR2: 00007f665a5eb738 CR3: 000000005f17b000 CR4: 00000000003506f0 [ 213.887376][ T7701] Call Trace: [ 213.890703][ T7701] [ 213.893708][ T7701] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 213.900280][ T7701] ? ext4_xattr_inode_iget+0x3df/0x600 [ 213.905803][ T7701] ext4_xattr_set_entry+0xcda/0x1e90 [ 213.911301][ T7701] ext4_xattr_ibody_set+0x254/0x6a0 [ 213.916650][ T7701] ext4_expand_extra_isize_ea+0x1398/0x1e80 [ 213.922613][ T7701] __ext4_expand_extra_isize+0x306/0x400 [ 213.928344][ T7701] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 213.933873][ T7701] ext4_evict_inode+0x7f3/0xea0 [ 213.938809][ T7701] ? _raw_spin_unlock+0x28/0x40 [ 213.943708][ T7701] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 213.949715][ T7701] ? do_raw_spin_unlock+0x121/0x230 [ 213.954958][ T7701] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 213.960943][ T7701] evict+0x4ca/0x8d0 [ 213.964892][ T7701] ? proc_nr_inodes+0x230/0x230 [ 213.969838][ T7701] ? do_raw_spin_unlock+0x121/0x230 [ 213.975103][ T7701] ? _raw_spin_unlock+0x28/0x40 [ 213.980145][ T7701] ? iput+0x706/0x920 [ 213.984192][ T7701] ext4_orphan_cleanup+0xbec/0x1420 [ 213.989537][ T7701] ? ext4_orphan_del+0xbf0/0xbf0 [ 213.994634][ T7701] ? ext4_register_li_request+0x183/0x940 [ 214.000436][ T7701] ? errseq_check_and_advance+0x66/0x120 [ 214.006902][ T7701] ext4_fill_super+0x5eea/0x67b0 [ 214.012036][ T7701] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 214.018369][ T7701] ? __might_sleep+0xe0/0xe0 [ 214.023020][ T7701] ? read_lock_is_recursive+0x20/0x20 [ 214.028501][ T7701] ? snprintf+0xe9/0x140 [ 214.032797][ T7701] ? down_read_killable+0x340/0x340 [ 214.038068][ T7701] ? setup_bdev_super+0x56b/0x660 [ 214.043158][ T7701] get_tree_bdev+0x3f3/0x520 [ 214.047830][ T7701] ? vfs_parse_fs_string+0x170/0x170 [ 214.053173][ T7701] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 214.059487][ T7701] ? setup_bdev_super+0x660/0x660 [ 214.064547][ T7701] ? apparmor_capable+0x137/0x1a0 [ 214.069682][ T7701] ? bpf_lsm_capable+0x9/0x10 [ 214.074440][ T7701] ? security_capable+0x89/0xb0 [ 214.080191][ T7701] vfs_get_tree+0x8c/0x280 [ 214.084681][ T7701] do_new_mount+0x24b/0xa40 [ 214.089274][ T7701] __se_sys_mount+0x2e7/0x3d0 [ 214.094023][ T7701] ? __x64_sys_mount+0xc0/0xc0 [ 214.098891][ T7701] ? lockdep_hardirqs_on+0x98/0x150 [ 214.104961][ T7701] ? __x64_sys_mount+0x20/0xc0 [ 214.109952][ T7701] do_syscall_64+0x55/0xa0 [ 214.114506][ T7701] ? clear_bhb_loop+0x40/0x90 [ 214.119269][ T7701] ? clear_bhb_loop+0x40/0x90 [ 214.123994][ T7701] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 214.129979][ T7701] RIP: 0033:0x7fc74a39e04a [ 214.134442][ T7701] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 214.154172][ T7701] RSP: 002b:00007fc74b30be58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 214.162768][ T7701] RAX: ffffffffffffffda RBX: 00007fc74b30bee0 RCX: 00007fc74a39e04a [ 214.171092][ T7701] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 00007fc74b30bea0 [ 214.179203][ T7701] RBP: 0000200000000180 R08: 00007fc74b30bee0 R09: 0000000000000000 [ 214.187392][ T7701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000000 [ 214.195422][ T7701] R13: 00007fc74b30bea0 R14: 000000000000047a R15: 00002000000001c0 [ 214.203503][ T7701] [ 214.207483][ T7701] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 214.214917][ T7701] CPU: 0 PID: 7701 Comm: syz.1.625 Not tainted syzkaller #0 [ 214.222227][ T7701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 214.232305][ T7701] Call Trace: [ 214.235592][ T7701] [ 214.238538][ T7701] dump_stack_lvl+0x18c/0x250 [ 214.243237][ T7701] ? show_regs_print_info+0x20/0x20 [ 214.248460][ T7701] ? load_image+0x420/0x420 [ 214.252980][ T7701] panic+0x2dc/0x730 [ 214.256905][ T7701] ? bpf_jit_dump+0xd0/0xd0 [ 214.261420][ T7701] __warn+0x2e0/0x470 [ 214.265417][ T7701] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 214.271429][ T7701] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 214.277451][ T7701] report_bug+0x2be/0x4f0 [ 214.281792][ T7701] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 214.287805][ T7701] ? ext4_xattr_inode_update_ref+0x53c/0x590 [ 214.293801][ T7701] ? ext4_xattr_inode_update_ref+0x53e/0x590 [ 214.299797][ T7701] handle_bug+0xcf/0x120 [ 214.304137][ T7701] exc_invalid_op+0x1a/0x50 [ 214.308670][ T7701] asm_exc_invalid_op+0x1a/0x20 [ 214.313547][ T7701] RIP: 0010:ext4_xattr_inode_update_ref+0x53c/0x590 [ 214.320158][ T7701] Code: 8d 7e 50 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 35 d5 98 ff 49 8b 37 48 c7 c7 20 d8 de 8a 89 da e8 74 54 0a ff <0f> 0b 4c 8b 74 24 08 4c 8b 7c 24 10 e9 ab fe ff ff e8 be f5 3f 08 [ 214.339794][ T7701] RSP: 0018:ffffc9000b97f1a0 EFLAGS: 00010246 [ 214.345890][ T7701] RAX: 5c9976b57ab87000 RBX: 0000000000000000 RCX: 0000000000080000 [ 214.353882][ T7701] RDX: ffffc9000d77c000 RSI: 000000000007ffff RDI: 0000000000080000 [ 214.361870][ T7701] RBP: ffffc9000b97f298 R08: ffffc9000b97eda7 R09: 1ffff9200172fdb4 [ 214.369874][ T7701] R10: dffffc0000000000 R11: fffff5200172fdb5 R12: dffffc0000000000 [ 214.377872][ T7701] R13: ffff88805ef854a8 R14: ffff88805ef852b0 R15: ffff88805ef85300 [ 214.385883][ T7701] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 214.391554][ T7701] ? ext4_xattr_inode_iget+0x3df/0x600 [ 214.397058][ T7701] ext4_xattr_set_entry+0xcda/0x1e90 [ 214.402403][ T7701] ext4_xattr_ibody_set+0x254/0x6a0 [ 214.407636][ T7701] ext4_expand_extra_isize_ea+0x1398/0x1e80 [ 214.413577][ T7701] __ext4_expand_extra_isize+0x306/0x400 [ 214.419252][ T7701] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 214.424760][ T7701] ext4_evict_inode+0x7f3/0xea0 [ 214.429639][ T7701] ? _raw_spin_unlock+0x28/0x40 [ 214.434532][ T7701] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 214.440469][ T7701] ? do_raw_spin_unlock+0x121/0x230 [ 214.445715][ T7701] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 214.451654][ T7701] evict+0x4ca/0x8d0 [ 214.455587][ T7701] ? proc_nr_inodes+0x230/0x230 [ 214.460472][ T7701] ? do_raw_spin_unlock+0x121/0x230 [ 214.465704][ T7701] ? _raw_spin_unlock+0x28/0x40 [ 214.470578][ T7701] ? iput+0x706/0x920 [ 214.474594][ T7701] ext4_orphan_cleanup+0xbec/0x1420 [ 214.479836][ T7701] ? ext4_orphan_del+0xbf0/0xbf0 [ 214.484819][ T7701] ? ext4_register_li_request+0x183/0x940 [ 214.490574][ T7701] ? errseq_check_and_advance+0x66/0x120 [ 214.496261][ T7701] ext4_fill_super+0x5eea/0x67b0 [ 214.501246][ T7701] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 214.507511][ T7701] ? __might_sleep+0xe0/0xe0 [ 214.512135][ T7701] ? read_lock_is_recursive+0x20/0x20 [ 214.517543][ T7701] ? snprintf+0xe9/0x140 [ 214.522086][ T7701] ? down_read_killable+0x340/0x340 [ 214.527312][ T7701] ? setup_bdev_super+0x56b/0x660 [ 214.532361][ T7701] get_tree_bdev+0x3f3/0x520 [ 214.536969][ T7701] ? vfs_parse_fs_string+0x170/0x170 [ 214.542284][ T7701] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 214.548559][ T7701] ? setup_bdev_super+0x660/0x660 [ 214.553607][ T7701] ? apparmor_capable+0x137/0x1a0 [ 214.558667][ T7701] ? bpf_lsm_capable+0x9/0x10 [ 214.563392][ T7701] ? security_capable+0x89/0xb0 [ 214.568295][ T7701] vfs_get_tree+0x8c/0x280 [ 214.572756][ T7701] do_new_mount+0x24b/0xa40 [ 214.577302][ T7701] __se_sys_mount+0x2e7/0x3d0 [ 214.582035][ T7701] ? __x64_sys_mount+0xc0/0xc0 [ 214.586833][ T7701] ? lockdep_hardirqs_on+0x98/0x150 [ 214.592078][ T7701] ? __x64_sys_mount+0x20/0xc0 [ 214.596894][ T7701] do_syscall_64+0x55/0xa0 [ 214.601335][ T7701] ? clear_bhb_loop+0x40/0x90 [ 214.606061][ T7701] ? clear_bhb_loop+0x40/0x90 [ 214.610764][ T7701] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 214.616692][ T7701] RIP: 0033:0x7fc74a39e04a [ 214.621161][ T7701] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 214.640796][ T7701] RSP: 002b:00007fc74b30be58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 214.649242][ T7701] RAX: ffffffffffffffda RBX: 00007fc74b30bee0 RCX: 00007fc74a39e04a [ 214.657232][ T7701] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 00007fc74b30bea0 [ 214.665245][ T7701] RBP: 0000200000000180 R08: 00007fc74b30bee0 R09: 0000000000000000 [ 214.673269][ T7701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000000 [ 214.681304][ T7701] R13: 00007fc74b30bea0 R14: 000000000000047a R15: 00002000000001c0 [ 214.689343][ T7701] [ 214.692956][ T7701] Kernel Offset: disabled [ 214.697393][ T7701] Rebooting in 86400 seconds..